Page MenuHomePhabricator

When a newbie uses an external link in their question, it is not saved, and a nothing-telling message is returned
Closed, ResolvedPublic

Description

Hello,

I've noticed that when a newbie posts a question containing an external link (that would be normally met with a CAPTCHA), it is not saved, and merely "Something went wrong" is shown to the user, without the possibility to fill captcha and re-try, as it would happen if the edit was saved through normal means.

This is a specific instance of (more generic) T266465: Display a proper message when it's raised by EditFilterMergedContent messages, and it affects both GrowthExperiments-Help panel and GrowthExperiments-MentorshipModule, so tagging it with both tags.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 26 2020, 12:31 PM
Tgr added a subscriber: Tgr.Oct 30 2020, 11:38 PM

Related: T176589: Offer a hook manipulating the need for solving captchas.
I wonder why we are using captchas for external links in non-content namespaces. Would some confused spam bots write there otherwise?

@Tgr As a steward who locked thousands of spambots, I can assure you a lot of spambots write spam to their user pages. I don't know why, but it happens frequently. We can however alter user rights "for this request only" iirc, so if the goal is to remove captcha requirement, we can simply add skipcaptcha. I can also mix some things together here, so don't take my word :).

I however think the correct solution is to ask user to fill the captcha, if the wiki is configured in such way.

Tgr added a comment.Nov 1 2020, 7:37 AM

True, we could prevent captchas by a temporary user rights change.
Incorporating captchas into the help dialog seems like a rather ambitious goal, especially given what a mess the ConfirmEdit API is currently.

True, we could prevent captchas by a temporary user rights change.
Incorporating captchas into the help dialog seems like a rather ambitious goal, especially given what a mess the ConfirmEdit API is currently.

Maybe, through I think that's the ideal state. I'll upload a patch to use temporary user rights change.

Change 637878 had a related patch set uploaded (by Urbanecm; owner: Urbanecm):
[mediawiki/extensions/GrowthExperiments@master] Skip captcha when posting mentorship question

https://gerrit.wikimedia.org/r/637878

Restricted Application added a project: User-Urbanecm_WMF. · View Herald TranscriptNov 1 2020, 5:54 PM
Urbanecm_WMF triaged this task as Low priority.Nov 1 2020, 5:54 PM
Urbanecm_WMF moved this task from Backlog to Coding on the User-Urbanecm_WMF board.
Urbanecm_WMF moved this task from Backlog to In review on the User-Urbanecm_WMF (Coding) board.
Tgr added a comment.Nov 1 2020, 7:59 PM

Captchas protect against spambots; the possibility of spambots using the mentor dialog seems remote to me.

Agreed, that's a part of the reason why I submitted the patch :-). Hopefully it won't be abused, as once they figure it out, they can do it purposefully.

Change 637878 merged by jenkins-bot:
[mediawiki/extensions/GrowthExperiments@master] Skip captcha when posting mentorship question

https://gerrit.wikimedia.org/r/637878

@Urbanecm - checked in betalabs - it seems that cswiki betalabs is quite strict in allowing publishing external links. I tried to insert both - http and https link - into Mentorship panel and got my test user blocked after two attempts:

It happens only to new users (and it does not happen on enwiki betalabs); $wgCaptchaNewbieThreshold- what is it for cswiki betalabs?

Tgr added a comment.Nov 3 2020, 3:02 AM

This is some kind of abuse filter, nothing to do with captchas.

As @Majavah says - it's an antispam filter, irrelevant to this change. You can add the confirmed group to the user to workaround it for QA purposes.

@Etonkovidova To answer your question, wgCaptchaNewbieThreshold is not used by ConfirmEdit, see extension.json. In another words, that variable is null.

This is some kind of abuse filter, nothing to do with captchas.

@Etonkovidova To answer your question, wgCaptchaNewbieThreshold is not used by ConfirmEdit, see extension.json. In another words, that variable is null.

Well, the filter is quite restrictive - Block duration for registered users - infinite and it's applied not only to user namespaces - equals_to_any(page_namespace, 2, 3). And the action is to block the IP - and since the filter is global, all my non-admin users are blocked now.

@Urbanecm - can you edit the filter to make it less restrictive? I need to un-block my test users.

The majority of the posts are real spammers, see https://meta.wikimedia.beta.wmflabs.org/w/index.php?title=Special:AbuseLog&wpSearchFilter=63, so that's going to let a lot of spam through. I exempted your test accounts from the filter, it should work now :-).

The majority of the posts are real spammers, see https://meta.wikimedia.beta.wmflabs.org/w/index.php?title=Special:AbuseLog&wpSearchFilter=63, so that's going to let a lot of spam through. I exempted your test accounts from the filter, it should work now :-).

Thanks! Works for me :)

Urbanecm_WMF added a subscriber: Urbanecm.

@MMiller_WMF - just FYI - no issues.

Checked in betalabs. Below is the description of the current behavior on how when the captcha will bi triggered

  • a new user (0 edits, in User group only) can post external links through Mentorship panel (from Homepage and from an article)
  • posting the external links on a page (including the Mentor User talk page) will trigger the captcha (Correct behavior).
Restricted Application removed a subscriber: Urbanecm. · View Herald TranscriptNov 3 2020, 11:31 PM
MMiller_WMF closed this task as Resolved.Nov 24 2020, 5:47 AM

Thank you!