Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-12624

Cannot delete from hg wiki history

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      I have a couple of repositories hosted on bit bucket with wikis. Here is an example:
      https://bitbucket.org/runhello/jumpcore/wiki/Home\\
      Up until a few minutes ago, the wiki for this site was public editable-- any bitbucket account could edit it.

      A few minutes ago, a spammer created a junk page (they have also been hitting my issues and bitbucket technical support is already assisting me) named "(Delaware) (((1800+[snip])) QuickBooks Pro Support Phone Number .md" on the wiki. I quickly noticed, deleted their page and turned off public edits.

      However because of this i noticed something. Their edits are forever in my wiki edit history. If I check out the hg backed repository, I can see in hg glog --style=compact:

      @  38[tip]   283c3d2d2c61   2016-04-22 21:13 +0000   runhello <REDACTED>
|    Removed files via bitbucket
|
o  37   7fb6101a5bc1   2016-04-22 21:11 +0000   makbaldwin1 <makbaldwin1@usa-11.com>
|    Edited online
|
o  36   6fda7925433a   2014-10-06 15:34 +0000   runhello <REDACTED>
|    Edited online

      The makbaldwin1 edit is the bad one. I can still see its full contents using hg.

      Because this is only one commit with one page, and it is just spam, this is not harmful. However I think this shows a feature limitation you should fix. Imagine: What if the edit had been harmful, for example posting someone's personal information? Then I would be stuck hosting that edit in the history of my bitbucket site forever. Or what if instead of one commit, it had been 400? Then the usefulness of my wiki would be restricted, because I would have to deal with those 400 commits every time I tried to edit my wiki using the mercurial interface.

      A thing I notice: If this were a git repository and the wiki were backed by git, I could delete history from the wiki using git push -f. Similarly, if this were a source repository instead of a wiki-repository I could delete history in an emergency using the "strip changeset" feature. The "strip changeset" feature does not work for the wiki.

      I think "strip changeset" should be available for hg-backed wikis.

      Attachments

        Activity

          People

            Unassigned Unassigned
            491c075c5bc0 runhello
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: