ON HOLD - (unless someone wants to pick it up) UNTIL 28 AUG 2023
due to a lack of understanding of the PHP unit tests, this ticket is on hold until I return from PTO unless someone wants to play with the code - please drop a line to me if you decide to do that.

Just noticed on wiki/Special:Upload that we allow png, fig, jpg, jpeg and webp - However, PhotoDNA does not check webp files. Also, we list the Max file size to upload as Maximum file size: 100 MB, but photoDNA will require that size to be shrunk

T341221 and T336576 have been folded into this ticket

This is done in T339988

This has been done in T339988

if this is done, we will need to consider that the image check amount is x amount of free checks per month - I think this is not supposed to be available to the general public, due to the limit of images per month. We still have not gone through all of the photos of the primary products WMF supports.

modify the email to include the prefixed Title name - what title? title of image? title of person being emailed? needs clarification

Response 200
Name Description
Status Status codes and corresponding descriptions:
3000: OK
3002: Invalid or missing request parameter(s)
3004: Unknown scenario or unhandled error occurred while processing request
3206: The given file could not be verified as an image
3208: Image size in pixels is not within allowed range (minimum size is 160x160 pixels; maximum size is 4MB)
TrackingId UniqueID that identifies this individual request.
IsMatch Boolean value indicating whether the submitted image matched a known image

Have emailed PhotoDNA requesting clarification of limits on image size. What I had from the website is no longer there, so am keeping my fingers crossed that they have dropped those requirements.

Create an additional parameter to the maintenance script (--send-image-contents, default to `true) that allows the user to specify uploading as images instead of URLs
I do not think adding this parameter would be of use. This is not a public-facing code, it is a script to verify images are free of particular content, and notify TPTB (the powers that be) of images that PhotoDNA flagged. If a complete URI is used (and is located in the database), yes the content may be processed if it is in a proper format. There is no need to specify what to send to PhotoDNA, IMHO.

file; includes/http/GuzzleHttpRequest.php -> this is the beginning of the API request development process.

ticket?
Verify image size, if greater than 4 MB - need to verify has been done
Verify image height x width - not being done now, just makes everything a set size thumbnail, regardless of size
ticket?
Update code to use a new system of submitting code for batches - in retrospect, may try guzzle to submit batch of 5, but think right now if we can just get moving with one at a time, that would be good
Sumit files using guzzle to be sure that the timing is correct Up to 10 million transactions per month (5 requests per second) (governor)
ticket?
Attempt to tie into the current code base for evaluation and tracking
should be new ticket?
Verify email works when there is an image found that is in violation
should be new ticket?
Need to update tests on each section

$wgMediaModerationPhotoDNASubscriptionKey has been deployed -

Documentation on how to deploy
https://wikitech.wikimedia.org/w/index.php?title=How_to_deploy_code&diff=2090931&oldid=2065655 (edited)

hopefully, we will be updating the key on 6 July 2023 on the afternoon train...

that value is in PirvateSettings.php on the deployment host

UPDATED POST:
Hi folks, I am not sure of the process, but y'all have been recommended as a resource. I need to update the MediaModerationPhotoDNASubscriptionKey The configuration to update is MediaModerationPhotoDNASubscriptionKey (as seen in extension.json in MediaModeration extension). Believe the location is PrivateSettings.php - if this isn't clear enough please slack me and I'll try to provide answers. Thanks! (edited)

posted to slack channel #engineering-enablement
1:51 PM 5 July 2023
Ellen Rayfield Hi folks, I am unsure of the process, but y'all have been recommended as a resource. I need to update the MediaModeration PhotoDNA key, it may also be named Ocp-Apim-Subscription-Key. Believe the location is PrivateSettings.php - if this isn't clear enough please slack me and I'll try to provide answers. Thanks!

this ticket should cover the following items

Beginning to find things out:
Is there anyone who is able to explain what a scap file looks like, and where it should be in the local repo? Have read:
https://wikitech.wikimedia.org/wiki/Scap all the links off that page and several others including https://wikitech.wikimedia.org/wiki/Scap#All-script
https://wikitech.wikimedia.org/wiki/Heterogeneous_deployment?useskin=vector-2022#Run_a_maintenance_script_on_a_wiki
Thanks in advance & happy Friday

It sounds like you want to edit /srv/mediawiki-staging/private/PrivateSettings.php on deployment.eqiad.wmnet ? scap would come into play to actually deploy the changed file to all mediawiki servers. (edited)

references
https://gitlab.wikimedia.org/repos/releng/scap/-/blob/master/RELEASE.md
https://wikitech.wikimedia.org/wiki/Heterogeneous_deployment#Change_wiki_configuration
https://wikitech.wikimedia.org/wiki/Configuration_files
https://www.mediawiki.org/w/index.php?title=Manual:Writing_maintenance_scripts&useskin=vector-2022
https://wikitech.wikimedia.org/wiki/Scap#All-script
https://wikitech.wikimedia.org/wiki/Heterogeneous_deployment?useskin=vector-2022#Run_a_maintenance_script_on_a_wiki

fair warning and FYI, this is going to take some time, as there is some difficulty in finding step-by-step instructions...

updated query to include just the file extensions PhotoDNA is interested in, earlier versions were pulling anything that was listed as "img_media_type = string(6) "BITMAP", but BITMAP is not granular enough,

Are we trying to turn this into something it is not? This is not going to be used for anything other than checking items in Wikimedia Foundation (WMF) database to verify content is AOK. It should be run within a cron, or whatever WMF uses instead. I think this is moving beyond what we are trying to do. I just want to confirm that this is what we want to spend time on, as there is already a way for a developer to get a test image into their database. And, I thought, that the reason that was done was so a developer could test locally.

Thank you @Madalina

Also, need to find out, and update (as soon as we figure out where), who should get said emails

Details on the return message

information from PhototDNA portal

Added section concerning image size to https://phabricator.wikimedia.org/T339262

Looking for input on this:

Steps/Tickets for MediaModeration

1. Be able to just test one file from the command line done
2. Change to use actual image files rather than hashes or thumbnails T336205
3. Check that the files to be checked by PhotoDNA are of the correct mime type T336205
4. Verify image size, if greater than 4 MB
5. Update code to use a new system of submitting code for batches
6. Sumit files using guzzle to can be sure that the timing is correct Up to 10 million transactions per month (5 requests per second) (governor)
7. Attempt to tie into the current code base for evaluation and tracking
8. A table for tracking has been suggested and may be a better solution than the one currently available
9. If unable to tie in, there will be more steps/ticket
   • Steps Could Be
   • Tracking of files
   • Update database with current information
   • Make a way to notify the correct folks
10. Verify email works when there is an image found that is in violation
11. Need to update tests on each secton
12. Does this need a logger?

Reseach/Actions prior to production

Find out the process to get the PhotoDNA subscription key to where it needs to be
Update PhotoDNA to correct value on the production servers
Find out who should be getting the emails for failed images - need emails addresses

taken care of in T336205

I believe this is taken care of by T336205, which will allow running a single file on the developers' environment

for the language deficient like me:
Toast
A small informational message that pops up like toast.
http://en.wikipedia.org/wiki/Toast_(computing)

here is what i was thinking -
use RequestModerationCheck::createModerationRequest(), but changing the $options -
$options = [

			'method' => 'POST',
			'postData' => Utils::jsonEncode( [
				'DataRepresentation' => 'URL',      <----- url
				'Value' => $url                                <------ image as string
			] ),
		];

FWIW, since T336205 https://phabricator.wikimedia.org/T336205 will not be using hashing, would that take care of this ticket?

check for media type is done, but we are adding our own query to PhotoDNA so that we are able to control the timing of submissions

done, needed to pull the parameters from the running on prod, since you don't need to do anything in the local code

probably do check around

Concerning 'instant check', not considered best practice due to the end user being able to alter photos to pass the inspection. Although I do think that the image should not be displayed until after it has been checked. Perhaps once a day for new images only? I know we could drop any of the images that are buttons, lines, borders, etc. I am not sure how the table(s) are set up but if there is some sort of date when entered the system that would make it much simpler to check.

additionally it would be illegal, as these are forbidden to be distributed to anyone for any reason

yes, I have no problems with doing this HOWEVER, as noted on the google doc, there are still some questions:

additional notes from google bard:
To pass a PHP value to a .vue file, you can use the following steps:
In your PHP file, create a variable and assign it the value you want to pass to the .vue file.
In your .vue file, use the {{}} syntax to access the variable.
To prevent the value from being passed to the client, add the v-cloak attribute to the element that contains the variable.
For example, the following PHP code would create a variable called message and assign it the value "Hello, world!".
PHP
$message = "Hello, world!";

some updates done, still need the test data section, changes located in Google Doc

my understanding, and granted it seems a lot of the information I was given seems to be a bit off, was that we were sending hash strings to PhotoDNA, so now I am totally gonna have to go back and review what I thought I knew.

You can attach a loading indicator to a component in Vue.js by using the v-if directive and a boolean variable that is set to true when the component is loading and false when it is not.
Example for template:

by the by, if the landing page is reached by a link, it might be a good idea to just pass the access level on the link -

Final thoughts - yes we can pass between languages, but there may need to be some scaffolding work to be done first.

--start=20220428141803

note each file run had ' DEBUG: Checking on upload is disabled.' which looking at the code seems to imply that it will go no further - does not check

so, the below js code will

var userGroups = mw.config.get( 'wgUserGroups', [] );
console.log( userGroups);

When logged in as admin:
bureaucrat, interface-admin, suppress, sysop, *, user, autoconfirmed