Page MenuHomePhabricator
Create Task
Maniphest T419158

Add rate limits for page deletion in Special:Nuke
Closed, ResolvedPublic
Actions

Description

Special:Nuke bypasses the rate limiter: it checks permissions via PermissionManager::getPermissionErrors() (which doesn't check rate limits) and then pushes DeletePageJob jobs directly via the job queue.

Acceptance criteria

  • Add rate limit checking to Special:Nuke before queuing deletion jobs

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Check delete rate limit before queuing deletionsmediawiki/extensions/NukeREL1_44+6 -0
Check delete rate limit before queuing deletionsmediawiki/extensions/NukeREL1_43+6 -0
Check delete rate limit before queuing deletionsmediawiki/extensions/NukeREL1_45+6 -0
Check delete rate limit before queuing deletionsmediawiki/extensions/Nukemaster+6 -0
Customize query in gerrit

Event Timeline

kostajh created this task.Mar 5 2026, 7:53 PM
Restricted Application added a project: Moderator-Tools-Team. · View Herald TranscriptMar 5 2026, 7:53 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
gerritbot added a comment.Mar 5 2026, 7:54 PM

Change #1248585 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[mediawiki/extensions/Nuke@master] WIP SpecialNuke: Check delete rate limit before queuing deletions

https://gerrit.wikimedia.org/r/1248585

gerritbot added a project: Patch-For-Review.Mar 5 2026, 7:54 PM
neriah subscribed.Mar 5 2026, 7:54 PM
Scardenasmolinar edited projects, added Moderator-Tools-Team (Kanban); removed Moderator-Tools-Team.Mar 5 2026, 8:56 PM
Scardenasmolinar updated the task description. (Show Details)
Scardenasmolinar moved this task from Ready to QA on the Moderator-Tools-Team (Kanban) board.
gerritbot added a comment.Mar 5 2026, 8:58 PM

Change #1248585 merged by jenkins-bot:

[mediawiki/extensions/Nuke@master] Check delete rate limit before queuing deletions

https://gerrit.wikimedia.org/r/1248585

ReleaseTaggerBot added a project: MW-1.46-notes (1.46.0-wmf.19; 2026-03-10).Mar 5 2026, 9:00 PM
Maintenance_bot removed a project: Patch-For-Review.Mar 5 2026, 9:31 PM
Izno subscribed.Mar 6 2026, 2:40 AM
Samwalton9-WMF subscribed.Mar 6 2026, 11:14 AM

Thanks for working on this. Just to clarify, what is the user-facing impact of this? How many deletions would need to be queued before a rate limit was hit? Is the limit per-user or project-wide?

sbassett added a project: 2026-user-javascript-incident.Mar 6 2026, 3:54 PM
A_smart_kitten renamed this task from Add rate limits for page deletion to Add rate limits for page deletion in Special:Nuke.Mar 6 2026, 4:47 PM
DMburugu added a project: Essential-Work.Mar 9 2026, 12:04 PM
jsn.sherman moved this task from QA to Done on the Moderator-Tools-Team (Kanban) board.Mar 11 2026, 6:26 PM
Johannnes89 subscribed.Mar 12 2026, 7:46 AM
Scardenasmolinar subscribed.Mar 12 2026, 6:35 PM

Is the limit per-user or project-wide?

All of the rate limits I've seen are per-user and can even be per-user experience (newcomers can have a lower rate limit than experienced ones, for example). There are also users who can be assigned a noratelimit: https://www.mediawiki.org/wiki/Manual:User_rights#noratelimit

Novem_Linguae subscribed.Mar 15 2026, 7:13 AM
Catrope moved this task from Backlog to Q3 on the 2026-user-javascript-incident board.Mar 18 2026, 4:54 PM
MLechvien-WMF added a project: Sustainability (Incident Followup).Mar 19 2026, 11:42 AM
gerritbot added a comment.Mar 19 2026, 4:48 PM

Change #1255788 had a related patch set uploaded (by Reedy; author: Kosta Harlan):

[mediawiki/extensions/Nuke@REL1_45] Check delete rate limit before queuing deletions

https://gerrit.wikimedia.org/r/1255788

gerritbot added a project: Patch-For-Review.Mar 19 2026, 4:48 PM

Change #1255789 had a related patch set uploaded (by Reedy; author: Kosta Harlan):

[mediawiki/extensions/Nuke@REL1_44] Check delete rate limit before queuing deletions

https://gerrit.wikimedia.org/r/1255789

gerritbot added a comment.Mar 19 2026, 4:48 PM

Change #1255790 had a related patch set uploaded (by Reedy; author: Kosta Harlan):

[mediawiki/extensions/Nuke@REL1_43] Check delete rate limit before queuing deletions

https://gerrit.wikimedia.org/r/1255790

jsn.sherman closed this task as Resolved.Mar 24 2026, 5:06 PM
jsn.sherman claimed this task.
gerritbot added a comment.Mar 25 2026, 10:12 PM

Change #1255788 merged by jenkins-bot:

[mediawiki/extensions/Nuke@REL1_45] Check delete rate limit before queuing deletions

https://gerrit.wikimedia.org/r/1255788

gerritbot added a comment.Mar 25 2026, 10:13 PM

Change #1255790 merged by jenkins-bot:

[mediawiki/extensions/Nuke@REL1_43] Check delete rate limit before queuing deletions

https://gerrit.wikimedia.org/r/1255790

gerritbot added a comment.Mar 25 2026, 10:13 PM

Change #1255789 merged by jenkins-bot:

[mediawiki/extensions/Nuke@REL1_44] Check delete rate limit before queuing deletions

https://gerrit.wikimedia.org/r/1255789

Maintenance_bot removed a project: Patch-For-Review.Mar 25 2026, 10:30 PM
jsn.sherman added a comment.Mar 27 2026, 6:29 PM
In T419158#11681074, @Samwalton9-WMF wrote:

Thanks for working on this. Just to clarify, what is the user-facing impact of this? How many deletions would need to be queued before a rate limit was hit? Is the limit per-user or project-wide?

@Samwalton9-WMF I don't see any current rate limits set for delete actions in mediawiki-config. This patch doesn't set any limits, it just makes Mass Delete respect them.

Limits are sometimes added/removed/modified on a temporary basis to respond to ongoing events or conditions, so there could certainly be a future impact if limits are set / adjusted downward in the future.

Maybe @kostajh could let us know if I'm missing something.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits