Commit graph

28 commits

Author SHA1 Message Date
STran 69a28f7f03 Implement 'protected' filter acknowledgement checkbox
- Add a basic checkbox on the filter edit page that must be checked if a
  filter uses a protected variable to ensure that the user is aware that
  their filter will also become protected

Bug: T364485
Change-Id: I7c7652f7d1a81223229b839ff7eee5da4af74c8a
2024-06-05 05:43:25 -07:00
STran bf28dbce0e Allow variables to be restricted by user right
Some exposed variables (eg. `user_ip`) used in filters are sensitive
and need to only be available to restricted groups of users.

Back-end changes:
- Add `AbuseFilterProtectedVariables` which defines what variables are
  protected by the new right `abusefilter-access-protected-vars`
- Add the concept of a `protected` variable, the use of which will
  denote the entire filter as protected via a flag on `af_hidden`

New UX features:
- Display changes to the protected status of filters on history and diff
  pages
- Check for protected variables and the right to see them in filter
  validation and don't allow a filter to be saved if it uses a variable
  that the user doesn't have access to
- Check for the right to view protected variables before allowing access
  and edits to existing filters that use them

Bug: T364465
Bug: T363906
Change-Id: I828bbb4015e87040f69a8e10c7888273c4f24dd3
2024-06-04 06:54:53 -07:00
STran ca23e9f06b Convert af_hidden into a bitmask
Protected variables will cause the filter using them to become
protected as well. `af_hidden` can be used to track this flag,
as it is a TINYINT and can be converted into a bitmask with no
schema changes.

This is not a backwards-compatible change, as now all checks must
check the `hidden` flag specifically or otherwise will be cast to
true if any flag is set.

To support this change:
- "hidden" is considered a flag set in the `af_hidden`. This is a
  change in concept with no need for updates to the column values,
  as there is currently only one flag in the bitmask.
- `Flag`s store the bitmask as well as the state of single flags
  and can return either.
- Any checks against the `af_hidden` value no longer check a
  boolean value and instead now check the `hidden` flag value.

Bug: T363906
Change-Id: I358205cb1119cf1e4004892c37e36e0c0a864f37
2024-05-28 00:59:08 -07:00
Umherirrender 3691d773d3 Migrate to IDatabase::newUpdateQueryBuilder
Change-Id: I0b3fd864e5227068114ca7aa9e98361046f393c1
2024-04-15 23:07:44 +02:00
Umherirrender 2df93d2b0f Migrate to IDatabase::newInsertQueryBuilder/newDeleteQueryBuilder
InsertQueryBuilder does not ignore insert of no rows,
adding some conditions to avoid calling the query builder

Change-Id: I1752b90cc3a7ec3a7f9ee32a1873bf8c82b6e02e
2024-04-02 21:15:40 +02:00
Umherirrender bd84a6514c Use namespaced classes
This requires 1.42 for some new names

Changes to the use statements done automatically via script
Addition of missing use statements and changes to docs done manually

Change-Id: Ic1e2c9a0c891382744e4792bba1effece48e53f3
2023-12-10 23:03:12 +01:00
Umherirrender a7f0b7971a Use the expression assignment operator to simplify code
Suggested by phan, available since php7.4

Change-Id: Ibcc1742bd16a16e6518b4851046ad62d85de559e
2023-10-14 00:42:34 +02:00
Umherirrender 62127964b7 Use namespaced MediaWiki\User\ActorMigrationBase
Bug: T321681
Change-Id: If3940c982d55643a685e2dedccab0540f86b9ae9
2023-08-20 01:08:09 +02:00
jenkins-bot 290dd70bb2 Merge "Replace deprecated database object access methods" 2023-03-27 09:11:46 +00:00
Matěj Suchánek bb78cb0a56 Use actor table in AbuseFilter
This patch migrates abuse_filter and abuse_filter_history tables
to new actor schema.

MigrateActorsAF was copy-pasted from core's
maintenance/includes/MigrateActors.php before removal (ba3155214).

Bug: T188180
Change-Id: Ic755526d5f989c4a66b1d37527cda235f61cb437
2023-03-22 14:01:29 +01:00
Matěj Suchánek 8f6a428f02 Replace deprecated database object access methods
Use the very new getPrimaryDatabase and getReplicaDatabase.
We skip FilterLookup and CentralDBManager in this patch.

Change-Id: I22c6f8fa60be90599ee177a4ac4a97e1547f79be
2023-03-08 16:50:56 +01:00
Matěj Suchánek 799e1db093 Convert remaining permissions checks to use Authority
Change-Id: I5e996cac37bc806db6c3d7ad5c666a606cd79236
2022-07-02 14:49:47 +02:00
Matěj Suchánek 7ae2060b27 Avoid array to object cast in filterToDatabaseRow
Both callers immediately call get_object_vars
to cast it back to array. Avoid this roundtrip.

Change-Id: I6525d76f8a03a4d28c2b50b580c539affe98064f
2022-06-28 18:46:28 +00:00
Umherirrender 5f979bcf16 Use UserIdentity in FilterStore::doSaveFilter
Change-Id: I8cbdaff1bd049a893b69f2ce13f0ba30b96f93b4
2022-06-27 22:39:37 +02:00
jenkins-bot 1a6985469b Merge "Inline/simplify smaller pieces of duplicate/complex PHP code" 2022-06-03 20:38:22 +00:00
Thiemo Kreuz bbded6231c Inline/simplify smaller pieces of duplicate/complex PHP code
Change-Id: I59d0f17b77c8c3d47bc532bdefd9d8c0883f180b
2022-06-03 21:04:38 +02:00
Thiemo Kreuz be3af66876 Simplify code dealing with filter ids in FilterStore
Before the information if a filter was new was stored in 2 places:
In the bool $isNew and in the two variables $filter and $newID.
$newID was especially confusing because it was used for both old and
new ids.

Change-Id: I15bdf36c96c8d86a37f305aab2647f7d57bc2bf1
2022-04-27 19:29:55 +02:00
Amir Sarabadani c1d8037815 FilterStore: Use upsert instead of replace
You should never write to auto_increment value.

Bug: T306692
Change-Id: I363711336658a24a0dedf42643296185dfa4a024
2022-04-26 17:10:03 +02:00
libraryupgrader 5377ebe819 build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 36.0.0 → 37.0.0

npm:
* postcss: 7.0.35 → 7.0.36
  * https://npmjs.com/advisories/1693 (CVE-2021-23368)

Change-Id: I2b382f3bb236fb44eb24c6a257b13b8fd886541c
2021-07-21 18:51:18 +00:00
libraryupgrader 06cdddc9d0 build: Updating composer dependencies
* mediawiki/mediawiki-codesniffer: 35.0.0 → 36.0.0
* php-parallel-lint/php-parallel-lint: 1.2.0 → 1.3.0

Change-Id: I92d6f6d6f817765df24f845103a489624f4290f2
2021-05-02 06:41:54 +00:00
Daimona Eaytoy 3365a648f2 Reject filters with invalid groups
It is currently possible to save a filter with an invalid group, if you
manually change the form data. So prevent this by validating the group
before saving.

Change-Id: I03f80b8c6ab583a357273f7b2679a424ac784db7
2021-02-27 16:01:09 +00:00
Matěj Suchánek b8ac52c51c Use independent stats for emergency disable
Bug: T264629
Change-Id: I64b611243b6a4c136b82b09f2ccf588d1c3e3426
2021-02-26 18:10:49 +01:00
Daimona Eaytoy 45f0a66616 Move remaining classes to own namespace
So everything can be loaded using PSR-4. These classes weren't renamed,
nor the alias for the AbuseFilter class was deprecated, because they
should be refactored first.

Change-Id: Ia328db58eb326968edf5591daac9bacf8c2f75da
2021-01-04 12:11:58 +01:00
Matěj Suchánek f5b18a36bf Move special page classes to own namespace
Change-Id: Ic2d13518924e77b1be96d1a7489abcd07e6d1dab
2021-01-02 10:54:13 +01:00
Daimona Eaytoy b394956c22 Create a dedicated namespace for all consequences-related classes
Change-Id: Ibc39593e34da36e57b640af0b5bbf2145f725e92
2020-12-18 19:27:33 +00:00
Daimona Eaytoy d351d7150b Always take into account custom actions
$wgAbuseFilterActions shouldn't be used normally, as it excludes actions
registered by other extensions.

Note: mw:Extension:AbuseFilter#Integration_with_other_extensions should
be updated after merging.

Bug: T239348
Change-Id: I89b3f0228eacdf145e8f2dd2a5602d0c7ce75a86
2020-12-03 21:39:35 +00:00
Matěj Suchánek d76affb1db Move ChangeTags stuff to separate namespace
Change-Id: I6d7bed0e62f001f82c00a3528cc0018388c9c70e
2020-11-27 15:13:34 +00:00
Daimona Eaytoy 9595bd9da5 Introduce a service for saving filters
Change-Id: I6b7d16ad7ea1124989ed67c74413979cfd0275c4
2020-11-20 22:33:21 +01:00