Page MenuHomePhabricator

AbuseFilter should not treat uploads to stash the same as real uploads
Closed, ResolvedPublic


AbuseFilter was triggered for File:Undefined.png, this is a stashed file. The upload stash is a private area and AF should probably not (publicly) log SHA1, file size and user. The file name "File:Undefined.png" is just confusing. Leave it empty if it's unknown/ in stash.

Event Timeline

Rillke created this task.Jan 22 2015, 7:20 PM
Rillke raised the priority of this task from to Needs Triage.
Rillke updated the task description. (Show Details)
Rillke added a project: AbuseFilter.
Rillke added a subscriber: Rillke.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 22 2015, 7:20 PM
Steinsplitter set Security to None.Jan 22 2015, 7:21 PM
Steinsplitter added a subscriber: hoo.
Steinsplitter added a subscriber: Steinsplitter.
Restricted Application added a project: Multimedia. · View Herald TranscriptJan 22 2015, 7:24 PM

"hoo: Yeah, the actual bug is that whatever [...] does that [...] should not be calling hooks as if it were to create actual content"

Aklapper triaged this task as Low priority.Jan 24 2015, 1:44 AM
Steinsplitter moved this task from Incoming to Uploading on the Commons board.Mar 12 2015, 3:03 PM
Jdforrester-WMF moved this task from Untriaged to Backlog on the Multimedia board.Sep 4 2015, 5:53 PM
Restricted Application added subscribers: Luke081515, Matanya. · View Herald TranscriptSep 4 2015, 5:53 PM
Restricted Application added a subscriber: Poyekhali. · View Herald TranscriptApr 18 2016, 9:06 PM

Note that it would still be sometimes useful to check uploads going into stash, and not only when they're published (for cases where we can reject a file based only on the file's contents, and not name/description etc.). Here's an example filter: But then we wouldn't want them to be rejected by filters checking e.g. that length of the description is bigger than N, or for some intricate conditions on the filename. So perhaps we should set 'action' to 'upload-to-stash' or something for them, rather than 'upload'.

jayvdb added a subscriber: jayvdb.Apr 20 2016, 8:38 AM

This bug certainly confused me, as seen at
Having a different action would be a great improvement to reduce confusion I think.

Even better would be for AF to make it easy to follow the activity of a stash, with iterations of changes of filename, etc, and each stash entry should mention the final page title used when it was made public, or "incomplete upload" if the stash hasnt been published yet.

For the privacy aspects of this task, I dont think it is appropriate to consider the stash as a private area. I think a more appropriate terminology for it is a "temporary area".

How could logging filename, sha, filesize, username, etc be inappropriate?
Are there valid non-abusive use of the stash, other than as part of public uploading?

Amire80 moved this task from Backlog to Uploading on the AbuseFilter board.May 8 2016, 8:44 AM
matmarex renamed this task from AbuseFilter should not check upload stash or at least not log it to AbuseFilter should not treat uploads to stash the same as real uploads.Jun 20 2016, 5:09 PM
matmarex claimed this task.
matmarex raised the priority of this task from Low to Medium.

Change 295254 had a related patch set uploaded (by Bartosz Dziewoński):
Provide page text and edit summary when filtering file uploads

Change 295254 merged by jenkins-bot:
Provide page text and edit summary when filtering file uploads

matmarex closed this task as Resolved.Jul 12 2016, 2:29 PM

This is fixed now. After the patch is deployed to Commons with MediaWiki 1.28.0-wmf.10 (per the roadmap, this Wednesday, 13 July 2016; although there's currently a problem with logins and all wikis were rolled back to wmf.8, so this might be delayed), uploads to stash will use action='stashupload' rather than action='upload'. See for documentation. If it's unclear, don't hesitate to ask on the talk page there (I'm watching it).