Page MenuHomePhabricator
Create Task
Maniphest T224032

[BUG] Blocking from action "Editing their own talk page" is not effective unless "Editing" is also checked
Closed, ResolvedPublicBUG REPORT
Actions

Description

What is the problem?

If on the Special:Block form you check "Editing their own talk page" without also checking "Editing" (like below), the user/ip is not blocked from their own talk page.

editingown.png (951×764 px, 44 KB)

I believe (from testing previous versions) this bug predates the work done in T222737 and T219441, although it does not occur in 1.32.1. Someone could double-check that.

Looking very briefly at the code perhaps the issue is around this line of code: https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/master/includes/block/AbstractBlock.php#591

Steps to reproduce problem
  1. Block a username, IP or IP range, with settings like the above screenshot
  2. Login as the blocked user or access the wiki from the blocked IP
  3. Go the the user's or IP's talk page and click "Edit"/"Create"

Expected behavior: User cannot edit, is given a message telling them they are blocked.
Observed behavior: User can edit page.

Details

SubjectRepoBranchLines +/-
Fix user talk checkbox enabling/disabling on Special:Blockmediawiki/coremaster+10 -7
Customize query in gerrit

Related Objects

Event Timeline

dom_walden created this task.May 21 2019, 3:16 PM
Restricted Application added subscribers: MGChecker, Aklapper. · View Herald TranscriptMay 21 2019, 3:16 PM
Krenair subscribed.May 21 2019, 3:38 PM
MJL subscribed.May 21 2019, 8:21 PM
Tchanders subscribed.May 22 2019, 8:00 PM

Thanks for finding this.

I think this wouldn't have made sense <1.33 since that's when partial blocks was introduced, and the editing checkbox didn't exist before then. Only since partial blocks has it become theoretically possible to block someone only from their talk page.

Tchanders added a comment.May 22 2019, 9:45 PM

Thinking about this, the problem is that the user talk checkbox is enabled when the editing checkbox is unchecked.

Since partial blocks ignore the ipb_allow_usertalk field, the only way apply a partial block to the target's own user talk page is to explicitly name it as a page restriction.

If the editing checkbox is unchecked, then the block must be a partial block, so the user talk checkbox should be disabled.

gerritbot added a comment.May 22 2019, 9:58 PM

Change 512051 had a related patch set uploaded (by Tchanders; owner: Tchanders):
[mediawiki/core@master] Fix user talk checkbox enabling/disabling on Special:Block

https://gerrit.wikimedia.org/r/512051

gerritbot added a project: Patch-For-Review.May 22 2019, 9:58 PM
dom_walden added a comment.May 23 2019, 8:36 AM

How will this behave without JavaScript?

Tchanders added a comment.May 23 2019, 12:58 PM

Without JavaScript, this behaves similarly to making a partial block against editing a page: the admin can check the user talk checkbox, but it won't have an effect.

I guess the form has quite a few checkbox options that are ignored for certain combinations of parameters, which is made obvious for users with JS but not without. They can at least follow the Help link at the top of the page.

Tchanders claimed this task.May 23 2019, 4:46 PM
Tchanders moved this task from Untriaged to Yōd - י on the Anti-Harassment board.
Tchanders edited projects, added Anti-Harassment (Yōd - י); removed Anti-Harassment.
Tchanders moved this task from Ready to Review on the Anti-Harassment (Yōd - י) board.
gerritbot added a comment.May 23 2019, 10:10 PM

Change 512051 merged by jenkins-bot:
[mediawiki/core@master] Fix user talk checkbox enabling/disabling on Special:Block

https://gerrit.wikimedia.org/r/512051

dbarratt added subscribers: Prtksxna, dbarratt.May 23 2019, 11:23 PM

@Prtksxna I wonder if perhaps "Editing their own talk page" should be moved under "Editing" and changed to "Their own talk page"?

dbarratt moved this task from Review to QA/Testing on the Anti-Harassment (Yōd - י) board.May 23 2019, 11:31 PM
dom_walden added a comment.May 24 2019, 10:48 AM
In T224032#5207879, @Tchanders wrote:

Without JavaScript, this behaves similarly to making a partial block against editing a page: the admin can check the user talk checkbox, but it won't have an effect.

I guess the form has quite a few checkbox options that are ignored for certain combinations of parameters, which is made obvious for users with JS but not without. They can at least follow the Help link at the top of the page.

Fair enough. This will also affect people submitting blocks via the API.

What I don't like about it is that, if I submit such a block, the Special:BlockList, Special:Log/block etc. report "cannot edit own talk page", even though that is not true. An admin might assume we support such a configuration, when we don't.

utedit_blocklist.png (145×1 px, 15 KB)

dbarratt added a comment.May 24 2019, 2:13 PM
In T224032#5210078, @dom_walden wrote:

What I don't like about it is that, if I submit such a block, the Special:BlockList, Special:Log/block etc. report "cannot edit own talk page", even though that is not true. An admin might assume we support such a configuration, when we don't.

What happens in this scenario? Can you edit your own talk page or not?

dbarratt added a comment.May 24 2019, 2:17 PM

Oh, nevermind, I remember why we did this, it's because there is no database flag for if it is editing or not. A non-editing block is an empty sitewide block (for now). If you would like to create a task for that, I can write what would be needed (a new field in the database to distinguish editing blocks for non-editing blocks).

dbarratt added a comment.May 24 2019, 2:17 PM

Errr... well, I guess we could always fake it and use the same logic again, so if we know it's an empty partial block, then we can remove that from being displayed.

aezell edited projects, added Anti-Harassment (Kaf - כ); removed Anti-Harassment (Yōd - י).May 24 2019, 6:11 PM
aezell moved this task from Ready to QA/Testing on the Anti-Harassment (Kaf - כ) board.
ReleaseTaggerBot added a project: MW-1.34-notes (1.34.0-wmf.7; 2019-05-28).May 25 2019, 3:01 AM
Tchanders mentioned this in T224468: Block list and log incorrectly report "cannot edit own talk page" for some blocks.May 28 2019, 12:04 PM

@dom_walden I agree - filed as T224468

Maintenance_bot removed a project: Patch-For-Review.May 28 2019, 12:10 PM
Aklapper added a project: MediaWiki-User-management.May 28 2019, 12:12 PM

Assuming this task is about the user management in MediaWiki core, hence adding MediaWiki-User-management so someone could find this task.

dom_walden moved this task from QA/Testing to Done on the Anti-Harassment (Kaf - כ) board.May 28 2019, 12:13 PM
In T224032#5216247, @Tchanders wrote:

@dom_walden I agree - filed as T224468

Thanks!

"Editing their own talk page" checkbox only becomes enabled when selecting a sitewide block or a partial block with a namespace restriction to "User_talk".

We have not changed any of the behaviour of blocks, just the UI. So, further testing unnecessary.

Niharika closed this task as Resolved.May 29 2019, 10:20 PM
Tchanders mentioned this in T227199: 'Editing their own talk page' option has no effect when editing not selected.Jul 10 2019, 6:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits