wikimedia/mediawiki-extensions-AbuseFilter
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter.git synced 2024-11-14 09:44:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
mediawiki-extensions-AbuseF.../includes/AbuseFilterHooks.php

518 lines
17 KiB
PHP
Raw Normal View History

Add AbuseFilter extension
2008-06-27 06:18:51 +00:00
<?php
Move remaining classes to own namespace So everything can be loaded using PSR-4. These classes weren't renamed, nor the alias for the AbuseFilter class was deprecated, because they should be refactored first. Change-Id: Ia328db58eb326968edf5591daac9bacf8c2f75da
2021-01-03 11:12:16 +00:00
namespace MediaWiki\Extension\AbuseFilter;
use ApiMessage;
use Content;
use DeferredUpdates;
use EchoAttributeManager;
use EchoUserLocator;
use IContextSource;
use InvalidArgumentException;
Emit debug logs when filtering without title We have two situations where we try to execute filters without a title. However, the code doesn't handle it correctly: some points expect $title to actually be a Title object, and we also pass it around using a hook which explicitly says it always pass a Title. This patch adds two debug points to help understand why we end up with null titles, so that we can fix it upstream. Bug: T144265 Change-Id: I35bfc483a0c69a5cbd38eae8ba299189955fa1ec
2018-10-12 09:39:38 +00:00
use MediaWiki\Logger\LoggerFactory;
Don't access protected SpecialPage::getLinkRenderer() It should be public but can fix that later... Follows-up f4ddf5dd2. Change-Id: Ia1f84226859e0ac170f4697cf40d682e36850712
2016-12-07 23:32:41 +00:00
use MediaWiki\MediaWikiServices;
Update hooks to use `PageSaveComplete` Extension requires MW 1.35+, always available Bug: T250566 Change-Id: I60cf3cc42db989d8ccb0d06d3cf9eae8a85784ac
2020-06-16 04:12:38 +00:00
use MediaWiki\Revision\RevisionRecord;
Use slot in onEditFilterMergedContent Related to If3c4592eb6dade6960463abfda017af35d04f563 in Wikibase, needed for SDoC. Bug: T213453 Change-Id: Idbb3a70d08a195dfa21422e07f593d1eeba4521d
2019-01-10 17:32:54 +00:00
use MediaWiki\Revision\SlotRecord;
Update hooks to use `PageSaveComplete` Extension requires MW 1.35+, always available Bug: T250566 Change-Id: I60cf3cc42db989d8ccb0d06d3cf9eae8a85784ac
2020-06-16 04:12:38 +00:00
use MediaWiki\User\UserIdentity;
Move remaining classes to own namespace So everything can be loaded using PSR-4. These classes weren't renamed, nor the alias for the AbuseFilter class was deprecated, because they should be refactored first. Change-Id: Ia328db58eb326968edf5591daac9bacf8c2f75da
2021-01-03 11:12:16 +00:00
use ParserOutput;
use RecentChange;
use RenameuserSQL;
use Status;
use Title;
use UploadBase;
use User;
use WikiPage;
Update for AuthManager Repeats I61e4327ef3c7a31b19feef727de7d683f69e260b (which had to be reverted due to a problem with an ancestor patch) without any significant change. Bug: T110448 Bug: T135360 Change-Id: I1688cf9fbcb04bb56d075c9f0876bd0ffeced4f6
2016-05-15 15:35:33 +00:00
Add AbuseFilter extension
2008-06-27 06:18:51 +00:00
class AbuseFilterHooks {
Improve tag name validation Various pieces of the tagging system will break if the tag name contains slashes or commas, so that should be checked for. MediaWiki core (as of Ic5d75432) contains a method for doing just that, so use it if possible. Also require that tag names be either: * Intended for reuse (canAddTagsAccompanyingChange) * Already in use * Creatable This prevents the use of software-defined tags (unless whitelisted) or tags that are blocked from creation (e.g. OAuth reserved tag prefixes) Add caching for tag lookup since it's used more often now. Bug: T92956 Bug: T27151 Depends-On: Ic5d754323cbfd2c2b54c4df1245767946ebb1821 Change-Id: Ibc3095879f276a5436362f471b885e64f338522e
2015-03-17 13:00:14 +00:00
Change some globals to work better with extension registration Rename $wgAbuseFilterAvailableActions / $wgAbuseFilterRestrictedActions to $wgAbuseFilterActions / $wgAbuseFilterRestrictions and make them an associative array instead of a plain one, as that works more sanely with extension registration. (The renaming helps to give more useful errors to sites using the old config.) Change-Id: I790d39c2849922d7daf7479f298cd90cf30af129
2016-06-03 18:01:56 +00:00
/**
* Called right after configuration has been loaded.
Improve coverage for several classes Change-Id: I257524dd22a5617ac47a3565a5b8fe4855aa67c7
2021-01-16 14:52:09 +00:00
* @codeCoverageIgnore Mainly deprecation warnings and other things that can be tested by running the updater
Change some globals to work better with extension registration Rename $wgAbuseFilterAvailableActions / $wgAbuseFilterRestrictedActions to $wgAbuseFilterActions / $wgAbuseFilterRestrictions and make them an associative array instead of a plain one, as that works more sanely with extension registration. (The renaming helps to give more useful errors to sites using the old config.) Change-Id: I790d39c2849922d7daf7479f298cd90cf30af129
2016-06-03 18:01:56 +00:00
*/
public static function onRegistration() {
Remove $wgAbuseFilterRuntimeProfiling The reasoning is similar to the one of the parent patch (Ia5c477edc8733bb1994cb6d01e1371ed496c8bcb). Plus, it records runtime metrics on action different than edits, as there's no reason not to do it. No performance issues in production. Bug: T191039 Depends-On: Ia5c477edc8733bb1994cb6d01e1371ed496c8bcb Change-Id: Ib1112e2fefd0631550d386ba87e5f87db84c3036
2019-01-25 13:47:03 +00:00
global $wgAuthManagerAutoConfig, $wgActionFilteredLogs, $wgAbuseFilterProfile,
Use "privatedetails" instead of "private" where needed To keep a clear distinction between "private details" (i.e. user's ip) and "private filters" (i.e. not publicly viewable). This patch renames rights, i18n keys and methods names. The patch for renaming globals and rights in WMF config is I7e6b3d4453403edb6aa602587374b4ff5b6d625f. Bug: T211004 Change-Id: I613dbadb8f75c8c4116a362607563a436a73d321
2019-01-07 15:23:21 +00:00
$wgAbuseFilterProfiling, $wgAbuseFilterPrivateLog, $wgAbuseFilterForceSummary,
Replace $wgAbuseFilterRestrictions with more specific variables So that sysadmins can further customize the extension. It was also wrong to use the same variable for many different things. Note that there's no associated patch in wmf-config because we use the defaults. However, before merging this patch, please recheck that AbuseFilterRestrictions and AbuseFilterDisallowGlobalLocalBlocks aren't used there (https://codesearch.wmflabs.org/operations/?q=AbuseFilterDisallowGlobalLocalBlocks%7CAbuseFilterRestrictions&i=nope&files=&repos=) Bug: T175221 Change-Id: I7581b3ee6d9d11a6cf1599b8ff874e8c3d54adf4
2018-09-22 10:18:50 +00:00
$wgGroupPermissions, $wgAbuseFilterRestrictions, $wgAbuseFilterDisallowGlobalLocalBlocks,
Split afl_filter in afl_filter_id and afl_global Add a script to migrate the columns (which can also be executed in dry run), and a config option with the migration stage (defaults to SCHEMA_COMPAT_OLD). Some of the script-related code is stolen from Ic755526d5f989c4a66b1d37527cda235f61cb437. Bug: T220791 Change-Id: I7460a2d63f60c2933b36f8383a8abdbba8649e12
2018-09-11 16:57:49 +00:00
$wgAbuseFilterActionRestrictions, $wgAbuseFilterLocallyDisabledGlobalActions,
$wgAbuseFilterAflFilterMigrationStage;
Remove $wgAbuseFilterProfiling This variable was introduced to selectively enable profiling because stats recording was bad for performance. Nowadays, stats are recorded in a deferredupdate and don't harm performance anymore. Thus, this variable can be removed and profiling be enabled by default. Bug: T191039 Depends-On: Ib5fdeb75c1324f672b4ded39681f006fde34b4d1 Change-Id: Ia5c477edc8733bb1994cb6d01e1371ed496c8bcb
2019-01-24 12:33:31 +00:00
// @todo Remove this in a future release (added in 1.33)
Remove $wgAbuseFilterRuntimeProfiling The reasoning is similar to the one of the parent patch (Ia5c477edc8733bb1994cb6d01e1371ed496c8bcb). Plus, it records runtime metrics on action different than edits, as there's no reason not to do it. No performance issues in production. Bug: T191039 Depends-On: Ia5c477edc8733bb1994cb6d01e1371ed496c8bcb Change-Id: Ib1112e2fefd0631550d386ba87e5f87db84c3036
2019-01-25 13:47:03 +00:00
if ( isset( $wgAbuseFilterProfile ) || isset( $wgAbuseFilterProfiling ) ) {
wfWarn( '$wgAbuseFilterProfile and $wgAbuseFilterProfiling have been removed and ' .
'profiling is now enabled by default.' );
Remove $wgAbuseFilterProfiling This variable was introduced to selectively enable profiling because stats recording was bad for performance. Nowadays, stats are recorded in a deferredupdate and don't harm performance anymore. Thus, this variable can be removed and profiling be enabled by default. Bug: T191039 Depends-On: Ib5fdeb75c1324f672b4ded39681f006fde34b4d1 Change-Id: Ia5c477edc8733bb1994cb6d01e1371ed496c8bcb
2019-01-24 12:33:31 +00:00
}
Update for AuthManager Repeats I61e4327ef3c7a31b19feef727de7d683f69e260b (which had to be reverted due to a problem with an ancestor patch) without any significant change. Bug: T110448 Bug: T135360 Change-Id: I1688cf9fbcb04bb56d075c9f0876bd0ffeced4f6
2016-05-15 15:35:33 +00:00
Use "privatedetails" instead of "private" where needed To keep a clear distinction between "private details" (i.e. user's ip) and "private filters" (i.e. not publicly viewable). This patch renames rights, i18n keys and methods names. The patch for renaming globals and rights in WMF config is I7e6b3d4453403edb6aa602587374b4ff5b6d625f. Bug: T211004 Change-Id: I613dbadb8f75c8c4116a362607563a436a73d321
2019-01-07 15:23:21 +00:00
if ( isset( $wgAbuseFilterPrivateLog ) ) {
global $wgAbuseFilterLogPrivateDetailsAccess;
$wgAbuseFilterLogPrivateDetailsAccess = $wgAbuseFilterPrivateLog;
wfWarn( '$wgAbuseFilterPrivateLog has been renamed to $wgAbuseFilterLogPrivateDetailsAccess. ' .
'Please make the change in your settings; the format is identical.'
);
}
if ( isset( $wgAbuseFilterForceSummary ) ) {
global $wgAbuseFilterPrivateDetailsForceReason;
$wgAbuseFilterPrivateDetailsForceReason = $wgAbuseFilterForceSummary;
wfWarn( '$wgAbuseFilterForceSummary has been renamed to ' .
'$wgAbuseFilterPrivateDetailsForceReason. Please make the change in your settings; ' .
'the format is identical.'
);
}
$found = false;
foreach ( $wgGroupPermissions as &$perms ) {
if ( array_key_exists( 'abusefilter-private', $perms ) ) {
$perms['abusefilter-privatedetails'] = $perms[ 'abusefilter-private' ];
unset( $perms[ 'abusefilter-private' ] );
$found = true;
}
if ( array_key_exists( 'abusefilter-private-log', $perms ) ) {
$perms['abusefilter-privatedetails-log'] = $perms[ 'abusefilter-private-log' ];
unset( $perms[ 'abusefilter-private-log' ] );
$found = true;
}
}
unset( $perms );
if ( $found ) {
wfWarn( 'The group permissions "abusefilter-private-log" and "abusefilter-private" have ' .
'been renamed, respectively, to "abusefilter-privatedetails-log" and ' .
Fix the warning about permission name changes Change-Id: I16463550328eb19d33270d8677404e012e5c80df
2019-08-13 09:09:39 +00:00
'"abusefilter-privatedetails". Please update the names in your settings.'
Use "privatedetails" instead of "private" where needed To keep a clear distinction between "private details" (i.e. user's ip) and "private filters" (i.e. not publicly viewable). This patch renames rights, i18n keys and methods names. The patch for renaming globals and rights in WMF config is I7e6b3d4453403edb6aa602587374b4ff5b6d625f. Bug: T211004 Change-Id: I613dbadb8f75c8c4116a362607563a436a73d321
2019-01-07 15:23:21 +00:00
);
}
Replace $wgAbuseFilterRestrictions with more specific variables So that sysadmins can further customize the extension. It was also wrong to use the same variable for many different things. Note that there's no associated patch in wmf-config because we use the defaults. However, before merging this patch, please recheck that AbuseFilterRestrictions and AbuseFilterDisallowGlobalLocalBlocks aren't used there (https://codesearch.wmflabs.org/operations/?q=AbuseFilterDisallowGlobalLocalBlocks%7CAbuseFilterRestrictions&i=nope&files=&repos=) Bug: T175221 Change-Id: I7581b3ee6d9d11a6cf1599b8ff874e8c3d54adf4
2018-09-22 10:18:50 +00:00
// @todo Remove this in a future release (added in 1.36)
if ( isset( $wgAbuseFilterDisallowGlobalLocalBlocks ) ) {
wfWarn( '$wgAbuseFilterDisallowGlobalLocalBlocks has been removed and replaced by ' .
'$wgAbuseFilterLocallyDisabledGlobalActions. You can now specify which actions to disable. ' .
'If you had set the former to true, you should set to true all of the actions in ' .
'$wgAbuseFilterRestrictions (if you were manually setting the variable) or ' .
Move remaining classes to own namespace So everything can be loaded using PSR-4. These classes weren't renamed, nor the alias for the AbuseFilter class was deprecated, because they should be refactored first. Change-Id: Ia328db58eb326968edf5591daac9bacf8c2f75da
2021-01-03 11:12:16 +00:00
'ConsequencesRegistry::DANGEROUS_ACTIONS. ' .
Replace $wgAbuseFilterRestrictions with more specific variables So that sysadmins can further customize the extension. It was also wrong to use the same variable for many different things. Note that there's no associated patch in wmf-config because we use the defaults. However, before merging this patch, please recheck that AbuseFilterRestrictions and AbuseFilterDisallowGlobalLocalBlocks aren't used there (https://codesearch.wmflabs.org/operations/?q=AbuseFilterDisallowGlobalLocalBlocks%7CAbuseFilterRestrictions&i=nope&files=&repos=) Bug: T175221 Change-Id: I7581b3ee6d9d11a6cf1599b8ff874e8c3d54adf4
2018-09-22 10:18:50 +00:00
'If you had set it to false (or left the default), just remove it from your wiki settings.'
);
if ( $wgAbuseFilterDisallowGlobalLocalBlocks === true ) {
$wgAbuseFilterLocallyDisabledGlobalActions = [
'throttle' => false,
'warn' => false,
'disallow' => false,
'blockautopromote' => true,
'block' => true,
'rangeblock' => true,
'degroup' => true,
'tag' => false
];
}
}
// @todo Remove this in a future release (added in 1.36)
if ( isset( $wgAbuseFilterRestrictions ) ) {
wfWarn( '$wgAbuseFilterRestrictions has been renamed to $wgAbuseFilterActionRestrictions.' );
$wgAbuseFilterActionRestrictions = $wgAbuseFilterRestrictions;
}
Require MediaWiki 1.29 After I544cdfa75c7472f2d98b2561bc6f6f9c2d2ad639 (dieWithError and checkUserRightsAny), this is the oldest MediaWiki version AbuseFilter can be run on. AbortMove was removed from MediaWiki in 1.25, UploadVerifyFile is only relevant for 1.27 and older. (Replaces I1e962217c3b20d901a5742cf76339a3f488a6e97.) Change-Id: Iec237b2887f72b115fdcef78d2d7a944ba82c784
2017-08-08 12:03:56 +00:00
$wgAuthManagerAutoConfig['preauth'][AbuseFilterPreAuthenticationProvider::class] = [
'class' => AbuseFilterPreAuthenticationProvider::class,
Fix coding conventions exclusion rules This should fix every error with excluded rules, leaving only the one for $wgTitle. A double check would be nice in order to avoid regressions due to stupid mistakes. Bug: T178007 Change-Id: I22c179f3a01d652640304b59e43fcb5b5a9abac3
2018-04-04 21:14:25 +00:00
// Run after normal preauth providers to keep the log cleaner
'sort' => 5,
Require MediaWiki 1.29 After I544cdfa75c7472f2d98b2561bc6f6f9c2d2ad639 (dieWithError and checkUserRightsAny), this is the oldest MediaWiki version AbuseFilter can be run on. AbortMove was removed from MediaWiki in 1.25, UploadVerifyFile is only relevant for 1.27 and older. (Replaces I1e962217c3b20d901a5742cf76339a3f488a6e97.) Change-Id: Iec237b2887f72b115fdcef78d2d7a944ba82c784
2017-08-08 12:03:56 +00:00
];
Migrate AbuseFilter suppress log Also make entries in Special:Log/suppress filterable. Change-Id: Ic23e724997e4748c8d0da8138aa73d31b17b7064
2017-02-15 18:12:31 +00:00
$wgActionFilteredLogs['suppress'] = array_merge(
$wgActionFilteredLogs['suppress'],
// Message: log-action-filter-suppress-abuselog
[ 'abuselog' => [ 'hide-afl', 'unhide-afl' ] ]
);
Overhaul Blockautopromote action As for all mostly unused consequences, blockautopromote has a couple of major problems: first, it blocked the status for a random time between 3 and 7 days, which to me makes no sense at all (is it some sort of casino?), and this patch fixes it to 5 days. Second, nothing was logged, not the blocking nor the unblocking. Here I'm adding a LogHandler for two new sub-actions of 'rights' to keep track of both action. Bug: T49412 Change-Id: If48a48f5b8baaf9e77c0826466f5d03bb7f691d0
2018-07-16 12:10:36 +00:00
$wgActionFilteredLogs['rights'] = array_merge(
$wgActionFilteredLogs['rights'],
// Messages: log-action-filter-rights-blockautopromote,
// log-action-filter-rights-restoreautopromote
[
'blockautopromote' => [ 'blockautopromote' ],
'restoreautopromote' => [ 'restoreautopromote' ]
]
);
Split afl_filter in afl_filter_id and afl_global Add a script to migrate the columns (which can also be executed in dry run), and a config option with the migration stage (defaults to SCHEMA_COMPAT_OLD). Some of the script-related code is stolen from Ic755526d5f989c4a66b1d37527cda235f61cb437. Bug: T220791 Change-Id: I7460a2d63f60c2933b36f8383a8abdbba8649e12
2018-09-11 16:57:49 +00:00
if ( strpos( $wgAbuseFilterAflFilterMigrationStage, 'Bogus value' ) !== false ) {
// Set the value here, because extension.json is very unfriendly towards PHP constants
Write afl_filter_id and afl_global by default The schema was introduced in 1.34, so there should be no issue in starting off with writing the new columns. Bug: T220791 Change-Id: I8f956d4a27692a33368a413fbf4a8eb5da20afe1
2020-12-08 21:59:37 +00:00
$wgAbuseFilterAflFilterMigrationStage = SCHEMA_COMPAT_WRITE_BOTH | SCHEMA_COMPAT_READ_OLD;
Split afl_filter in afl_filter_id and afl_global Add a script to migrate the columns (which can also be executed in dry run), and a config option with the migration stage (defaults to SCHEMA_COMPAT_OLD). Some of the script-related code is stolen from Ic755526d5f989c4a66b1d37527cda235f61cb437. Bug: T220791 Change-Id: I7460a2d63f60c2933b36f8383a8abdbba8649e12
2018-09-11 16:57:49 +00:00
}
$stage = $wgAbuseFilterAflFilterMigrationStage;
// Validation for the afl_filter migration stage, stolen from ActorMigration
if ( ( $stage & SCHEMA_COMPAT_WRITE_BOTH ) === 0 ) {
throw new InvalidArgumentException( '$stage must include a write mode' );
}
if ( ( $stage & SCHEMA_COMPAT_READ_BOTH ) === 0 ) {
throw new InvalidArgumentException( '$stage must include a read mode' );
}
if ( ( $stage & SCHEMA_COMPAT_READ_BOTH ) === SCHEMA_COMPAT_READ_BOTH ) {
throw new InvalidArgumentException( 'Cannot read both schemas' );
}
if ( ( $stage & SCHEMA_COMPAT_READ_OLD ) && !( $stage & SCHEMA_COMPAT_WRITE_OLD ) ) {
throw new InvalidArgumentException( 'Cannot read the old schema without also writing it' );
}
if ( ( $stage & SCHEMA_COMPAT_READ_NEW ) && !( $stage & SCHEMA_COMPAT_WRITE_NEW ) ) {
throw new InvalidArgumentException( 'Cannot read the new schema without also writing it' );
}
Change some globals to work better with extension registration Rename $wgAbuseFilterAvailableActions / $wgAbuseFilterRestrictedActions to $wgAbuseFilterActions / $wgAbuseFilterRestrictions and make them an associative array instead of a plain one, as that works more sanely with extension registration. (The renaming helps to give more useful errors to sites using the old config.) Change-Id: I790d39c2849922d7daf7479f298cd90cf30af129
2016-06-03 18:01:56 +00:00
}
(bug 42064) AbuseFilter + EditFilterMergedContent This makes AbuseFilter use EditFilterMergedContent if support for the ContentHandler infrastructure is present. This means living without some nice bits of context, because EditFilterMergedContent doesn't provide an EditPage object. This requires core change I99a19c93 to work correctly. Change-Id: Ibb9d4c9a36b8a199213958b920902e8006c71fe8
2013-01-04 15:37:56 +00:00
/**
Avoid crippled APIEditBeforeSave hook, use new features of EditFilterMergedContent instead Back when APIEditBeforeSave was being introduced here, it was impossible to return error data for API requests from it (T34216). But this hook runs a lot earlier than EditFilterMergedContent, and only gives us the text submitted in the action=edit API call and not the actual text that's going to be saved, which are different for section edits (T54077) or edits where an edit conflict is automatically resolved (T73947). T54077 was solved by making the APIEditBeforeSave lie that there are no sections edits in the API. Perhaps T73947 could also be resolved by lying that there are no edit conflicts in the API, but it seemed that this would require duplicating even more logic from EditPage in the API than T54077. And luckily, EditFilterMergedContent recently gained the ability to return precise error messages to the API (in MediaWiki 1.25, I4b4270dd868a643512d4717927858b6ef0556d8a). So let's use that if available and only fall back to APIEditBeforeSave on older versions. Bug: T73947 Change-Id: I30c1e3d0a6c10888e6ac53745313434474663cce
2016-04-07 05:06:02 +00:00
* Entry point for the EditFilterMergedContent hook.
(bug 42064) AbuseFilter + EditFilterMergedContent This makes AbuseFilter use EditFilterMergedContent if support for the ContentHandler infrastructure is present. This means living without some nice bits of context, because EditFilterMergedContent doesn't provide an EditPage object. This requires core change I99a19c93 to work correctly. Change-Id: Ibb9d4c9a36b8a199213958b920902e8006c71fe8
2013-01-04 15:37:56 +00:00
*
* @param IContextSource $context the context of the edit
* @param Content $content the new Content generated by the edit
Add support for PHP CodeSniffer checks Also fix any remaining errors and warnings. Change-Id: Ie49c6172e6bbf8040e5524d33d2f719e96784745
2015-09-28 18:03:35 +00:00
* @param Status $status Error message to return
(bug 42064) AbuseFilter + EditFilterMergedContent This makes AbuseFilter use EditFilterMergedContent if support for the ContentHandler infrastructure is present. This means living without some nice bits of context, because EditFilterMergedContent doesn't provide an EditPage object. This requires core change I99a19c93 to work correctly. Change-Id: Ibb9d4c9a36b8a199213958b920902e8006c71fe8
2013-01-04 15:37:56 +00:00
* @param string $summary Edit summary for page
* @param User $user the user performing the edit
* @param bool $minoredit whether this is a minor edit according to the user.
Use slot in onEditFilterMergedContent Related to If3c4592eb6dade6960463abfda017af35d04f563 in Wikibase, needed for SDoC. Bug: T213453 Change-Id: Idbb3a70d08a195dfa21422e07f593d1eeba4521d
2019-01-10 17:32:54 +00:00
* @param string $slot slot role for the content
(bug 42064) AbuseFilter + EditFilterMergedContent This makes AbuseFilter use EditFilterMergedContent if support for the ContentHandler infrastructure is present. This means living without some nice bits of context, because EditFilterMergedContent doesn't provide an EditPage object. This requires core change I99a19c93 to work correctly. Change-Id: Ibb9d4c9a36b8a199213958b920902e8006c71fe8
2013-01-04 15:37:56 +00:00
*/
public static function onEditFilterMergedContent( IContextSource $context, Content $content,
Use slot in onEditFilterMergedContent Related to If3c4592eb6dade6960463abfda017af35d04f563 in Wikibase, needed for SDoC. Bug: T213453 Change-Id: Idbb3a70d08a195dfa21422e07f593d1eeba4521d
2019-01-10 17:32:54 +00:00
Status $status, $summary, User $user, $minoredit, $slot = SlotRecord::MAIN
build: Updating mediawiki/mediawiki-codesniffer to 0.10.0 Change-Id: I5f37c45d748d5f0da21aceaef32cc89367e312ff
2017-07-08 18:49:13 +00:00
) {
Add profiling points throughout the code for the CachingParser switch Bug: T156095 Change-Id: Ib934be34a953166fe1b94cfe8ed216afe3b906ca
2019-09-16 16:53:36 +00:00
$startTime = microtime( true );
(bug 42064) AbuseFilter + EditFilterMergedContent This makes AbuseFilter use EditFilterMergedContent if support for the ContentHandler infrastructure is present. This means living without some nice bits of context, because EditFilterMergedContent doesn't provide an EditPage object. This requires core change I99a19c93 to work correctly. Change-Id: Ibb9d4c9a36b8a199213958b920902e8006c71fe8
2013-01-04 15:37:56 +00:00
Use $user param when filtering edits This can be different from the User set inside the $context object, as seen e.g. in Wikibase jobs. Given that the hook provides a $user param, it makes more sense to use that, rather than extracting it from the ContextSource kitchen sink. Bug: T258717 Change-Id: Ib5961068d3df6ae2bfc3f9c6a7b9e555d248b332
2020-08-19 12:24:57 +00:00
$filterResult = self::filterEdit( $context, $user, $content, $summary, $slot );
Add support for PHP CodeSniffer checks Also fix any remaining errors and warnings. Change-Id: Ie49c6172e6bbf8040e5524d33d2f719e96784745
2015-09-28 18:03:35 +00:00
Actually return errors for action=edit API Setting 'apiHookResult' results in a "successful" response; if we want to report an error, we need to use ApiMessage. We already were doing this for action=upload. Now our action=edit API responses will be consistent with MediaWiki and other extensions, and will be able to take advantage of errorformat=html. Since this breaks compatibility anyway, also remove some redundant backwards-compatibility values from the output. To avoid user interface regressions in VisualEditor, the changes I3b9c4fef (in VE) and I106dbd3c (in MediaWiki) should be merged first. Before: { "edit": { "code": "abusefilter-disallowed", "message": { "key": "abusefilter-disallowed", "params": [ ... ] }, "abusefilter": { ... }, "info": "Hit AbuseFilter: Test filter disallow", "warning": "This action has been automatically identified ...", "result": "Failure" } } After: { "errors": [ { "code": "abusefilter-disallowed", "data": { "abusefilter": { ... }, }, "module": "edit", "*": "This action has been automatically identified ..." } ], "*": "See http://localhost:3080/w/api.php for API usage. ..." } For comparison, a 'readonly' error: { "errors": [ { "code": "readonly", "data": { "readonlyreason": "foo bar" }, "module": "main", "*": "The wiki is currently in read-only mode." } ], "*": "See http://localhost:3080/w/api.php for API usage. ..." } Bug: T229539 Depends-On: I106dbd3cbdbf7082b1d1f1c1106ece6b19c22a86 Depends-On: I3b9c4fefc0869ef7999c21cef754434febd852ec Change-Id: I5424de387cbbcc9c85026b8cfeaf01635eee34a0
2019-08-01 01:48:08 +00:00
if ( !$filterResult->isOK() ) {
Remove backwards-compatibility code using APIEditBeforeSave hook It was only needed for MediaWiki prior to 1.25 (09a5febb7b024c0b6585141bb05cba13a642f3eb). We no longer support those versions after d527574d2b00de26e00c14433fca96ed8da76397. Bug: T137832 Change-Id: I9d0b7e7713c805ebc7bf59f55456e69c6491e265
2016-06-16 15:40:36 +00:00
// Produce a useful error message for API edits
Actually return errors for action=edit API Setting 'apiHookResult' results in a "successful" response; if we want to report an error, we need to use ApiMessage. We already were doing this for action=upload. Now our action=edit API responses will be consistent with MediaWiki and other extensions, and will be able to take advantage of errorformat=html. Since this breaks compatibility anyway, also remove some redundant backwards-compatibility values from the output. To avoid user interface regressions in VisualEditor, the changes I3b9c4fef (in VE) and I106dbd3c (in MediaWiki) should be merged first. Before: { "edit": { "code": "abusefilter-disallowed", "message": { "key": "abusefilter-disallowed", "params": [ ... ] }, "abusefilter": { ... }, "info": "Hit AbuseFilter: Test filter disallow", "warning": "This action has been automatically identified ...", "result": "Failure" } } After: { "errors": [ { "code": "abusefilter-disallowed", "data": { "abusefilter": { ... }, }, "module": "edit", "*": "This action has been automatically identified ..." } ], "*": "See http://localhost:3080/w/api.php for API usage. ..." } For comparison, a 'readonly' error: { "errors": [ { "code": "readonly", "data": { "readonlyreason": "foo bar" }, "module": "main", "*": "The wiki is currently in read-only mode." } ], "*": "See http://localhost:3080/w/api.php for API usage. ..." } Bug: T229539 Depends-On: I106dbd3cbdbf7082b1d1f1c1106ece6b19c22a86 Depends-On: I3b9c4fefc0869ef7999c21cef754434febd852ec Change-Id: I5424de387cbbcc9c85026b8cfeaf01635eee34a0
2019-08-01 01:48:08 +00:00
$filterResultApi = self::getApiStatus( $filterResult );
$status->merge( $filterResultApi );
Avoid crippled APIEditBeforeSave hook, use new features of EditFilterMergedContent instead Back when APIEditBeforeSave was being introduced here, it was impossible to return error data for API requests from it (T34216). But this hook runs a lot earlier than EditFilterMergedContent, and only gives us the text submitted in the action=edit API call and not the actual text that's going to be saved, which are different for section edits (T54077) or edits where an edit conflict is automatically resolved (T73947). T54077 was solved by making the APIEditBeforeSave lie that there are no sections edits in the API. Perhaps T73947 could also be resolved by lying that there are no edit conflicts in the API, but it seemed that this would require duplicating even more logic from EditPage in the API than T54077. And luckily, EditFilterMergedContent recently gained the ability to return precise error messages to the API (in MediaWiki 1.25, I4b4270dd868a643512d4717927858b6ef0556d8a). So let's use that if available and only fall back to APIEditBeforeSave on older versions. Bug: T73947 Change-Id: I30c1e3d0a6c10888e6ac53745313434474663cce
2016-04-07 05:06:02 +00:00
}
Add profiling points throughout the code for the CachingParser switch Bug: T156095 Change-Id: Ib934be34a953166fe1b94cfe8ed216afe3b906ca
2019-09-16 16:53:36 +00:00
MediaWikiServices::getInstance()->getStatsdDataFactory()
->timing( 'timing.editAbuseFilter', microtime( true ) - $startTime );
(bug 42064) AbuseFilter + EditFilterMergedContent This makes AbuseFilter use EditFilterMergedContent if support for the ContentHandler infrastructure is present. This means living without some nice bits of context, because EditFilterMergedContent doesn't provide an EditPage object. This requires core change I99a19c93 to work correctly. Change-Id: Ibb9d4c9a36b8a199213958b920902e8006c71fe8
2013-01-04 15:37:56 +00:00
}
Split hook handlers related to filtering This adds a new get(Type)Vars method for every action type. The goal is to 1-have shorter methods, which is always good; 2-try to make this code a bit more testable. I left as a todo moving all these methods to a separate class, the idea being to make them non-static and thus easier to be tested. Depends-On: I2eab2e50356eeb5224446ee2d0df9c787ae95b80 Change-Id: I6de2dd27a8f972b3f74c730a1516639f8c622166
2019-06-25 10:43:54 +00:00
/**
* Implementation for EditFilterMergedContent hook.
*
* @param IContextSource $context the context of the edit
Use $user param when filtering edits This can be different from the User set inside the $context object, as seen e.g. in Wikibase jobs. Given that the hook provides a $user param, it makes more sense to use that, rather than extracting it from the ContextSource kitchen sink. Bug: T258717 Change-Id: Ib5961068d3df6ae2bfc3f9c6a7b9e555d248b332
2020-08-19 12:24:57 +00:00
* @param User $user
Split hook handlers related to filtering This adds a new get(Type)Vars method for every action type. The goal is to 1-have shorter methods, which is always good; 2-try to make this code a bit more testable. I left as a todo moving all these methods to a separate class, the idea being to make them non-static and thus easier to be tested. Depends-On: I2eab2e50356eeb5224446ee2d0df9c787ae95b80 Change-Id: I6de2dd27a8f972b3f74c730a1516639f8c622166
2019-06-25 10:43:54 +00:00
* @param Content $content the new Content generated by the edit
* @param string $summary Edit summary for page
* @param string $slot slot role for the content
* @return Status
*/
Use $user param when filtering edits This can be different from the User set inside the $context object, as seen e.g. in Wikibase jobs. Given that the hook provides a $user param, it makes more sense to use that, rather than extracting it from the ContextSource kitchen sink. Bug: T258717 Change-Id: Ib5961068d3df6ae2bfc3f9c6a7b9e555d248b332
2020-08-19 12:24:57 +00:00
public static function filterEdit(
IContextSource $context,
User $user,
Content $content,
Actually return errors for action=edit API Setting 'apiHookResult' results in a "successful" response; if we want to report an error, we need to use ApiMessage. We already were doing this for action=upload. Now our action=edit API responses will be consistent with MediaWiki and other extensions, and will be able to take advantage of errorformat=html. Since this breaks compatibility anyway, also remove some redundant backwards-compatibility values from the output. To avoid user interface regressions in VisualEditor, the changes I3b9c4fef (in VE) and I106dbd3c (in MediaWiki) should be merged first. Before: { "edit": { "code": "abusefilter-disallowed", "message": { "key": "abusefilter-disallowed", "params": [ ... ] }, "abusefilter": { ... }, "info": "Hit AbuseFilter: Test filter disallow", "warning": "This action has been automatically identified ...", "result": "Failure" } } After: { "errors": [ { "code": "abusefilter-disallowed", "data": { "abusefilter": { ... }, }, "module": "edit", "*": "This action has been automatically identified ..." } ], "*": "See http://localhost:3080/w/api.php for API usage. ..." } For comparison, a 'readonly' error: { "errors": [ { "code": "readonly", "data": { "readonlyreason": "foo bar" }, "module": "main", "*": "The wiki is currently in read-only mode." } ], "*": "See http://localhost:3080/w/api.php for API usage. ..." } Bug: T229539 Depends-On: I106dbd3cbdbf7082b1d1f1c1106ece6b19c22a86 Depends-On: I3b9c4fefc0869ef7999c21cef754434febd852ec Change-Id: I5424de387cbbcc9c85026b8cfeaf01635eee34a0
2019-08-01 01:48:08 +00:00
$summary, $slot = SlotRecord::MAIN
Factor out variables-related methods This is another step needed to reduce the size of the gigantic AbuseFilter and AbuseFilterHooks classes. It also makes many methods non-static, for more testability. Note, this layout is still not final. We should somehow merge the functionality of VariableGenerator and AFComputedVariable, for which I already have plans. Change-Id: I366d598b69ad866496b7cb0059e0835c02e54041
2019-06-25 16:39:57 +00:00
) : Status {
Introduce an EditRevUpdater service This service allows linking the EditFilterMergedContent and PageSaveComplete hooks for the same edit, so we can update rev IDs in the abuse_filter_log table. Having such a services also avoids two hacky static props, and should allow separating the hook handlers easily. Change-Id: I622d15225ee3af202cb5730a7112652aef8ca71a
2021-01-05 13:33:45 +00:00
$revUpdater = AbuseFilterServices::getEditRevUpdater();
$revUpdater->clearLastEditPage();
Split hook handlers related to filtering This adds a new get(Type)Vars method for every action type. The goal is to 1-have shorter methods, which is always good; 2-try to make this code a bit more testable. I left as a todo moving all these methods to a separate class, the idea being to make them non-static and thus easier to be tested. Depends-On: I2eab2e50356eeb5224446ee2d0df9c787ae95b80 Change-Id: I6de2dd27a8f972b3f74c730a1516639f8c622166
2019-06-25 10:43:54 +00:00
Factor out variables-related methods This is another step needed to reduce the size of the gigantic AbuseFilter and AbuseFilterHooks classes. It also makes many methods non-static, for more testability. Note, this layout is still not final. We should somehow merge the functionality of VariableGenerator and AFComputedVariable, for which I already have plans. Change-Id: I366d598b69ad866496b7cb0059e0835c02e54041
2019-06-25 16:39:57 +00:00
// @todo is there any real point in passing this in?
Add a TextExtractor service This is an important step towards removing the AbuseFilter class. Note: proposals for the name of the new service are welcome. Change-Id: Ib4632173f728b1bdafadef96e01645a833bfceaa
2020-09-29 18:48:51 +00:00
$text = AbuseFilterServices::getTextExtractor()->contentToString( $content );
Factor out variables-related methods This is another step needed to reduce the size of the gigantic AbuseFilter and AbuseFilterHooks classes. It also makes many methods non-static, for more testability. Note, this layout is still not final. We should somehow merge the functionality of VariableGenerator and AFComputedVariable, for which I already have plans. Change-Id: I366d598b69ad866496b7cb0059e0835c02e54041
2019-06-25 16:39:57 +00:00
Split hook handlers related to filtering This adds a new get(Type)Vars method for every action type. The goal is to 1-have shorter methods, which is always good; 2-try to make this code a bit more testable. I left as a todo moving all these methods to a separate class, the idea being to make them non-static and thus easier to be tested. Depends-On: I2eab2e50356eeb5224446ee2d0df9c787ae95b80 Change-Id: I6de2dd27a8f972b3f74c730a1516639f8c622166
2019-06-25 10:43:54 +00:00
$title = $context->getTitle();
Use a WikiPage object when filtering edits on a non-existing Title Remove $title->exists() from the check, so we have the following changes: - The AbuseLog will add a diff link for page creations - Searching the AbuseLog for impact:saved will include page creations - We don't have to recreate the WikiPage again in RunVariableGenerator Also remove an old reference to "bug 31656": that comment was added in rEABFefecf8b2441ae2f31f924ff33103f5affe5d1d62, which changed Article::getContent() to Article::getRevision()->getRawText(). Nowadays we don't even use Article anymore, and that conditional isn't even for retrieving the page content, so the comment is wrong. Add logging for when the Title object cannot exist, as this should never happen in the context of the EditFilterMergedContent hook, and always create a WikiPage. Some signatures were changed to require a WikiPage object now, and every caller updated to provide it. Bug: T263104 Bug: T62179 Depends-On: Ic238eaa529ef6bfba06b4dd03924a8e0111d8259 Change-Id: Ibf3bf4f68328ba4a5616ab8f26a8b44d27a25cd7
2020-09-17 11:54:48 +00:00
$logger = LoggerFactory::getInstance( 'AbuseFilter' );
Split hook handlers related to filtering This adds a new get(Type)Vars method for every action type. The goal is to 1-have shorter methods, which is always good; 2-try to make this code a bit more testable. I left as a todo moving all these methods to a separate class, the idea being to make them non-static and thus easier to be tested. Depends-On: I2eab2e50356eeb5224446ee2d0df9c787ae95b80 Change-Id: I6de2dd27a8f972b3f74c730a1516639f8c622166
2019-06-25 10:43:54 +00:00
if ( $title === null ) {
// T144265: This *should* never happen.
$logger->warning( __METHOD__ . ' received a null title.' );
return Status::newGood();
}
Use a WikiPage object when filtering edits on a non-existing Title Remove $title->exists() from the check, so we have the following changes: - The AbuseLog will add a diff link for page creations - Searching the AbuseLog for impact:saved will include page creations - We don't have to recreate the WikiPage again in RunVariableGenerator Also remove an old reference to "bug 31656": that comment was added in rEABFefecf8b2441ae2f31f924ff33103f5affe5d1d62, which changed Article::getContent() to Article::getRevision()->getRawText(). Nowadays we don't even use Article anymore, and that conditional isn't even for retrieving the page content, so the comment is wrong. Add logging for when the Title object cannot exist, as this should never happen in the context of the EditFilterMergedContent hook, and always create a WikiPage. Some signatures were changed to require a WikiPage object now, and every caller updated to provide it. Bug: T263104 Bug: T62179 Depends-On: Ic238eaa529ef6bfba06b4dd03924a8e0111d8259 Change-Id: Ibf3bf4f68328ba4a5616ab8f26a8b44d27a25cd7
2020-09-17 11:54:48 +00:00
if ( !$title->canExist() ) {
// This also should be handled in EditPage or whoever is calling the hook.
$logger->warning( __METHOD__ . ' received a Title that cannot exist.' );
// Note that if the title cannot exist, there's no much point in filtering the edit anyway
return Status::newGood();
Split hook handlers related to filtering This adds a new get(Type)Vars method for every action type. The goal is to 1-have shorter methods, which is always good; 2-try to make this code a bit more testable. I left as a todo moving all these methods to a separate class, the idea being to make them non-static and thus easier to be tested. Depends-On: I2eab2e50356eeb5224446ee2d0df9c787ae95b80 Change-Id: I6de2dd27a8f972b3f74c730a1516639f8c622166
2019-06-25 10:43:54 +00:00
}
(Bug 42064) Add a hook to AbuseFilter The hook 'AbuseFilter-interceptVariable' can be used for intercepting any request to recalculate a variable, and if a handler is returning false the later code will be skipped. That makes it possible to avoid using content if the content model is wrong, as it could be for a Wikibase entity. The hook uses the same arguments as the hook 'AbuseFilter-computeVariable', thereby making it simple to move handlers around. The arguments to the hook are @param string $method @param AbuseFilterVariableHolder $vars @param array $parameters @param AFPData|array|int|mixed|null|string &$result Patchset 2: Fix for arg 1 to the hook, it got $this instead of $this->mMethod Change-Id: I4944ea612369d6f96319e24c96d97cf9739358c7
2012-11-16 17:06:34 +00:00
Use a WikiPage object when filtering edits on a non-existing Title Remove $title->exists() from the check, so we have the following changes: - The AbuseLog will add a diff link for page creations - Searching the AbuseLog for impact:saved will include page creations - We don't have to recreate the WikiPage again in RunVariableGenerator Also remove an old reference to "bug 31656": that comment was added in rEABFefecf8b2441ae2f31f924ff33103f5affe5d1d62, which changed Article::getContent() to Article::getRevision()->getRawText(). Nowadays we don't even use Article anymore, and that conditional isn't even for retrieving the page content, so the comment is wrong. Add logging for when the Title object cannot exist, as this should never happen in the context of the EditFilterMergedContent hook, and always create a WikiPage. Some signatures were changed to require a WikiPage object now, and every caller updated to provide it. Bug: T263104 Bug: T62179 Depends-On: Ic238eaa529ef6bfba06b4dd03924a8e0111d8259 Change-Id: Ibf3bf4f68328ba4a5616ab8f26a8b44d27a25cd7
2020-09-17 11:54:48 +00:00
$page = $context->getWikiPage();
Introduce a VariableGeneratorFactory service So we can use DI in all generators. Some improvements were deliberately omitted, e.g. injecting more services and relaxing User/Title to UserIdentity/LinkTarget, and they'll be included in a subsequent commit. Depends-On: I1f351071ef2b0b7c80e91407a9c3bb17be293044 Depends-On: Ie71740fac35a86f8fe03023080ae8ca08671243d Depends-On: I589a0e1c2c5891070ab82cd5adfd9cedec19e67d Change-Id: I92ef0abd5e45b672e6f297a71b3c2c345d56f136
2021-01-03 13:10:20 +00:00
$builder = AbuseFilterServices::getVariableGeneratorFactory()->newRunGenerator( $user, $title );
Factor out variables-related methods This is another step needed to reduce the size of the gigantic AbuseFilter and AbuseFilterHooks classes. It also makes many methods non-static, for more testability. Note, this layout is still not final. We should somehow merge the functionality of VariableGenerator and AFComputedVariable, for which I already have plans. Change-Id: I366d598b69ad866496b7cb0059e0835c02e54041
2019-06-25 16:39:57 +00:00
$vars = $builder->getEditVars( $content, $text, $summary, $slot, $page );
Split hook handlers related to filtering This adds a new get(Type)Vars method for every action type. The goal is to 1-have shorter methods, which is always good; 2-try to make this code a bit more testable. I left as a todo moving all these methods to a separate class, the idea being to make them non-static and thus easier to be tested. Depends-On: I2eab2e50356eeb5224446ee2d0df9c787ae95b80 Change-Id: I6de2dd27a8f972b3f74c730a1516639f8c622166
2019-06-25 10:43:54 +00:00
if ( $vars === null ) {
// We don't have to filter the edit
return Status::newGood();
}
Create FilterRunnerFactory Next step is splitting the Runner into various subclasses. Change-Id: I766555f31b425cee52fd262c5bfb1c73f3f170d2
2020-11-27 14:49:41 +00:00
$runnerFactory = AbuseFilterServices::getFilterRunnerFactory();
$runner = $runnerFactory->newRunner( $user, $title, $vars, 'default' );
Add a new class for methods related to running filters Currently we strongly abuse (pardon the pun) the AbuseFilter class: its purpose should be to hold static functions intended as generic utility functions (e.g. to format messages, determine whether a filter is global etc.), but we actually use it for all methods related to running filters. This patch creates a new class, AbuseFilterRunner, containing all such methods, which have been made non-static. This leads to several improvements (also for related methods and the parser), and opens the way to further improve the code. Aside from making the code prettier, less global and easier to test, this patch could also produce a performance improvement, although I don't have tools to measure that. Also note that many public methods have been removed, and almost any of them has been made protected; a couple of them (the ones used from outside) are left for back-compat, and will be removed in the future. Change-Id: I2eab2e50356eeb5224446ee2d0df9c787ae95b80
2018-12-07 17:46:02 +00:00
$filterResult = $runner->run();
if ( !$filterResult->isOK() ) {
return $filterResult;
Fix some E_NOTICE
2008-06-27 09:26:54 +00:00
}
AbuseFilter: Resolve bug 18374, bug 28633. * Store the revision ID associated with a log entry if the action is successful. * Expose this as a diff link in the UI. * Implicitly hide log entries if their corresponding revisions are also hidden. * Includes scope for expanding to log entries if desired. Change-Id: Ie2d43dd1bacf14289fdf0492bb22267590ee649d
2012-02-10 23:41:05 +00:00
Introduce an EditRevUpdater service This service allows linking the EditFilterMergedContent and PageSaveComplete hooks for the same edit, so we can update rev IDs in the abuse_filter_log table. Having such a services also avoids two hacky static props, and should allow separating the hook handlers easily. Change-Id: I622d15225ee3af202cb5730a7112652aef8ca71a
2021-01-05 13:33:45 +00:00
$revUpdater->setLastEditPage( $page );
AbuseFilter: Resolve bug 18374, bug 28633. * Store the revision ID associated with a log entry if the action is successful. * Expose this as a diff link in the UI. * Implicitly hide log entries if their corresponding revisions are also hidden. * Includes scope for expanding to log entries if desired. Change-Id: Ie2d43dd1bacf14289fdf0492bb22267590ee649d
2012-02-10 23:41:05 +00:00
Use custom error code for all edit and upload API responses The error code 'abusefilter-disallowed' or 'abusefilter-warning' is used, depending on whether the filter only warns (and will allow the action when retried) or prevents the user from performing the action. The API response has been extended with some additional properties. * For simple filters with no custom messages where the only action is 'disallow' or 'warn', the error code is the same as before. * For filters with different actions, different error codes would previously be returned; 'abusefilter-disallowed' will be returned for them all, with the actions taken listed in the .abusefilter.actions property of the API response. * For filters with custom messages, the message key would previously be used as the error code; now 'abusefilter-disallowed' or 'abusefilter-warning' is used, with the message available in the .message property of the API response. Also cleaned up some dead "forwards-compatibility" code and made a recently introduced public method private. The new functionality depends on Ifac8995a4d16d11840cee814177fc2808bc2072c in MediaWiki core, older MediaWiki versions behave mostly as before. The new .message property contains both the key and the parameters duplicated from .abusefilter, so that the client doesn't have to know what AbuseFilter is - it'll be able to just display the given message with the given parameters. My specific use case is the upload dialog in core (core shouldn't have to know about any extensions). See also TitleBlacklist change I97c1f5c6bbbdfc0b8ea9914bb075d5299c14df8f. Bug: T137961 Change-Id: I5780eae96930211191ecd874aacf53fdacb58f89
2016-06-20 21:58:17 +00:00
return Status::newGood();
AbuseFilter: Resolve bugs 18374, 28633. * Store the revision ID associated with a log entry if the action is successful. * Expose this as a diff link in the UI. * Implicitly hide log entries if their corresponding revisions are also hidden. * Includes scope for expanding to log entries if desired.
2012-02-10 23:41:05 +00:00
}
Avoid crippled APIEditBeforeSave hook, use new features of EditFilterMergedContent instead Back when APIEditBeforeSave was being introduced here, it was impossible to return error data for API requests from it (T34216). But this hook runs a lot earlier than EditFilterMergedContent, and only gives us the text submitted in the action=edit API call and not the actual text that's going to be saved, which are different for section edits (T54077) or edits where an edit conflict is automatically resolved (T73947). T54077 was solved by making the APIEditBeforeSave lie that there are no sections edits in the API. Perhaps T73947 could also be resolved by lying that there are no edit conflicts in the API, but it seemed that this would require duplicating even more logic from EditPage in the API than T54077. And luckily, EditFilterMergedContent recently gained the ability to return precise error messages to the API (in MediaWiki 1.25, I4b4270dd868a643512d4717927858b6ef0556d8a). So let's use that if available and only fall back to APIEditBeforeSave on older versions. Bug: T73947 Change-Id: I30c1e3d0a6c10888e6ac53745313434474663cce
2016-04-07 05:06:02 +00:00
/**
* @param Status $status Error message details
Actually return errors for action=edit API Setting 'apiHookResult' results in a "successful" response; if we want to report an error, we need to use ApiMessage. We already were doing this for action=upload. Now our action=edit API responses will be consistent with MediaWiki and other extensions, and will be able to take advantage of errorformat=html. Since this breaks compatibility anyway, also remove some redundant backwards-compatibility values from the output. To avoid user interface regressions in VisualEditor, the changes I3b9c4fef (in VE) and I106dbd3c (in MediaWiki) should be merged first. Before: { "edit": { "code": "abusefilter-disallowed", "message": { "key": "abusefilter-disallowed", "params": [ ... ] }, "abusefilter": { ... }, "info": "Hit AbuseFilter: Test filter disallow", "warning": "This action has been automatically identified ...", "result": "Failure" } } After: { "errors": [ { "code": "abusefilter-disallowed", "data": { "abusefilter": { ... }, }, "module": "edit", "*": "This action has been automatically identified ..." } ], "*": "See http://localhost:3080/w/api.php for API usage. ..." } For comparison, a 'readonly' error: { "errors": [ { "code": "readonly", "data": { "readonlyreason": "foo bar" }, "module": "main", "*": "The wiki is currently in read-only mode." } ], "*": "See http://localhost:3080/w/api.php for API usage. ..." } Bug: T229539 Depends-On: I106dbd3cbdbf7082b1d1f1c1106ece6b19c22a86 Depends-On: I3b9c4fefc0869ef7999c21cef754434febd852ec Change-Id: I5424de387cbbcc9c85026b8cfeaf01635eee34a0
2019-08-01 01:48:08 +00:00
* @return Status Status containing the same error messages with extra data for the API
Avoid crippled APIEditBeforeSave hook, use new features of EditFilterMergedContent instead Back when APIEditBeforeSave was being introduced here, it was impossible to return error data for API requests from it (T34216). But this hook runs a lot earlier than EditFilterMergedContent, and only gives us the text submitted in the action=edit API call and not the actual text that's going to be saved, which are different for section edits (T54077) or edits where an edit conflict is automatically resolved (T73947). T54077 was solved by making the APIEditBeforeSave lie that there are no sections edits in the API. Perhaps T73947 could also be resolved by lying that there are no edit conflicts in the API, but it seemed that this would require duplicating even more logic from EditPage in the API than T54077. And luckily, EditFilterMergedContent recently gained the ability to return precise error messages to the API (in MediaWiki 1.25, I4b4270dd868a643512d4717927858b6ef0556d8a). So let's use that if available and only fall back to APIEditBeforeSave on older versions. Bug: T73947 Change-Id: I30c1e3d0a6c10888e6ac53745313434474663cce
2016-04-07 05:06:02 +00:00
*/
Actually return errors for action=edit API Setting 'apiHookResult' results in a "successful" response; if we want to report an error, we need to use ApiMessage. We already were doing this for action=upload. Now our action=edit API responses will be consistent with MediaWiki and other extensions, and will be able to take advantage of errorformat=html. Since this breaks compatibility anyway, also remove some redundant backwards-compatibility values from the output. To avoid user interface regressions in VisualEditor, the changes I3b9c4fef (in VE) and I106dbd3c (in MediaWiki) should be merged first. Before: { "edit": { "code": "abusefilter-disallowed", "message": { "key": "abusefilter-disallowed", "params": [ ... ] }, "abusefilter": { ... }, "info": "Hit AbuseFilter: Test filter disallow", "warning": "This action has been automatically identified ...", "result": "Failure" } } After: { "errors": [ { "code": "abusefilter-disallowed", "data": { "abusefilter": { ... }, }, "module": "edit", "*": "This action has been automatically identified ..." } ], "*": "See http://localhost:3080/w/api.php for API usage. ..." } For comparison, a 'readonly' error: { "errors": [ { "code": "readonly", "data": { "readonlyreason": "foo bar" }, "module": "main", "*": "The wiki is currently in read-only mode." } ], "*": "See http://localhost:3080/w/api.php for API usage. ..." } Bug: T229539 Depends-On: I106dbd3cbdbf7082b1d1f1c1106ece6b19c22a86 Depends-On: I3b9c4fefc0869ef7999c21cef754434febd852ec Change-Id: I5424de387cbbcc9c85026b8cfeaf01635eee34a0
2019-08-01 01:48:08 +00:00
private static function getApiStatus( Status $status ) {
$allActionsTaken = $status->getValue();
$statusForApi = Status::newGood();
foreach ( $status->getErrors() as $error ) {
list( $filterDescription, $filter ) = $error['params'];
$actionsTaken = $allActionsTaken[ $filter ];
$code = ( $actionsTaken === [ 'warn' ] ) ? 'abusefilter-warning' : 'abusefilter-disallowed';
$data = [
'abusefilter' => [
'id' => $filter,
'description' => $filterDescription,
'actions' => $actionsTaken,
],
];
$message = ApiMessage::create( $error, $code, $data );
$statusForApi->fatal( $message );
Avoid crippled APIEditBeforeSave hook, use new features of EditFilterMergedContent instead Back when APIEditBeforeSave was being introduced here, it was impossible to return error data for API requests from it (T34216). But this hook runs a lot earlier than EditFilterMergedContent, and only gives us the text submitted in the action=edit API call and not the actual text that's going to be saved, which are different for section edits (T54077) or edits where an edit conflict is automatically resolved (T73947). T54077 was solved by making the APIEditBeforeSave lie that there are no sections edits in the API. Perhaps T73947 could also be resolved by lying that there are no edit conflicts in the API, but it seemed that this would require duplicating even more logic from EditPage in the API than T54077. And luckily, EditFilterMergedContent recently gained the ability to return precise error messages to the API (in MediaWiki 1.25, I4b4270dd868a643512d4717927858b6ef0556d8a). So let's use that if available and only fall back to APIEditBeforeSave on older versions. Bug: T73947 Change-Id: I30c1e3d0a6c10888e6ac53745313434474663cce
2016-04-07 05:06:02 +00:00
}
Actually return errors for action=edit API Setting 'apiHookResult' results in a "successful" response; if we want to report an error, we need to use ApiMessage. We already were doing this for action=upload. Now our action=edit API responses will be consistent with MediaWiki and other extensions, and will be able to take advantage of errorformat=html. Since this breaks compatibility anyway, also remove some redundant backwards-compatibility values from the output. To avoid user interface regressions in VisualEditor, the changes I3b9c4fef (in VE) and I106dbd3c (in MediaWiki) should be merged first. Before: { "edit": { "code": "abusefilter-disallowed", "message": { "key": "abusefilter-disallowed", "params": [ ... ] }, "abusefilter": { ... }, "info": "Hit AbuseFilter: Test filter disallow", "warning": "This action has been automatically identified ...", "result": "Failure" } } After: { "errors": [ { "code": "abusefilter-disallowed", "data": { "abusefilter": { ... }, }, "module": "edit", "*": "This action has been automatically identified ..." } ], "*": "See http://localhost:3080/w/api.php for API usage. ..." } For comparison, a 'readonly' error: { "errors": [ { "code": "readonly", "data": { "readonlyreason": "foo bar" }, "module": "main", "*": "The wiki is currently in read-only mode." } ], "*": "See http://localhost:3080/w/api.php for API usage. ..." } Bug: T229539 Depends-On: I106dbd3cbdbf7082b1d1f1c1106ece6b19c22a86 Depends-On: I3b9c4fefc0869ef7999c21cef754434febd852ec Change-Id: I5424de387cbbcc9c85026b8cfeaf01635eee34a0
2019-08-01 01:48:08 +00:00
return $statusForApi;
Avoid crippled APIEditBeforeSave hook, use new features of EditFilterMergedContent instead Back when APIEditBeforeSave was being introduced here, it was impossible to return error data for API requests from it (T34216). But this hook runs a lot earlier than EditFilterMergedContent, and only gives us the text submitted in the action=edit API call and not the actual text that's going to be saved, which are different for section edits (T54077) or edits where an edit conflict is automatically resolved (T73947). T54077 was solved by making the APIEditBeforeSave lie that there are no sections edits in the API. Perhaps T73947 could also be resolved by lying that there are no edit conflicts in the API, but it seemed that this would require duplicating even more logic from EditPage in the API than T54077. And luckily, EditFilterMergedContent recently gained the ability to return precise error messages to the API (in MediaWiki 1.25, I4b4270dd868a643512d4717927858b6ef0556d8a). So let's use that if available and only fall back to APIEditBeforeSave on older versions. Bug: T73947 Change-Id: I30c1e3d0a6c10888e6ac53745313434474663cce
2016-04-07 05:06:02 +00:00
}
Cache AbuseFilter::checkAllFilters during edit stashing This should improve page save times when manual edit summaries are not used (and in a few cases, where they are). Also fix a few annoying IDEA errors with block comments. Bug: T137698 Depends-On: I2e407a3ac8b74e77bf88b1e34c1519f4dea63b80 Change-Id: I972e9147a5e52a941f478eaf1e96dc3ef8bdfe94
2016-06-13 11:53:50 +00:00
/**
Remove all not needed & from hook handler signatures Most of these are accidential, obsolete from a time when PHP4 required these & to enforce passing by reference. This is the default since PHP5. The issue with this & is that is (in theory) allows hook handlers to replace the object with an entirely different one. Luckily this does not work in all cases I'm aware of. But it is confusing, semantically. Change-Id: If1e9e2723ef96308f9b4b27377398a5e497bfe70
2018-06-07 11:29:22 +00:00
* @param WikiPage $wikiPage
Update hooks to use `PageSaveComplete` Extension requires MW 1.35+, always available Bug: T250566 Change-Id: I60cf3cc42db989d8ccb0d06d3cf9eae8a85784ac
2020-06-16 04:12:38 +00:00
* @param UserIdentity $userIdentity
Cache AbuseFilter::checkAllFilters during edit stashing This should improve page save times when manual edit summaries are not used (and in a few cases, where they are). Also fix a few annoying IDEA errors with block comments. Bug: T137698 Depends-On: I2e407a3ac8b74e77bf88b1e34c1519f4dea63b80 Change-Id: I972e9147a5e52a941f478eaf1e96dc3ef8bdfe94
2016-06-13 11:53:50 +00:00
* @param string $summary
Remove all not needed & from hook handler signatures Most of these are accidential, obsolete from a time when PHP4 required these & to enforce passing by reference. This is the default since PHP5. The issue with this & is that is (in theory) allows hook handlers to replace the object with an entirely different one. Luckily this does not work in all cases I'm aware of. But it is confusing, semantically. Change-Id: If1e9e2723ef96308f9b4b27377398a5e497bfe70
2018-06-07 11:29:22 +00:00
* @param int $flags
Update hooks to use `PageSaveComplete` Extension requires MW 1.35+, always available Bug: T250566 Change-Id: I60cf3cc42db989d8ccb0d06d3cf9eae8a85784ac
2020-06-16 04:12:38 +00:00
* @param RevisionRecord $revisionRecord
Cache AbuseFilter::checkAllFilters during edit stashing This should improve page save times when manual edit summaries are not used (and in a few cases, where they are). Also fix a few annoying IDEA errors with block comments. Bug: T137698 Depends-On: I2e407a3ac8b74e77bf88b1e34c1519f4dea63b80 Change-Id: I972e9147a5e52a941f478eaf1e96dc3ef8bdfe94
2016-06-13 11:53:50 +00:00
*/
Update hooks to use `PageSaveComplete` Extension requires MW 1.35+, always available Bug: T250566 Change-Id: I60cf3cc42db989d8ccb0d06d3cf9eae8a85784ac
2020-06-16 04:12:38 +00:00
public static function onPageSaveComplete(
WikiPage $wikiPage,
UserIdentity $userIdentity,
string $summary,
int $flags,
Update PageSaveComplete hook to use EditResult Bug: T254074 Change-Id: I3922d9a92242c9a6469058a2a2c2a95891e9e429
2020-06-22 09:52:14 +00:00
RevisionRecord $revisionRecord
AbuseFilter: Resolve bug 18374, bug 28633. * Store the revision ID associated with a log entry if the action is successful. * Expose this as a diff link in the UI. * Implicitly hide log entries if their corresponding revisions are also hidden. * Includes scope for expanding to log entries if desired. Change-Id: Ie2d43dd1bacf14289fdf0492bb22267590ee649d
2012-02-10 23:41:05 +00:00
) {
Introduce an EditRevUpdater service This service allows linking the EditFilterMergedContent and PageSaveComplete hooks for the same edit, so we can update rev IDs in the abuse_filter_log table. Having such a services also avoids two hacky static props, and should allow separating the hook handlers easily. Change-Id: I622d15225ee3af202cb5730a7112652aef8ca71a
2021-01-05 13:33:45 +00:00
AbuseFilterServices::getEditRevUpdater()->updateRev( $wikiPage, $revisionRecord );
AbuseFilter: Resolve bug 18374, bug 28633. * Store the revision ID associated with a log entry if the action is successful. * Expose this as a diff link in the UI. * Implicitly hide log entries if their corresponding revisions are also hidden. * Includes scope for expanding to log entries if desired. Change-Id: Ie2d43dd1bacf14289fdf0492bb22267590ee649d
2012-02-10 23:41:05 +00:00
}
Split hook handlers related to filtering This adds a new get(Type)Vars method for every action type. The goal is to 1-have shorter methods, which is always good; 2-try to make this code a bit more testable. I left as a todo moving all these methods to a separate class, the idea being to make them non-static and thus easier to be tested. Depends-On: I2eab2e50356eeb5224446ee2d0df9c787ae95b80 Change-Id: I6de2dd27a8f972b3f74c730a1516639f8c622166
2019-06-25 10:43:54 +00:00
/**
* @param Title $oldTitle
* @param Title $newTitle
* @param User $user
* @param string $reason
* @param Status &$status
*/
public static function onTitleMove(
Title $oldTitle,
Title $newTitle,
User $user,
$reason,
Status &$status
) {
Introduce a VariableGeneratorFactory service So we can use DI in all generators. Some improvements were deliberately omitted, e.g. injecting more services and relaxing User/Title to UserIdentity/LinkTarget, and they'll be included in a subsequent commit. Depends-On: I1f351071ef2b0b7c80e91407a9c3bb17be293044 Depends-On: Ie71740fac35a86f8fe03023080ae8ca08671243d Depends-On: I589a0e1c2c5891070ab82cd5adfd9cedec19e67d Change-Id: I92ef0abd5e45b672e6f297a71b3c2c345d56f136
2021-01-03 13:10:20 +00:00
$builder = AbuseFilterServices::getVariableGeneratorFactory()->newRunGenerator( $user, $oldTitle );
Factor out variables-related methods This is another step needed to reduce the size of the gigantic AbuseFilter and AbuseFilterHooks classes. It also makes many methods non-static, for more testability. Note, this layout is still not final. We should somehow merge the functionality of VariableGenerator and AFComputedVariable, for which I already have plans. Change-Id: I366d598b69ad866496b7cb0059e0835c02e54041
2019-06-25 16:39:57 +00:00
$vars = $builder->getMoveVars( $newTitle, $reason );
Create FilterRunnerFactory Next step is splitting the Runner into various subclasses. Change-Id: I766555f31b425cee52fd262c5bfb1c73f3f170d2
2020-11-27 14:49:41 +00:00
$runnerFactory = AbuseFilterServices::getFilterRunnerFactory();
$runner = $runnerFactory->newRunner( $user, $oldTitle, $vars, 'default' );
Add a new class for methods related to running filters Currently we strongly abuse (pardon the pun) the AbuseFilter class: its purpose should be to hold static functions intended as generic utility functions (e.g. to format messages, determine whether a filter is global etc.), but we actually use it for all methods related to running filters. This patch creates a new class, AbuseFilterRunner, containing all such methods, which have been made non-static. This leads to several improvements (also for related methods and the parser), and opens the way to further improve the code. Aside from making the code prettier, less global and easier to test, this patch could also produce a performance improvement, although I don't have tools to measure that. Also note that many public methods have been removed, and almost any of them has been made protected; a couple of them (the ones used from outside) are left for back-compat, and will be removed in the future. Change-Id: I2eab2e50356eeb5224446ee2d0df9c787ae95b80
2018-12-07 17:46:02 +00:00
$result = $runner->run();
Use MovePageCheckPermissions hook if possible Change-Id: Ic5026384b92a0d68d628397ffe1de6e5b6183f02
2014-10-27 17:55:33 +00:00
$status->merge( $result );
}
Split hook handlers related to filtering This adds a new get(Type)Vars method for every action type. The goal is to 1-have shorter methods, which is always good; 2-try to make this code a bit more testable. I left as a todo moving all these methods to a separate class, the idea being to make them non-static and thus easier to be tested. Depends-On: I2eab2e50356eeb5224446ee2d0df9c787ae95b80 Change-Id: I6de2dd27a8f972b3f74c730a1516639f8c622166
2019-06-25 10:43:54 +00:00
/**
* @param WikiPage $article
* @param User $user
* @param string $reason
* @param string &$error
* @param Status $status
* @return bool
*/
public static function onArticleDelete( WikiPage $article, User $user, $reason, &$error,
Status $status ) {
Introduce a VariableGeneratorFactory service So we can use DI in all generators. Some improvements were deliberately omitted, e.g. injecting more services and relaxing User/Title to UserIdentity/LinkTarget, and they'll be included in a subsequent commit. Depends-On: I1f351071ef2b0b7c80e91407a9c3bb17be293044 Depends-On: Ie71740fac35a86f8fe03023080ae8ca08671243d Depends-On: I589a0e1c2c5891070ab82cd5adfd9cedec19e67d Change-Id: I92ef0abd5e45b672e6f297a71b3c2c345d56f136
2021-01-03 13:10:20 +00:00
$builder = AbuseFilterServices::getVariableGeneratorFactory()->newRunGenerator( $user, $article->getTitle() );
Factor out variables-related methods This is another step needed to reduce the size of the gigantic AbuseFilter and AbuseFilterHooks classes. It also makes many methods non-static, for more testability. Note, this layout is still not final. We should somehow merge the functionality of VariableGenerator and AFComputedVariable, for which I already have plans. Change-Id: I366d598b69ad866496b7cb0059e0835c02e54041
2019-06-25 16:39:57 +00:00
$vars = $builder->getDeleteVars( $reason );
Create FilterRunnerFactory Next step is splitting the Runner into various subclasses. Change-Id: I766555f31b425cee52fd262c5bfb1c73f3f170d2
2020-11-27 14:49:41 +00:00
$runnerFactory = AbuseFilterServices::getFilterRunnerFactory();
$runner = $runnerFactory->newRunner( $user, $article->getTitle(), $vars, 'default' );
Add a new class for methods related to running filters Currently we strongly abuse (pardon the pun) the AbuseFilter class: its purpose should be to hold static functions intended as generic utility functions (e.g. to format messages, determine whether a filter is global etc.), but we actually use it for all methods related to running filters. This patch creates a new class, AbuseFilterRunner, containing all such methods, which have been made non-static. This leads to several improvements (also for related methods and the parser), and opens the way to further improve the code. Aside from making the code prettier, less global and easier to test, this patch could also produce a performance improvement, although I don't have tools to measure that. Also note that many public methods have been removed, and almost any of them has been made protected; a couple of them (the ones used from outside) are left for back-compat, and will be removed in the future. Change-Id: I2eab2e50356eeb5224446ee2d0df9c787ae95b80
2018-12-07 17:46:02 +00:00
$filterResult = $runner->run();
AbuseFilter: big commit - coding style & spacing cleanup; also marked SpecialPages' construct() and execute() functions as public and capitalized some SQL keywords
2009-10-07 13:57:06 +00:00
Add a new class for methods related to running filters Currently we strongly abuse (pardon the pun) the AbuseFilter class: its purpose should be to hold static functions intended as generic utility functions (e.g. to format messages, determine whether a filter is global etc.), but we actually use it for all methods related to running filters. This patch creates a new class, AbuseFilterRunner, containing all such methods, which have been made non-static. This leads to several improvements (also for related methods and the parser), and opens the way to further improve the code. Aside from making the code prettier, less global and easier to test, this patch could also produce a performance improvement, although I don't have tools to measure that. Also note that many public methods have been removed, and almost any of them has been made protected; a couple of them (the ones used from outside) are left for back-compat, and will be removed in the future. Change-Id: I2eab2e50356eeb5224446ee2d0df9c787ae95b80
2018-12-07 17:46:02 +00:00
$status->merge( $filterResult );
$error = $filterResult->isOK() ? '' : $filterResult->getHTML();
AbuseFilter: big commit - coding style & spacing cleanup; also marked SpecialPages' construct() and execute() functions as public and capitalized some SQL keywords
2009-10-07 13:57:06 +00:00
Add a new class for methods related to running filters Currently we strongly abuse (pardon the pun) the AbuseFilter class: its purpose should be to hold static functions intended as generic utility functions (e.g. to format messages, determine whether a filter is global etc.), but we actually use it for all methods related to running filters. This patch creates a new class, AbuseFilterRunner, containing all such methods, which have been made non-static. This leads to several improvements (also for related methods and the parser), and opens the way to further improve the code. Aside from making the code prettier, less global and easier to test, this patch could also produce a performance improvement, although I don't have tools to measure that. Also note that many public methods have been removed, and almost any of them has been made protected; a couple of them (the ones used from outside) are left for back-compat, and will be removed in the future. Change-Id: I2eab2e50356eeb5224446ee2d0df9c787ae95b80
2018-12-07 17:46:02 +00:00
return $filterResult->isOK();
Add AbuseFilter extension
2008-06-27 06:18:51 +00:00
}
AbuseFilter: big commit - coding style & spacing cleanup; also marked SpecialPages' construct() and execute() functions as public and capitalized some SQL keywords
2009-10-07 13:57:06 +00:00
Documentation Ping r111217, fix $fdb, rename it $dbw Change-Id: I004615a13b3292d5b071a48494125a9d7c5aad73
2012-03-11 20:32:31 +00:00
/**
Improve some parameter docs Change-Id: I03fa9b58c72bcd28985c5a3467b82d8b98f3a0fc
2017-08-04 23:14:10 +00:00
* @param RecentChange $recentChange
Documentation Ping r111217, fix $fdb, rename it $dbw Change-Id: I004615a13b3292d5b071a48494125a9d7c5aad73
2012-03-11 20:32:31 +00:00
*/
Revert "Revert "Add typehinting for every object-only parameter"" This reverts commit 1ed75b4ae0d8514816a257da1de9973fdc6cd740. Fixed the one which caused errors, by making articleFromTitle only use WikiPage, instead of silently mixing WikiPage and Article. Note for reviewers: this patch is identical to the one which was previously +2ed, which was mostly correct. To see the actual change, diff AFComputedVariable with 1..current. Change-Id: I6747eaed861af6c40a3b1610aebcc1174296e9ed
2018-10-17 05:15:21 +00:00
public static function onRecentChangeSave( RecentChange $recentChange ) {
Add a ChangeTagger class The logic about action IDs and the persistent buffer is now encapsulated inside a single service, which is a step towards getting rid of global state in the AbuseFilter class, and reducing the responsibilities of the Runner. An important change made here is that we now require a LinkTarget rather than a Title. This removes a dependency on the Title class (a monster object), makes tests simpler, and denies the need to inject a TitleFactory. This means living without some bits of context (e.g. we're no longer using makeTitleSafe to ensure a valid title, and we have to build a "prefixedtext" manually), but this shouldn't be a problem, given that the titles are only used to create a cache key: invalid titles are not a problem, and concatenating namespace + title should always be sufficient. Bug: T265370 Change-Id: Iff59cd3d889454a482a89c16691bfefcc5ec0a12
2020-10-13 16:01:18 +00:00
$tagger = AbuseFilterServices::getChangeTagger();
$tags = $tagger->getTagsForRecentChange( $recentChange );
if ( $tags ) {
$recentChange->addTags( $tags );
Branch merge of change-tagging branch with trunk -- Introduce tagging of individual changes (revisions, logs, and on recentchanges). The tags are customisable, and currently settable by the Abuse Filter and by the TorBlock extension. The tags can be styled on the various pages on which they appear. -- Introduces a schema change, three new tables (valid_tag, change_tag, and tag_summary).
2009-01-28 19:08:18 +00:00
}
}
Documentation Ping r111217, fix $fdb, rename it $dbw Change-Id: I004615a13b3292d5b071a48494125a9d7c5aad73
2012-03-11 20:32:31 +00:00
/**
Only run filters once for direct uploads (without stash) Uses the new UploadStashFile hook. Bug: T140522 Depends-On: I2f574b355cd33b2e9fa7ff8e1793503b257cce65 Change-Id: Ic7c2dbc54c6ad300d26172796ee21027a8c372ee
2016-08-03 14:30:18 +00:00
* Filter an upload.
*
Provide page text and edit summary when filtering file uploads This allows filters using `action='upload'` to use the variables `summary`, `new_wikitext` and several others that previously were only provided when editing pages (`action='edit'`). This is achieved using the new UploadVerifyUpload hook, introduced in MediaWiki core in change Ie68801b307de8456e1753ba54a29c34c8063bc36. `action='upload'` is now only used when publishing an upload, and not for uploads to stash. A new `action='stashupload'` is introduced, which is used for all uploads, including uploads to stash. This behaves like `action='upload'` used to, and only provides file metadata variables. Filter authors should use `action='stashupload'` when a file can be checked based only on the file contents, and `action='upload'` only when the wikitext edit needs to be examined too. Bug: T87381 Bug: T89252 Bug: T139848 Change-Id: I9654f82ecda82e4917fd0ac6b364b947a1434c73
2016-06-17 15:23:42 +00:00
* @param UploadBase $upload
* @param User $user
Remove problematic array type hint from hook handler It's possible this parameter is null, as demonstrated in Id2caa44. Change-Id: I69bf0d70552fb049aa1c93bb12bcb5cc9e457c53
2019-05-15 18:38:16 +00:00
* @param array|null $props
Provide page text and edit summary when filtering file uploads This allows filters using `action='upload'` to use the variables `summary`, `new_wikitext` and several others that previously were only provided when editing pages (`action='edit'`). This is achieved using the new UploadVerifyUpload hook, introduced in MediaWiki core in change Ie68801b307de8456e1753ba54a29c34c8063bc36. `action='upload'` is now only used when publishing an upload, and not for uploads to stash. A new `action='stashupload'` is introduced, which is used for all uploads, including uploads to stash. This behaves like `action='upload'` used to, and only provides file metadata variables. Filter authors should use `action='stashupload'` when a file can be checked based only on the file contents, and `action='upload'` only when the wikitext edit needs to be examined too. Bug: T87381 Bug: T89252 Bug: T139848 Change-Id: I9654f82ecda82e4917fd0ac6b364b947a1434c73
2016-06-17 15:23:42 +00:00
* @param string $comment
* @param string $pageText
Use custom error code for all edit and upload API responses The error code 'abusefilter-disallowed' or 'abusefilter-warning' is used, depending on whether the filter only warns (and will allow the action when retried) or prevents the user from performing the action. The API response has been extended with some additional properties. * For simple filters with no custom messages where the only action is 'disallow' or 'warn', the error code is the same as before. * For filters with different actions, different error codes would previously be returned; 'abusefilter-disallowed' will be returned for them all, with the actions taken listed in the .abusefilter.actions property of the API response. * For filters with custom messages, the message key would previously be used as the error code; now 'abusefilter-disallowed' or 'abusefilter-warning' is used, with the message available in the .message property of the API response. Also cleaned up some dead "forwards-compatibility" code and made a recently introduced public method private. The new functionality depends on Ifac8995a4d16d11840cee814177fc2808bc2072c in MediaWiki core, older MediaWiki versions behave mostly as before. The new .message property contains both the key and the parameters duplicated from .abusefilter, so that the client doesn't have to know what AbuseFilter is - it'll be able to just display the given message with the given parameters. My specific use case is the upload dialog in core (core shouldn't have to know about any extensions). See also TitleBlacklist change I97c1f5c6bbbdfc0b8ea9914bb075d5299c14df8f. Bug: T137961 Change-Id: I5780eae96930211191ecd874aacf53fdacb58f89
2016-06-20 21:58:17 +00:00
* @param array|ApiMessage &$error
Provide page text and edit summary when filtering file uploads This allows filters using `action='upload'` to use the variables `summary`, `new_wikitext` and several others that previously were only provided when editing pages (`action='edit'`). This is achieved using the new UploadVerifyUpload hook, introduced in MediaWiki core in change Ie68801b307de8456e1753ba54a29c34c8063bc36. `action='upload'` is now only used when publishing an upload, and not for uploads to stash. A new `action='stashupload'` is introduced, which is used for all uploads, including uploads to stash. This behaves like `action='upload'` used to, and only provides file metadata variables. Filter authors should use `action='stashupload'` when a file can be checked based only on the file contents, and `action='upload'` only when the wikitext edit needs to be examined too. Bug: T87381 Bug: T89252 Bug: T139848 Change-Id: I9654f82ecda82e4917fd0ac6b364b947a1434c73
2016-06-17 15:23:42 +00:00
* @return bool
*/
public static function onUploadVerifyUpload( UploadBase $upload, User $user,
Remove problematic array type hint from hook handler It's possible this parameter is null, as demonstrated in Id2caa44. Change-Id: I69bf0d70552fb049aa1c93bb12bcb5cc9e457c53
2019-05-15 18:38:16 +00:00
$props, $comment, $pageText, &$error
Provide page text and edit summary when filtering file uploads This allows filters using `action='upload'` to use the variables `summary`, `new_wikitext` and several others that previously were only provided when editing pages (`action='edit'`). This is achieved using the new UploadVerifyUpload hook, introduced in MediaWiki core in change Ie68801b307de8456e1753ba54a29c34c8063bc36. `action='upload'` is now only used when publishing an upload, and not for uploads to stash. A new `action='stashupload'` is introduced, which is used for all uploads, including uploads to stash. This behaves like `action='upload'` used to, and only provides file metadata variables. Filter authors should use `action='stashupload'` when a file can be checked based only on the file contents, and `action='upload'` only when the wikitext edit needs to be examined too. Bug: T87381 Bug: T89252 Bug: T139848 Change-Id: I9654f82ecda82e4917fd0ac6b364b947a1434c73
2016-06-17 15:23:42 +00:00
) {
return self::filterUpload( 'upload', $upload, $user, $props, $comment, $pageText, $error );
}
Only run filters once for direct uploads (without stash) Uses the new UploadStashFile hook. Bug: T140522 Depends-On: I2f574b355cd33b2e9fa7ff8e1793503b257cce65 Change-Id: Ic7c2dbc54c6ad300d26172796ee21027a8c372ee
2016-08-03 14:30:18 +00:00
/**
* Filter an upload to stash. If a filter doesn't need to check the page contents or
* upload comment, it can use `action='stashupload'` to provide better experience to e.g.
* UploadWizard (rejecting files immediately, rather than after the user adds the details).
*
* @param UploadBase $upload
* @param User $user
* @param array $props
* @param array|ApiMessage &$error
* @return bool
*/
public static function onUploadStashFile( UploadBase $upload, User $user,
array $props, &$error
) {
return self::filterUpload( 'stashupload', $upload, $user, $props, null, null, $error );
}
Split hook handlers related to filtering This adds a new get(Type)Vars method for every action type. The goal is to 1-have shorter methods, which is always good; 2-try to make this code a bit more testable. I left as a todo moving all these methods to a separate class, the idea being to make them non-static and thus easier to be tested. Depends-On: I2eab2e50356eeb5224446ee2d0df9c787ae95b80 Change-Id: I6de2dd27a8f972b3f74c730a1516639f8c622166
2019-06-25 10:43:54 +00:00
/**
* Implementation for UploadStashFile and UploadVerifyUpload hooks.
*
* @param string $action 'upload' or 'stashupload'
* @param UploadBase $upload
* @param User $user User performing the action
* @param array|null $props File properties, as returned by MWFileProps::getPropsFromPath().
* @param string|null $summary Upload log comment (also used as edit summary)
* @param string|null $text File description page text (only used for new uploads)
* @param array|ApiMessage &$error
* @return bool
*/
public static function filterUpload( $action, UploadBase $upload, User $user,
$props, $summary, $text, &$error
) {
$title = $upload->getTitle();
if ( $title === null ) {
// T144265: This could happen for 'stashupload' if the specified title is invalid.
// Let UploadBase warn the user about that, and we'll filter later.
$logger = LoggerFactory::getInstance( 'AbuseFilter' );
$logger->warning( __METHOD__ . " received a null title. Action: $action." );
return true;
}
Introduce a VariableGeneratorFactory service So we can use DI in all generators. Some improvements were deliberately omitted, e.g. injecting more services and relaxing User/Title to UserIdentity/LinkTarget, and they'll be included in a subsequent commit. Depends-On: I1f351071ef2b0b7c80e91407a9c3bb17be293044 Depends-On: Ie71740fac35a86f8fe03023080ae8ca08671243d Depends-On: I589a0e1c2c5891070ab82cd5adfd9cedec19e67d Change-Id: I92ef0abd5e45b672e6f297a71b3c2c345d56f136
2021-01-03 13:10:20 +00:00
$builder = AbuseFilterServices::getVariableGeneratorFactory()->newRunGenerator( $user, $title );
Factor out variables-related methods This is another step needed to reduce the size of the gigantic AbuseFilter and AbuseFilterHooks classes. It also makes many methods non-static, for more testability. Note, this layout is still not final. We should somehow merge the functionality of VariableGenerator and AFComputedVariable, for which I already have plans. Change-Id: I366d598b69ad866496b7cb0059e0835c02e54041
2019-06-25 16:39:57 +00:00
$vars = $builder->getUploadVars( $action, $upload, $summary, $text, $props );
Split hook handlers related to filtering This adds a new get(Type)Vars method for every action type. The goal is to 1-have shorter methods, which is always good; 2-try to make this code a bit more testable. I left as a todo moving all these methods to a separate class, the idea being to make them non-static and thus easier to be tested. Depends-On: I2eab2e50356eeb5224446ee2d0df9c787ae95b80 Change-Id: I6de2dd27a8f972b3f74c730a1516639f8c622166
2019-06-25 10:43:54 +00:00
if ( $vars === null ) {
return true;
}
Create FilterRunnerFactory Next step is splitting the Runner into various subclasses. Change-Id: I766555f31b425cee52fd262c5bfb1c73f3f170d2
2020-11-27 14:49:41 +00:00
$runnerFactory = AbuseFilterServices::getFilterRunnerFactory();
$runner = $runnerFactory->newRunner( $user, $title, $vars, 'default' );
Add a new class for methods related to running filters Currently we strongly abuse (pardon the pun) the AbuseFilter class: its purpose should be to hold static functions intended as generic utility functions (e.g. to format messages, determine whether a filter is global etc.), but we actually use it for all methods related to running filters. This patch creates a new class, AbuseFilterRunner, containing all such methods, which have been made non-static. This leads to several improvements (also for related methods and the parser), and opens the way to further improve the code. Aside from making the code prettier, less global and easier to test, this patch could also produce a performance improvement, although I don't have tools to measure that. Also note that many public methods have been removed, and almost any of them has been made protected; a couple of them (the ones used from outside) are left for back-compat, and will be removed in the future. Change-Id: I2eab2e50356eeb5224446ee2d0df9c787ae95b80
2018-12-07 17:46:02 +00:00
$filterResult = $runner->run();
AbuseFilter: big commit - coding style & spacing cleanup; also marked SpecialPages' construct() and execute() functions as public and capitalized some SQL keywords
2009-10-07 13:57:06 +00:00
Add a new class for methods related to running filters Currently we strongly abuse (pardon the pun) the AbuseFilter class: its purpose should be to hold static functions intended as generic utility functions (e.g. to format messages, determine whether a filter is global etc.), but we actually use it for all methods related to running filters. This patch creates a new class, AbuseFilterRunner, containing all such methods, which have been made non-static. This leads to several improvements (also for related methods and the parser), and opens the way to further improve the code. Aside from making the code prettier, less global and easier to test, this patch could also produce a performance improvement, although I don't have tools to measure that. Also note that many public methods have been removed, and almost any of them has been made protected; a couple of them (the ones used from outside) are left for back-compat, and will be removed in the future. Change-Id: I2eab2e50356eeb5224446ee2d0df9c787ae95b80
2018-12-07 17:46:02 +00:00
if ( !$filterResult->isOK() ) {
Actually return errors for action=edit API Setting 'apiHookResult' results in a "successful" response; if we want to report an error, we need to use ApiMessage. We already were doing this for action=upload. Now our action=edit API responses will be consistent with MediaWiki and other extensions, and will be able to take advantage of errorformat=html. Since this breaks compatibility anyway, also remove some redundant backwards-compatibility values from the output. To avoid user interface regressions in VisualEditor, the changes I3b9c4fef (in VE) and I106dbd3c (in MediaWiki) should be merged first. Before: { "edit": { "code": "abusefilter-disallowed", "message": { "key": "abusefilter-disallowed", "params": [ ... ] }, "abusefilter": { ... }, "info": "Hit AbuseFilter: Test filter disallow", "warning": "This action has been automatically identified ...", "result": "Failure" } } After: { "errors": [ { "code": "abusefilter-disallowed", "data": { "abusefilter": { ... }, }, "module": "edit", "*": "This action has been automatically identified ..." } ], "*": "See http://localhost:3080/w/api.php for API usage. ..." } For comparison, a 'readonly' error: { "errors": [ { "code": "readonly", "data": { "readonlyreason": "foo bar" }, "module": "main", "*": "The wiki is currently in read-only mode." } ], "*": "See http://localhost:3080/w/api.php for API usage. ..." } Bug: T229539 Depends-On: I106dbd3cbdbf7082b1d1f1c1106ece6b19c22a86 Depends-On: I3b9c4fefc0869ef7999c21cef754434febd852ec Change-Id: I5424de387cbbcc9c85026b8cfeaf01635eee34a0
2019-08-01 01:48:08 +00:00
// Produce a useful error message for API edits
$filterResultApi = self::getApiStatus( $filterResult );
// @todo Return all errors instead of only the first one
$error = $filterResultApi->getErrors()[0]['message'];
Use the UploadVerifyFile hook Use the UploadVerifyFile hook instead of the UploadVerification one as it provides more data about the upload. This is the first step towards better upload filtering. Change-Id: Ie535c7d20ed79a1e26d8d399a7c25d632c9c7fa0
2013-02-28 01:25:59 +00:00
}
AbuseFilter: big commit - coding style & spacing cleanup; also marked SpecialPages' construct() and execute() functions as public and capitalized some SQL keywords
2009-10-07 13:57:06 +00:00
Add a new class for methods related to running filters Currently we strongly abuse (pardon the pun) the AbuseFilter class: its purpose should be to hold static functions intended as generic utility functions (e.g. to format messages, determine whether a filter is global etc.), but we actually use it for all methods related to running filters. This patch creates a new class, AbuseFilterRunner, containing all such methods, which have been made non-static. This leads to several improvements (also for related methods and the parser), and opens the way to further improve the code. Aside from making the code prettier, less global and easier to test, this patch could also produce a performance improvement, although I don't have tools to measure that. Also note that many public methods have been removed, and almost any of them has been made protected; a couple of them (the ones used from outside) are left for back-compat, and will be removed in the future. Change-Id: I2eab2e50356eeb5224446ee2d0df9c787ae95b80
2018-12-07 17:46:02 +00:00
return $filterResult->isOK();
AbuseFilter: big commit - coding style & spacing cleanup; also marked SpecialPages' construct() and execute() functions as public and capitalized some SQL keywords
2009-10-07 13:57:06 +00:00
}
Adds ResourceLoader support to AbuseFilter Rewrote javascript to use jQuery Added API modules to replace sajax_* calls Solves bug 29714
2011-08-26 20:12:34 +00:00
Integrate with Renameuser Register abuse_filter and abuse_filter_history tables. abuse_filter_log is more difficult (if possible). Bug: T27377 Bug: T206477 Change-Id: If8289101a08887519d5a90ef84700421b8ed2406
2020-09-30 13:15:27 +00:00
/**
* For integration with the Renameuser extension.
