AbuseFilter was triggered for File:Undefined.png, this is a stashed file. The upload stash is a private area and AF should probably not (publicly) log SHA1, file size and user. The file name "File:Undefined.png" is just confusing. Leave it empty if it's unknown/ in stash.
|Resolved||matmarex||T87381 AbuseFilter should not treat uploads to stash the same as real uploads|
|Resolved||matmarex||T89302 Create check hook before really uploading file with infos about description page and file|
Note that it would still be sometimes useful to check uploads going into stash, and not only when they're published (for cases where we can reject a file based only on the file's contents, and not name/description etc.). Here's an example filter: https://commons.wikimedia.org/wiki/Special:AbuseFilter/31. But then we wouldn't want them to be rejected by filters checking e.g. that length of the description is bigger than N, or for some intricate conditions on the filename. So perhaps we should set 'action' to 'upload-to-stash' or something for them, rather than 'upload'.
This bug certainly confused me, as seen at https://commons.wikimedia.org/wiki/Commons_talk:Abuse_filter#Odd_zero_log_entry
Having a different action would be a great improvement to reduce confusion I think.
Even better would be for AF to make it easy to follow the activity of a stash, with iterations of changes of filename, etc, and each stash entry should mention the final page title used when it was made public, or "incomplete upload" if the stash hasnt been published yet.
For the privacy aspects of this task, I dont think it is appropriate to consider the stash as a private area. I think a more appropriate terminology for it is a "temporary area".
How could logging filename, sha, filesize, username, etc be inappropriate?
Are there valid non-abusive use of the stash, other than as part of public uploading?
This is fixed now. After the patch is deployed to Commons with MediaWiki 1.28.0-wmf.10 (per the roadmap, this Wednesday, 13 July 2016; although there's currently a problem with logins and all wikis were rolled back to wmf.8, so this might be delayed), uploads to stash will use action='stashupload' rather than action='upload'. See https://www.mediawiki.org/wiki/Extension:AbuseFilter/Rules_format#Notes for documentation. If it's unclear, don't hesitate to ask on the talk page there (I'm watching it).