Page MenuHomePhabricator

SpamBlacklist sometimes allows adding blacklisted links
Open, MediumPublic

Description

On this edit an unregistered user was able to add links to a blacklisted site, but the extension refused to accept my changes when I attempted to edit another section seconds later.

See Also:

Details

Reference
bz13569

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 10:08 PM
bzimport added a project: SpamBlacklist.
bzimport set Reference to bz13569.
bzimport added a subscriber: Unknown Object (MLST).

mike.lifeguard+bugs wrote:

Could this have been a transient error in communication with Meta?

If the domain was blacklisted at Meta and there was an error retrieving the blacklist then it might fail to prevent additions of those domains since no regex fragments (or only some of them) from Meta were retrieved properly. If that's the case, then the cached copy should be kept until it can be confirmed that the "newer" copy from Meta has been fetched properly. This would allow the global blacklist to continue functioning (sorta - no updates are possible, but better than nothing) if there are errors getting the new copy.

mike.lifeguard+bugs wrote:

Tweak summary

(In reply to comment #4)

Another example:
http://en.wikipedia.org/w/index.php?diff=278745650&oldid=278575240

I guess, this example is not valid for there was no _link_, just an url in the source code.
Anyway, the other examples seem to be valid.

He7d3r renamed this task from Spam Blacklist sometimes allows adding blacklisted links to SpamBlacklist sometimes allows adding blacklisted links.Apr 28 2015, 10:21 AM
He7d3r updated the task description. (Show Details)
He7d3r set Security to None.

Subst + [[Template:Void]] can be used to reproduce this:
https://pt.wikipedia.org/w/index.php?oldid=40487382&action=edit&preview=yes

That trick does not work anymore.