Page MenuHomePhabricator
Create Task
Maniphest T47644

An autoedit of a form of a field that is restricted to a group results in bad behavior
Closed, ResolvedPublicBUG REPORT
Actions

Description

If you have a form that has a field that is uses the restricted option, and a user triggers an autoedit of the page (either on the page via a button or using the API), if that user is not a member of the group that the restriction is for the edit will still be allowed, but the defaults of other restricted fields will change the fields back to their defaults.

You can see the result of such an autoedit here:

http://wikiapiary.com/w/index.php?title=Wikidata&diff=prev&oldid=28756

the form has been modified to move the restricted flags for now, but you can see the form as it was during that edit here

http://wikiapiary.com/w/index.php?title=Form:Website&action=edit&oldid=28011

Ideally the initial edit should not be allowed, since the user is not a member of that restricted group. And the other restricted fields should not be reverting to their defaults.

Here is the same behavior of fields reverting to defaults and the edit being allowed when it should not have, but this time resulting from a robot using the autoedit API.

http://wikiapiary.com/w/index.php?title=Familienwortschatz&curid=13118&diff=28807&oldid=25748

Version: master
Severity: normal

Details

Reference
bz45644
SubjectRepoBranchLines +/-
Disable edits to restricted fields in #autoedit.mediawiki/extensions/PageFormsmaster+12 -0
Customize query in gerrit

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 1:13 AM
bzimport added a project: MediaWiki-extensions-Page_Forms.
bzimport set Reference to bz45644.
thingles created this task.Mar 2 2013, 7:41 PM
Foxtrott added a comment.Apr 6 2013, 4:17 PM

The autoedit should now only act on the specified field. Restricting to user group needs to be done in SFFormPrinter::formHTML. Re-assigning to Yaron.

Yaron_Koren added a comment.Apr 7 2013, 2:31 AM

f.trott - can you clarify how SFFormPrinter::formHTML() needs to change?

Foxtrott added a comment.Apr 7 2013, 6:04 AM

formHTML generates the target page text from the form data and the form definition. In the process it needs to check if a field is restricted and if it is leave it unchanged.

Aklapper removed Yaron_Koren as the assignee of this task.Sep 2 2015, 3:54 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 2 2015, 3:54 PM
Restricted Application added a subscriber: StudiesWorld. · View Herald TranscriptNov 19 2015, 2:26 AM
Yaron_Koren moved this task from Backlog to Parser functions on the MediaWiki-extensions-Page_Forms board.Nov 19 2015, 2:31 AM
gerritbot added a comment.Jan 31 2022, 10:39 AM

Change 758439 had a related patch set uploaded (by Sahajsk; author: Sahajsk):

[mediawiki/extensions/PageForms@master] Disable edits to restricted fields in #autoedit.

https://gerrit.wikimedia.org/r/758439

gerritbot added a project: Patch-For-Review.Jan 31 2022, 10:39 AM
gerritbot added a comment.Feb 2 2022, 2:19 PM

Change 758439 merged by jenkins-bot:

[mediawiki/extensions/PageForms@master] Disable edits to restricted fields in #autoedit.

https://gerrit.wikimedia.org/r/758439

Maintenance_bot removed a project: Patch-For-Review.Feb 2 2022, 3:11 PM
Aklapper triaged this task as Low priority.Feb 4 2022, 8:07 PM
Aklapper changed the subtype of this task from "Task" to "Bug Report".
Yaron_Koren closed this task as Resolved.Apr 26 2023, 12:49 AM
Yaron_Koren claimed this task.
Yaron_Koren subscribed.

I assume the patch fixed the problem.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL