Page MenuHomePhabricator
Create Task
Maniphest T193355

Titleblacklist - Compromised Error Messages
Closed, DeclinedPublic
Actions

Description

Under the i18n default messages, error messages (titleblacklist-forbidden-edit, titleblacklist-forbidden-move, titleblacklist-forbidden-upload, titleblacklist-forbidden-new-account) contain the actual regex tripped. This severely compromises the effectiveness of such rules, despite the regex rules being publicly viewable, especially given that even wikimedia wikis remove the following from the relevant MediaWiki page:

It matches the following blacklist entry: <code>$1</code>

I am requesting that this default be removed from the i18n messages.

Edit: doesn't seem to be any interest, especially when all the regex is already public at mediawiki:titleblacklist anyways

Event Timeline

SpookyGhost8 created this task.Apr 29 2018, 8:26 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 29 2018, 8:26 PM
SpookyGhost8 updated the task description. (Show Details)Apr 29 2018, 11:12 PM
Vvjjkkii renamed this task from Titleblacklist - Compromised Error Messages to c0daaaaaaa.Jul 1 2018, 1:13 AM
Vvjjkkii triaged this task as High priority.
Vvjjkkii added projects: CheckUser, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), Tamil-Sites, Gamepress, Hashtags, Jade, KartoEditor, Language-2018-Apr-June, New-Editor-Experiences, Mail, TCB-Team (now WMDE-TechWish).
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii removed a subscriber: Aklapper.
CommunityTechBot renamed this task from c0daaaaaaa to Titleblacklist - Compromised Error Messages.Jul 2 2018, 4:33 PM
CommunityTechBot raised the priority of this task from High to Needs Triage.
CommunityTechBot updated the task description. (Show Details)
CommunityTechBot removed projects: TCB-Team (now WMDE-TechWish), Mail, New-Editor-Experiences, Language-2018-Apr-June, KartoEditor, Jade, Hashtags, Gamepress, Tamil-Sites, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), CheckUser.
CommunityTechBot added a subscriber: Aklapper.
SpookyGhost8 closed this task as Declined.Oct 6 2018, 6:19 PM
SpookyGhost8 updated the task description. (Show Details)
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL