Autoblocks expands templates before storing in database
Closed, ResolvedPublicBUG REPORT
Actions

Assigned To

Authored By

	dom_walden
	Oct 25 2019, 4:37 PM

Description

What is the problem?

If you create an autoblock with the reason as a template, for the IP blocks that get created as a result, the reason gets expanded when it is stored in the database.

For example, you see the expanded wikitext, not the {{template}} in the block reason:
https://test.wikipedia.org/wiki/Special:BlockList?wpTarget=%2318166
https://en.wikipedia.beta.wmflabs.org/wiki/Special:BlockList?wpTarget=%238096

Steps to reproduce problem

Special:Block
Create a user block:
- set the block reason to be a template
- at the bottom check Automatically block the last IP address used by this user, and any subsequent IP addresses they try to edit from
Look at the Autoblock that gets created in Special:BlockList

Expected behavior: Reason for block something like Autoblocked because your IP address has been recently used by "$user". The reason given for $user's block is "{{template}}"
Observed behavior: Reason is expanded into the template's wikitext

Details

	Subject	Repo	Branch	Lines +/-
	Save autoblock reasons with unexpanded templates	mediawiki/core	master	+3 -4
	Don't expand template for reason on saving an autoblock	mediawiki/core	master	+7 -2

Customize query in gerrit

Related Objects

Mentioned Here: rMW68d87dba9f21: Remove Parser::serializeHalfParsedText() and helpers

Event Timeline

dom_walden created this task.Oct 25 2019, 4:37 PM

Restricted Application added subscribers: Liuxinyu970226, MGChecker, Aklapper. · View Herald TranscriptOct 25 2019, 4:37 PM

Change 546233 had a related patch set uploaded (by Tchanders; owner: Tchanders):
[mediawiki/core@master] Don't expand template for reason on saving an autoblock

https://gerrit.wikimedia.org/r/546233

gerritbot added a project: Patch-For-Review.Oct 25 2019, 4:44 PM

dom_walden updated the task description. (Show Details)Oct 25 2019, 5:25 PM

dom_walden updated the task description. (Show Details)

Tchanders claimed this task.Oct 25 2019, 7:33 PM

Tchanders moved this task from Untriaged to The Letter Song on the Anti-Harassment board.

Tchanders edited projects, added Anti-Harassment (The Letter Song); removed Anti-Harassment.

Tchanders moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to Code Review 🔍 on the Anti-Harassment (The Letter Song) board.

JJMC89 moved this task from Backlog to User blocking on the MediaWiki-User-management board.Oct 28 2019, 5:47 AM

dbarratt moved this task from Code Review 🔍 to QA/Testing 🐞 on the Anti-Harassment (The Letter Song) board.Oct 29 2019, 7:49 PM

Change 546233 merged by jenkins-bot:
[mediawiki/core@master] Don't expand template for reason on saving an autoblock

https://gerrit.wikimedia.org/r/546233

Maintenance_bot removed a project: Patch-For-Review.Oct 29 2019, 8:10 PM

ReleaseTaggerBot added a project: MW-1.35-notes (1.35.0-wmf.5; 2019-11-05).Oct 29 2019, 9:00 PM

@Tchanders Testing on beta, for autoblocks the comment_text still appears to be stored in the DB in the expanded form.

E.g.:

+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+
| comment_text                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | comment_data                                                      |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+
| [[Wikipedia:Autoblock|Autoblocked]] because your IP address was recently used by "[[User:Drwpb|Drwpb]]". The reason given for Drwpb's block is: "
{| style="background-color:#F9F9F9; border:1px solid #A00; padding:5px;"
|[[File:Kgpg new.svg|48px]] '''To edit, please [[Special:Userlogin|log in]].'''
<hr />
Editing by unregistered users from your shared [[IP address]] or address range may be currently disabled. [[Wikipedia:Why create an account?|Registered users]], however, are still able to edi... | {"_null":true,"_message":["autoblocker","Drwpb","{{anonblock}}"]} |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+

Looks ok in Special:BlockList and in the block error message, but the API call action=query&list=blocks returns:

{
    "batchcomplete": "",
    "query": {
        "blocks": [
            {
                "id": 8108,
                "by": "Dom walden",
                "timestamp": "2019-10-30T08:22:12Z",
                "expiry": "2019-10-30T11:22:12Z",
                "reason": "[[Wikipedia:Autoblock|Autoblocked]] because your IP address was recently used by \"[[User:Drwpb|Drwpb]]\". The reason given for Drwpb's block is: \"\n{| style=\"background-color:#F9F9F9; border:1px solid #A00; padding:5px;\"\n|[[File:Kgpg new.svg|48px]] '''To edit, please [[Special:Userlogin|log in]].'''\n<hr />\nEditing by unregistered users from your shared [[IP address]] or address range may be currently disabled. [[Wikipedia:Why create an account?|Registered users]], however, are still able to edi...",
                "automatic": "",
                "nocreate": "",
                "allowusertalk": ""
            },
            {
                "id": 8107,
                "user": "Drwpb",
                "by": "Dom walden",
                "timestamp": "2019-10-30T08:22:12Z",
                "expiry": "2019-10-30T11:22:12Z",
                "reason": "{{anonblock}}",
                "nocreate": "",
                "autoblock": "",
                "allowusertalk": ""
            }
        ]
    }
}

Tchanders moved this task from QA/Testing 🐞 to In Progress 💪 on the Anti-Harassment (The Letter Song) board.Oct 30 2019, 12:35 PM

Change 547211 had a related patch set uploaded (by Tchanders; owner: Tchanders):
[mediawiki/core@master] Save autoblock reasons with unexpanded templates

https://gerrit.wikimedia.org/r/547211

gerritbot added a project: Patch-For-Review.Oct 30 2019, 2:09 PM

Tchanders moved this task from In Progress 💪 to Code Review 🔍 on the Anti-Harassment (The Letter Song) board.Oct 30 2019, 2:09 PM

Change 547211 merged by jenkins-bot:
[mediawiki/core@master] Save autoblock reasons with unexpanded templates

https://gerrit.wikimedia.org/r/547211

Tchanders moved this task from Code Review 🔍 to QA/Testing 🐞 on the Anti-Harassment (The Letter Song) board.Oct 31 2019, 2:04 PM

Maintenance_bot removed a project: Patch-For-Review.Oct 31 2019, 2:10 PM

On https://en.wikipedia.beta.wmflabs.org I created a number of autoblocks with different block reasons, including templates, other forms of wikitext, HTML tags and that had no block reason.

Database comment table
Checked:

Templates were not expanded for either the parent or child autoblock.
For the child's block reason, [[Wikipedia:Autoblock|Autoblocked]] because your IP address was recently used by "[[User:$blockee|$blockee]]". The reason given for $blockee's block is: "$parent_reason"
- $blockee is correct.
- $parent_reason matches the parent's block reason.

Special:BlockList and api.php?action=query&list=blocks
Checked that the child's block reason includes the parent's block reason correctly.

Block error messages
Checked the block reason displayed without obvious problems, including the blockee name.

Briefly looked at the block error message in the API, though not systematically.

Script
On my local vagrant (1.35.0-alpha (68d87db) 04:22, 1 November 2019), ran a script which created autoblocks using wikitext from our parser tests as block reasons.

Checked that:

The block reason stored in the database matches what was passed to the API (for the child and parent autoblocks).
For api.php?action=query&list=blocks, parent block reason is substring of child block reason and blockee is correct.

In total, the script used about 300 examples of wikitext taken from this file as block reasons. Mainly taken from the top of that file, so potentially more obscure wikitext from the bottom has been ignored.

Also, after doing all this I checked the debug logs of my local vagrant wiki. Did not find any suspect errors.

dbarratt closed this task as Resolved.Nov 1 2019, 5:10 PM

Autoblocks expands templates before storing in databaseClosed, ResolvedPublicBUG REPORTActions