The BadMethodCallException is documented as "thrown if a callback
refers to an undefined method or if some arguments are missing".
This is not what happens in these places.
Change-Id: Ic95b67acc2e17eea1dd0fa1d72f9ac94a86bcf17
This leverages the new BlockedExternalDomains system that is now part of
AbuseFilter. It notifies editors in realtime if a link they add is
blocked. See https://w.wiki/7ZsF for more information.
BlockedExternalDomains is slated to have its own API tantamount to the
action=spamblacklist endpoint, after which case this code will need to be
updated. In the meantime, it's meant to serve as a minimal viable product
for the CWS 2023 wish <https://w.wiki/7ZsE> for wikitext users.
The new $wgAbuseFilterBlockedExternalDomainsNotification configuration
setting controls the availability of this feature.
A similar feature for VisaulEditor is tracked at T276857
Bug: T347435
Change-Id: I7eae55f12da9ee58be5786bfc153e549b09598e7
The new method formats the message with Message::escaped() which
better protects from bad HTML in the message.
The ::setPageTitleMsg() method was added in 1.41 and this extension
already requires MW >= 1.41.
Bug: T343994
Change-Id: Ic07cde3bafeaa0325024fe89b4948680d04c4820
Reverts part of Id9056528a433faf0, to switch to DeferredUpdates in
CirrusSearch back from DeferredUpdatesManager.
Bug: T265749
Change-Id: I8126cc76440724753c356c48ba4e0fcc9be5b41a
Most notably, make it not use additional DB tables to test global
filters. Instead, just pretend that the local database is not local (via
config) and "hide" local filters with a simple test-only flag in
FilterLookup.
Change-Id: Ib431dbf6c9d84978ee84e7f0671cfcbf8a54d7a2
TestUser requires a DB connection, so avoid using it in database-less
tests. Add to the Database group tests that are making DB writes (e.g.,
for log entries).
Change-Id: I211cb60296e5c2446128fcdf2caaadc728a8c272
I'm planning to add support for bypass and regex-based blocking which
means it'll grow a bit. So let's give it a dedicated class.
Bug: T337431
Change-Id: I5a6fe2fd2f1efdebd8cada0ba6c481341f830e27
This method actually consists of two: add derived vars, and initialize
content vars. The former part depends on no parameters of this method.
On the other hand, the latter part combines multiple implementations
for some of the content variables using branching.
The branching is a dirty workaround and inferior to the GRASP principle:
"When related alternatives or behaviors vary by type, assign
responsibility for the behavior to the types for which the behavior
varies."
In other words, the callers (extensions) should be responsible for
choosing the initialization strategy themselves, instead of letting
VariableGenerator figure it out.
As the first step, split the former part to a separate method.
For now, it will be implicitly called by ::addEditVars.
Change-Id: I5ff00dbdbf29ec54eabfd95c44a4fd7f713969f5
Service wiring should only depend on config, not on request state.
Creating a session object during service wiring causes issues with entry
points such as opensearch_desc.php that disable the session.
Bug: T340113
Change-Id: I2450b0b6821ff0b097e283ff660a0b8aeea9590a
For example:
* Use the more meaningful str_contains().
* Add missing type hints.
* Make use of early returns/guard clauses.
Change-Id: Id150d1b17a80ea637a0639a8f2fd7fd017ad23b1
Protected effectively means "public to subclasses" and should be
avoided for the same reasons as marking everything as public should
be avoided.
Change-Id: Iba674b486ce53fd1f94f70163d47824e969abb77
This was an unfortunate mistake in the refactoring in I2ccb587,
caused by incomplete documentation and a confusing mixture of
possible return types.
I9166c2b fixed one of the two places already. The situation in this
patch here cannot really happen in reality (there is nothing to
remove when the page is empty). Still I think the code is easier to
read when the two places behave the same.
Change-Id: Iea51c3a7a8185cbc3771143353f4795dde712ec4
It should fail on null but it should create the page if it doesn't
exist or doesn't have any content yet.
This is breaking the special page, see:
[[de:234828092#New_special_page_to_fight_spam_//_Neue_Spezialseite_zur_Spam-Bekämpfung]]
Change-Id: I9166c2bdcfacb4b19706d246fbf99b2f24ca4cc6
Unlike what the 20-year old source comments in UrlUtils.php would
have you believe, parse_url() works fine nowadays, including for
protocol-relative URLs and indeed lots of prod code uses it directly.
The class still has some convenience value for case where you need to
expand or manipulate URLs, but for the common case of extracting a part
of it, you really don't need it.
Test plan:
$ php phpunit.php ../../extensions/AbuseFilter/tests/phpunit/integration/FilteredActionsHandlerTest.php
Bug: T337431
Change-Id: I1e76d2f5aef65365743214530faba656325b965a
* Remove stray `@ingroup` from file blocks, move to class block.
* Fix mention of "WAN" cache where actually APCU is used.
* Document that the storage class takes a local-server cache.
