The page preview function shows an unaccepted revision when logged out and viewing pending-protected pages. Very important since some vandalism was briefly visible from the main page due to this bug.
|Duplicate||None||T153595 Unapproved article version shown in mobile apps|
|Invalid||None||T163276 Show only approved article version for FlaggedRev Wikipedias|
|Duplicate||None||T163462 FlaggedRevs for Mobile Content Service|
|Open||None||T169116 Support flagged revisions in RESTBase|
|Open||None||T209936 Content of unaccepted pending revisions show up in RESTBase APIs|
We are going to need a lot more information here to identify the problem here.
- What is the URL you are viewing pending protected changes?
- What page were you on when you saw this bug?
- What link were you hovering over?
- What did you see (screenshot welcomed)
Thanks in advance for your answers.
I've dropped "unbreak now!" as we reserve that for issues that make the site inaccessible/unusable and given the limited information we can't make that call just yet.
Viewing the main page while logged out, on enwiki.
No screenshot since the error was reverted, testing is possible though. Hovering over Connie Talbot, vandalism was a change to the image. The image shown was the changed one, not the last accepted one, which I logged in to confirm. For reference, when I clicked on the article, it showed the unedited image until I logged in. Diff of vandalised revision was 869792136 on mobile. Original was viewed on PC (Windows).
@Username_Needed is this the vandalism you are talking about? https://en.wikipedia.org/api/rest_v1/page/html/Connie_Talbot/869792136 (tallest man)?
The summary is generated from the page https://en.wikipedia.org/api/rest_v1/page/summary/Connie_Talbot
The page image is the one that's listed in https://en.wikipedia.org/wiki/Connie%20Talbot?action=info
FlaggedRevisions doesn't actually lock down a page, so the content is still accessible to our APIs and will propagate to various places (page previews being the most visible), hence why it's showing up in page previews/images. The only way this kind of vandalism can get fixed is through an edit to the page and the only way it can be prevented is through protecting the page. This is a fundamental flaw in how FlaggedRevs is implemented.
I'm not sure what to suggest here, other than a change in FlaggedRevs, but even that's likely to be extremely complicated, but this has little to do with Page previews itself. Alternatively, if FlaggedRevs surfaced some kind of page property the REST apis I've listed above could be updated to check the status of whether a page has been flagged and hide them.