Page MenuHomePhabricator
Create Task
Maniphest T16141

string "overflow:auto; height:" is recognized as spam
Closed, InvalidPublic
Actions

Description

background:
2007-08-25 there was reported a strange behaviour of the spamfilter.[http://de.wikipedia.org/wiki/MediaWiki_Diskussion:Spam-blacklist#Bug.3F] So this bug is _not_ caused by the latest spam blacklist bugfix.

bug:
if one uses the string "overflow:auto; height:" _anywhere_, e.g. in <pre style="overflow:auto; height:4em;"></pre> or just as plaintext, it will be catched by the spamfilter. i tested that in meta and de.

notes:
i'm not sure, whether this is a sbl-bug or a mediawiki-bug. perhaps the link-preparsing "getExternalLinks" is somehow bugged?

Version: unspecified
Severity: enhancement

Details

Reference
bz14141

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 10:10 PM
bzimport added projects: WMF-General-or-Unknown, Shell.
bzimport set Reference to bz14141.
bzimport added a subscriber: Unknown Object (MLST).
seth created this task.May 15 2008, 4:50 PM
bzimport added a comment.May 15 2008, 4:53 PM

ayg wrote:

Can you confirm that this string is not in fact blacklisted? This isn't really a bug at all if it matches a blacklist entry. In that case, change the blacklist.

ashley added a comment.May 15 2008, 4:56 PM

This doesn't really look like a bug, and even if it is, it's not with
SpamBlacklist. Have a look at Wikimedia's InitialiseSettings.php
http://noc.wikimedia.org/conf/InitialiseSettings.php.html. $wgSpamRegex is
set to
'/overflow\s*:\s*auto\s*;\s*height\s*:|<div[^>]*font-size[^>]*font-color:\s*transparent[^>]*>/i'
by default, which would most likely explain why the spam filter catches it.

bzimport added a comment.May 15 2008, 5:10 PM

ayg wrote:

This is a Wikimedia config issue, not an issue with the extension. Probably this is to stop spammers who create giant invisible divs that are links to somewhere. Note that the regex is fragile (height: x; overflow: auto; works). And "font-color" is a little weird, since that's not a valid CSS property.

seth added a comment.May 15 2008, 5:12 PM

ok, so it's not a bug in wikimedia, but a problem of of the spam protection text in de.wikipedia.org.
thx for quick answers and sorry for my mistake.

brion added a comment.May 15 2008, 9:25 PM

Not a bug, this was added to the blacklist config a couple years ago due to a spambot using that particular formulation over and over and over and over...

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL