Last modified: 2014-11-18 18:07:15 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T19118, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 17118 - Do not restrict FlaggedRevs special pages like UnreviewedPages and OldReviewedPages to editors/reviewers, make them public
Do not restrict FlaggedRevs special pages like UnreviewedPages and OldReviewe...
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
FlaggedRevs (Other open bugs)
unspecified
All All
: Normal enhancement with 3 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-01-22 21:33 UTC by Tisza Gergő
Modified: 2014-11-18 18:07 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Tisza Gergő 2009-01-22 21:33:14 UTC 
Viewing [[Special:Unreviewedpages]] and [[Special:OldReviewedpages]] requires the 'unreviewedpages' user right. I think most of the information on those pages should not be restricted - everything except the watchlist data is publicly accessible through other pages anyway, and the ability to view which pages are sighted slower helps identifying bias and increasing transparency. Public watchlist data, however, could be sort of a security problem, as it could be used by a clever vandal to identify easy targets (not to mention the privacy implications).

There should exist separate rights to view these two special pages, and to see watchlist data when viewing them - the already existing 'unwatchedpages' could be used for the latter.

(Personally, I would give unreviewedpages right by default to all autoconfirmed users, at the very least, but that is not the point of this request.)
Comment 1 Aaron Schulz 2009-01-23 19:07:05 UTC 
Did oldreviewedpages in r46088, not sure about unreviewedpages. Still gives a list of easier vandal targets.
Comment 2 Aaron Schulz 2009-01-24 05:06:59 UTC 
(In reply to comment #1)
> Did oldreviewedpages in r46088, not sure about unreviewedpages. Still gives a
> list of easier vandal targets.
> 

Closed.
Comment 3 Melancholie 2009-08-13 19:50:51 UTC 
Isn't the API properly coupled?
Although [[de:Special:Oldreviewedpages]] works,
http://de.wikipedia.org/w/api.php?action=query&list=oldreviewedpages&ornamespace=0 gives the following error:

 <error code="orpermissiondenied" info="You need the unreviewedpages right to request the list of old reviewed pages." xml:space="preserve">

Re-opening or new bug?
Comment 4 Melancholie 2009-08-13 19:55:20 UTC 
Adding Roan Kattouw, as comment #3 is an API issue.
Comment 5 Roan Kattouw 2009-08-13 20:37:29 UTC 
(In reply to comment #3)
> Isn't the API properly coupled?
> Although [[de:Special:Oldreviewedpages]] works,
> http://de.wikipedia.org/w/api.php?action=query&list=oldreviewedpages&ornamespace=0
> gives the following error:
> 
>  <error code="orpermissiondenied" info="You need the unreviewedpages right to
> request the list of old reviewed pages." xml:space="preserve">
> 
> Re-opening or new bug?
> 

The API module does its own permissions checks. It should be easy enough to remove the general permissions check and add one for the watchlist stuff. Added comment in Code Review (I'd do it myself, but I'm busy :( )
Comment 6 Aaron Schulz 2009-08-13 21:19:59 UTC 
API changed in r54972
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links