⚓ T190015 Create separate user group for editing sitewide CSS/JavaScript that does not include administrators by default

⚓ T190015 Create separate user group for editing sitewide CSS/JavaScript that does not include administrators by default
Page Menu
Phabricator
Create Task
Maniphest
T190015
Create separate user group for editing sitewide CSS/JavaScript that does not include administrators by default
Closed, Resolved
Public
Actions
Edit Task
Edit Related Tasks...
Create Subtask
Edit Parent Tasks
Edit Subtasks
Merge Duplicates In
Close As Duplicate
Edit Related Objects...
Edit Commits
Edit Mocks
Mute Notifications
Protect as security issue
Assigned To
Tgr
Authored By
Tgr
Mar 19 2018, 6:16 AM
2018-03-19 06:16:20 (UTC+0)
Tags
Security-Core
(Backlog)
JavaScript
Patch-For-Review
WMF-General-or-Unknown
Trust-and-Safety
(Security/Abuse)
User-Tgr
(Pending)
MW-1.32-notes (WMF-deploy-2018-08-28 (1.32.0-wmf.19))
Security
Referenced Files
None
Subscribers
1233thehongkonger
1997kB
abian
Af420
AfroThundr3007730
Ajraddatz
Aklapper
View All 77 Subscribers
Description
Currently, MediaWiki administrators (members of the
sysop
user group) have the ability to edit Javascript pages: site-wide JS such as
MediaWiki:Vector.js
MediaWiki:Gadget-*.js
pages (used by the
Gadgets
extension, can be configured to load by default) and JS subpages of another user (including
User:/global.js
, used by the
GlobalCssJs
extension). Thus an attacker who compromises an admin account (on some wikis, even a less privileged account such as
templateeditor
on hewiki) can deploy malicious Javascript to all visitors.
The ability of wiki communities to shape wikis to their liking by deploying custom Javascript is an important tool for increasing power user productivity and empowering communities to solve their problems; as such, it is desirable even with this risk. The way access to this right is currently given is suboptimal though:
Most administrators have no Javascript editing skills, and as such there is very little benefit in them having that right. (Maybe faster revert time in case of an attack, but even that is highly questionable.)
Administrators who lack computer skills not only don't need Javascript editing abilities but are extra dangerous attack vectors as they often have weaker password and antivirus practices, don't keep their systems up to date etc.
With Javascript editing being just one of the many rights administrators have, most communities do not fully understand its dangers and are not sufficiently careful about assigning it. E.g. relatively low-trust user groups sometimes get (that resulted in T189665 recently), no one is worried about long-inactive admins retaining their privileges, there is very little oversight of small wikis with few active admins etc.
The obvious solution for this is to split Javascript editing into a separate, dedicated user group, take away the right from all other user groups (
sysop
interface-editor
engineer
templateeditor
on some wikis), clearly document the risks of handing out that user group, and set higher expectations for membership (e.g. use of two-factor authentication). There is some paranoia around this issue (some people an attempt to revive
Superprotect
behind anything that changes Javascript editing workflows) but it is unlikely that many editors will be concerned as long as it is made clear that the power to assign Javascript editing capabilities is left with the local communities. Local bureaucrats would be able to add and remove users, and current admins (or interface editors where that right exists) could be grandfathered in if they want to.
Patches:
core:
421121
- create
editsitecss
editsitejs
rights which are needed in combination with
editinterface
to edit the given type of MediaWiki page (
T120886: Make javascript editing permissions more fine grained and separate from normal editinterface right
); create new group
techadmin
which has these rights; take away
editusercss
edituserjs
from
sysop
group
WMF config:
421122
421123
440676
421124
421125
- support migration process, prevent non-techadmin groups from being able to grant the new rights
(Draft) community consultation page:
User:Tgr/Create separate user group for editing sitewide CSS/JS
(Draft) user group info page:
User:Tgr/Technical_administrator
Affected Wikimedia user groups:
sysop
user (donatewiki, foundationwiki)
securepoll (officewiki)
electcomm/staffsupport/electionadmin (votewiki)
centralnoticeadmin (metawiki, testwiki)
botadmin (frwiktionary, mlwiki, mlwikisource, mlwiktionary)
engineer (ruwiki)
interface-editor (azbwiki, ckbwiki, elwiktionary, hewiki, huwiki, jawiki, pswiki, ptwiki, trwiki, urwiki)
templateeditor (fawiki, rowiki)
translator (incubatorwiki)
wikidata-staff (wikidata)
Sitewide CSS/JS editing not covered by the patch:
Raw HTML messages (
T2212: Some MediaWiki: messages not safe in HTML (tracking)
), editable with
editinterface
, Translatewiki.net access or by sneaking an i18n patch through code review (see
T45646
T200997
for a partial solution)
Pages not in the MediaWiki/User namespace which are loaded by another script (via importScript or similar) - see {T113042} and
T171563: Only allow MediaWiki, Gadget, and User namespace pages to be treated as JS or CSS (no project namespace, etc.)
Gadgets after
T31272: Implement Gadgets 2.0
(will move gadgets out of the MediaWiki namespace and use
gadgets-edit
and maybe
gadgets-definition-edit
rights instead; we might want to have rights separation between global and personal gadgets).
Javascript in CentralNotice banners (
T202244: CentralNotice provides a means for non interface-admins to bypass new CSS/JS restrictions
Import does not do any per-page permission checks
Related issues:
T71445: Implement a proper code-review process for MediaWiki JS/CSS pages on Wikimedia sites
{T190019}
{T186392}
Follow-ups:
T198758: Load .json configuration files via ResourceLoaderWikiModule
T200176: Deletion of user js and css requires deletion and edituser* rights
T201052: Local interface-admin need to be sysop for some operations
Details
Related Changes in Gerrit:
Subject
Repo
Branch
Lines +/-
Add editsitejson to everyone who has editinterface
operations/mediawiki-config
master
+17
-7
Enforce that interface-admin is the only group that can edit non-own CSS/JS
operations/mediawiki-config
master
+17
-0
Localize error message about missing interface-admin rights
mediawiki/extensions/WikimediaMessages
master
+3
-0
Remove sitewide and user CSS/JS editing from old groups
operations/mediawiki-config
master
+2
-36
Segregate right to edit sitewide CSS/JS
mediawiki/core
wmf/1.32.0-wmf.13
+158
-32
Segregate right to edit sitewide CSS/JS
mediawiki/core
wmf/1.32.0-wmf.14
+158
-32
Segregate right to edit sitewide CSS/JS
mediawiki/core
master
+158
-32
Temporarily preserve sysops' JS editing ability
operations/mediawiki-config
master
+12
-0
Add interface-admin to privileged groups
operations/mediawiki-config
master
+2
-2
Customize query in gerrit
Related Objects
Search...
Task Graph
Mentions
Status
Subtype
Assigned
Task
Resolved
Tgr
T190015
Create separate user group for editing sitewide CSS/JavaScript that does not include administrators by default
Resolved
Tgr
T120886
Make javascript editing permissions more fine grained and separate from normal editinterface right
Resolved
None
T202244
CentralNotice provides a means for non interface-admins to bypass new CSS/JS restrictions
Restricted Task
Restricted Task
Mentioned In
T357051: Issues with lack of JS / User CSS / Gadgets on Wikibase.cloud
T31272: Implement Gadgets 2.0
T120889: Create preference to control using personal JS
T241634: `gadgets-prefstext` needs to be updated regarding interface administrators
T169027: Provide iframe sandboxing for rich-media extensions (defense in depth)
T214379: Own user script cannot be deleted by the admin owner because it is a "redirect"
T203083: "Administrator" is hardcoded in various permission error messages
T202989: Administrators can no longer view deleted history of js/css pages
T202298: Inform communities that all bureaucrats can now remove 'interface-admin'
T202244: CentralNotice provides a means for non interface-admins to bypass new CSS/JS restrictions
T201052: Local interface-admin need to be sysop for some operations
T45646: "MediaWiki:Copyright" message allows raw HTML
T198890: Develop an easy way for wikis to create a blackout protest
T198758: Load .json configuration files via ResourceLoaderWikiModule
T197617: TemplateStyles should be able to add skin-specific CSS
T197087: Remove or limit ability to edit the user JS of another user who has higher privileges
Mentioned Here
T203924: Cannot translate some messages because of new interface-admin requirements
T202989: Administrators can no longer view deleted history of js/css pages
T45646: "MediaWiki:Copyright" message allows raw HTML
T200997: Add raw HTML messages in WMF-deployed extensions to $wgRawHtmlMessages
T201052: Local interface-admin need to be sysop for some operations
T202244: CentralNotice provides a means for non interface-admins to bypass new CSS/JS restrictions
T33150: Implement "hidden" gadget feature (pre-Gadgets 2.0)
T200176: Deletion of user js and css requires deletion and edituser* rights
T144599: New "engineer" usergroup for ruwiki
T190619: Add TitleBlacklist override to Russian Wikipedia engineers
T198758: Load .json configuration files via ResourceLoaderWikiModule
T2212: Some MediaWiki: messages not safe in HTML (tracking)
P7107 CSS/JSON/JS edits per user (in MediaWiki namespace)
T150562: Be able to force OATHAuth for certain user groups
T112937: Common misuse of importScript in global js pages make users load scripts from non-protected pages
T71445: Implement a proper code-review process for MediaWiki JS/CSS pages on Wikimedia sites
T71911: 2.0: Split "gadgets-edit" user right into "gadgets-edit-css" and "gadgets-edit-js"
T31272: Implement Gadgets 2.0
T120886: Make javascript editing permissions more fine grained and separate from normal editinterface right
T171563: Only allow MediaWiki, Gadget, and User namespace pages to be treated as JS or CSS (no project namespace, etc.)
Event Timeline
There are a very large number of changes, so older changes are hidden.
Show Older Changes
Luke081515
added a comment.
Jul 23 2018, 11:23 AM
2018-07-23 11:23:28 (UTC+0)
Comment Actions
In my opinion, the removal of the edituserjss etc. rights from the sysop group should be stalled, until
T200176
is resolved.
MBH
added a comment.
Jul 23 2018, 11:56 AM
2018-07-23 11:56:03 (UTC+0)
Comment Actions
What is this task? It's restricted.
Reedy
added a comment.
Jul 23 2018, 12:02 PM
2018-07-23 12:02:40 (UTC+0)
Comment Actions
In
T190015#4445044
@MaxBioHazard
wrote:
What is this task? It's restricted.
Wouldn't disclosing it defeat the point of it being restricted?
IKhitron
added a comment.
Jul 23 2018, 1:09 PM
2018-07-23 13:09:15 (UTC+0)
Comment Actions
So, how long it will take?
MGChecker
added a comment.
Jul 23 2018, 8:33 PM
2018-07-23 20:33:55 (UTC+0)
Comment Actions
I think the migration period of 1 month is too short, you need much more time to adapt the policies in larger wikis. I think thee transition period should be at least two months long
In
T190015#4445053
@Reedy
wrote:
In
T190015#4445044
@MaxBioHazard
wrote:
What is this task? It's restricted.
Wouldn't disclosing it defeat the point of it being restricted?
If this is just some obvious consequence of changing the permission balance instead of a real, effective security problem, I think restricting the task does more harm than good. It prevents users from giving input how these issues should be handled. Such tasks have to be resolved before this change is deployed either way, so there's not harm in having people be aware of possible problems for now. If such issues aren't fixed before deploying, people will get the idea how to exploit them within weeks either way, since issues of that type are generally quite obvious.
Tgr
added a comment.
Jul 23 2018, 8:40 PM
2018-07-23 20:40:28 (UTC+0)
Comment Actions
TTO
mentioned this in
T45646: "MediaWiki:Copyright" message allows raw HTML
Jul 24 2018, 10:37 AM
2018-07-24 10:37:45 (UTC+0)
Sakretsu
subscribed.
Jul 26 2018, 11:42 AM
2018-07-26 11:42:21 (UTC+0)
gerritbot
added a comment.
Jul 26 2018, 8:58 PM
2018-07-26 20:58:22 (UTC+0)
Comment Actions
Change 421122
merged
by jenkins-bot:
[operations/mediawiki-config@master] Add interface-admin to privileged groups
gerritbot
added a comment.