*
* @param RenameuserSQL $renameUserSQL
*/
public static function onRenameUserSQL( RenameuserSQL $renameUserSQL ) {
$renameUserSQL->tablesJob['abuse_filter'] = [
RenameuserSQL::NAME_COL => 'af_user_text',
RenameuserSQL::UID_COL => 'af_user',
RenameuserSQL::TIME_COL => 'af_timestamp',
'uniqueKey' => 'af_id'
];
$renameUserSQL->tablesJob['abuse_filter_history'] = [
RenameuserSQL::NAME_COL => 'afh_user_text',
RenameuserSQL::UID_COL => 'afh_user',
RenameuserSQL::TIME_COL => 'afh_timestamp',
'uniqueKey' => 'afh_id'
];
}
Add hook subscriber for UserMergeAccountFields Bug: 67757 Change-Id: Ibd77e7169c29f0757bc57fb1d0d13f765706d57e
2014-07-10 03:57:02 +00:00
/**
* Tables that Extension:UserMerge needs to update
*
Improve some parameter docs Change-Id: Ibac10a20243a4eedd826485d56eddd5234da6fec
2017-10-06 18:52:31 +00:00
* @param array &$updateFields
Add hook subscriber for UserMergeAccountFields Bug: 67757 Change-Id: Ibd77e7169c29f0757bc57fb1d0d13f765706d57e
2014-07-10 03:57:02 +00:00
*/
public static function onUserMergeAccountFields( array &$updateFields ) {
Use short array syntax Done by phpcbf over composer fix Change-Id: I53fd1fc8d056b9b60194d2d630852cfca37aadea
2017-06-15 14:23:34 +00:00
$updateFields[] = [ 'abuse_filter', 'af_user', 'af_user_text' ];
$updateFields[] = [ 'abuse_filter_log', 'afl_user', 'afl_user_text' ];
$updateFields[] = [ 'abuse_filter_history', 'afh_user', 'afh_user_text' ];
Add hook subscriber for UserMergeAccountFields Bug: 67757 Change-Id: Ibd77e7169c29f0757bc57fb1d0d13f765706d57e
2014-07-10 03:57:02 +00:00
}
Compute last-recent-authors result during edit stashing This query takes a large chunk of page save time (per xenon). Try to perform the query before page save. Bug: T116557 Change-Id: I50432658d387b24e47db7ed66880e53c3e4adee7
2016-01-27 01:37:58 +00:00
/**
* Warms the cache for getLastPageAuthors() - T116557
*
* @param WikiPage $page
* @param Content $content
* @param ParserOutput $output
Cache AbuseFilter::checkAllFilters during edit stashing This should improve page save times when manual edit summaries are not used (and in a few cases, where they are). Also fix a few annoying IDEA errors with block comments. Bug: T137698 Depends-On: I2e407a3ac8b74e77bf88b1e34c1519f4dea63b80 Change-Id: I972e9147a5e52a941f478eaf1e96dc3ef8bdfe94
2016-06-13 11:53:50 +00:00
* @param string $summary
Fix params to ParserOutputStashForEdit $summary and $user are always guaranteed to be passed, and $user is guaranteed to be a User object. Hence, update the hook handler to reflect that. Change-Id: I3a7fcb074b460b77210de5a6bad43f500aff3249
2019-09-23 21:33:51 +00:00
* @param User $user
Compute last-recent-authors result during edit stashing This query takes a large chunk of page save time (per xenon). Try to perform the query before page save. Bug: T116557 Change-Id: I50432658d387b24e47db7ed66880e53c3e4adee7
2016-01-27 01:37:58 +00:00
*/
public static function onParserOutputStashForEdit(
Add string typehint to $summary in onParserOutputStashForEdit Bug: T245928 Depends-On: I8fa287f335e90a59ac18365e7401a5cf703130a3 Change-Id: Ia075e4bdf3a3f011a181c8026ff1cdb8e186f096
2020-02-22 19:06:56 +00:00
WikiPage $page, Content $content, ParserOutput $output, string $summary, User $user
Compute last-recent-authors result during edit stashing This query takes a large chunk of page save time (per xenon). Try to perform the query before page save. Bug: T116557 Change-Id: I50432658d387b24e47db7ed66880e53c3e4adee7
2016-01-27 01:37:58 +00:00
) {
Pass MCR AF text into newVariableHolderForEdit Follow up to Idbb3a70d08a195dfa21422e07f593d1eeba4521d This also fixes the fetching of text for the stash edit code path which was missed by the previous patch. This now also uses the full old text in the variable holder. Bug: T213453 Change-Id: Ib80bc6385ebb5dd82bb1a384dd0e162608bfcbfa
2019-01-10 23:21:28 +00:00
// XXX: This makes the assumption that this method is only ever called for the main slot.
// Which right now holds true, but any more fancy MCR stuff will likely break here...
$slot = SlotRecord::MAIN;
Move the filter pre-caching outside of the DB lock Edits should not wait on this to finish, especially since it does both the minor and non-minor edit cases, only one of which actually being useful. If the cache is there in time and there is no edit summary it will be used; if not, there probably no reason to wait. Bug: T138550 Change-Id: Ifc3b97ddf4dbb94f8ec3eacfcd5c8994c69aafbc
2016-06-27 18:30:29 +00:00
// Cache any resulting filter matches.
// Do this outside the synchronous stash lock to avoid any chance of slowdown.
DeferredUpdates::addCallableUpdate(
Add profiling points throughout the code for the CachingParser switch Bug: T156095 Change-Id: Ib934be34a953166fe1b94cfe8ed216afe3b906ca
2019-09-16 16:53:36 +00:00
function () use (
$user,
$page,
$summary,
$content,
Factor out variables-related methods This is another step needed to reduce the size of the gigantic AbuseFilter and AbuseFilterHooks classes. It also makes many methods non-static, for more testability. Note, this layout is still not final. We should somehow merge the functionality of VariableGenerator and AFComputedVariable, for which I already have plans. Change-Id: I366d598b69ad866496b7cb0059e0835c02e54041
2019-06-25 16:39:57 +00:00
$slot
Add profiling points throughout the code for the CachingParser switch Bug: T156095 Change-Id: Ib934be34a953166fe1b94cfe8ed216afe3b906ca
2019-09-16 16:53:36 +00:00
) {
$startTime = microtime( true );
Introduce a VariableGeneratorFactory service So we can use DI in all generators. Some improvements were deliberately omitted, e.g. injecting more services and relaxing User/Title to UserIdentity/LinkTarget, and they'll be included in a subsequent commit. Depends-On: I1f351071ef2b0b7c80e91407a9c3bb17be293044 Depends-On: Ie71740fac35a86f8fe03023080ae8ca08671243d Depends-On: I589a0e1c2c5891070ab82cd5adfd9cedec19e67d Change-Id: I92ef0abd5e45b672e6f297a71b3c2c345d56f136
2021-01-03 13:10:20 +00:00
$generator = AbuseFilterServices::getVariableGeneratorFactory()->newRunGenerator(
$user,
$page->getTitle()
);
Factor out variables-related methods This is another step needed to reduce the size of the gigantic AbuseFilter and AbuseFilterHooks classes. It also makes many methods non-static, for more testability. Note, this layout is still not final. We should somehow merge the functionality of VariableGenerator and AFComputedVariable, for which I already have plans. Change-Id: I366d598b69ad866496b7cb0059e0835c02e54041
2019-06-25 16:39:57 +00:00
$vars = $generator->getStashEditVars( $content, $summary, $slot, $page );
if ( !$vars ) {
return;
}
Create FilterRunnerFactory Next step is splitting the Runner into various subclasses. Change-Id: I766555f31b425cee52fd262c5bfb1c73f3f170d2
2020-11-27 14:49:41 +00:00
$runnerFactory = AbuseFilterServices::getFilterRunnerFactory();
$runner = $runnerFactory->newRunner( $user, $page->getTitle(), $vars, 'default' );
Add a new class for methods related to running filters Currently we strongly abuse (pardon the pun) the AbuseFilter class: its purpose should be to hold static functions intended as generic utility functions (e.g. to format messages, determine whether a filter is global etc.), but we actually use it for all methods related to running filters. This patch creates a new class, AbuseFilterRunner, containing all such methods, which have been made non-static. This leads to several improvements (also for related methods and the parser), and opens the way to further improve the code. Aside from making the code prettier, less global and easier to test, this patch could also produce a performance improvement, although I don't have tools to measure that. Also note that many public methods have been removed, and almost any of them has been made protected; a couple of them (the ones used from outside) are left for back-compat, and will be removed in the future. Change-Id: I2eab2e50356eeb5224446ee2d0df9c787ae95b80
2018-12-07 17:46:02 +00:00
$runner->runForStash();
Factor out variables-related methods This is another step needed to reduce the size of the gigantic AbuseFilter and AbuseFilterHooks classes. It also makes many methods non-static, for more testability. Note, this layout is still not final. We should somehow merge the functionality of VariableGenerator and AFComputedVariable, for which I already have plans. Change-Id: I366d598b69ad866496b7cb0059e0835c02e54041
2019-06-25 16:39:57 +00:00
$totalTime = microtime( true ) - $startTime;
Add profiling points throughout the code for the CachingParser switch Bug: T156095 Change-Id: Ib934be34a953166fe1b94cfe8ed216afe3b906ca
2019-09-16 16:53:36 +00:00
MediaWikiServices::getInstance()->getStatsdDataFactory()
->timing( 'timing.stashAbuseFilter', $totalTime );
Move the filter pre-caching outside of the DB lock Edits should not wait on this to finish, especially since it does both the minor and non-minor edit cases, only one of which actually being useful. If the cache is there in time and there is no edit summary it will be used; if not, there probably no reason to wait. Bug: T138550 Change-Id: Ifc3b97ddf4dbb94f8ec3eacfcd5c8994c69aafbc
2016-06-27 18:30:29 +00:00
},
DeferredUpdates::PRESEND
Cache AbuseFilter::checkAllFilters during edit stashing This should improve page save times when manual edit summaries are not used (and in a few cases, where they are). Also fix a few annoying IDEA errors with block comments. Bug: T137698 Depends-On: I2e407a3ac8b74e77bf88b1e34c1519f4dea63b80 Change-Id: I972e9147a5e52a941f478eaf1e96dc3ef8bdfe94
2016-06-13 11:53:50 +00:00
);
Compute last-recent-authors result during edit stashing This query takes a large chunk of page save time (per xenon). Try to perform the query before page save. Bug: T116557 Change-Id: I50432658d387b24e47db7ed66880e53c3e4adee7
2016-01-27 01:37:58 +00:00
}
Notify of a throttled filter Use Echo for delivering the notification to the last user who edited the filter. Much boilerplate. Change-Id: I7a46a03b4f15de20902ec70c62fb4fe750096842 Depends-On: If585b14a6dd6fb8c7d2c3bee1f20d9d08eaac706
2020-11-10 12:58:11 +00:00
/**
* @param array &$notifications
* @param array &$notificationCategories
* @param array &$icons
*/
public static function onBeforeCreateEchoEvent(
array &$notifications,
array &$notificationCategories,
array &$icons
) {
$notifications[ EchoNotifier::EVENT_TYPE ] = [
'category' => 'system',
'section' => 'alert',
'group' => 'negative',
'presentation-model' => ThrottleFilterPresentationModel::class,
EchoAttributeManager::ATTR_LOCATORS => [
[
[ EchoUserLocator::class, 'locateFromEventExtra' ],
[ 'user' ]
]
],
];
}
Add AbuseFilter extension
2008-06-27 06:18:51 +00:00
}
Reference in a new issue Copy permalink