Page MenuHomePhabricator
Create Task
Maniphest T12729

Edit summary reminder preference conflicts with CAPTCHA extensions
Closed, ResolvedPublic
Actions

Description

Author: kevinlamontagne

Description:

  • Check "Prompt me when entering a blank edit summary" in user preferences.
  • Edit a page including external links, without putting a summary.
  • fill out the CAPTCHA
  • "Reminder: You have not provided an edit summary. If you click Save again, your edit will be saved without one."; Click save.
  • Get another CAPTCHA to fill out. You're now caught in a loop until you put an edit summary.

Version: unspecified
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=20661

Details

Reference
bz10729
SubjectRepoBranchLines +/-
Make sure, that "Prompt me when entering a blank edit summary" works with Hooksmediawiki/coremaster+5 -1
Customize query in gerrit

Related Objects

Event Timeline

bzimport raised the priority of this task from to Low.Nov 21 2014, 9:54 PM
bzimport added projects: ConfirmEdit (CAPTCHA extension), Design.
bzimport set Reference to bz10729.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Jul 28 2007, 6:27 AM
bzimport added a comment.Jul 28 2007, 6:28 AM

kevinlamontagne wrote:

I forgot to say that I tested this on the english Wikipedia

bzimport added a comment.Jul 28 2007, 7:07 AM

robchur wrote:

I'm strongly toying with the idea of moving this preference to use a bit of JavaScript, rather than fiddling about checking values on POST; the likely audience for the feature most probably have it enabled, so I doubt anyone's going to lose out.

Umherirrender added a comment.Mar 27 2009, 10:13 PM
  • Bug 18126 has been marked as a duplicate of this bug. ***
Tobias added a comment.Mar 28 2009, 7:06 AM

Full support, Rob.
The current user interface is extremely confusing. You click "save page", get a warning about a "missing edit summary" on top of the page, while the edit summary line is hidden somewhere below the edit field, and it is difficult to spot, as it is not highlighted at all.
A small piece of Javascript code should provide more usability. For example, as long as the summary is not filled out, highlight it in red and give a warning message.

Umherirrender added a comment.Jul 3 2009, 3:31 PM

Extension ConfirmEdit has to pass wpIgnoreBlankSummary.

Description in EditPage.php:

  1. If a blank edit summary was previously provided, and the appropriate
  2. user preference is active, pass a hidden tag as wpIgnoreBlankSummary. This will stop the
  3. user being bounced back more than once in the event that a summary
  4. is not required.
Tobias added a comment.Jul 3 2009, 7:43 PM

checks for $editPage->allowBlankSummary

fixed in the attached patch

attachment bug.patch ignored as obsolete

Tobias added a comment.Aug 2 2009, 3:32 PM

Done in r54215

Nikerabbit added a comment.Aug 3 2009, 9:35 AM

Reverted in r54260, breaks captcha.

Tobias added a comment.Aug 3 2009, 1:20 PM

nikerabbit is right, an attacker could just add wpIgnoreBlankSummary to the source code and circumvent the captcha.
A way to fix this would be to provide a token after the captcha has been solved. However, the usability of forcesummary is already so bad that a complete rewrite or alternatives (Javascript for example) are perhaps more appropriate.

Umherirrender added a comment.Apr 17 2010, 10:05 PM

Created attachment 7302
reassign wpCaptchaId and wpIgnoreBlankSummary

The patch reassign the wpIgnoreBlankSummary field so the forceeditsummary is not shown twice. It also reassign the wpCaptchaId so the captcha is not shown twice.

Maybe it is a bad idea to reuse the old value, then let storeCaptcha() create a new one.

attachment bug10729.patch ignored as obsolete

Umherirrender added a comment.May 5 2012, 2:54 PM

Comment on attachment 6296
checks for $editPage->allowBlankSummary

This patch breaks captcha, see comment 8, marking obsolete

Umherirrender added a comment.May 5 2012, 2:56 PM

I am not sure, if my patch was the best way to do it. Marking as obsolete, maybe a other developer find a good way.

Matanya added a comment.Jul 26 2012, 9:04 PM

This needs a new design.

Florian subscribed.Jan 14 2015, 10:57 PM

A possible solution would be to save a key in memcached (e.g. captcha:solved:{edittoken}) with the value, if the captcha was successfully solved or not. If yes, the user doesn't need to solve the captcha again and we can set wpIgnoreBlankSummary. After the edit was successful, the key can be removed.

Any ideas/opinions?

Umherirrender unsubscribed.Feb 24 2015, 7:29 PM
Umherirrender mentioned this in T136310: ConfirmEdit prevents creation of blank pages with infinite loop of confirmations.May 30 2016, 5:48 PM
He7d3r mentioned this in T22661: Conflict between the Abuse Filter and the Captcha.Jun 2 2016, 11:36 AM
Florian claimed this task.Jun 23 2016, 12:51 AM
Florian added a project: Contributors-Team.

Actually, this seems to be a problem in mediawiki/core. This would happen for any other extension, which aborts the edit workflow, not only ConfirmEdit.

gerritbot subscribed.Jun 23 2016, 1:01 AM

Change 295603 had a related patch set uploaded (by Florianschmidtwelzow):
Make sure, that "Prompt me when entering a blank edit summary" works with Hooks

https://gerrit.wikimedia.org/r/295603

gerritbot added a project: Patch-For-Review.Jun 23 2016, 1:01 AM
Paladox moved this task from Backlog to Awaiting Code Review on the ConfirmEdit (CAPTCHA extension) board.Aug 28 2016, 9:02 PM
Aklapper edited projects, added Patch-Needs-Improvement; removed Patch-For-Review.Jun 29 2020, 8:49 AM
matmarex merged a task: T269667: Unable to publish changes when user not confirmed and adding an external link and keeping edit summary blank.Dec 11 2020, 4:32 PM
matmarex added subscribers: MilkyDefer, matmarex, Aklapper.
matmarex edited projects, added Patch-For-Review; removed Patch-Needs-Improvement.Dec 11 2020, 5:06 PM

The patch by @Florian from 2016 still works (after a minor update), and I can't believe this could be so simple to fix.

gerritbot added a comment.Jan 6 2021, 5:17 PM

Change 295603 merged by jenkins-bot:
[mediawiki/core@master] Make sure, that "Prompt me when entering a blank edit summary" works with Hooks

https://gerrit.wikimedia.org/r/295603

Jdforrester-WMF closed this task as Resolved.Jan 6 2021, 5:21 PM
ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.26; 2021-01-12).Jan 6 2021, 6:00 PM
DannyS712 added a project: User-notice.Jan 6 2021, 10:01 PM
Johan moved this task from To Triage to Announce in next Tech/News on the User-notice board.Jan 7 2021, 2:02 PM
Johan moved this task from Announce in next Tech/News to In current Tech/News draft on the User-notice board.Jan 7 2021, 7:21 PM
Johan moved this task from In current Tech/News draft to Already announced/Archive on the User-notice board.Jan 11 2021, 3:18 PM
Ladsgroup edited projects, added User-notice-archive; removed User-notice.Aug 13 2022, 1:55 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL