Commit graph

423 commits

Author SHA1 Message Date
Daimona Eaytoy 103dfa3b66 Remove info leak
Oversighted/deleted edits and log actions were entirely accessible to
non-oversighters via AbuseFilter/examine for RC, and via AbuseFilter/test.
Now, we take into account the revision/log visibility and user permissions to
determine what to show.
Other changes in this patch:
*Show the examine link if and only if the user can examine the given row
*If a revision is hidden but the user can see it, don't hide its elements in
 ChangesList (only leave them striked/greyed)
*Make APIs better understand revision visibility.
*Make a clear distinction between deleted and suppressed edits/log
entries.

Co-authored with rxy <git@rxy.jp>

Bug: T207085
Change-Id: Icfa48e366a7e5e3abd5d2155ecfddfc09b378088
2018-10-23 10:53:39 +00:00
jenkins-bot 97602b8a68 Merge "Remove useless array_filter" 2018-10-19 10:14:56 +00:00
jenkins-bot 7e151f5edc Merge "Unbreak short circuit for arrays" 2018-10-18 04:04:31 +00:00
jenkins-bot eb1303c8cd Merge "Revert "Add typehinting for every object-only parameter"" 2018-10-17 03:09:55 +00:00
Jforrester 1ed75b4ae0 Revert "Add typehinting for every object-only parameter"
This reverts commit 69d7669069.

Reason for revert: Causing UBN train blocker

Bug: T207220
Change-Id: I3445d9b3065149e2beb149e10fbbf5502b480f57
2018-10-17 01:22:23 +00:00
jenkins-bot 7a8a2fa3e1 Merge "Add typehinting for every object-only parameter" 2018-10-16 02:48:39 +00:00
Daimona Eaytoy 69d7669069 Add typehinting for every object-only parameter
This patch covers every object-only parameter, adding a typehint for it
to avoid errors.

Change-Id: Iebf700621b9dbff78c3bd8f3c136ed15ef4b8d4b
2018-10-15 09:56:09 +02:00
jenkins-bot fea08f45b8 Merge "Avoid useless error message for regexfailure exception" 2018-10-14 13:47:37 +00:00
Matěj Suchánek a3cc3dff75 Remove some $wgUser usage
Bug: T159299
Change-Id: I1613e2bb0c551cbadc0c57351fc40bd9e21abf52
Depends-On: I35adef06dfc799cddeddfa6c5eed53b8b1bb7282
Depends-On: Id19a6d883ac6e0cc9c26c923486bca0e414ecaa7
2018-10-14 11:24:52 +02:00
se4598 9d12e1b353 Allow selecting custom disallow message
You can now select a custom message to be displayed for disallowing a edit
the same way as for warn mode. This can be the same or a totally different
message.

This also solves the usecase, when a edit filter is set to warn AND disallow,
to be able to show the user a custom message, but the generic is shown
on the second try (disallow). Now it can be only set to disallow.

Bug: T27086
Change-Id: Ic1de03a6944c43a346fa317ee0a217551f0d284a
2018-10-11 10:35:01 +02:00
Daimona Eaytoy eafb4f56c7 Avoid useless error message for regexfailure exception
Users writing filters probably don't care about preg_match or whatever
happens in PHP. Also, it's not that useful to see "unspecified error".

Change-Id: I014742fa6f678126f55ac5ccff38e44b2c5a7d15
2018-10-08 19:19:01 +02:00
Daimona Eaytoy e60dacbbea Fix code comments
Fixed some comments adding explanations, fixing syntax, and parameter types
for docblocks. Also fixed some whitespace mess, and added a missing use
statement.

Change-Id: I3547c90bdaa2cab5443e8bf0c63b217fe6ba663f
2018-10-03 16:45:03 +02:00
Daimona Eaytoy d9d5af3890 Unbreak short circuit for arrays
This problem have been making filters potentially fail silently since
2009. Also add tests for arrays to make sure that no problems arise
when short circuit is used.

Bug: T204841
Change-Id: Ie4e2e06498c1202ba73afcc5d164a72427abbca5
2018-10-03 16:44:10 +02:00
jenkins-bot 3efc69960c Merge "Fix database schema for PostgreSQL" 2018-10-01 15:43:29 +00:00
Umherirrender 45e6fa932d Fix caller name in AbuseFilterHooks::fetchAllTags
Seeing {closure} in the logs as caller is not helpful

Change-Id: Id3bf5c7fd810d48dc04a167692b336b3ccba2eb4
2018-09-30 14:08:06 +02:00
Umherirrender 4fdd1bbf20 Fix caller name in AFComputedVariable::getLastPageAuthors
Seeing {closure} in the logs as caller is not helpful

Change-Id: I23ee52609510f8efefba8c1ee466d491f468f494
2018-09-30 14:06:04 +02:00
Matěj Suchánek db50bef21e Fix database schema for PostgreSQL
Bug: T62639
Change-Id: I5ddb781a2971677410f4cb96e5fc5964e53c862a
2018-09-29 12:12:52 +02:00
Daimona Eaytoy 50d5137880 Remove useless array_filter
Not only it's useless, but also removes the namespace if it's 0, thus
causing the query to only add a WHERE on rc_title, but the index is on
rc_title AND rc_namespace, so the query has bad performance.

Bug: T204228
Change-Id: I33694cfeddbc4eaf39e3e840b207dba433188834
2018-09-24 14:34:53 +02:00
jenkins-bot eae59db542 Merge "Fix the block options on ViewEdit" 2018-09-20 11:25:00 +00:00
Daimona Eaytoy 9144dbf4a1 Remove unused parameter
Nothing uses it, plus it wouldn't work anyway: AbuseFilterParser
constructor only uses $vars if it's instanceof
AbuseFilterVariableHolder.

Change-Id: Idbf53f6058148e9f0e73beb949e1c028a81663ce
2018-09-19 19:58:30 +02:00
jenkins-bot a813140e44 Merge "Unbreak /examine for old log entries" 2018-09-16 12:00:34 +00:00
Daimona Eaytoy fc867a1c5c Allow testing account autocreation
Bug: T204231
Change-Id: If566cfdeb4cdbb78833077da09aeef33754f88d3
2018-09-14 13:09:07 +02:00
Daimona Eaytoy 31729b044e Unbreak /examine for old log entries
For the moment, this is a simple workaround to get them back working.
Ideally we'd also need a maintenance script to update var dumps as I
wrote in the task, but it needs more thinking (see Phab).

Bug: T204236
Change-Id: Ia20a2eb495557f46f789467a96e654ec6cd3f355
2018-09-13 18:42:47 +02:00
Matěj Suchánek 6eb5d9766b Use correct variable in AbuseFilter::addLogEntries
The data was inserted to the foreign database, so the id needs
to be fetch from that one.

Change-Id: I8eef8d74fc924829447e31f4445154b01b92aa7a
2018-09-13 11:57:55 +02:00
jenkins-bot a0a4755c59 Merge "Remove unused method from parser" 2018-09-09 12:32:56 +00:00
jenkins-bot 121df619da Merge "Improve coverage for AbuseFilterTokenizer" 2018-09-09 12:30:49 +00:00
jenkins-bot 151b1f6779 Merge "Make searched filters highlighting multibyte safe" 2018-09-09 12:25:17 +00:00
jenkins-bot dee934cd5a Merge "Partly unbreak throttle action" 2018-09-09 12:03:40 +00:00
jenkins-bot e4f986a661 Merge "Add full tests for deprecated variables" 2018-09-09 11:55:03 +00:00
jenkins-bot fb864408e3 Merge "Replace wfDebug and wfDebugLog with logger" 2018-09-09 11:55:02 +00:00
Daimona Eaytoy 8885a5983e Partly unbreak throttle action
This action have ALWAYS had this problem: when creating a new filter,
the temporary ID is 'new', and the throttle ID is then 'new'.
This is used when creating/checking throttle keys to determine if the
user should be throttled. However, the 'new' key is not unique and
(although it's not the only part of the key), it may lead to
unpredictable behaviours. I'm not sure if this solves the task below,
but can probably help.
Also added a FIXME that we should handle shortly.

Bug: T195699
Change-Id: Id3b0ff524c52fb57fdd72f9608f758f8383e4320
2018-09-09 07:09:14 +00:00
jenkins-bot a3882d8c4a Merge "Only select needed columns in queries" 2018-09-05 17:11:42 +00:00
jenkins-bot a9f9742b28 Merge "Remove the last PHPCS exclusion" 2018-09-05 17:07:51 +00:00
Daimona Eaytoy e65a69b6fe Only select needed columns in queries
Using '*' is handy, but we often end up selecting too much stuff.

Change-Id: I16d791ff8de6596de4fb65b1032b225f0bd65bf3
2018-09-03 14:12:41 +02:00
jenkins-bot 7cce6d1864 Merge "Remove _age variables from cache keys" 2018-09-03 12:08:29 +00:00
Daimona Eaytoy 63803568d6 Remove the last PHPCS exclusion
Bug: T178007
Change-Id: I5ddb811c2cb15040a859a63b64873f0fa53508ee
2018-09-03 10:42:30 +02:00
Daimona Eaytoy 48989ffcda Remove PHPCS exclusion and fix it
Again, we're left with only one exclusion that I don't know how to fix.
See phab for a longer explanation.

Bug: T178007
Change-Id: I017097abef755bc65c77a5658ad92320bc42d78b
2018-09-03 09:33:29 +02:00
libraryupgrader 5cdab14eb8 build: Updating mediawiki/mediawiki-codesniffer to 22.0.0
The following sniffs are failing and were disabled:
* Squiz.PHP.NonExecutableCode.Unreachable

Change-Id: Ic3f031974008776f272d1ee77093c6d170f27ae9
2018-09-02 22:05:58 +00:00
Daimona Eaytoy bffba28713 Add full tests for deprecated variables
This test checks every deprecated variable to be identical to the
newly-named one, and to emit a debug notice. It also changes such debug
to be emitted via logger instead of wfDebug.

Bug: T201193
Bug: T173889
Change-Id: Ie55746bb7731062ae2d46d84857af2a05d78cf4c
2018-08-29 11:00:28 +02:00
Daimona Eaytoy 2f0a0a0893 Replace wfDebug and wfDebugLog with logger
Per standard on
https://www.mediawiki.org/wiki/Manual:Structured_logging. The use inside
AbuseFilterParser is removed in
Ie55746bb7731062ae2d46d84857af2a05d78cf4c.

Change-Id: Ia62287c4ff5f904557cd6d43d47a9f4d9696b94b
2018-08-29 10:57:56 +02:00
Daimona Eaytoy 39f42caffc Make searched filters highlighting multibyte safe
Avoid using preg_match's offset since it is MB-unsafe. Also, remove 'UTF-8'
from mb_ functions (it's the default), reduce code duplication, and show
the right snippet for long search patterns.

Bug: T202310
Change-Id: Ieb06bdd80b0f915609afed7c7ad95e6318058ee9
2018-08-27 07:22:22 +00:00
Daimona Eaytoy 934399de45 Remove _age variables from cache keys
As we do for user_age, since these will always change. Also, rework the
method to avoid repetition of unset().

Change-Id: Ie5ceedd89cae3813bacf6680d588bc925362c2c2
2018-08-26 16:02:32 +02:00
jenkins-bot 10c147cb92 Merge "Use === operator with strpos" 2018-08-25 21:28:28 +00:00
Daimona Eaytoy 8094a49dcf Generate upload variables using new prefixes
This wasn't changed in I5c370b54e6516889624088e27928ad3a1f48a821 but
really needs to be merged, to avoid setting wrong variables. At the
moment this is still fine due to temporary overrides in
AbuseFilter::generateTitleVars, but this should be merged ASAP anyway.

Bug: T173889
Change-Id: I2e6058a6fa122470a30cd4a96c68eccc66e18ae4
2018-08-25 19:06:35 +02:00
Daimona Eaytoy ef51e7c253 Fix the block options on ViewEdit
Align the checkbox label on the left to conform with dropdowns, avoid
two if with the same conditions, and give variables a better name. Also,
remove an unused message: with OOUI, the old design can't be reproduced.
We could add a fieldset, but then it would be greatly different from
options for other actions.

Change-Id: Ibdc993c1457636215601eb22f5202d2f6ad57bd9
2018-08-25 18:56:44 +02:00
Daimona Eaytoy 66318915db Use === operator with strpos
The condition always evaluated to true: for global filters strpos
returned 0, otherwise it returned false, which is == 0. Fortunately, in
the second case the function returned false as it should. Anyway, be
safe and use === operator as it should always be for strpos.

Change-Id: I7ffc990b2b8b9c47ebfb64d5234f561faaff5e88
2018-08-25 17:35:15 +02:00
Daimona Eaytoy 775c736512 Improve coverage for AbuseFilterTokenizer
This will make tokenizer almost fully covered. The only uncovered parts
are the one with cache and an else condition which I think won't ever be
executed, and thus added a comment for that. Also, remove an obsolete
xxx comment from ComputedVariable (fixed in
I8e420f0259ef6c9e579f7a00beb58f28af9da37d)

Bug: T201193
Change-Id: I6e9a73aa9e437f096f6a1e20d53a7cb50e5ed85d
2018-08-25 10:25:16 +02:00
Daimona Eaytoy a8b62dc828 Remove unused method from parser
AbuseFilterParser::setVarsimply calls the setVar method in
VariableHolder and is currently unused. Its only call was removed in
I80cbc4033ff96f2fe8c1da263b1877bfb4c7c0c4. After this patch we'll only
have an uncovered line in the parser, which is likely due to a bug in
the coverage check.

Change-Id: Ic860b03b2d23fec073a9294e356e074ae1b14ae5
2018-08-24 12:30:47 +02:00
jenkins-bot 055cc7b5ff Merge "Filter AbuseLog by triggering action" 2018-08-23 14:48:57 +00:00
jenkins-bot ad69ea648e Merge "Remove unused function and improve unit test" 2018-08-23 13:46:41 +00:00