Last modified: 2012-11-30 20:16:47 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T39844, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 37844 - VisualEditor: Protection and AbuseFilter do not work for VisualEditor edits; create a 'usevisualeditor' permission


Summary:	VisualEditor: Protection and AbuseFilter do not work for VisualEditor edits; ...

Status:	RESOLVED FIXED

Product:	VisualEditor
Classification:	Unclassified
Component:	MediaWiki integration (Other open bugs)
Version:	unspecified
Hardware:	All All

Importance:	Unprioritized normal
Target Milestone:	VE-deploy-2012-12-10
Assigned To:	Roan Kattouw

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2012-06-22 18:53 UTC by Jasper Deng
Modified:	2012-11-30 20:16 UTC (History)
CC List:	7 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jasper Deng 2012-06-22 18:53:22 UTC

Based on some testing on MediaWiki.org, page protection and the abuse filter do not work - page protection does not change the ability of all non-blocked users to edit the page and abuse filter does not pick up any edits generated by the visual editor.

I believe that the underlying problem is that using the visual editor is not a named action that can be restricted or filtered at the moment. If it was, then it would be possible to assign it to $wgRestrictionTypes and it would be possible for the abuse filter to log it (though the abuse filter does need the addition of some variables or other modification to accept visual editor edits).

Comment 1 James Forrester 2012-06-22 22:05:35 UTC

Mass-moving items into VisualEditor product

Comment 2 Brion Vibber 2012-06-23 02:02:27 UTC

I would not recommend creating a 'usevisualeditor' permission. Rather, permission checks and the usual edit activity paths should be used. AbuseFilter *should* see VE edits exactly the same as edits made through the traditional editing UI or the API.

Comment 3 Jasper Deng 2012-06-23 02:17:05 UTC

AbuseFilter does not see them, because I tested some VE edits against my experimental filter but edits made by the VE did not get caught.

The 'usevisualeditor' permission would only be a temp solution to the current situation where page protection can't cover it. The other way is to require the 'edit' permission but then that wouldn't suffice in our current scheme of having only admins edit the wikitext directly.

Comment 4 Brion Vibber 2012-06-23 03:03:51 UTC

AbuseFilter *should* see them, because to do otherwise is insane. That it doesn't is the bug. :)

Comment 5 Jasper Deng 2012-06-23 03:30:07 UTC

Two things:
1.How would an abuse log entry look like? I can't think of anything other than 'Example (talk|contribs) triggered filter 16, performing the action "usevisualeditor" on VisualEditor:Welcome' (etc.).
2.What about page protection?

Comment 6 Trevor Parscal 2012-08-22 21:47:29 UTC

This will naturally resolve itself when we lift the namespace-specific restrictions on editing the Wikitext and can use the editing API instead of going through the back door, as we do now.

This is related to bug 38268 - in that these will both be resolved in the same way.

Comment 7 Trevor Parscal 2012-11-29 19:23:09 UTC

This was fixed when Roan changed to use the normal edit API rather than bypassing it internally.

Comment 8 James Forrester 2012-11-29 19:52:56 UTC

Fixed in Gerrit change #31889

Comment 9 James Forrester 2012-11-30 20:16:47 UTC

Assigning this to a release milestone so it's clear when at the latest to expect it to have been fixed; it may have been fixed beforehand.

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links