Page MenuHomePhabricator
Create Task
Maniphest T238052

Deleted pages in ns:0 cannot be protected on the Commons
Closed, DuplicatePublicSecurity
Actions

Description

If a gallery page (ns:0) on the Commons has been deleted sysops cannot protect them against recreation. Error page reads "Non-protectable page - This page cannot be protected as there are no restriction types available."

Related Objects

Event Timeline

Achim55 created this task.Nov 12 2019, 10:04 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 12 2019, 10:04 AM
Masumrezarock100 added a project: Commons.Nov 12 2019, 12:26 PM
Masumrezarock100 added a project: Regression.Nov 12 2019, 12:35 PM
Masumrezarock100 subscribed.

Yes, I tried reproducing this on the beta cluster. Non-existent gallery pages (me=0) can not be protected there. I tested it with https://commons.wikimedia.beta.wmflabs.org/wiki/Delta?action=protect and https://commons.wikimedia.beta.wmflabs.org/wiki/Main?action=protect . I couldn't protect them from recreation. Also I tested it with https://commons.wikimedia.beta.wmflabs.org/wiki/D?action=protect which never existed before and I got the same response. Looks like a Regression to me.

Masumrezarock100 added a comment.Nov 12 2019, 12:39 PM

@Achim55 A question: Is this your first time experiencing this bug?

Masumrezarock100 added a comment.EditedNov 12 2019, 12:50 PM

Sending an API request using the ApiSandbox to protect the "Main" page from creation (API request URL with Token) returns the following response

{
    "protect": {
        "title": "Main",
        "reason": "Per [[phab:T238052]]",
        "protections": [
            {
                "create": "sysop",
                "expiry": "infinite"
            }
        ]
    }
}

But it doesn't protect the page at all. However sending an API request to protect a non mainspace page returns a similar response but the page gets protected.

Achim55 added a comment.Nov 12 2019, 1:05 PM

@Masumrezarock100 Yes it is. But I remember another case regarding galleries some weeks ago: They could no longer be moved to a different ns. That had been fixed then.

Aklapper added projects: MediaWiki-Page-deletion, MediaWiki-Page-protection.Nov 12 2019, 5:09 PM
Umherirrender subscribed.Nov 12 2019, 7:32 PM

There are two ways for an empty list. No protection types in $wgRestrictionTypes, but I cannot find that this differ from the default one.
Or the hook TitleGetRestrictionTypes which is used from Wikibase to disable protection for entity namespace. But the gallery is no entity namespace, so that seems not the problem.

I have no idea. It works in my developer wiki, so this must be a config issue.

Api shows also no restriction type: https://commons.wikimedia.org/w/api.php?action=query&titles=NonExists|Talk:NonExists&prop=info&inprop=protection

The last create protection in ns:0 I have found was from 28. Februrary 2019 - https://commons.wikimedia.org/wiki/Frany_Dejota?action=protect
Something must be changed after that. Maybe Wikibase was enabled for the mediainfo or the structed data was enabled.

Masumrezarock100 added a project: Wikimedia-Site-requests.Nov 13 2019, 7:43 AM

CC Wikimedia-Site-requests per above comment, possibly a config issue.

Masumrezarock100 added a comment.Nov 13 2019, 7:45 AM
In T238052#5657847, @Umherirrender wrote:

The last create protection in ns:0 I have found was from 28. Februrary 2019 - https://commons.wikimedia.org/wiki/Frany_Dejota?action=protect
Something must be changed after that. Maybe Wikibase was enabled for the mediainfo or the structed data was enabled.

Not sure how Structured Data can cause such regression.

Urbanecm edited projects, added Wikidata; removed Wikimedia-Site-requests, MediaWiki-Page-protection, MediaWiki-Page-deletion.Nov 13 2019, 12:08 PM
Urbanecm subscribed.
[urbanecm@mwmaint1002 ~]$ mwscript shell.php commonswiki
Psy Shell v0.9.9 (PHP 7.2.22-1+0~20190902.26+debian9~1.gbpd64eb7+wmf1 — cli) by Justin Hileman
>>> use Wikibase\RepoHooks;
>>> $types = Title::getFilteredRestrictionTypes(false);
=> [
     0 => "create",
     3 => "upload",
   ]
>>> RepoHooks::onTitleGetRestrictionTypes(Title::newFromText("Nonexistent"), $types)
=> null
>>> $types
=> [
     3 => "upload",
   ]
>>> ^D
Exit:  Ctrl+D
[urbanecm@mwmaint1002 ~]$

Changing project tags appropriately.

Apparently, $namespaceLookup->isEntityNamespace( NS_MAIN ) is true.

4nn1l2 subscribed.Nov 15 2019, 9:36 PM
Urbanecm set Security to Software security bug.Jul 18 2020, 9:38 PM
Urbanecm added projects: Security, Security-Team.
Urbanecm changed the visibility from "Public (No Login Required)" to "Custom Policy".
Urbanecm changed the subtype of this task from "Task" to "Security Issue".

T258323

Urbanecm closed this task as a duplicate of T258323: Unable to set up move protection in ns:0 on Commons.Jul 18 2020, 9:38 PM
sbassett changed the visibility from "Custom Policy" to "Public (No Login Required)".Jul 24 2020, 7:08 PM
sbassett moved this task from Incoming to Our Part Is Done on the Security-Team board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits