Last modified: 2013-09-26 10:03:51 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 10729 - Edit summary reminder preference conflicts with CAPTCHA extensions
Edit summary reminder preference conflicts with CAPTCHA extensions
Product: MediaWiki extensions
Classification: Unclassified
ConfirmEdit (CAPTCHA extension) (Other open bugs)
All All
: Low normal with 1 vote (vote)
: ---
Assigned To: Nobody - You can work on this!
: design
: 18126 (view as bug list)
Depends on:
  Show dependency treegraph
Reported: 2007-07-28 06:27 UTC by Kevin Lamontagne
Modified: 2013-09-26 10:03 UTC (History)
6 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

checks for $editPage->allowBlankSummary (475 bytes, patch)
2009-07-03 19:43 UTC, Church of emacs
reassign wpCaptchaId and wpIgnoreBlankSummary (2.11 KB, patch)
2010-04-17 22:05 UTC, Umherirrender

Description Kevin Lamontagne 2007-07-28 06:27:31 UTC
- Check "Prompt me when entering a blank edit summary" in user preferences.
- Edit a page including external links, without putting a summary.
- fill out the CAPTCHA
- "Reminder: You have not provided an edit summary. If you click Save again, your edit will be saved without one."; Click save.
- Get another CAPTCHA to fill out. You're now caught in a loop until you put an edit summary.
Comment 1 Kevin Lamontagne 2007-07-28 06:28:43 UTC
I forgot to say that I tested this on the english Wikipedia
Comment 2 Rob Church 2007-07-28 07:07:24 UTC
I'm strongly toying with the idea of moving this preference to use a bit of JavaScript, rather than fiddling about checking values on POST; the likely audience for the feature most probably have it enabled, so I doubt anyone's going to lose out.
Comment 3 Umherirrender 2009-03-27 22:13:44 UTC
*** Bug 18126 has been marked as a duplicate of this bug. ***
Comment 4 Church of emacs 2009-03-28 07:06:52 UTC
Full support, Rob.
The current user interface is extremely confusing. You click "save page", get a warning about a "missing edit summary" on top of the page, while the edit summary line is hidden somewhere below the edit field, and it is difficult to spot, as it is not highlighted at all.
A small piece of Javascript code should provide more usability. For example, as long as the summary is not filled out, highlight it in red and give a warning message.
Comment 5 Umherirrender 2009-07-03 15:31:39 UTC
Extension ConfirmEdit has to pass wpIgnoreBlankSummary.

Description in EditPage.php:

# If a blank edit summary was previously provided, and the appropriate
# user preference is active, pass a hidden tag as wpIgnoreBlankSummary. This will stop the
# user being bounced back more than once in the event that a summary
# is not required.
Comment 6 Church of emacs 2009-07-03 19:43:15 UTC
Created attachment 6296 [details]
checks for $editPage->allowBlankSummary

fixed in the attached patch
Comment 7 Church of emacs 2009-08-02 15:32:28 UTC
Done in r54215
Comment 8 Niklas Laxström 2009-08-03 09:35:10 UTC
Reverted in r54260, breaks captcha.
Comment 9 Church of emacs 2009-08-03 13:20:23 UTC
nikerabbit is right, an attacker could just add wpIgnoreBlankSummary to the source code and circumvent the captcha.
A way to fix this would be to provide a token after the captcha has been solved. However, the usability of forcesummary is already so bad that a complete rewrite or alternatives (Javascript for example) are perhaps more appropriate.
Comment 10 Umherirrender 2010-04-17 22:05:12 UTC
Created attachment 7302 [details]
reassign wpCaptchaId and wpIgnoreBlankSummary

The patch reassign the wpIgnoreBlankSummary field so the forceeditsummary is not shown twice. It also reassign the wpCaptchaId so the captcha is not shown twice.

Maybe it is a bad idea to reuse the old value, then let storeCaptcha() create a new one.
Comment 11 Umherirrender 2012-05-05 14:54:41 UTC
Comment on attachment 6296 [details]
checks for $editPage->allowBlankSummary

This patch breaks captcha, see comment 8, marking obsolete
Comment 12 Umherirrender 2012-05-05 14:56:06 UTC
I am not sure, if my patch was the best way to do it. Marking as obsolete, maybe a other developer find a good way.
Comment 13 matanya 2012-07-26 21:04:48 UTC
This needs a new design.

Note You need to log in before you can comment on or make changes to this bug.