For several reasons:
*We're not really checking permissions (and the hook previously used is
meant to be used in such case)
*We'll show a cleaner error message (i.e. without the "You do not have
permission..." part)
*Filtering will happen closer to the actual move
Bug: T208907
Depends-On: I4733724075b7514e9db59e7be772d9409aa9da87
Change-Id: If88f736a446247f8b4b13c055c641d56f544d1ea
While editing filters, sometimes it happen that you make some change,
forget about it and then reload/close the page, and no warnings will be
issued. This patch makes use of the core module used for normal page
editing to display a warning if trying to leave a filter editing page
with any unsaved change (both to the filter pattern or other form
elements).
Change-Id: I78d79215565d5c82028b1a2a4276497ccbffdea2
This is a follow-up to Ic3bc6e36506973b19a9b1bcecbc1a5080faed2ec. I
believe it's important to specify how many recent actions we're looking
at, and I also think it's not nice to rely on a variable amount of
actions to determine whether a filter should be throttled. Also, require
a $group parameter in filterUsedKey (we always pass one, and there's no
reason not to).
Change-Id: I0384d3f1913ead593f605248950606c81c8f8542
For the docs part: make it clear how things work there. For the code
part, these are mostly style changes: shorter variable names, no
unnecessary parameters, make the method private, use clearer variable
names.
Change-Id: Ic3bc6e36506973b19a9b1bcecbc1a5080faed2ec
Long (sigh) explanation in T203587#4569698. Also, simplified the way
TagMultiselect are generated, this one and the one for change tags.
This new selector is back-compat both with the old textarea and the OOUI
checkboxMultiselect; actually, this one is //fully// compatible with the
old textarea.
Add validation for throttle parameters and unit tests for validation
(split from I976c95658cddb2585910b6f8a5f047aadc4e4d47).
Added a trim when retrieving throttle identifier to allow syntax like
'ip, user'.
Improved the message shown on history.
Re-added the maintenance script to clean DB.
As I wrote in the task, a review by two other people would be great, at
least for the maintenance script (it could potentially break the DB).
Bug: T203587
Bug: T203336
Bug: T203584
Bug: T203585
Depends-On: I3b2e763bd8835207dc5df1db43d3e1881e6961c3
Change-Id: I7831dbb0bab55807392ac1f7915d6cb0cb713593
You can now select a custom message to be displayed for disallowing a edit
the same way as for warn mode. This can be the same or a totally different
message.
This also solves the usecase, when a edit filter is set to warn AND disallow,
to be able to show the user a custom message, but the generic is shown
on the second try (disallow). Now it can be only set to disallow.
Bug: T27086
Change-Id: Ic1de03a6944c43a346fa317ee0a217551f0d284a
Add an AbuseFilter log link to the subtitle of history pages.
Bug: T28934
Co-authored-by: Matěj Suchánek
Depends-On: I2e0e9e92d3fc303135b0eb9acf06b5fd120178a5
Depends-On: I58a3039b3755648bb0c8aaf87db48ace96ce9344
Change-Id: Ib89c48f2b8f3121ead184844844acee436e2fdd6
This settles almost everything, leaving the tags part ready to be
further improved in the follow-ups.
Also, replaced some fields with totally different ones, improved the
warn preview area and improved a bit nojs experience by hiding unusable
buttons.
Bug: T132284
Bug: T154749
Change-Id: I7a5caa862a32f9792140c6a4d9708a2d20472672
This variable is actually here to determine whether accessing private
info should be logged, not if it's possible to access such info. In
fact, you can still do it if this variable is set to false.
Change-Id: Ieba191bff4ea56eb166bbbd03cb7b1a05ca42c52
Now the required need will be abusefilter-modify OR
abusefilter-view-private for /tools, /test and /examine.
Bug: T193903
Change-Id: I3f1a91a2cc1df2272e5d4099cefd7c649a0683d5
Seccheck is currently being executed as non-voting, but it always
succeeds because AbuseFilter is not requiring it in composer. Instead,
let's add it: tests will start to fail, but we'll be able to see how
things are going with it. As a bonus, remove the mediawiki.api.parse
module, which is deprecated in 1.32 and replaced by mediawiki.api
(already loaded).
Change-Id: I094a8af4f97c03f8b538ede00420b123de25138a
No point in that right without abusefilter-modify-restricted and
it makes the user interface more confusing.
Undoes part of I4e3125a.
Change-Id: I4afaaa98a5c1b3d0d9518117a28e7e46466f87a1
Add a conservative default configuration so that admins can use
abuse filters without any need for manual setup, and users can
see what's happening. Also expand grants a bit.
Bug: T191740
Change-Id: I4e3125a708277474f416903928397db7f8fb850d
This opens the door to further customization and allows every wiki to
set its own value.
Bug: T132925
Change-Id: I63985f2809c3253b07b33caef30fcd8d4c62dfd4
Replace the conditions textarea with Ace editor for editing and testing
filter. This uses a soft dependency on CodeEditor; if the latter isn't
installed, the classic textarea is used. The user is still able to
switch between the editors on the go; the new buttons may look a bit
ugly now, but after switching to OOUI they should get much better.
Finally, added a custom syntax highlight for AbuseFilter rules.
Bug: T39192
Change-Id: If3d6a994142e34686bb7fc9f09093f751b599485
Adds option to stop logging IPs in afl_ip in the abuse_filter_log table.
Introduces a new global variable: $wgAbuseFilterLogIP
Bug: T187169
Change-Id: I1615ba6949c9f8bcdd6ee6aef580c87a05f43e6a
SPDX released version 3 of their license list (<https://spdx.org/licenses/>),
which changed the FSF licenses to explicitly end in -only or -or-later
instead of relying on an easy to miss + symbol.
Bug: T183858
Change-Id: Ib7a48d3a432f12ce1c27fe989e85a80335a25801
This patch introduces a config variable for the range block sizes.
It changes the default IPv6 block size from /16 to /19 using the
same reasoning as Ia25e156fd8234519c4d74f1d41d93f94a313ce14
Using a config var (as opposed to hardcoded range size) allows
future changes proposed in T179454 to make the range size vary
for different IPs, based on the actual subnet they belong to.
Bug: T179455
Bug: T179456
Change-Id: I8dfa17f553a7af524f0a11c0fd51c48773e27be5
Per T178092, AbuseFilter now maintains compatibility with older versions
of MediaWiki using release branches. Thus, various back-compat code
paths may be removed from the master branch.
Change-Id: Ia1b5eade30d7486e3b1b386b15a7db4e5c8cfead
When $wgAbuseFilterRuntimeProfile is true, all filters taking
longer than $wgAbuseFilterRuntimeLimit will be logged for
later analysis
Bug: T174205
Change-Id: Id81833afa8421476a6cee47eb3393acdb3a38d65
Metrics per edit:
- Execution time of all filters
- Number of filters executed
- Number of conditions executed
Due to the current structure of abuse filter there was not
a clean way to include filter actions and abuselog creation
as part of the runtime metrics.
Bug: T161059
Change-Id: I6208b620453863133c6623aa419775f63c7d3eb1
After I544cdfa75c7472f2d98b2561bc6f6f9c2d2ad639 (dieWithError
and checkUserRightsAny), this is the oldest MediaWiki version
AbuseFilter can be run on.
AbortMove was removed from MediaWiki in 1.25, UploadVerifyFile
is only relevant for 1.27 and older.
(Replaces I1e962217c3b20d901a5742cf76339a3f488a6e97.)
Change-Id: Iec237b2887f72b115fdcef78d2d7a944ba82c784
This filter is fully functional. The old filter is still enabled by
default for a transitional period in case the new one suddenly has
issues.
Change-Id: I4aea5f00c62420108030e60e79d5bf34e913e95d
This allows filters using `action='upload'` to use the variables
`summary`, `new_wikitext` and several others that previously were only
provided when editing pages (`action='edit'`).
This is achieved using the new UploadVerifyUpload hook, introduced in
MediaWiki core in change Ie68801b307de8456e1753ba54a29c34c8063bc36.
`action='upload'` is now only used when publishing an upload, and not
for uploads to stash. A new `action='stashupload'` is introduced,
which is used for all uploads, including uploads to stash. This
behaves like `action='upload'` used to, and only provides file
metadata variables.
Filter authors should use `action='stashupload'` when a file can be
checked based only on the file contents, and `action='upload'` only
when the wikitext edit needs to be examined too.
Bug: T87381
Bug: T89252
Bug: T139848
Change-Id: I9654f82ecda82e4917fd0ac6b364b947a1434c73
It was only needed for MediaWiki prior to 1.25
(09a5febb7b024c0b6585141bb05cba13a642f3eb).
We no longer support those versions after
d527574d2b.
Bug: T137832
Change-Id: I9d0b7e7713c805ebc7bf59f55456e69c6491e265
Repeats I61e4327ef3c7a31b19feef727de7d683f69e260b (which had to be
reverted due to a problem with an ancestor patch) without any
significant change.
Bug: T110448
Bug: T135360
Change-Id: I1688cf9fbcb04bb56d075c9f0876bd0ffeced4f6
Rename $wgAbuseFilterAvailableActions / $wgAbuseFilterRestrictedActions
to $wgAbuseFilterActions / $wgAbuseFilterRestrictions and make
them an associative array instead of a plain one, as that works more
sanely with extension registration. (The renaming helps to give more
useful errors to sites using the old config.)
Change-Id: I790d39c2849922d7daf7479f298cd90cf30af129
For ease of review this is the same as
Icff39f3f79f7ffe86214cfa216b53f3d882e1968 and the necessary changes
are done in the child patch. Should not be merged without that.
Bug: T87876
Change-Id: Iefd8d34619bbfb7602c4fea869f3f89fdeb9057b
Co-Authored-By: Paladox <thomasmulhall410@yahoo.com>