Jul 26 2018, 8:59 PM
2018-07-26 20:59:08 (UTC+0)
Comment Actions
Change 421123
merged
by jenkins-bot:
[operations/mediawiki-config@master] Temporarily preserve sysops' JS editing ability
gerritbot
added a comment.
Jul 26 2018, 10:26 PM
2018-07-26 22:26:18 (UTC+0)
Comment Actions
Change 421121
merged
by jenkins-bot:
[mediawiki/core@master] Segregate right to edit sitewide CSS/JS
ReleaseTaggerBot
added a project:
MW-1.32-notes (WMF-deploy-2018-07-31 (1.32.0-wmf.15))
Jul 26 2018, 11:00 PM
2018-07-26 23:00:48 (UTC+0)
gerritbot
added a comment.
Jul 26 2018, 11:16 PM
2018-07-26 23:16:38 (UTC+0)
Comment Actions
Change 448168 had a related patch set uploaded (by Gergő Tisza; owner: Gergő Tisza):
[mediawiki/core@wmf/1.32.0-wmf.14] Segregate right to edit sitewide CSS/JS
gerritbot
added a comment.
Jul 30 2018, 10:52 AM
2018-07-30 10:52:14 (UTC+0)
Comment Actions
Change 449153 had a related patch set uploaded (by Gergő Tisza; owner: Gergő Tisza):
[mediawiki/core@wmf/1.32.0-wmf.13] Segregate right to edit sitewide CSS/JS
gerritbot
added a comment.
Jul 30 2018, 11:20 AM
2018-07-30 11:20:31 (UTC+0)
Comment Actions
Change 448168
merged
by jenkins-bot:
[mediawiki/core@wmf/1.32.0-wmf.14] Segregate right to edit sitewide CSS/JS
gerritbot
added a comment.
Jul 30 2018, 11:24 AM
2018-07-30 11:24:57 (UTC+0)
Comment Actions
Change 449153
merged
by jenkins-bot:
[mediawiki/core@wmf/1.32.0-wmf.13] Segregate right to edit sitewide CSS/JS
ReleaseTaggerBot
edited projects, added
MW-1.32-notes (WMF-deploy-2018-07-24 (1.32.0-wmf.14))
; removed
MW-1.32-notes (WMF-deploy-2018-07-31 (1.32.0-wmf.15))
Jul 30 2018, 12:00 PM
2018-07-30 12:00:26 (UTC+0)
Tgr
closed subtask
T120886: Make javascript editing permissions more fine grained and separate from normal editinterface right
as
Resolved
Aug 1 2018, 12:43 PM
2018-08-01 12:43:50 (UTC+0)
Af420
subscribed.
Aug 2 2018, 12:54 AM
2018-08-02 00:54:15 (UTC+0)
PerfektesChaos
mentioned this in
T201052: Local interface-admin need to be sysop for some operations
Aug 2 2018, 5:35 PM
2018-08-02 17:35:58 (UTC+0)
Xaosflux
added a comment.
Edited
Aug 5 2018, 7:29 PM
2018-08-05 19:29:24 (UTC+0)
Comment Actions
Following up on discussion from enwiki: Will local sysops's still be able to
delete
css/js pages if they are not also able to edit them? Specifically in relation to user css/user js pages I suspect this is going to increase the number of users seeking access. Would it be difficult to allow admins to continue to be able to delete? I'm guessing same problem will occur for oversighting these pages? That is if an OS is not also an interface admin will they be unable to perform oversight operations on these pages?
Xaosflux
added a comment.
Aug 5 2018, 7:43 PM
2018-08-05 19:43:27 (UTC+0)
Comment Actions
Followup #2: Will global renamer's that are not local interface admins still be able to move user .js/.css subpages? If not, how will these fail?
FDMS
added a comment.
Aug 5 2018, 8:11 PM
2018-08-05 20:11:46 (UTC+0)
Comment Actions
In
T190015#4479729
@Xaosflux
wrote:
Followup #2: Will global renamer's that are not local interface admins still be able to move user .js/.css subpages? If not, how will these fail?
The answer seems to be yes (
@Ajraddatz
at
#Page moves
):
Global renaming bypasses any local restrictions that would prevent the action or subsequent actions from being completed (i.e. if a global renamer was locally blocked on the wiki, if the page was fully protected, etc)
Compassionate727
subscribed.
Aug 5 2018, 8:31 PM
2018-08-05 20:31:10 (UTC+0)
Tgr
added a comment.
Aug 5 2018, 9:00 PM
2018-08-05 21:00:01 (UTC+0)
Comment Actions
Global renaming bypasses any local restrictions
Local page move with subpages doesn't though, so keep that in mind.
Will local sysops's still be able to delete css/js pages if they are not also able to edit them?
That would be desirable for multiple reasons, I'm not sure how it could be implemented in a safe way though.
I'm guessing same problem will occur for oversighting these pages?
Oversight does not require edit rights. Of course, someone does need to edit the page first.
Xaosflux
added a comment.
Aug 5 2018, 9:27 PM
2018-08-05 21:27:51 (UTC+0)
Comment Actions
@Tgr
agree it could be desirable - please correct me if I'm wrong but after this change this scenario is created:
1: Any editor can create a page at User:user/*.[js|css] (which can contain pretty much any text)
2: This content can only be deleted by someone that is both a sysop and an interface admin
This may drive the number of interface admins communities need up, as there will be a content management need
Tgr
added a comment.
Aug 5 2018, 9:35 PM
2018-08-05 21:35:27 (UTC+0)
Comment Actions
T200176: Deletion of user js and css requires deletion and edituser* rights
has more discussion on this.
AndyRussG
subscribed.
Aug 6 2018, 7:34 PM
2018-08-06 19:34:56 (UTC+0)
SpeedyGonsales
subscribed.
Edited
Aug 7 2018, 4:19 PM
2018-08-07 16:19:36 (UTC+0)
Comment Actions
Hi, this is broken on (at least) hr.wp. I have appropriate right, which can be checked:
But when I go to:
(=
I get following text:
"Zahtijeva ⧼right-hidden⧽ pravo."
which translates to:
"Needs ⧼right-hidden⧽ right."
Deploying broken changes, QA?
Tgr
added a comment.
Aug 7 2018, 4:37 PM
2018-08-07 16:37:21 (UTC+0)
Comment Actions
@SpeedyGonsales
[[
right-hidden
]] is/was a Commons hack to prevent a gadget from being used by anyone. Apparently whoever ported the gadget didn't bother to port the message as well. IIRC these days ResourceLoader has a
hidden
option so the hack is not needed anymore.
Anyway, this has nothing to do with editing, permissions shown on Special:Gadgets are for enabling gadgets.
matmarex
added a comment.
Aug 7 2018, 5:51 PM
2018-08-07 17:51:51 (UTC+0)
Comment Actions
To clarify, using
rights=hidden
on
for this gadget means that you have to have the
hidden
right to enable it in your preferences. It does not affect the rights required to edit it.
Because no one has this right (because it does not exist), no one can enable the gadget, so it is effectively hidden from everyone. This is used for some libraries used by other gadgets that don't do anything by themself. Normally you'd use e.g.
rights=block
on a gadget that provides improvements to the block form, so that it would not show up in preferences for people who can't use it.
matmarex
added a comment.
Edited
Aug 7 2018, 5:55 PM
2018-08-07 17:55:53 (UTC+0)
Comment Actions
In
T190015#4485315
@Tgr
wrote:
IIRC these days ResourceLoader has a
hidden
option so the hack is not needed anymore.
This is correct (although it's a Gadgets extension feature, not in ResourceLoader). It was implemented in 2016 (
T33150
).
@SpeedyGonsales
So, to avoid the broken text on
, you can replace
rights=hidden
on
with just
hidden
. There are several gadgets using this on
, if you need to look at an example.
SpeedyGonsales
added a comment.
Aug 7 2018, 6:33 PM
2018-08-07 18:33:41 (UTC+0)
Comment Actions
Hi Tgr and matmarex,
you are both right. There were actually two problems with Gadget definition page:
rights=hidden
and
having scriptname|scriptname.js[|scriptname.css|otherscript.js|...] syntax,
scriptname
cannot contain full set of UTF-8 characters, only ASCII.
First problem obscured second, thanks to Tgr I solved second, will now do also first.
