Commit graph

4707 commits

Author SHA1 Message Date
jenkins-bot e6ca0f288d Merge "Really disable the minor_edit variable" 2018-12-31 02:21:56 +00:00
jenkins-bot 2539f6883e Merge "Remove workaround to complete phase 1 of variables migration" 2018-12-30 23:19:20 +00:00
jenkins-bot 90796123a8 Merge "Add a new method and hook for static variables" 2018-12-30 22:50:35 +00:00
Daimona Eaytoy 217b4b57ff Remove workaround to complete phase 1 of variables migration
When all the other patches will be merged, this workaround won't be
necessary, and by removing it we're finishing the first phase of
variables migration. Which could also be the only one if we decide not
to go on and remove the old ones.

Bug: T173889
Depends-On: I5c370b54e6516889624088e27928ad3a1f48a821
Depends-On: I6576497feaf6d2c475ee33a91feb6a640e2c20fe
Depends-On: I87a48fdc8b392b25eb02807e8d0f712d0a399ece
Depends-On: Ib29eb15c1a51c037d036be8dc1541d96ea4b174b
Depends-On: I909a99e80a895a9b009c33ea72e8e0a4ea0a1375
Change-Id: If5f238cddb41ef92b141e36b4f2f15fd4cc86476
2018-12-30 22:43:14 +00:00
Daimona Eaytoy b0c5b97b28 Add a new method and hook for static variables
This is for adding variables which can be computed even without an
ongoing action. Currently, we don't have any, except for timestamp (but
that's a bit special). Other extensions could. For instance, we'll be
able to expose the content of the spam blacklist.

Bug: T211680
Change-Id: Iba59fe8d190dd338ecc8cfd682205bce33c9738b
2018-12-30 18:15:33 +01:00
Daimona Eaytoy 7b3526e3b7 Simplify AbuseFilterVariableHolder::dumpAllVars
It's totally pointless to recreate all variable names, since we already
have them in builderValues. The only exception is for _restrictions
variables, although they should be handled in builderValues too.

Change-Id: I156ebb1e6e590d09ded093a23d19c0d635a503bf
2018-12-29 18:33:49 +01:00
Daimona Eaytoy 2fc56ce014 Use array_unique on the array of tags to add
Otherwise calling bufferTagsToSetByAction multiple times makes the list
grow, and IIRC the core doesn't call array_unique on the tags to apply.
Also clean the list after applying tags.

Change-Id: Iebbdeac7898b35beea79aa3d0cdf9d0fb265d726
2018-12-29 15:19:02 +01:00
Daimona Eaytoy 921db0397e Really disable the minor_edit variable
The variable was disabled with I7f13773766e12f3d4b86451fdf3ae23e067ac373
in 2016, but not in the same way as old_text and old_html were disabled
in 2009. This patch uses the methods introduced with
Ife168522e6b1d8eb94ebbb8a16ae8831ec1dc497 to disable minor_edit in a
standard way, so that it won't be showed in new AbuseLog entries, and
won't be usable when writing filter syntax.
A warning will be emitted if a pre-existing filter is using it, so that
we'll be able to completely disable it in the future.

Change-Id: I5ad5219ee19a5e6ba2bfdffb4e0aad63c8951491
2018-12-29 14:14:27 +01:00
Translation updater bot e7684d8925 Localisation updates from https://translatewiki.net.
Change-Id: I336822d68571bd7efc2fd86a70681639a983e18e
2018-12-27 09:50:25 +01:00
zoranzoki21 d4bce52953 Add aliases for Serbian language
Bug: T212586
Change-Id: I40d9dad9c0d5c61e3c0a4ec3e4a1510e3e80c093
2018-12-24 02:16:55 +00:00
jenkins-bot f00b89fd40 Merge "Set alias name of Special:Abusefilter for Urdu language" 2018-12-24 02:13:31 +00:00
Translation updater bot a7f67f3599 Localisation updates from https://translatewiki.net.
Change-Id: I6205a506cbf30a4cead97bad7ba9a432cc8c307f
2018-12-20 22:41:31 +01:00
محمد شعیب 75b0b9c948 Set alias name of Special:Abusefilter for Urdu language
Change-Id: I5d1d8275287ca478b4cac1894646fc9403dec67d
2018-12-20 19:48:22 +00:00
Translation updater bot 4f5dc59f9f Localisation updates from https://translatewiki.net.
Change-Id: Idd83753f9b716e1798018ab9bd43ce0215225570
2018-12-19 22:22:23 +01:00
jenkins-bot 6dd183857d Merge "build: Set "root": true, in .eslintrc.json" 2018-12-18 07:29:25 +00:00
jenkins-bot 1a154ca0c8 Merge "Report all filters with wrong throttle parameters" 2018-12-18 04:56:49 +00:00
Kunal Mehta f2ce7bb7e2 build: Set "root": true, in .eslintrc.json
This ensures that each repository's "npm test" command is fully
independent of wherever it might be in the filesystem.

Bug: T206485
Change-Id: I4b9598d41b2fe01703b89914f9c1a470ed1a9cf2
2018-12-17 18:52:49 -08:00
jenkins-bot 6421187a13 Merge "Validate the abusefilter-blocker name" 2018-12-17 22:17:03 +00:00
Translation updater bot 2367e666a0 Localisation updates from https://translatewiki.net.
Change-Id: I3f731eb17bff9e9f8f37b1bcfc46a70e216de26b
2018-12-17 22:18:46 +01:00
Daimona Eaytoy ea89dd4ca3 Report all filters with wrong throttle parameters
Instead of only the first one. This is quite hacky, but I don't have
much time right now, and this script is written in the spirit of JFDI.

Bug: T209565
Change-Id: Ic12ff21dd41b619bea9c71001555fd4d6299e58b
2018-12-17 20:19:20 +01:00
Daimona Eaytoy 4950bf6664 Validate the abusefilter-blocker name
In T209565#4826952 I discovered that if the "abusefilter-blocker"
message is an invalid username, we silently end up without a system
user, thus risking to break something. Instead of silently failing, emit
a warning and use the default name. As I wrote in the code comment, we'd
better avoid throwing, because the message can be modified by anyone,
who could then break the site.

Change-Id: Ifa866bd9676945bf94e7e481adf6ad0d6cf4370c
2018-12-17 16:02:24 +01:00
jenkins-bot 102f6f7497 Merge "Fix big problems with normalizeThrottleParameters" 2018-12-17 03:34:34 +00:00
Daimona Eaytoy 3fa6e2d31c Expand AbuseFilter::getFilter to select all fields and fix caching
This partly reverts If72b18bedac5e580487406e696aea1fd172ae45b. While
it's true that we don't need every filter, that method is public and
other code may need fields that we don't need. This way we can encourage the
use of this function (which caches the result) instead of direct DB
access.
Also, the method can currently accept global filters passed as
"global-<integer>", but saves them to cache with the same key as local
filters (i.e. local filter 15 and external global filter "global-15" are
both saved in AbuseFilter::$filterCache[15], which could lead to subtle
bug).

Change-Id: Ieb04f019453033c275e211cfc9fd68d5d7c392ef
2018-12-16 14:23:45 +01:00
Daimona Eaytoy aa280998c0 Fix big problems with normalizeThrottleParameters
My final testing unveiled 4 problems, see T209565#4780868. Testing again
after this patch yields the expected outcome.

Update: A fifth problem is that we cannot disable throttling if throttle
groups are empty or fully invalid: that case is similar to the one with
invalid rate, the throttle limit is never reached and thus throttle just
doesn't work. Instead, ask users to fix it by hand.

Bug: T203336
Bug: T209565
Change-Id: Id03c9880f60764efc596ac40b8662087fdb30550
2018-12-15 18:36:16 +01:00
Daimona Eaytoy f49d4e5caa Emit debug logs when filtering without title
We have two situations where we try to execute filters without a title.
However, the code doesn't handle it correctly: some points expect $title
to actually be a Title object, and we also pass it around using a hook
which explicitly says it always pass a Title. This patch adds two debug
points to help understand why we end up with null titles, so that we can
fix it upstream.

Bug: T144265
Change-Id: I35bfc483a0c69a5cbd38eae8ba299189955fa1ec
2018-12-13 20:34:21 +00:00
Translation updater bot d7629efb7c Localisation updates from https://translatewiki.net.
Change-Id: Ia04342b79dd9b1f417bde496bbee73161539c68c
2018-12-11 22:39:26 +01:00
Daimona Eaytoy db31c6dfea Rewrite the method for getting a global emergency value
Currently it barely has any reason to exist, as it's a single-line
method. This patch moves there the global state, and also changes the
signature to allow shorter calls.

Change-Id: I7851fa41cbd96912b3859319ba97a501b1cbaa57
2018-12-10 18:28:32 +01:00
Translation updater bot c496545573 Localisation updates from https://translatewiki.net.
Change-Id: Ib777ddf8193849f1b708d8df16e1a265cdbac43d
2018-12-09 22:38:41 +01:00
Daimona Eaytoy 1dcf3fc98c Move a method out of AbuseFilter.php
AbuseFilter::buildFilterLoader is only used in ViewExamine and
ViewTestBatch, so this patch moves it to AbuseFilterView and makes it
non-static.

Change-Id: I7f11cfd7ac81e536492eb59c40da7c14771cee2b
2018-12-09 14:33:30 +01:00
jenkins-bot be8fda1bde Merge "ve.init.mw.AbuseFilterSaveErrorHandler: Update to receive entire response" 2018-12-07 19:41:50 +00:00
Bartosz Dziewoński 800ff6d899 ve.init.mw.AbuseFilterSaveErrorHandler: Update to receive entire response
Change-Id: I8d5f60f8d54cbaaf1801a85cb6e12a8f3d4370a4
Depends-On: I818d916275b8451af6910ddaa7cd4d7c653085ee
2018-12-07 14:18:12 -05:00
MarcoAurelio 5bff9385eb build: Update phan-taint-check-plugin to 1.5.1
Change-Id: I9ba855b041958b995f1139cb3e36298e1247f5b9
2018-12-05 22:18:15 +00:00
daniel 688eccea47 Expose text from all slots to AbuseFilter
This is a first step towards MCR support in AbuseFilter. The textual
representation of all slots is concatenated. Since AbuseFilter uses
getTextForSearchIndex to determine the textual representation of
content, blind concatenation should not break any assumptions
made by AbsueFilter rules: this naive approach is no worse than
AbuseFilters handling of non-textual content in general, and should
work fine for textual content.

Bug: T209291
Change-Id: Ic141085cad2e11bfe106fe83dafcb35ac31206ba
2018-12-05 09:24:08 -08:00
MarcoAurelio 5ad80d2c13 build: Update npm dev dependencies
stylelint                   9.2.0  →  9.9.0
 stylelint-config-wikimedia  0.4.3  →  0.5.0

Change-Id: Id818e6273bc0f416e0b8fcf5bb5d52494a418ee8
2018-12-05 11:44:28 +00:00
Translation updater bot 3238b3205c Localisation updates from https://translatewiki.net.
Change-Id: If4d2c796280785d48d8e7c550b9cd95ff3a3a7d9
2018-12-04 22:14:22 +01:00
jenkins-bot 1dd8f41d0d Merge "Use the updated TitleMove hook to filter move actions" 2018-12-04 19:32:04 +00:00
Daimona Eaytoy 206bdc1f6a Use the updated TitleMove hook to filter move actions
For several reasons:
*We're not really checking permissions (and the hook previously used is
meant to be used in such case)
*We'll show a cleaner error message (i.e. without the "You do not have
permission..." part)
*Filtering will happen closer to the actual move

Bug: T208907
Depends-On: I4733724075b7514e9db59e7be772d9409aa9da87
Change-Id: If88f736a446247f8b4b13c055c641d56f544d1ea
2018-12-04 18:58:04 +01:00
jenkins-bot 23a7aa69a5 Merge "Fix regex group counting for get_matches" 2018-12-04 13:58:06 +00:00
Daimona Eaytoy 38749b46bb Warn the user if they try to leave the page with unsaved changes
While editing filters, sometimes it happen that you make some change,
forget about it and then reload/close the page, and no warnings will be
issued. This patch makes use of the core module used for normal page
editing to display a warning if trying to leave a filter editing page
with any unsaved change (both to the filter pattern or other form
elements).

Change-Id: I78d79215565d5c82028b1a2a4276497ccbffdea2
2018-12-04 13:06:46 +01:00
jenkins-bot bb289862ff Merge "Remove code for old global variables" 2018-12-04 06:27:32 +00:00
Huji Lee b523194032 SECURITY: Remove private information from the API results
Later, we will add a new POST request which will allow retrieving
the private details; it will have a mandatory "reason" parameter,
and will result in a log entry in the private details access log,
just like the web interface.

Bug: T210329
Change-Id: Iaca492371f48fecf543268c179a651841ed12c3f
Signed-off-by: sbassett <sbassett@wikimedia.org>
2018-12-03 23:11:32 +00:00
Translation updater bot 88ccbfcf48 Localisation updates from https://translatewiki.net.
Change-Id: Ic25dc7ce09e4ed369c00c32cdbcb76700abbd3c8
2018-12-02 22:14:51 +01:00
Daimona Eaytoy 7ca0941d1f Remove code for old global variables
Those two global config variables were removed more than 2 years ago, in
I790d39c2849922d7daf7479f298cd90cf30af129. Nothing else in the code
references them, so we can just remove the warning.

Change-Id: I427d06a80131447ea64064f45e84349f93e72cca
2018-12-02 16:24:09 +01:00
Translation updater bot 36740c0d2f Localisation updates from https://translatewiki.net.
Change-Id: Ia08508a1dd490476f9812536abce43b89ca594ff
2018-12-01 22:17:28 +01:00
jenkins-bot dff5cd89f9 Merge "Further clarify docs for emergency disable" 2018-12-01 01:32:31 +00:00
Translation updater bot 0ce3eb201e Localisation updates from https://translatewiki.net.
Change-Id: I2219139d93c0d6d0937392a5e054da5e27fe5c88
2018-11-30 22:49:36 +01:00
jenkins-bot 8d1231e88b Merge "Bring in VE support from VE extension" 2018-11-30 20:02:20 +00:00
Ed Sanders 687106d8af Bring in VE support from VE extension
Change-Id: Ib1354f0404209a15194895026ff9d179d16b1900
2018-11-30 10:59:16 +00:00
Translation updater bot b1a0f6f8e3 Localisation updates from https://translatewiki.net.
Change-Id: I0c067d16b221d9257e1caf05bd18644d35b71aeb
2018-11-29 22:26:17 +01:00
Daimona Eaytoy 6aff37fb52 Further clarify docs for emergency disable
This is a follow-up to Ic3bc6e36506973b19a9b1bcecbc1a5080faed2ec. I
believe it's important to specify how many recent actions we're looking
at, and I also think it's not nice to rely on a variable amount of
actions to determine whether a filter should be throttled. Also, require
a $group parameter in filterUsedKey (we always pass one, and there's no
reason not to).

Change-Id: I0384d3f1913ead593f605248950606c81c8f8542
2018-11-28 19:29:15 +01:00