Similar to how CheckUser logs access to IP information about temporary
accounts, AbuseFilter needs to log whenever protected variables are
accessed.
- Implement ProtectedVarsAccessLogger which handles access logging
- Log whenever a user changes their ability to access protected
variables via Special:Preferences
Bug: T371798
Change-Id: Ic7024d9c5f369eb33c4198a59638de9a1d58b04b
Users need to enable a preference before gaining access to the IPs
from `user_unnamed_ip`, a protected variable.
- Add a preference that the user can check to toggle their access
- Check for the preference and the view right for logs that reveal
protected variables on:
+ AbuseFilterViewExamine
+ SpecialAbuseLog
+ QueryAbuseLog
Bug: T371798
Change-Id: I5363380d999118982b216585ea73ee4274a6eac1
Small performance benefit by just one db call instead of multiple
Most test cases only use one filter, but some 2 to 4
Change-Id: I498c447e3873d2138e21541467115c9a67bb909e
AF rules don't support associative arrays, so the named capturing groups are provided in the array only by their numeric keys.
Bug: T374294
Change-Id: I53b39917e6677f3a5b8f68bcf0faebf48668ea27
Session providers can provide a `canAlwaysAutocreate` flag which
indicates account creation is exempt from autocreate permission
checks. This is used, for example, for providers that provide
users for supporting applications in a wiki farm.
Check the flag and exempt the auto creation from abuse filter
checks as well.
Bug: T373778
Change-Id: Id89358930b92cb8dd05c2b031e764412ee641269
Why:
* The SearchFilters.php maintenance script fails to produce any
filters when the --pattern option is not provided
* This is because the condition that checked for a missing pattern
did this after it was passed through ::addQuotes, which made
the value always truthy.
What:
* Fix this bug, so that the --consequence option can be provided
without the --pattern option.
Bug: T373148
Change-Id: I316d3f940a8e7616a56040077a20563ee653515b
Why:
* SearchFilters.php allows the caller to search by a regex that
is applied to the pattern.
* This script can be expanded to allow callers to specify what
consequence should be associated with the filters that are
outputted.
What:
* Add a 'consequence' option to the SearchFilters.php maintenance
script, which is applied through a LIKE query on the
af_actions column.
** This can be specified with or without the pattern option.
** Instead of making pattern required, the script now requires
that one of consequence or pattern is provided.
* Expand the tests for the script for this new code, along with
using the new ::expectCallToFatalError method to be able to
test previously untestable code.
Bug: T373148
Change-Id: I1b507d8f9dc1f4cf91ee4f83ccde745eb6d46d6d
Make the `reason` parameter default to the empty string, so that we
don't end up passing null to ManualLogEntry::setComment.
Bug: T373010
Change-Id: Ifca828401628368bdddae14df2bbeb7391b2c02d
get_debug_type() does the same thing but better (spelling type names
in the same way as in type declarations, and including names of
object classes and resource types). It was added in PHP 8, but the
symfony/polyfill-php80 package provides it while we still support 7.4.
Also remove uses of get_class() where the new method already provides
the same information.
For reference:
https://www.php.net/manual/en/function.get-debug-type.phphttps://www.php.net/manual/en/function.gettype.php
Change-Id: I5e65a0759df7fa0c10bfa26ebc3cda436630f456
Per discussion, as a compromise (that I’m fine with), I’m leaving these IDs localized (i.e. the digits may be other than arabic), and I’m only removing the thousands separators.
Bug: T348717
Change-Id: I77b484fec2071267c53a139104c23755a13f0129
This uses Codex provided colors in AbuseFilter primarily to
make it compatible some parts such as the log table with
the dark mode.
This however doesn't touch Ace highlight customisation of
the extension as Ace itself isn't dark mode compatible yet
the far I know.
It treats one #aaa color for borders the same as #a2a9b1
and uses a darker text color for deleted vs disabled
unlike what was before as I tried to both make it distinguishable
but use @color-disabled for that disabled style.
Change-Id: Ifddbda378754260ca8d8802bfd8c6c98de8e1def