Prepare TemplateSandbox extension for IP Masking
Closed, ResolvedPublic
Actions

Description

A preliminary investigation (T326759) has found that the TemplateSandbox extension may be affected by IP Masking

Details

Related Changes in Gerrit:

	Subject	Repo	Branch	Lines +/-
	Don't prefill IP address in sandbox prefix for anonymous users	mediawiki/extensions/TemplateSandbox	master	+17 -5

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
		Restricted Task
Resolved	kostajh	T294511 2021 Security Team wikireplicas audit
Declined	None	T284948 Raw IPs of logged-out users disclosed in wiki-replicas
Resolved	Niharika	T324492 Temporary accounts - MVP
Resolved	Madalina	T326816 [Epic] Update features for temporary accounts
Resolved	Amdrel	T326928 Prepare TemplateSandbox extension for IP Masking

Event Timeline

Tchanders created this task.Jan 13 2023, 10:12 AM

• TAdeleye_WMF edited projects, added Trust and Safety Product Team; removed Anti-Harassment-Team.May 14 2024, 4:16 PM

Tchanders edited projects, added Temporary accounts (Update unowned extensions); removed Temporary accounts.Jun 11 2024, 5:07 PM

Amdrel changed the task status from Open to In Progress.Jul 29 2024, 7:04 PM

Amdrel claimed this task.

The only functional difference that I see between anonymous and signed-in users is that JS and CSS preview are disabled for anonymous users as their edit tokens are predictable. To my knowledge, this is not an issue with temporary accounts, so aligning this functionality between temporary accounts and anonymous editors shouldn't be necessary.

Tchanders added a project: Trust and Safety Product Sprint (Sprint Erhu (August 5th - August 16th)).Aug 1 2024, 2:26 PM

Tchanders moved this task from Priority Backlog to Needs Review on the Trust and Safety Product Sprint (Sprint Erhu (August 5th - August 16th)) board.Aug 5 2024, 9:32 AM

When I load Special:TemplateSandbox when logged out, the default value in the Sandbox prefix: field contains the IP address of the user:

I think we should not display the IP address of the user in that field. As such, we should probably have the default value of the field as an empty string if the user is logged out (i.e. has not made an edit to get a temporary account yet).

@Amdrel what do you think of my suggestion?

An empty string default should be fine as that field is not required. Should we make this conditional by checking if temporary users are also known or enabled so this change only takes effect when temporary accounts start being used?

In T326928#10074525, @Amdrel wrote:

Should we make this conditional by checking if temporary users are also known or enabled so this change only takes effect when temporary accounts start being used?

I think that would be a good plan to make the default empty for logged out users when temporary accounts are enabled, as without temporary accounts an IP could still be using the page in this way.

I think we should leave it untouched when the feature is known as when the feature is known someone can still make edits while logged out and therefore potentially use the form in the same way as if the feature had never been enabled.

However, I personally don't mind if you disagree with my last point so feel free to choose enabled vs enabled or known.

I agree with you on your second point. I can make a patch for this.

Change #1063907 had a related patch set uploaded (by Amdrel; author: Amdrel):

[mediawiki/extensions/TemplateSandbox@master] Don't prefill IP address in sandbox prefix for anonymous users

https://gerrit.wikimedia.org/r/1063907

gerritbot added a project: Patch-For-Review.Aug 19 2024, 10:11 PM

In T326928#10073395, @Dreamy_Jazz wrote:

When I load Special:TemplateSandbox when logged out, the default value in the Sandbox prefix: field contains the IP address of the user:

I think we should not display the IP address of the user in that field. As such, we should probably have the default value of the field as an empty string if the user is logged out (i.e. has not made an edit to get a temporary account yet).

@Amdrel what do you think of my suggestion?

We could also use acquireAndStashName on TempUserCreator, but probably more trouble than it's worth. Just wanted to note it in case you all think it would be useful.

In T326928#10076389, @kostajh wrote:

In T326928#10073395, @Dreamy_Jazz wrote:

When I load Special:TemplateSandbox when logged out, the default value in the Sandbox prefix: field contains the IP address of the user:

I think we should not display the IP address of the user in that field. As such, we should probably have the default value of the field as an empty string if the user is logged out (i.e. has not made an edit to get a temporary account yet).

@Amdrel what do you think of my suggestion?

We could also use acquireAndStashName on TempUserCreator, but probably more trouble than it's worth. Just wanted to note it in case you all think it would be useful.

The one concern with that is that the prefix is used to find existing pages, so using this would give a prefix that will never have any subpages (as the username is created when the user loads the page).

Change #1063907 merged by jenkins-bot:

[mediawiki/extensions/TemplateSandbox@master] Don't prefill IP address in sandbox prefix for anonymous users

https://gerrit.wikimedia.org/r/1063907

Amdrel mentioned this in rETSA154b0aa82516: Don't prefill IP address in sandbox prefix for anonymous users.Aug 20 2024, 8:08 AM

Dreamy_Jazz moved this task from Needs Review to Needs QA on the Trust and Safety Product Sprint (Sprint Erhu (August 5th - August 16th)) board.Aug 20 2024, 8:24 AM

ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.20; 2024-08-27).Aug 20 2024, 9:00 AM