Page MenuHomePhabricator
Create Task
Maniphest T192369

Respect the TitleBlacklist Extension in the FileImporter
Closed, ResolvedPublic5 Estimated Story Points
Actions

Description

Motivation:
Commons uploads are checked whether the title respects the rules of the TitleBlacklist extension. We should do the same.

Task
Respect the TitleBlacklist extension. That means, for users without the tboverwrite right, block all file moves when the TitleBlacklist contains the title.

@WMDE-Fisch already found out the following:
Currently the TitleBlacklist extension is not triggered when importing pages. The hook that the extension listens to is UserPermissionsErrorsExpensive triggered in TitlecheckPermissionHooks. We would need to implement that to make sure people do not upload bad titled images.

Details

SubjectRepoBranchLines +/-
Allow parsed wikitext in RecoverableTitleExceptionmediawiki/extensions/FileImportermaster+2 -2
Always use filename without extension in ChangeFileNameFormmediawiki/extensions/FileImportermaster+13 -8
Include title permission checksmediawiki/extensions/FileImportermaster+50 -7
Customize query in gerrit

Related Objects

Event Timeline

Lea_WMDE created this task.Apr 17 2018, 3:13 PM
Restricted Application added a project: TCB-Team (now WMDE-TechWish). · View Herald TranscriptApr 17 2018, 3:13 PM
WMDE-Fisch claimed this task.Apr 19 2018, 10:22 AM
WMDE-Fisch added a project: WMDE-QWERTY-Sprint-2018-04-17.
WMDE-Fisch set the point value for this task to 5.
WMDE-Fisch moved this task from Tickets in preparation/investigation to Tickets in sprint on the Move-Files-To-Commons board.
WMDE-Fisch moved this task from Sprint Backlog to Doing on the WMDE-QWERTY-Sprint-2018-04-17 board.
WMDE-Fisch added a comment.Apr 19 2018, 11:21 AM

The Title::getUserPermissionsErrors method generally takes care of all things related to permission checks on title creation. Calling this method eventually triggers the hooks mentioned above. Errors in here can then be respected when importing and/or renaming files.

WMDE-Fisch added a comment.Apr 19 2018, 12:59 PM

Triggering the right hooks here seems to be quite easy. But now I come across the question how to handle the error.

Right now ( like the AbuseFilter checks ) the TitleBlacklist check is done in the very last step when "really" importing the file. There is a default behavior for the permission errors that come out the checks run by the TItelBlacklist. These result in a page looking like that:

Screenshot-2018-4-19 Permission error - EnLocalWiki(1).png (285×1 px, 24 KB)

So question is: Do we keep it like that? Or do we want our own error handling ( and error view ) take over? In the latter we should at least stick to the error message I guess. :-)
@Lea_WMDE

WMDE-Fisch added a comment.Apr 19 2018, 1:15 PM

After a quick talk to @Lea_WMDE we came to the conclusion, that this should best be treated as custom error because it should be recoverable like for example the duplicated title error. Therefore the validation will happen early in the title validation steps.

gerritbot subscribed.Apr 19 2018, 3:45 PM

Change 427692 had a related patch set uploaded (by WMDE-Fisch; owner: WMDE-Fisch):
[mediawiki/extensions/FileImporter@master] Include title permission checks

https://gerrit.wikimedia.org/r/427692

gerritbot added a project: Patch-For-Review.Apr 19 2018, 3:45 PM
WMDE-Fisch mentioned this in rEFLI2eceffdba194: Include title permission checks.Apr 19 2018, 3:46 PM
WMDE-Fisch removed a subtask: T192767: Decide on a way how to display TitleBlacklist warnings.Apr 24 2018, 4:05 PM

Users with special are not blocked when using blacklisted words. The handling of that and the according warning message are part of T192933.

WMDE-Fisch moved this task from Doing to Review on the WMDE-QWERTY-Sprint-2018-04-17 board.Apr 24 2018, 4:08 PM
WMDE-Fisch mentioned this in rEFLI289262467ff3: Include title permission checks.Apr 24 2018, 4:13 PM
Tobi_WMDE_SW moved this task from Review to Demo on the WMDE-QWERTY-Sprint-2018-04-17 board.Apr 25 2018, 12:08 PM
gerritbot added a comment.Apr 25 2018, 12:09 PM

Change 427692 merged by jenkins-bot:
[mediawiki/extensions/FileImporter@master] Include title permission checks

https://gerrit.wikimedia.org/r/427692

Lea_WMDE added a subscriber: Tobi_WMDE_SW.Apr 25 2018, 12:45 PM

@WMDE-Fisch Do I understand that right, that we are currently refusing everyone to move the file if the TitleBlacklist extension triggers something?

And @Tobi_WMDE_SW how can I test this? :)

ReleaseTaggerBot added a project: MW-1.32-notes (WMF-deploy-2018-05-01 (1.32.0-wmf.2)).Apr 25 2018, 1:00 PM
WMDE-Fisch added a comment.Apr 25 2018, 1:06 PM
In T192369#4157373, @Lea_WMDE wrote:

@WMDE-Fisch Do I understand that right, that we are currently refusing everyone to move the file if the TitleBlacklist extension triggers something?

Nope, we only refuse blacklisted titles for users that do not have the "tboverwrite" right. So admins for example can still move files to blacklisted titles. ( that's also the normal behavior in the RL wiki world ). Everything else would be covered then by the T192933 ticket.

And @Tobi_WMDE_SW how can I test this? :)

So on http://mwfileimport.wmflabs.org/wiki/index.php/MediaWiki:Titleblacklist I have a blacklist configured that forbids the word "voldemort" in a title. .... So if you use a non-admin account you should get the blocking message when trying to set a title like that.

Tobi_WMDE_SW added a comment.Apr 25 2018, 1:09 PM
In T192369#4157466, @WMDE-Fisch wrote:
In T192369#4157373, @Lea_WMDE wrote:

And @Tobi_WMDE_SW how can I test this? :)

So on http://mwfileimport.wmflabs.org/wiki/index.php/MediaWiki:Titleblacklist I have a blacklist configured that forbids the word "voldemort" in a title. .... So if you use a non-admin account you should get the blocking message when trying to set a title like that.

Or you try to import this nice picture of Voldemort with a mustache. :D https://commons.wikimedia.org/wiki/File:Voldemort.jpg

Lea_WMDE updated the task description. (Show Details)Apr 25 2018, 1:50 PM

Interesting picture! It did bring some styling issue into view though:

Bildschirmfoto 2018-04-25 um 15.48.41.png (378×1 px, 55 KB)

Lea_WMDE moved this task from Demo to Review on the WMDE-QWERTY-Sprint-2018-04-17 board.Apr 25 2018, 1:50 PM
Lea_WMDE added a comment.Apr 25 2018, 1:53 PM

... also as you can see in the screenshot, the file name contains ".jpg" which results in ".jpg.jpg" once you save your new name. So as normally, we currently don't want to see the extension in the file name window.

WMDE-Fisch added a comment.Apr 26 2018, 1:54 PM
In T192369#4157607, @Lea_WMDE wrote:

Interesting picture! It did bring some styling issue into view though:

Bildschirmfoto 2018-04-25 um 15.48.41.png (378×1 px, 55 KB)

Yep, good point.

In T192369#4157625, @Lea_WMDE wrote:

... also as you can see in the screenshot, the file name contains ".jpg" which results in ".jpg.jpg" once you save your new name. So as normally, we currently don't want to see the extension in the file name window.

Ohh that seems to be a general bug with that form. I will look into it.

gerritbot added a comment.Apr 26 2018, 2:13 PM

Change 429200 had a related patch set uploaded (by WMDE-Fisch; owner: WMDE-Fisch):
[mediawiki/extensions/FileImporter@master] Allow parsed wikitext in RecoverableTitleException

https://gerrit.wikimedia.org/r/429200

WMDE-Fisch mentioned this in rEFLI942f47a9a5fc: Allow parsed wikitext in RecoverableTitleException.Apr 26 2018, 2:17 PM
gerritbot added a comment.Apr 26 2018, 2:38 PM

Change 429201 had a related patch set uploaded (by WMDE-Fisch; owner: WMDE-Fisch):
[mediawiki/extensions/FileImporter@master] Always use filename without extension in ChangeFileNameForm

https://gerrit.wikimedia.org/r/429201

WMDE-Fisch mentioned this in rEFLIa09a7a197c70: Always use filename without extension in ChangeFileNameForm.Apr 26 2018, 2:38 PM
Tobi_WMDE_SW moved this task from Review to Demo on the WMDE-QWERTY-Sprint-2018-04-17 board.May 2 2018, 8:36 AM
gerritbot added a comment.May 2 2018, 8:37 AM

Change 429201 merged by jenkins-bot:
[mediawiki/extensions/FileImporter@master] Always use filename without extension in ChangeFileNameForm

https://gerrit.wikimedia.org/r/429201

gerritbot added a comment.May 2 2018, 8:39 AM

Change 429200 merged by jenkins-bot:
[mediawiki/extensions/FileImporter@master] Allow parsed wikitext in RecoverableTitleException

https://gerrit.wikimedia.org/r/429200

ReleaseTaggerBot edited projects, added MW-1.32-notes (WMF-deploy-2018-05-08 (1.32.0-wmf.3)); removed MW-1.32-notes (WMF-deploy-2018-05-01 (1.32.0-wmf.2)).May 2 2018, 9:00 AM
Lea_WMDE closed this task as Resolved.May 3 2018, 1:51 PM
Lea_WMDE triaged this task as Medium priority.
Lea_WMDE moved this task from Demo to Done on the WMDE-QWERTY-Sprint-2018-04-17 board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL