Page MenuHomePhabricator
Create Task
Maniphest T19118

Do not restrict FlaggedRevs special pages like UnreviewedPages and OldReviewedPages to editors/reviewers, make them public
Closed, ResolvedPublic
Actions

Description

Viewing [[Special:Unreviewedpages]] and [[Special:OldReviewedpages]] requires the 'unreviewedpages' user right. I think most of the information on those pages should not be restricted - everything except the watchlist data is publicly accessible through other pages anyway, and the ability to view which pages are sighted slower helps identifying bias and increasing transparency. Public watchlist data, however, could be sort of a security problem, as it could be used by a clever vandal to identify easy targets (not to mention the privacy implications).

There should exist separate rights to view these two special pages, and to see watchlist data when viewing them - the already existing 'unwatchedpages' could be used for the latter.

(Personally, I would give unreviewedpages right by default to all autoconfirmed users, at the very least, but that is not the point of this request.)

Version: unspecified
Severity: enhancement

Details

Reference
bz17118

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 10:24 PM
bzimport added a project: MediaWiki-extensions-FlaggedRevs.
bzimport set Reference to bz17118.
bzimport added a subscriber: Unknown Object (MLST).
Tgr created this task.Jan 22 2009, 9:33 PM
aaron added a comment.Jan 23 2009, 7:07 PM

Did oldreviewedpages in r46088, not sure about unreviewedpages. Still gives a list of easier vandal targets.

aaron added a comment.Jan 24 2009, 5:06 AM

(In reply to comment #1)

Did oldreviewedpages in r46088, not sure about unreviewedpages. Still gives a
list of easier vandal targets.

Closed.

bzimport added a comment.Aug 13 2009, 7:50 PM

Wiki.Melancholie wrote:

Isn't the API properly coupled?
Although [[de:Special:Oldreviewedpages]] works,
http://de.wikipedia.org/w/api.php?action=query&list=oldreviewedpages&ornamespace=0 gives the following error:

<error code="orpermissiondenied" info="You need the unreviewedpages right to request the list of old reviewed pages." xml:space="preserve">

Re-opening or new bug?

bzimport added a comment.Aug 13 2009, 7:55 PM

Wiki.Melancholie wrote:

Adding Roan Kattouw, as comment #3 is an API issue.

Catrope added a comment.Aug 13 2009, 8:37 PM

(In reply to comment #3)

Isn't the API properly coupled?
Although [[de:Special:Oldreviewedpages]] works,
http://de.wikipedia.org/w/api.php?action=query&list=oldreviewedpages&ornamespace=0
gives the following error:

<error code="orpermissiondenied" info="You need the unreviewedpages right to
request the list of old reviewed pages." xml:space="preserve">

Re-opening or new bug?

The API module does its own permissions checks. It should be easy enough to remove the general permissions check and add one for the watchlist stuff. Added comment in Code Review (I'd do it myself, but I'm busy :( )

aaron added a comment.Aug 13 2009, 9:19 PM

API changed in r54972

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL