Cascade-protecting files should protect the file, not the description page
Open, MediumPublic
Actions

Assigned To

None

Authored By

	• bzimport
	Feb 14 2010, 6:58 PM

Description

Author: happy.melon.wiki

Description:
Currently inlining an image on a cascade-protected page protects the image, which is good. T8579 introduces functionality that allows only the file to be protected, not the description page. Only changes which actually affect the cascade-protected page should be prevented, which in this case means changing the file pointed to. So cascade protection of inlined images should be to protect the file, not the description page.

Version: unspecified
Severity: normal

Details

Reference: bz22521

	Subject	Repo	Branch	Lines +/-
	Protection: Rework on how cascade-protection are applied to files	mediawiki/core	master	+80 -41

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
Open	None	T24521 Cascade-protecting files should protect the file, not the description page
Resolved	None	T8579 Allowing protecting files without protecting image pages
Open	None	T109435 Disregard "edit" permission when uploading to an existing file
Declined	None	T10658 Allow cascading protections for non-full protection

Event Timeline

• bzimport raised the priority of this task from to Medium.Nov 21 2014, 10:58 PM

• bzimport added a project: MediaWiki-Page-protection.

• bzimport set Reference to bz22521.

• bzimport added a subscriber: Unknown Object (MLST).

• bzimport created this task.Feb 14 2010, 6:58 PM

See: http://commons.wikimedia.org/wiki/Commons:Village_pump#Cascade_protection_of_Main_Page

I feel cascade protection is a problem for Commons where it is impossible to modify the file description page of the highlighted file.

This prevents possible improvements such as categorization of the file, translation of file description, update of assessments template (to match WMF blog).

saibotrash wrote:

The cascade protection may be used to protect the file descs, too. I think it would be stupid if the behavior would change after several years (for some users).

Maybe a new option should be there: "except file descs from cascade protection"([edit=<unaffected>] just move and upload cascaded). The cascade protection only would need to apply to upload and move.

Saibo: The reason for cascade protection existence is to protect the page and everything that it's included on the page from being changed. Templates are protected because their contents are transcluded on the page. Since editing the template would change the contents of the article, cascade protection prevents the edition of the template contents. For images/files, what it's included in the page is the image itself, not the description, so the upload or revert of versions of the image should be prevented. Uploading a new version of a file is like editing a transcluded template. There's no point in prevent the edition of the file description since editing it won't affect the protected page in any way.

If you want file descriptions to be protected just transclude them on the protected page, like {{:File:Example.png}}. That would be consistent with other namespaces. Otherwise I don't see any point in using cascade protect just for file description pages.

Ciencia_Al_Poder awarded a token.Dec 31 2014, 3:54 PM

Steinsplitter awarded a token.Jan 2 2015, 5:29 PM

SJu subscribed.Jul 11 2015, 2:49 AM

zhuyifei1999 mentioned this in T109410: Introduce earlier check for cascade protected images when uploading.Aug 18 2015, 12:27 PM

zhuyifei1999 subscribed.Aug 18 2015, 1:00 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 18 2015, 1:00 PM

zhuyifei1999 added a subtask: T109435: Disregard "edit" permission when uploading to an existing file.Aug 18 2015, 2:15 PM

Related: T62109; transclusion doesn't cascade protect properly.

zhuyifei1999 merged a task: T44818: Page-specific protection settings should override cascading protection settings (at least for file description pages).Aug 18 2015, 2:29 PM

zhuyifei1999 added subscribers: tomasz, Dinoguy1000.

zhuyifei1999 mentioned this in T109435: Disregard "edit" permission when uploading to an existing file.Aug 19 2015, 5:45 AM

This sounds blocked on T10658, which should IMHO fixed but was declined.

Nemo_bis added a subtask: T10658: Allow cascading protections for non-full protection.Aug 23 2015, 8:04 AM

In T24521#1564827, @Nemo_bis wrote:

This sounds blocked on T10658, which should IMHO fixed but was declined.

I don't see how they are related. A cascade-protected page such as a main page should protect the used files properly (and not the file description pages), whether the main page is under full or semi-protection.

I don't see how they are related.

The relation is that AFAICS by editing a cascade-protected file's description one could protect further files without being sysop, the same scenario.

In T24521#1565042, @Nemo_bis wrote:

The relation is that AFAICS by editing a cascade-protected file's description one could protect further files without being sysop, the same scenario.

Nah ;) There's no recursion in cascade protect detection. What it matters is which cascade-protected pages actually has an *image link* to the file (via imagelinks table). You can't modify that with a file description page, can you?

I'll submit a patch for T109435 in a few minutes, when I finish the commit message.

Change 233207 had a related patch set uploaded (by Zhuyifei1999):
Cascade-protection: Fixes for files

https://gerrit.wikimedia.org/r/233207

gerritbot added a project: Patch-For-Review.Aug 23 2015, 1:57 PM

Krenair subscribed.Aug 23 2015, 3:14 PM

zhuyifei1999 added a project: User-notice.Aug 25 2015, 12:20 PM

Johan moved this task from To Triage to Not ready to announce on the User-notice board.Aug 27 2015, 4:40 PM

Liuxinyu970226 subscribed.Oct 17 2015, 8:28 AM

Liuxinyu970226 set Security to None.Oct 17 2015, 8:36 AM

Meno25 unsubscribed.Feb 22 2016, 5:44 PM

tomasz unsubscribed.Mar 18 2016, 5:57 PM

Metronomo subscribed.Oct 15 2016, 3:45 AM