When an anonymous user attempted to add a external link to an article, he is required to solve the captcha, and when submitting his edit again, he triggered the local Abuse Filter and got a warning. But this is a false-positive. And after clicking the "submit" button for a second time, he is required to solve the captcha again. Seems this is a problem between the AF and the captcha.
Perhaps the user should only be required to solve the captcha once, not twice.
Best regards.
See Also:
| Subject | Repo | Branch | Lines +/- | |
|---|---|---|---|---|
| Don't abort EditFilterMergedContent hook | mediawiki/extensions/ConfirmEdit | master | +0 -1 |
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | Feature | None | T20110 Allow AbuseFilter to force the user to solve a captcha | ||
| Resolved | matmarex | T22661 Conflict between the Abuse Filter and the Captcha |
matthew.britton wrote:
The way we treat anonymous users nowadays, sometimes I'm amazed we even still get contributions...
(In reply to comment #0)
When an anonymous user attempted to add a external link to an article, .. he
triggered the local Abuse Filter and got a warning.
Which project was this on? Which edit filter was triggered?
(In reply to comment #2)
(In reply to comment #0)
When an anonymous user attempted to add a external link to an article, .. he
triggered the local Abuse Filter and got a warning.Which project was this on? Which edit filter was triggered?
It happens on pt.wikipedia, for instance, where CAPTCHA is required at every edit until you are autoconfirmed.
swalling wrote:
Is this still happening? Can we just turn off the AbuseFilter for this?
swalling wrote:
If this is still happening, it's completely unacceptable. Setting to a higher priority.
This seems similar to bug 10729: The fact that the user already solved the CAPTCHA is forgotten when another hook (AbuseFilter in this case, edit summary reminder in the other) prevents you from saving, which means you have to solve the CAPTCHA twice.
This is still happening (see this false positive report: https://en.wikipedia.org/wiki/Wikipedia:Edit_filter/False_positives/Reports#James_Roten and this VPT thread: https://en.wikipedia.org/wiki/Wikipedia:Village_pump_(technical)#Autobiography_filter)
The issue here, which I believe is the same, is that a user failed the captcha a few times but AF treated each failure as an edit attempt, counting them towards the throttle limit.
I think this could be resolved by T113700: one CAPTCHA (per action) should be enough to confirm humanity/ smart enough bot? :)
Change 295605 had a related patch set uploaded (by Florianschmidtwelzow):
Don't abort EditFilterMergedContent hook
This should be resolved with change 5c9e5cfccd437e12924611f711587b2e0427ebba from @matmarex, which was part of T137832: Avoid use of APIEditBeforeSave hook to return precise error messages in the API, as it's possible with EditFilterMergedContent since 1.25. Feel free to reopen, if the problem still exists :)
Change 295605 abandoned by Florianschmidtwelzow:
Don't abort EditFilterMergedContent hook
Reason:
Alread fixed with I27f244631e9dcd160bffff70349e5034f2a537ea
Actually, AF interaction with Captcha and Summary reminder is quite awful. In the next days I'll try to put together all these conflicts in a parent task, then we should think of a way to solve this, which may require some core changes.