Page MenuHomePhabricator
Create Task
Maniphest T33294

allow protocol-relative URLs in $wgCaptchaWhitelist
Closed, ResolvedPublic
Actions

Description

A IP of de.wiki was telling, that he get a CAPTCHA for a edit, where only a comma is changed[1].

In my opinion is this a problem with protocol-relative URLs.

The page includes a fullurl to commons. Before the edit the database contains a http link to commons, after the reparse due to the edit the link to commons is changed to a protocol-relative URL and ConfirmEdit is seeing a different and trigger the CAPTCHA -> bad in this case.

We can fix this by editing all templates with fullurl to trigger a reparse with the Job Queue, but that sounds like many load for the server and also fixed that problem only on de.wiki.

[1] http://de.wikipedia.org/w/index.php?title=Simone_de_Beauvoir&diff=94101544&oldid=92622886

Version: unspecified
Severity: major

Details

Reference
bz31294
TitleReferenceAuthorSource BranchDest Branch
Write test exercising the case where eagerlyEvaluate hits a recursion limit.repos/abstract-wiki/wikifunctions/function-orchestrator!132apineapine-recursionmain
Write test exercising the case where eagerlyEvaluate hits a recursion limit.repos/abstract-wiki/wikifunctions/function-orchestrator!131apineapine-test-eagernessmain
Don't use RequestExceptionrepos/data-engineering/mediawiki-event-enrichment!52ottoexception0main
Fix bug in enrich_page_change_with_content where null record would be returnedrepos/data-engineering/mediawiki-event-enrichment!48ottofix0main
Use eventutilties_python stream_manager parameterizationrepos/data-engineering/mediawiki-event-enrichment!47ottoparamsmain
Issue async requests from EventProcessFunction.repos/data-engineering/eventutilities-python!40gmodenaT332948-minibatch-async-callmain
Window non keyed datastreamrepos/data-engineering/mediawiki-event-enrichment!40gmodenawindow-non-keyed-datastreamdev
Customize query in GitLab

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:51 PM
bzimport added a project: ConfirmEdit (CAPTCHA extension).
bzimport set Reference to bz31294.
Umherirrender created this task.Oct 1 2011, 12:25 PM
bzimport added a comment.Oct 1 2011, 12:51 PM

Juergen wrote:

Shouldn't we allow external links to commons from IP Users without a captcha, even when they are really new and not caused by protocol-relative URLs as explained by Umherirrender ?

This mechanism seems to be working already in the case of external links to WP (for instance for links like the diff-link from the description).

Umherirrender added a comment.Oct 1 2011, 1:03 PM

Links to Commons already allowed, when there are containing http or https at the begin. See $wgCaptchaWhitelist in http://noc.wikimedia.org/conf/CommonSettings.php.txt

$wgCaptchaWhitelist needs changing for protocol-relative URLs
-> Using this as shell bug, changing summary and component.

Catrope added a comment.Oct 3 2011, 12:52 PM

Done:

  • $wgCaptchaWhitelist = '#^https?://([.a-z0-9-]+\\.)?((wikimedia|wikipedia|wiktionary|wikiquote|wikibooks|wikisource|wikispecies|mediawiki|wikimediafoundation|wikinews|wikiversity)\.org|dnsstuff\.com|completewhois\.com|wikimedia\.de|toolserver\.org)(/|$)#i';

+ $wgCaptchaWhitelist = '#^(https?:)?//([.a-z0-9-]+\\.)?((wikimedia|wikipedia|wiktionary|wikiquote|wikibooks|wikisource|wikispecies|mediawiki|wikimediafoundation|wikinews|wikiversity)\.org|dnsstuff\.com|completewhois\.com|wikimedia\.de|toolserver\.org)(/|$)#i';

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL