Last modified: 2008-09-05 06:25:06 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T15036, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 13036 - Blocked users can still use oversight
Blocked users can still use oversight
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
Oversight (Other open bugs)
unspecified
All All
: Normal enhancement (vote)
: ---
Assigned To: Brion Vibber
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-16 15:25 UTC by Anakin
Modified: 2008-09-05 06:25 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Anakin 2008-02-16 15:25:33 UTC
I tested this on my own wiki, and while blocked, I was still able to oversight revisions on multiple pages and access oversighted data.

The only likely situation where a user with oversight privileges will be blocked is in the case of a compromised account, in which case any use of Special:HideRevision and Special:Oversight will not be legit. There's a potential for mischief here, given that un-oversighting revisions requires special privileges and effort beyond that of normal vandalism reversion.

It would be safer to disable access to these special pages immediately for blocked accounts. It's at least very unlikely to impede any legitimate use of them.

(This is just a suggestion, so it can be closed as WONTFIX if it's not a good idea.)
Comment 1 Aaron Schulz 2008-02-16 22:56:56 UTC
They could just unblock themselves anyway, unless it was a non-admin Oversight...which I suppose is possible.
Comment 2 Roan Kattouw 2008-02-17 21:54:28 UTC
'Special' rights aren't blocked, only editing is. It'll only take another second to strip someone of his oversight rights after you block him. The real fun starts when blocking sysops: they can unblock themselves if you don't remember to de-sysop them as well.
Comment 3 Anakin 2008-02-18 00:43:44 UTC
Fair enough. Strange system where admins can unblock themselves.
Comment 4 Victor Vasiliev 2008-02-18 14:40:52 UTC
Reopening this bug. Blocked sysops should be able *only* to unblock himself, other actions (like deletion) should check for block status.
Comment 5 Kalan 2008-02-18 14:43:43 UTC
> Blocked sysops should be able *only* to unblock himself,
> other actions (like deletion) should check for block status.

What sense does it make if a sysop performs the action or they unblock themselves and perform the action anyway?
Comment 6 Victor Vasiliev 2008-02-18 14:45:18 UTC
(In reply to comment #5)
> > Blocked sysops should be able *only* to unblock himself,
> > other actions (like deletion) should check for block status.
> 
> What sense does it make if a sysop performs the action or they unblock
> themselves and perform the action anyway?
> 

So it makes harder life for sysops-vandals :)
Comment 7 Aaron Schulz 2008-09-05 06:25:06 UTC
Done in r40473

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links