Page MenuHomePhabricator

WikiEditor upload tool doesn't allow uploading over previously existing images
Open, Needs TriagePublic

Description

Reported at https://www.mediawiki.org/w/index.php?title=Topic:U9x9tu8z1skhq2j9 by @Johnywhy

  1. Click "Edit Source".
  2. Click "Embedded file" button.
  3. Click "Upload" button.
  4. Click "Select a file" button, and pick previously uploaded-and-deleted file.
  5. Check "This is my own work", and click "Upload" button.
  6. Enter Description and click "Save" button.
  7. Receive error: Something went wrong. A file with this name exists already, please check [url] if you are not sure if you want to change it.
  8. Click "Dismiss".
  9. "Save" button is now grayed out. No option given to "Ignore warning and save file anyway"

On testwiki I see the error A file of this name has been previously uploaded and subsequently deleted. You should check the File:GenericTestImage.jpg before proceeding to upload it again, which is a better message (apart from the unnecessary "the") but still doesn't allow the user to go ahead and upload the image.

Event Timeline

@Johnywhy correct. The UploadWizard doesn't allow this either T42893: UploadWizard cannot replace existing files. It's one of those things that can be quite dangerous (especially for newbies) and because of that support has not been added so far. I think this requires some serious design considerations. Maybe we need to separate it out into a user right for the entire wiki ?

Still, it could check for this BEFORE you start the upload (which is what UW and Special:Upload do). And it should probably not get you stuck either...

hello, any progress on this? Really holding up my wiki.

It's unclear to me why, if a file was allowed to upload previously, why shouldn't it be allowed to upload again? if the file was already deleted, exactly what is the security risk in allowing same name to upload again?

The use-cases is:

  • New version of same file.
  • or, Changed mind about deleting it.

In the case of a previously uploaded file which wasn't deleted, the following makes sense: "Would you like to use the previously uploaded file or replace the previously uploaded file?" But we don't get that either. Where in WikiEditor is button to insert already uploaded files, which weren't deleted?

It's one of those things that can be quite dangerous (especially for newbies) and because of that support has not been added so far.

Huh? What is dangerous about being able to upload a file under a name where a file previously existed and has now been deleted?

Huh? What is dangerous about being able to upload a file under a name where a file previously existed and has now been deleted?

Yes, how is that more risky than uploading the original file?

And shouldn't uploading recognize security context? Ie, we don't allow anonymous editing. Anyone uploading a file has already been validated and trusted.

In this case, it's an Admin sysop who's being blocked. That doesn't seem to make any sense.

Now i'm trying to upload the same file with a new name, and it STILL won't allow.

"A file identical to this file (File:Gun-deaths.jpg) has previously been deleted. You should check that file's deletion history before proceeding to re-upload it."

That's a totally misleading message. How is checking the deletion history going to help me?

The message indicates that, after i check the deletion history, then i can proceed to re-upload it.

HOW?

This is what my dev team at Apple calls a "blocker". It's so serious a flaw that people are blocked from getting their work done.

Please escalate this blocker.

It's one of those things that can be quite dangerous (especially for newbies) and because of that support has not been added so far.

Huh? What is dangerous about being able to upload a file under a name where a file previously existed and has now been deleted?

It's socially risky within our community.

Now i'm trying to upload the same file with a new name, and it STILL won't allow.

"A file identical to this file (File:Gun-deaths.jpg) has previously been deleted. You should check that file's deletion history before proceeding to re-upload it."

That's a totally misleading message. How is checking the deletion history going to help me?

The message indicates that, after i check the deletion history, then i can proceed to re-upload it.

No, it tries to convey our community's social convention of you needing to check the history to gain understanding of why it was deleted, so that you can assess if it is appropriate to reupload, or if it will just create more work for other people to cleanup after you.

I'm also no fan, but it is how its been for 15 years, so it's a bit hard to change.

HOW?

This is what my dev team at Apple calls a "blocker". It's so serious a flaw that people are blocked from getting their work done.

Please escalate this blocker.

It's open source software with about 10000 blockers. I don't have the time to fix this one, I just triaged it. No one else has offered or shown interest , so it will linger till someone will show that interest.

I assume by "our community", you mean the WikiMedia.org or MediaWiki.org cultures. I can understand the software embodies WikiMedia culture in some ways-- that's it's pedigree.

I feel very fortunate and grateful to use the software that so many have helped build.

But, I think it's also important to recognize that people may use the software in other contexts. I use the MediaWiki software to build an independent, non-MediaWiki community. My project is inspired by, I think, the heart of wiki-- collaborative knowledge-building.

But our model is a variation: we don't allow anonymous edits. So when someone uploads a file, we trust and respect that they know what they are doing.

Thx

@Johnywhy: Please avoid loaded questions. They do not help your case. Thanks.

Everybody is aware that the software can be used in different contexts. You are free to provide software patches to better support those different contexts. The "danger" mentioned describes the main and most important context the software is used in and why likely nobody else will work soon on this task. Describing such expectations was a direct reply to your question in T190913#4131281.

@Johnywhy: Please avoid loaded questions.

Hi Andre!
my last posted didn't contain any questions, loaded or otherwise.
My comments are meant to be respectful.

Everybody is aware that the software can be used in different contexts.

But @TheDJ's explanation acknowledged that the rationale comes from one specific context, "our community's social convention".

The "danger" mentioned

No "danger" was mentioned. No security risk was explained. Only a desire to force people to "think about why it was deleted." Allowing people to not think about why it was deleted is not an option. It's not about security, it's just about dictating what users ought to think about.

maybe @TheDJ simply meant "it didn't come up" or "nobody had the bandwidth" or "it wasn't top-priority". I understand the WikiEditor might not be a top priority these days. Believe me, i'd rather use VisualEditor, but my cheap webhost doesn't support node.js (i hope WM.org won't abandon us low-budget wikis).

! In T190913#4087807, @TheDJ wrote:
Maybe we need to separate it out into a user right for the entire wiki ?

if possible, would be great.

You are free to provide software patches to better support those different contexts.

Great! Would i submit that to WikiEditor group? Or MW core?

Thx for discussion.

my last posted didn't contain any questions, loaded or otherwise.

(It did, as you can see yourself. Anyway.)

That's an older edit. But it was a sincere question, not "loaded".

Cheers