The public wiki replicas allow users to see abuse_filter_log rows which are hidden on Special:AbuseLog because they are associated with private or protected filters.
Details | Screenshot |
---|---|
View of https://en.wikipedia.org/wiki/Special:AbuseLog/38819561 for a logged out user | |
Quarry query that accesses this data on the public wiki replicas (https://quarry.wmcloud.org/history/86560/933247/905627) | |
Steps to replicate the issue
- Create a testing filter and mark it as either private or protected
- Trigger that filter and note down the ID for the filter log hit
- Access the public wiki replica DBs, such as using https://quarry.wmcloud.org/
- Query the abuse_filter_log table for the log ID noted down in step 2
What happens?:
The filter log entry that is hidden on-wiki appears on the public wiki replicas
What should have happened instead?:
The filter log should have been hidden, as the associated filter is hidden from public view