This is part of a project to enchance blocking in AF. With this patch,
users are allowed to specify two block durations for each filter, one
for anonymous and one for registered users. For backward compatibility,
default values are set to the global variables.
Bug: T32024
Change-Id: Ib072433d19dabae48d8514e08be9893135b5d63c
Adds option to stop logging IPs in afl_ip in the abuse_filter_log table.
Introduces a new global variable: $wgAbuseFilterLogIP
Bug: T187169
Change-Id: I1615ba6949c9f8bcdd6ee6aef580c87a05f43e6a
Per T178092, AbuseFilter now maintains compatibility with older versions
of MediaWiki using release branches. Thus, various back-compat code
paths may be removed from the master branch.
Change-Id: Ia1b5eade30d7486e3b1b386b15a7db4e5c8cfead
When $wgAbuseFilterRuntimeProfile is true, all filters taking
longer than $wgAbuseFilterRuntimeLimit will be logged for
later analysis
Bug: T174205
Change-Id: Id81833afa8421476a6cee47eb3393acdb3a38d65
Metrics per edit:
- Execution time of all filters
- Number of filters executed
- Number of conditions executed
Due to the current structure of abuse filter there was not
a clean way to include filter actions and abuselog creation
as part of the runtime metrics.
Bug: T161059
Change-Id: I6208b620453863133c6623aa419775f63c7d3eb1
After I544cdfa75c7472f2d98b2561bc6f6f9c2d2ad639 (dieWithError
and checkUserRightsAny), this is the oldest MediaWiki version
AbuseFilter can be run on.
AbortMove was removed from MediaWiki in 1.25, UploadVerifyFile
is only relevant for 1.27 and older.
(Replaces I1e962217c3b20d901a5742cf76339a3f488a6e97.)
Change-Id: Iec237b2887f72b115fdcef78d2d7a944ba82c784
Rename $wgAbuseFilterAvailableActions / $wgAbuseFilterRestrictedActions
to $wgAbuseFilterActions / $wgAbuseFilterRestrictions and make
them an associative array instead of a plain one, as that works more
sanely with extension registration. (The renaming helps to give more
useful errors to sites using the old config.)
Change-Id: I790d39c2849922d7daf7479f298cd90cf30af129
For ease of review this is the same as
Icff39f3f79f7ffe86214cfa216b53f3d882e1968 and the necessary changes
are done in the child patch. Should not be merged without that.
Bug: T87876
Change-Id: Iefd8d34619bbfb7602c4fea869f3f89fdeb9057b
Co-Authored-By: Paladox <thomasmulhall410@yahoo.com>
Follow-up to b60829a60c.
I'll fix up message translations on Translatewiki when this is merged.
Bug: T132189
Change-Id: I1ecaedd7489b264ed621309b6fbfb63b9287a437
This query takes a large chunk of page save time (per xenon).
Try to perform the query before page save.
Bug: T116557
Change-Id: I50432658d387b24e47db7ed66880e53c3e4adee7
Scrap the AFPRegexErrorHandler custom error handler clusterfuck and replace it
with a simple try-catch that accomplishes the same thing.
Change-Id: Ice1b6da433b892d9871780a9753c098aa639bf6c
* Move AbuseFilterParser::nextToken() and the various AbuseFilterParser
properties that accompanied it to a new class, AbuseFilterTokenizer.
* Tokenize rules eagerly and cache the result in APC.
Change-Id: I15f5b5b65e8c4ec4fba3000d7c9fd78b98967d1d
Style modules currently added through addModuleStyles default
to being in the head ("top" position). This is an unhealthy default,
since only critical styles that are needed at pageload should be
in the head. In order to be able to switch the default to "bottom",
existing module positions have to be defined explicitly.
Bug: T97410
Change-Id: If3348022bca5eed73dee956d676ace26c4bacafb
This allows users to visit Special:Tags or use the API to see
which change tags are still in active use.
The ChangeTagsListActive hook was introduced to core in
I77f476c8d0f32c80f720aa2c5e66869c81faa282
Change-Id: I456da1d151b576a4b4b62569a7804e3a3dd5e611
The API provides more details about HTTP errors, so show these to
the user instead of a generic "An unknown error occurred."
Bug: 68767
Change-Id: I3188b9729c815a07c65a7dbef4d40deebe29b87d
I've also added myself to the credits file as I'm the only
maintainer of this extension for a while now.
Change-Id: Id998172ea2abd70b8243de9db1a96cc2cfa47a64
Use the UploadVerifyFile hook instead of the UploadVerification
one as it provides more data about the upload.
This is the first step towards better upload filtering.
Change-Id: Ie535c7d20ed79a1e26d8d399a7c25d632c9c7fa0
I've changed the JS of the AbuseFilter extension to match our
coding conventions and made it use mediaWiki.Api(). Furthermore
I fixed several error handlers and made some things nicer in
general while trying to not change the user appearance.
I've tested the changes as good as I could (I'm pretty sure everything
works).
Change-Id: Iaa0f99367bd7e0bfaf7249dcc9ac9ce9881b46e1
$wgAbuseFilterAnonBlockDuration didn't default to the actual
value of $wgAbuseFilterBlockDuration but to the default value
of that (which is indefinite). Fixed that (untested)
Change-Id: I26a929bfba997b80445a108e212030fe7faa6428
This creates a $wgAbuseFilterAnonBlockDuration, which
allows for IP blocks to have a different length.
For backwards compatability this is default set to
$wgAbuseFilterBlockDuration.
Change-Id: Ibfd5c9639317150442f745a5759f3c34b38de274
Currently $wgAbuseFilterDisallowGlobalLocalBlocks checks against a
hardcoded list for "block actions", which means that extensions
like GlobalBlocking cannot add actions to it.
Change-Id: I6ac5125782cf0029447948d6d0080103700e397c
This makes AbuseFilter use EditFilterMergedContent if support for
the ContentHandler infrastructure is present. This means living
without some nice bits of context, because EditFilterMergedContent
doesn't provide an EditPage object.
This requires core change I99a19c93 to work correctly.
Change-Id: Ibb9d4c9a36b8a199213958b920902e8006c71fe8
Add a permission 'abusefilter-modify-global' which an administrator must
have to set global rules in the central database.
By default, this right is not associated with any group.
Change-Id: Ied92f7ffd90cb2d8eeb8f3f26b941edbb22b10d6
This patchset will make it possible for other extensions to tap into abusefilter with a custom group, and set different tresholds per group.
See https://gerrit.wikimedia.org/r/#/c/29569/
Change-Id: I21d31bdf28e26f3c830652efc08a247db9f7a86c
* Replace deprecated methods.
* Remove no longer needed function fnmatch().
* Remove superfluous newlines.
* Remove unused and redundant local variables and globals.
* Deglobalization.
* Update documentation.
* Fix incorrect return values or add FIXMEs when in doubt.
* Escape output in a few places where needed.
* Remove unneeded MEDIAWIKI constant checks.
* Fix various JSHint/JSLint issues.
Patch Set 11: Merged https://gerrit.wikimedia.org/r/24701 into
this one per Siebrand's request
Change-Id: I02ba4ce31b6aca5b7324114093f8ece143abc295
* Update rules list view to show global rules toggle, global rules
* Update rule processing to get global rules from memcache, if no
rule exists, get them from the central database and store them in
memcache
* Delete global rule key whenever global rules are updated
* Add filtering for log by wiki on the central database, updated
table definitions to add index on afl_wiki
* Add global $wgAbuseFilterDisallowGlobalLocalBlocks so local wikis
can prevent global rules from locally blocking, removing or revoking
permissions.
* patchset 13: Include recommendations from Tim. Add db updates to
LoadExtensionSchemaUpdates hook.
* patchset 14: forgot to add new files
Change-Id: Id69a9d603f9679f838e8691c651a3e9d8461b422
* Store the revision ID associated with a log entry
if the action is successful.
* Expose this as a diff link in the UI.
* Implicitly hide log entries if their
corresponding revisions are also hidden.
* Includes scope for expanding to log entries if desired.
Change-Id: Ie2d43dd1bacf14289fdf0492bb22267590ee649d
Includes JS to sneakily change the default message if the user changes the filter group without having selected the "warn" action yet.
Change-Id: Ic753c3e018321dba3bf9f6d7bcee10a49c9faac8
Now we can allow some users to view log entries of private abuse
filters, without assigning them the right to see how these filters
work. This feature is asked by the community.
Change-Id: Ic93856804da69d2e6cd8342e36584ae16b3a7974
The purpose of this change is to allow AFTv5 developers to run a separate list of filters against article feedback actions without issues of cross-contamination and bumping up against the condition limit.
Change-Id: I758795f01eaf3ff56c5720d660cd989ef95764a7
This change depends on I92f57fc2c3189c42157478de14a8d48045a253b5.
This change provides a handler for AbortAutoAccount hook and adds new
action to the filter: autocreateaccount. Every time the AbortAutoAccount
is invoked the filter is executed. This may create some issues with
users which are affected by a filter, because it may be triggered on
every page view. The AbuseFilter relies on CentralAuth session
blacklisting - for each session the filter will be triggered only
once and then the autocreationg of account will not be attempted.
I don't know why AbortNewAccount hook takes as $message argument
a text of message, however AbortAutoAccount takes a name of the
message. This makes impossible to produce a user friendly message
why account creation is not allowed.
Change-Id: Ie3a7ee9210fd884d214ad3132a502a00332c3138