Page MenuHomePhabricator

When a newbie uses an external link in their question, it is not saved, and a nothing-telling message is returned
Closed, ResolvedPublic

Description

Hello,

I've noticed that when a newbie posts a question containing an external link (that would be normally met with a CAPTCHA), it is not saved, and merely "Something went wrong" is shown to the user, without the possibility to fill captcha and re-try, as it would happen if the edit was saved through normal means.

This is a specific instance of (more generic) T266465: Display a proper message when it's raised by EditFilterMergedContent messages, and it affects both GrowthExperiments-Help panel and GrowthExperiments-Mentorship, so tagging it with both tags.

Event Timeline

Related: T176589: Offer a hook manipulating the need for solving captchas.
I wonder why we are using captchas for external links in non-content namespaces. Would some confused spam bots write there otherwise?

@Tgr As a steward who locked thousands of spambots, I can assure you a lot of spambots write spam to their user pages. I don't know why, but it happens frequently. We can however alter user rights "for this request only" iirc, so if the goal is to remove captcha requirement, we can simply add skipcaptcha. I can also mix some things together here, so don't take my word :).

I however think the correct solution is to ask user to fill the captcha, if the wiki is configured in such way.

True, we could prevent captchas by a temporary user rights change.
Incorporating captchas into the help dialog seems like a rather ambitious goal, especially given what a mess the ConfirmEdit API is currently.

True, we could prevent captchas by a temporary user rights change.
Incorporating captchas into the help dialog seems like a rather ambitious goal, especially given what a mess the ConfirmEdit API is currently.

Maybe, through I think that's the ideal state. I'll upload a patch to use temporary user rights change.

Change 637878 had a related patch set uploaded (by Urbanecm; owner: Urbanecm):
[mediawiki/extensions/GrowthExperiments@master] Skip captcha when posting mentorship question

https://gerrit.wikimedia.org/r/637878

Urbanecm_WMF moved this task from Untriaged to Engineering on the User-Urbanecm_WMF board.
Urbanecm_WMF moved this task from Backlog to In review on the User-Urbanecm_WMF (Engineering) board.

Captchas protect against spambots; the possibility of spambots using the mentor dialog seems remote to me.

Agreed, that's a part of the reason why I submitted the patch :-). Hopefully it won't be abused, as once they figure it out, they can do it purposefully.

Change 637878 merged by jenkins-bot:
[mediawiki/extensions/GrowthExperiments@master] Skip captcha when posting mentorship question

https://gerrit.wikimedia.org/r/637878

@Urbanecm - checked in betalabs - it seems that cswiki betalabs is quite strict in allowing publishing external links. I tried to insert both - http and https link - into Mentorship panel and got my test user blocked after two attempts:

Screen Shot 2020-11-02 at 4.25.09 PM.png (457×511 px, 76 KB)
Screen Shot 2020-11-02 at 4.26.03 PM.png (486×575 px, 111 KB)

It happens only to new users (and it does not happen on enwiki betalabs); $wgCaptchaNewbieThreshold- what is it for cswiki betalabs?

This is some kind of abuse filter, nothing to do with captchas.

As @Majavah says - it's an antispam filter, irrelevant to this change. You can add the confirmed group to the user to workaround it for QA purposes.

@Etonkovidova To answer your question, wgCaptchaNewbieThreshold is not used by ConfirmEdit, see extension.json. In another words, that variable is null.

This is some kind of abuse filter, nothing to do with captchas.

@Etonkovidova To answer your question, wgCaptchaNewbieThreshold is not used by ConfirmEdit, see extension.json. In another words, that variable is null.

Well, the filter is quite restrictive - Block duration for registered users - infinite and it's applied not only to user namespaces - equals_to_any(page_namespace, 2, 3). And the action is to block the IP - and since the filter is global, all my non-admin users are blocked now.

@Urbanecm - can you edit the filter to make it less restrictive? I need to un-block my test users.

The majority of the posts are real spammers, see https://meta.wikimedia.beta.wmflabs.org/w/index.php?title=Special:AbuseLog&wpSearchFilter=63, so that's going to let a lot of spam through. I exempted your test accounts from the filter, it should work now :-).

The majority of the posts are real spammers, see https://meta.wikimedia.beta.wmflabs.org/w/index.php?title=Special:AbuseLog&wpSearchFilter=63, so that's going to let a lot of spam through. I exempted your test accounts from the filter, it should work now :-).

Thanks! Works for me :)

@MMiller_WMF - just FYI - no issues.

Checked in betalabs. Below is the description of the current behavior on how when the captcha will bi triggered

  • a new user (0 edits, in User group only) can post external links through Mentorship panel (from Homepage and from an article)
  • posting the external links on a page (including the Mentor User talk page) will trigger the captcha (Correct behavior).