Page MenuHomePhabricator
Create Task
Maniphest T39844

VisualEditor: Protection and AbuseFilter do not work for VisualEditor edits; create a 'usevisualeditor' permission
Closed, ResolvedPublic
Actions

Description

Based on some testing on MediaWiki.org, page protection and the abuse filter do not work - page protection does not change the ability of all non-blocked users to edit the page and abuse filter does not pick up any edits generated by the visual editor.

I believe that the underlying problem is that using the visual editor is not a named action that can be restricted or filtered at the moment. If it was, then it would be possible to assign it to $wgRestrictionTypes and it would be possible for the abuse filter to log it (though the abuse filter does need the addition of some variables or other modification to accept visual editor edits).

Version: unspecified
Severity: normal

Details

Reference
bz37844

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 12:30 AM
bzimport added projects: VE-deploy-2012-12-10, VisualEditor-MediaWiki.
bzimport set Reference to bz37844.
Jasper created this task.Jun 22 2012, 6:53 PM
Jdforrester-WMF added a comment.Jun 22 2012, 10:05 PM

Mass-moving items into VisualEditor product

brion added a comment.Jun 23 2012, 2:02 AM

I would not recommend creating a 'usevisualeditor' permission. Rather, permission checks and the usual edit activity paths should be used. AbuseFilter *should* see VE edits exactly the same as edits made through the traditional editing UI or the API.

Jasper added a comment.Jun 23 2012, 2:17 AM

AbuseFilter does not see them, because I tested some VE edits against my experimental filter but edits made by the VE did not get caught.

The 'usevisualeditor' permission would only be a temp solution to the current situation where page protection can't cover it. The other way is to require the 'edit' permission but then that wouldn't suffice in our current scheme of having only admins edit the wikitext directly.

brion added a comment.Jun 23 2012, 3:03 AM

AbuseFilter *should* see them, because to do otherwise is insane. That it doesn't is the bug. :)

Jasper added a comment.Jun 23 2012, 3:30 AM

Two things:
1.How would an abuse log entry look like? I can't think of anything other than 'Example (talk|contribs) triggered filter 16, performing the action "usevisualeditor" on VisualEditor:Welcome' (etc.).
2.What about page protection?

TrevorParscal added a comment.Aug 22 2012, 9:47 PM

This will naturally resolve itself when we lift the namespace-specific restrictions on editing the Wikitext and can use the editing API instead of going through the back door, as we do now.

This is related to bug 38268 - in that these will both be resolved in the same way.

TrevorParscal added a comment.Nov 29 2012, 7:23 PM

This was fixed when Roan changed to use the normal edit API rather than bypassing it internally.

Jdforrester-WMF added a comment.Nov 29 2012, 7:52 PM

Fixed in gerrit 31889

Jdforrester-WMF added a comment.Nov 30 2012, 8:16 PM

Assigning this to a release milestone so it's clear when at the latest to expect it to have been fixed; it may have been fixed beforehand.

Jdforrester-WMF added a project: VisualEditor.Dec 3 2014, 1:46 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL