Page MenuHomePhabricator

Flow: Suppression redacts the wrong username
Closed, ResolvedPublic

Description

/Username suppressed/ is Quiddity (the suppressor).
The IP is still visible.

.>


Version: unspecified
Severity: normal
Whiteboard: flow_suppression
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=58725

Details

Reference
bz58016

Related Objects

Event Timeline

bzimport raised the priority of this task from to Unbreak Now!.
bzimport set Reference to bz58016.
bzimport added a subscriber: Unknown Object (MLST).
Quiddity created this task.Dec 5 2013, 1:58 AM

bingle-admin wrote:

The WMF core features team tracks this bug on Mingle card https://mingle.corp.wikimedia.org/projects/flow/cards/587, but people from the community are welcome to contribute here and in Gerrit.

This is in history, I think?

While we do indeed redact the wrong username, shouldn't we just remove any trace of entries that have been suppressed, for users that don't have permissions to see them? (just like suppression log isn't visible to all users)

And for users that do have sufficient permissions to view suppressed entries, we can probably show the them with their normal, non-redacted, usernames?

Change 102203 had a related patch set uploaded by Matthias Mullie:
Fetch moderation status from last revision

https://gerrit.wikimedia.org/r/102203

(In reply to comment #2)

This is in history, I think?

I saw it in Recent Changes, but everywhere that it might appear needs to be checked.

Change 102203 merged by jenkins-bot:
Fetch moderation status from last revision

https://gerrit.wikimedia.org/r/102203

The above change is a partial fix, but not really fixing the base issue.

greg added a comment.Jan 27 2014, 4:58 AM

Erik B: What more is needed? What is still wrong?

Greg: There may be more, but as far as I know:

We currently look at the most recent revision to see if the user has permissions to see that. If it's suppressed & user has no privileges, we don't show anything about that post at all.

However, if a post is suppressed, then restored (so most recent revision != suppressed), an unprivileged user will see a history entry about suppression (probably still with the incorrect redacted name), but he should probably not be allowed to see the suppress & restore history lines.

Risker added a comment.Feb 4 2014, 5:53 AM

Okay, on testing suppression on https://en.wikipedia.org/wiki/Wikipedia_talk:Flow/Developer_test_page

The following post was suppressed as a test:

Risker (talk | contribs | block)

Titodutta: thank you for your post. I am testing again because I have reported "quivering" text. With each keystroke, everything from this editing box on down quivers. But everything above it remains stable.

*as an oversighter, the post does not disappear for me at all, except for the username of the contributor (which in this case is me). I did not think my suppression was successful, since the content of the post is visible in exactly the way it existed before the suppression. It took several reviews for me to identify even that the username was not visible.
*I have had a non-oversighter look at the page and they cannot see the post or the username. They cannot see that a post was removed.

*The suppression also shows up in my watchlist.

(In reply to comment #9)

*The suppression also shows up in my watchlist.

Filed as bug 60814.

Matthias has submitted a number of patches to resolve the issues listed here, and we had Risker, Deskana, and AGK (all oversighters from enwiki) test things out on ee-flow last week.

To summarize the current behavior on ee-flow:

  • As a normal user (no advanced rights), in RC and history, I can see a crossed-out entry indicating that something was suppressed but *not* the content of the suppressed entry, the title of the suppressed entry, or the username of the user who submitted the suppressed entry (or the person who suppressed it – this, as far as I can understand, is a separate bug).
  • As a user with oversighter rights, I can:
    • Suppress topics and posts from the Flow board. When I do this, I get a confirmation message telling me the action was successful, and the content of the topic/post is hidden under a marker indicating that the topic/post was suppressed, which lets me know that the content is suppressed.
    • See the diff of suppressed entries by following the diff link from RC/history.
    • See the user who submitted the suppressed content and the user who suppressed it in the suppression log.

Please double-check to make sure I've summarized this appropriately - if so, I'll close this as fixed and we'll send it out to all wikis during our next LD window :)

Username suppression is a separate bug I need to log, but it looks like the behavior we have now, while not perfect, is not revealing any sensitive information to users without the appropriate rights.

(In reply to Maryana Pinchuk from comment #11)

  • As a normal user (no advanced rights), in RC and history, I can see a crossed-out entry indicating that something was suppressed but *not* the content of the suppressed entry, the title of the suppressed entry, or the username of the user who submitted the suppressed entry (or the person who suppressed it – this, as far as I can understand, is a separate bug).

The suppression log entry (i.e. the bit that contains the name of the oversighter) should not appear in the recent changes feed, history or watchlist of any page. It should *only* appear in the suppression log. The same is true of any unsuppression log entries.

This means that the actual bug is that a normal user can see the log entry at all, as it should just be in the private suppression log. The fact the username of the suppressor is itself suppressed is a separate bug from that.

  • As a user with oversighter rights, I can:
    • Suppress topics and posts from the Flow board. When I do this, I get a confirmation message telling me the action was successful, and the content of the topic/post is hidden under a marker indicating that the topic/post was suppressed, which lets me know that the content is suppressed.
    • See the diff of suppressed entries by following the diff link from RC/history.
    • See the user who submitted the suppressed content and the user who suppressed it in the suppression log.

That's all correct.

Please double-check to make sure I've summarized this appropriately - if so,
I'll close this as fixed and we'll send it out to all wikis during our next
LD window :)

8 hours is not a very long period of time to give people to respond! :-)

Created attachment 14890
Suppression still redacting wrong username on mediawiki.org

Attached:

Reopening since this bug still exists on mediawiki.org. See attachment 14890 for verification.

Noting as before that the actual bug here is that the log entry is visible at all; only users with oversight rights should see any log entries relating to suppression.

Well, I don't know here... Seeing that log entry is to be expected according to how we implemented things.

It looks like the thing that got suppressed was the topic title. You're seeing a log entry for a comment (that was not suppressed - I guess) on that topic, with the topic name replaced by a message that it's suppressed.

That message should indeed be fixed to display the real username (actually, I think a fix of that has recently been submitted - I'll check that out).

As for if the log entry should actually be displayed: I don't know. Right now, suppressing a topic title only suppressed exactly that; all posts in the topic are left untouched (same for suppressing a post that has replies - those replies are left alone)

Should suppressing a topic title suppress everything within that topic (and suppressing a post suppress all child replies), or not?
Or should we build something new to make both possible?

Change 121385 had a related patch set uploaded by Matthias Mullie:
Don't escape the userlinks displayed in "This topic was suppressed by <links>"

https://gerrit.wikimedia.org/r/121385

Change 121385 merged by jenkins-bot:
Don't escape the userlinks displayed in "This topic was suppressed by <links>"

https://gerrit.wikimedia.org/r/121385

Quiddity removed a subscriber: Maryana.Dec 19 2014, 1:33 AM
Restricted Application added a project: Collaboration-Team-Triage. · View Herald TranscriptJan 28 2016, 5:57 PM