Thank you both, regards!
gerritbot
added a comment.
Aug 7 2018, 6:59 PM
2018-08-07 18:59:08 (UTC+0)
Comment Actions
Change 451076 had a related patch set uploaded (by Gergő Tisza; owner: Gergő Tisza):
[operations/mediawiki-config@master] Enable TemplateStyles everywhere
Enterprisey
subscribed.
Aug 16 2018, 5:00 AM
2018-08-16 05:00:28 (UTC+0)
Comment Actions
Will the configuration changes to enable this (i.e. the user group changes) be on the deployment train for 1.32.0-wmf.18?
matmarex
added a comment.
Aug 16 2018, 6:38 PM
2018-08-16 18:38:23 (UTC+0)
Comment Actions
@APerson
Can you clarify what you mean? The new user group
interface-admin
already exists on the wikis and users can be added to it by bureaucrats.
Does this help?
Dvorapa
subscribed.
Aug 16 2018, 7:05 PM
2018-08-16 19:05:20 (UTC+0)
Enterprisey
added a comment.
Aug 16 2018, 7:44 PM
2018-08-16 19:44:10 (UTC+0)
Comment Actions
@matmarex
Thanks for the link! That helps. I'm talking about the removal of mw-space editing perms from the sysop right. I assume it'll be the European mid-day SWAT, like the July 30th change? Or will the config be changed at a different time? I mostly am interested in what time on the 27th of August these other changes will happen.
JohanahoJ
subscribed.
Aug 17 2018, 9:03 PM
2018-08-17 21:03:00 (UTC+0)
Xaosflux
mentioned this in
T202244: CentralNotice provides a means for non interface-admins to bypass new CSS/JS restrictions
Aug 19 2018, 7:43 PM
2018-08-19 19:43:30 (UTC+0)
Tgr
added a comment.
Aug 20 2018, 12:00 PM
2018-08-20 12:00:07 (UTC+0)
Comment Actions
In
T190015#4508071
@APerson
wrote:
I assume it'll be the European mid-day SWAT, like the July 30th change?
That's the plan, yes.
MGChecker
added a comment.
Aug 20 2018, 1:41 PM
2018-08-20 13:41:18 (UTC+0)
Comment Actions
In my opinion, removing this permissions from the
sysop
group should be on hold until
T200176
is resolved.
Tgr
added a comment.
Aug 20 2018, 1:50 PM
2018-08-20 13:50:44 (UTC+0)
Comment Actions
In
T190015#4514698
@MGChecker
wrote:
In my opinion, removing this permissions from the
sysop
group should be on hold until
T200176
is resolved.
I still think that is not a huge deal, per
T200176#4472162
MarcoAurelio
mentioned this in
T202298: Inform communities that all bureaucrats can now remove 'interface-admin'
Aug 20 2018, 3:19 PM
2018-08-20 15:19:17 (UTC+0)
Quiddity
unsubscribed.
Aug 20 2018, 11:25 PM
2018-08-20 23:25:29 (UTC+0)
DMacks
subscribed.
Aug 22 2018, 7:23 AM
2018-08-22 07:23:05 (UTC+0)
Comment Actions
There appears to be a typo in the
gerrit 421125
change. In the inserted line 3675:
|| !empty( $wgGroupPermissions[$group]['editsites'] )
it should be
editsitejs
Reedy
added a comment.
Aug 22 2018, 9:02 AM
2018-08-22 09:02:09 (UTC+0)
Comment Actions
In
T190015#4521833
@DMacks
wrote:
There appears to be a typo in the
gerrit 421125
change. In the inserted line 3675:
|| !empty( $wgGroupPermissions[$group]['editsites'] )
it should be
editsitejs
Yup... Let's fix it
Tgr
added a subtask:
T202842: Rename global interface editors to global interface admins
Aug 26 2018, 10:03 PM
2018-08-26 22:03:44 (UTC+0)
gerritbot
added a comment.
Aug 27 2018, 11:05 AM
2018-08-27 11:05:57 (UTC+0)
Comment Actions
Change 421124
merged
by jenkins-bot:
[operations/mediawiki-config@master] Remove sitewide and user CSS/JS editing from old groups
gerritbot
added a comment.
Aug 27 2018, 11:06 AM
2018-08-27 11:06:24 (UTC+0)
Comment Actions
Change 421125
merged
by jenkins-bot:
[operations/mediawiki-config@master] Enforce that interface-admin is the only group that can edit non-own CSS/JS
Xiplus
subscribed.
Aug 27 2018, 12:00 PM
2018-08-27 12:00:34 (UTC+0)
stjn
added a comment.
Aug 27 2018, 1:10 PM
2018-08-27 13:10:03 (UTC+0)
Comment Actions
Small question: while separating rights, you have granted sitewide JSON editing to sysops, but not granted it to other groups that had editinterface before (specifically, this situation is concerning RuWP’s
engineer
s). Is this intentional in any way or could this be fixed without additional bureaucracy?
Tgr
added a comment.
Aug 27 2018, 1:12 PM
2018-08-27 13:12:06 (UTC+0)
Comment Actions
@stjn
that's an oversight, I'll put up a fix.
gerritbot
added a comment.
Aug 27 2018, 1:28 PM
2018-08-27 13:28:24 (UTC+0)
Comment Actions
Change 455558 had a related patch set uploaded (by Gergő Tisza; owner: Gergő Tisza):
[mediawiki/extensions/WikimediaMessages@master] Localize error message about missing interface-admin rights
gerritbot
added a comment.
Aug 27 2018, 1:42 PM
2018-08-27 13:42:00 (UTC+0)
Comment Actions
Change 455561 had a related patch set uploaded (by Gergő Tisza; owner: Gergő Tisza):
[operations/mediawiki-config@master] Add editsitejson to everyone who has editinterface
Tgr
updated the task description.
(Show Details)
Aug 27 2018, 2:50 PM
2018-08-27 14:50:37 (UTC+0)
Comment Actions
All the patches central to the task are live now, so I'll mark this as done. Feel free to reopen if something is not working as expected, this is causing unforeseen problems etc.
gerritbot
added a comment.
Aug 27 2018, 3:55 PM
2018-08-27 15:55:21 (UTC+0)
Comment Actions
Change 455558
merged
by jenkins-bot:
[mediawiki/extensions/WikimediaMessages@master] Localize error message about missing interface-admin rights
ReleaseTaggerBot
edited projects, added
MW-1.32-notes (WMF-deploy-2018-08-28 (1.32.0-wmf.19))
; removed
MW-1.32-notes (WMF-deploy-2018-07-24 (1.32.0-wmf.14))
Aug 27 2018, 4:00 PM
2018-08-27 16:00:24 (UTC+0)
Epine
unsubscribed.
Aug 27 2018, 4:04 PM
2018-08-27 16:04:31 (UTC+0)
Tgr
closed this task as
Resolved
Aug 27 2018, 11:10 PM
2018-08-27 23:10:09 (UTC+0)
Tgr
claimed this task.
Aklapper
removed a subtask:
T202989: Administrators can no longer view deleted history of js/css pages
Aug 28 2018, 1:37 PM
2018-08-28 13:37:03 (UTC+0)
Xaosflux
added a comment.
Aug 28 2018, 1:40 PM
2018-08-28 13:40:39 (UTC+0)
Comment Actions
@Tgr
see "unforseen problem"
T202989
; leaving it to you if you want this reopened or if will be otherwise handled
Xaosflux
mentioned this in
T202989: Administrators can no longer view deleted history of js/css pages
Aug 28 2018, 1:42 PM
2018-08-28 13:42:11 (UTC+0)
Dinoguy1000
added a comment.
Aug 28 2018, 3:21 PM
2018-08-28 15:21:30 (UTC+0)
Comment Actions
If anyone's keeping a record, here's another example of the need for this restriction:
Usernames, IP addresses, user agents, and CSRF tokens were collected in this exploit.
Tgr
mentioned this in
T203083: "Administrator" is hardcoded in various permission error messages
Aug 29 2018, 1:24 PM
2018-08-29 13:24:57 (UTC+0)
MBH
unsubscribed.
Aug 29 2018, 1:49 PM
2018-08-29 13:49:14 (UTC+0)
gerritbot
added a comment.
Aug 30 2018, 11:03 AM
2018-08-30 11:03:28 (UTC+0)
Comment Actions
Change 455561
merged
by jenkins-bot:
[operations/mediawiki-config@master] Add editsitejson to everyone who has editinterface
Liuxinyu970226
unsubscribed.
Aug 31 2018, 12:07 AM
2018-08-31 00:07:37 (UTC+0)
Zerxo
subscribed.
Sep 14 2018, 6:05 PM
2018-09-14 18:05:00 (UTC+0)
Comment Actions
Each user has the authority to retrieve and edit "Wikipedia language projects" and give them in different sections in other projects, and there is a problem where I do not find it good to give this power to users who have this powerful primitive, and modifying the page of this type of pages is dangerous to the user settings and I see that these The power should wait a bit and be pulled from the users who have obtained it until the problems are fixed
Aklapper
added a comment.
Sep 14 2018, 8:16 PM
2018-09-14 20:16:53 (UTC+0)
Comment Actions
@Zerxo
: Please do not post unrelated comments here but in different places, such as discussion forums on wikis. Thanks.
RandomDSdevel
awarded a token.
Oct 1 2018, 1:17 AM
2018-10-01 01:17:49 (UTC+0)
Tgr
added a comment.
Nov 2 2018, 11:43 PM
2018-11-02 23:43:03 (UTC+0)
Comment Actions
This caused
T203924: Cannot translate some messages because of new interface-admin requirements
(on the net probably a good thing).
JohanahoJ
unsubscribed.
Jan 10 2019, 2:49 PM
2019-01-10 14:49:59 (UTC+0)
geraki
mentioned this in
T214379: Own user script cannot be deleted by the admin owner because it is a "redirect"
Jan 22 2019, 1:03 PM
2019-01-22 13:03:51 (UTC+0)
Tgr
mentioned this in
T169027: Provide iframe sandboxing for rich-media extensions (defense in depth)
Oct 8 2019, 9:40 AM
2019-10-08 09:40:34 (UTC+0)
DannyS712
mentioned this in
T241634: `gadgets-prefstext` needs to be updated regarding interface administrators
Dec 31 2019, 5:11 AM
2019-12-31 05:11:15 (UTC+0)
chasemp
added a project:
Security
Feb 10 2020, 10:52 PM
2020-02-10 22:52:12 (UTC+0)
Restricted Application
added a subscriber:
Strainu
View Herald Transcript
Feb 10 2020, 10:52 PM
2020-02-10 22:52:12 (UTC+0)
DannyS712
mentioned this in
T120889: Create preference to control using personal JS
Feb 15 2020, 10:26 AM
2020-02-15 10:26:23 (UTC+0)
chasemp
removed a project:
acl*security
Feb 20 2020, 8:13 PM
2020-02-20 20:13:04 (UTC+0)
Aklapper
removed a subscriber:
Anomie
Oct 16 2020, 5:39 PM
2020-10-16 17:39:03 (UTC+0)
Restricted Application
added a subscriber:
Huji
View Herald Transcript
Oct 16 2020, 5:39 PM
2020-10-16 17:39:03 (UTC+0)
Seddon
closed subtask
T202244: CentralNotice provides a means for non interface-admins to bypass new CSS/JS restrictions
as
Resolved
May 25 2021, 2:45 PM
2021-05-25 14:45:25 (UTC+0)
Izno
removed a subtask:
T202842: Rename global interface editors to global interface admins
Jul 31 2021, 12:42 AM
2021-07-31 00:42:49 (UTC+0)
Sakura_emad
subscribed.
Oct 11 2021, 9:44 AM
2021-10-11 09:44:52 (UTC+0)
Krinkle
mentioned this in
T31272: Implement Gadgets 2.0
Feb 25 2024, 1:40 AM
2024-02-25 01:40:17 (UTC+0)
GreenReaper
mentioned this in
T357051: Issues with lack of JS / User CSS / Gadgets on Wikibase.cloud
Jun 2 2024, 8:35 PM
2024-06-02 20:35:09 (UTC+0)
Log In to Comment
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct.
Wikimedia Foundation
Code of Conduct
Disclaimer
CC-BY-SA
GPL
Credits