Ubuntu Documentation

Deleting attachments on Help wiki is too easy

Bug #691900 reported by Phil Bull
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Ubuntu Documentation
Invalid
Wishlist
Unassigned
ubuntu-docs (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

It seems to be too easy for people to delete attachments on the wiki at help.ubuntu.com/community. Apparently, all it requires is for a user to log-in, click the Attachments link at the bottom of the page, and then click the Del button next to an attachment. (I'm an admin user, so I can't check that this is the case for non-privileged users, but someone reported this problem to me.)

Attachment deletion should be restricted to wiki administrators.

Phill Whiteside (phillw)
Changed in ubuntu-website:
status: New → Confirmed
Revision history for this message
Zach Kriesse (zkriesse-deactivatedaccount) wrote :

Phil, I've noticed this back before I had obtained Wiki/Doc Admin status. I could just log in, find a page, delete attachments, rename a page, and even DELETE a full page...this is not a good think in my opinion...makes it a tad too easy for some malicious user or even an accident to cause delete of say, an Ubuntu team page such as the https://wiki.ubuntu.com/BeginnersTeam pages.

Chris Johnston (cjohnston)
Changed in ubuntu-website:
importance: Undecided → Wishlist
Matthew Nuzum (newz)
affects: ubuntu-website → ubuntu-docs
Revision history for this message
Matthew East (mdke) wrote :

I thought that deletion of pages and attachments was limited to administrators on help.ubuntu.com/community? Could someone without administrative rights please double check this?

I think that deletion of pages and attachments is not restricted on wiki.ubuntu.com, but that is a different site and different policies may be appropriate. That's not a question for the ubuntu-docs project at all.

Revision history for this message
Matthew East (mdke) wrote :

Rejecting on ubuntu-doc project as this is not used for bugs, we use the distribution package for bugs.

Changed in ubuntu-docs:
status: Confirmed → Invalid
Matthew East (mdke)
Changed in ubuntu-docs (Ubuntu):
status: New → Incomplete
Revision history for this message
Connor Imes (ckimes) wrote :

If I recall correctly, the site will present the user with the option to do these tasks, but when they try, it will fail and tell them that they don't have the proper permissions to perform that action.

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for ubuntu-docs (Ubuntu) because there has been no activity for 60 days.]

Changed in ubuntu-docs (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.