This is an important requirement since the class has no
coordination for purging or other invalidation. It expects
an uncoordinated cache.
* Rename "load" to "loadConfig" as it's ambigious what it means among
the half dozen other "load*" methods in this class. Also inline
loadFromConfig and loadComputedUncached while at it to further
reduce this.
* Rename "loadConfigContent" to "fetchLatestConfig" to match
the existing fetchConfig, which does the same thing except it queries
the primary db using READ_LATEST.
* Use Html.php when building HTML, instead of legacy Xml.php.
While at it, also switch a few to Html::element instead of
Html::rawElement (aka Xml::tags) by using Message->text() for
messages that are not expected to contain rich wikitext.
Change-Id: Ic74d1597aa9201b371894e7a4bf9361752d9db21
Doing unset on array leads to the final array turning into associative array
and gets blocked by the validator.
You can check that it's broken in Persian Wikipedia, beta cluster or
localhost. Tested locally, fixes the issue.
Bug: T337431
Change-Id: Ib1be294bae1ae057dfb9a4445a8e13ac72b333b9
This is basically copy paste of SpamBlacklist logging with the added
extra bit of what triggered the hit.
Bug: T337431
Change-Id: Ieb9e3ca615af88ab56735b56e24c80c42a68d478
And register AbuseFilterRunnerFactory as a service name that’s allowed
to not have a getRunnerFactory() method without the test complaining
(the service was renamed, getFilterRunnerFactory() exists).
Change-Id: Idedb87e64a6df02b0edae8d9e7dbf441752dc480
Needed-By: If5af88e7f70b83d53f66b9617a5ef37daf81830f
Abuse filter needs to check both if the update is available and if the
page is rendered. This is the exact issue FlaggedRevs have:
050b9593fb/backend/FlaggedRevs.php (L718)
Bug: T339094
Change-Id: I943c8dbb525dc4c988e97e180474ea71b4cf731d
When forFilter is true and PreparedUpdate is available
(most save operations), retrieve all_links from
PreparedUpdate::getParserOutputForMetaData. Otherwise
do what was done before.
Note that this change probably leaves some dead code. It will be dealt
with later.
NOTE: this changes code potentially executed on every save operation.
Bug: T65632
Bug: T264104
Change-Id: I3628a56e5277846c1b90444fb55983870eb54c1e
The method for old_links retrieval depends on the "forFilter"
value, which we know in advance. If it's true, old_links should
be retrieved from the database. Make a case in the switch
that does nothing but retrieves links from the database,
and direct the evaluation to it.
This change was split from I3628a56e5 to make its review easier.
NOTE: this changes code potentially executed on every save operation.
Change-Id: I33b688f6be3c58beec403f7bf26407a42e7c18ab
Regarding array building: Instead of adding to array with
$array[] = 'foo' and then doing array_flip(), simply do
$array['foo'] = true;
Regarding tests: I originally wanted to create a unit test but I ended
up mocking so many things that it wasn't worth it and the config variable
is globaly which first we need to clean up after deployment is done.
Bug: T337431
Change-Id: Iac8dca7078668ee3441d19b6aafe499c1aa0d732
This is a direct follow up for I6373fa6 where we apparently fixed
half of the cases while breaking the other half. There was actualy
a code path that can return null, and anther one that can return a
status object.
Since there is never anything done with the status object we can as
well get rid of it and always return null in case of an error.
Bug: T337431
Bug: T279275
Change-Id: I2ccb58756182897bcd6649c9f589e2f7a0321b20
We will have a pretty large list of blocked domains that we need to
swift through in each edit for any added domain. In order to cacth
subdomains being added, we have to do all sorts of complicated
operations and string search in large set of strings which is quite
slow. To fix that, let's simply pretend a user who has added
foo.bar.com, also added bar.com and com and do exact match in array of
strings making it much faster.
h/t Krinkle for the idea
Bug: T337431
Change-Id: I96795ed7d1a25f051db0b591dde21b032b138ded
For now, we will revisit this in the future. Specially if the
communities think otherwise.
Bug: T337431
Change-Id: I2847264eba9a3cc4fc47a22eacb523199015f9e7
This makes raw page editing safer, and potentially enables opening up
access to less restricted user groups.
Bug: T337431
Change-Id: I14f21003a551f34b6e524e9b229613e79b0e5a70
Treat temporary users the same as IP users. Neither has user groups,
so return early for both.
Bug: T335062
Change-Id: I20b48608cf6ba5f8e8e36a378d66c603d84b032f
It is behind a feature flag. Improvements on it can happen in follow
ups. The patch is already quite massive.
Bug: T337431
Bug: T279275
Change-Id: I3df949c4d41ce65bb4afa013da9c691ac05fc760
* Set the same block expiry for temp and anon users
* Don't block autopromote for temp users; they can't be autopromoted
* Bail early from CheckUserHandler if the user is temporary
Bug: T335062
Change-Id: I6b72537f568c4c70a0b86f1825ea30b767f5634a