Page MenuHomePhabricator
Create Task
Maniphest T64561

Non-admins are able to see the title and edit summary of posts that are within deleted topics in Flow
Open, MediumPublic
Actions

Description

See [[mw:Special:Contributions/93.182.159.63]]

While it makes sense that sysops should be able to see the contents of deleted topics, it doesn't make much sense that other users are able to see the contents of deleted posts in Flow as this doesn't happen with the current system. This is also visible in Special:RecentChanges. The following shows what can be seen from RecentChanges.

  • Talk:Sandbox; 03:06 . . (+187)‎ . . 93.182.159.63 (talk) commented on This topic was deleted by Glaisher ( <-- spam contents of the post here --> ).

This how it should appear in RecentChanges, imo. http://www.mediawiki.org/w/index.php?title=Special%3ALog&type=delete&user=&page=Talk%3AFlow+QA

See also [[mw:Special:Contributions/93.182.133.139]]

Version: unspecified
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=60972

Details

Reference
bz62561

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 3:02 AM
bzimport added a project: StructuredDiscussions.
bzimport set Reference to bz62561.
bzimport added a subscriber: Unknown Object (MLST).
Glaisher created this task.Mar 12 2014, 5:13 AM
Maryana added a comment.Mar 12 2014, 7:11 PM

This behavior in Flow is modeled on how regular Mediawiki page deletion works now. See this screenshot of English Wikipedia's recent changes: http://imgur.com/LwZyEpj. The last entry is a page deletion action, and you can see the title of the page even as a logged out user – so if the title were spam, you'd be seeing spam in recent changes/contributions as a non-admin.

Of course, it doesn't *have* to work like this - but we've found that when we try to show things different in rc/contribs/etc., people complain that it doesn't work as expected :)

Quiddity added a comment.Mar 12 2014, 8:12 PM

(In reply to Maryana Pinchuk from comment #1)

This behavior in Flow is modeled on how regular Mediawiki page deletion
works now. See this screenshot of English Wikipedia's recent changes:
http://imgur.com/LwZyEpj. The last entry is a page deletion action, and you
can see the title of the page even as a logged out user – so if the title
were spam, you'd be seeing spam in recent changes/contributions as a
non-admin.

Not quite. In your screenshot, we can't see who edited the page that was deleted, nor any of their edit summaries.

Longer explanation:
In regular MediaWiki page deletions, the individual page edits are removed from public view, and only the final page-deletion action is visible to all.

eg. http://i.imgur.com/ivZVvRI.png - Here, #1) User:Derklion makes 2 edits to a page, then in #2) User:Quiddity deletes that page, which removes Derklion's contributions entirely from public view (both RC and Contribs), and places them into the "Deleted user contributions" feed.

See http://i.imgur.com/QzLAC2t.png for #1) Derklion edits #2) Quiddity deletes the page which hides those edits #3) those 2 edits are now only visible in "deleted user contributions".

(Hopefully that's explained clearly. And our apologies for the imgur links, to those that hate them ;)

Maryana added a comment.Mar 13 2014, 5:55 PM

Quiddity - right, that's why I said "modeled on," not "identical to" ;)

Flow actions are fundamentally different from page edit actions, so they come with extra meta-data that may or may not contain inappropriate material. However, my point stands that if the root issue here is "I think it's bad that some non-admins might see spam/inappropriate words/etc. in contribs or recent changes," then that's no different from the current system today, because deleted page titles can include spam, personal attacks, etc., and are visible to users without admin rights.

Anyway, since we're moving to a more granular revdel-like system of deletion and suppression in the next sprint, I trust the local admins to make the call whether a Flow action and its associated meta-data needs to be deleted or deleted & suppressed.

Quiddity removed a subscriber: Maryana.Dec 19 2014, 1:42 AM
Quiddity added a project: Collaboration-Team-Triage.Oct 28 2015, 1:38 AM
Quiddity removed a subscriber: DannyH.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 28 2015, 1:38 AM
EBernhardson unsubscribed.Jul 18 2018, 6:56 PM
Restricted Application added a project: Growth-Team. · View Herald TranscriptJul 18 2018, 6:56 PM
SBisson moved this task from Inbox to Triaged but Future on the Growth-Team board.Jul 20 2018, 6:03 PM
dmehus added a project: User-RhinosF1.Jan 31 2021, 9:22 PM
dmehus subscribed.
Restricted Application added a subscriber: RhinosF1. · View Herald TranscriptJan 31 2021, 9:22 PM
dmehus moved this task from Radar to Miraheze-Linked on the User-RhinosF1 board.Jan 31 2021, 9:23 PM
MBinder_WMF added a project: Growth-Team-Filtering.Apr 15 2021, 7:05 PM
Aklapper removed a project: Collaboration-Team-Triage.May 25 2021, 9:10 PM
Aklapper edited projects, added affects-Miraheze; removed User-RhinosF1.Aug 15 2022, 1:19 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL