https://bugzilla.wikimedia.org/show_bug.cgi?id=69380
--- Comment #7 from MZMcBride <[email protected]> --- (In reply to Brad Jorsch from comment #6) > (In reply to Kunal Mehta (Legoktm) from comment #0) >> Background: "superprotect" launched on de.wp which prevented admins from >> editing the page, but they were still able to delete it and undelete it, >> which then removed the protection status. > > While that's how the bug was discovered, when I heard "deleting and > undeleting a page bypasses protection" I immediately thought "That's a > security bug, and I probably know how to fix it." And also "Ugh, people > posted a security bug on a public mailing list?" I think your use of the term "security bug" is pretty dubious. The fact that pages lose protection status between deletion and restoration is not new (cf. bug 12343). > If we don't use the 'edit' protection for these other actions, then we'd > need to add individual protections for every action. Need to? What specific use-case or problem are you addressing? -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
