Commit graph

27 commits

Author SHA1 Message Date
Daimona Eaytoy 9b1f1b263e Fix XSS vulnerabilities
I found these vulnerabilities while trying to setup seccheck. Although
I'm not sure whether seccheck recognised them, I'm sure that they exist
since I did manual tests, and it's possible to inject custom scripts
with these.

Change-Id: I97804be8352a1b784d483195edb29e363a0c616e
2018-05-01 16:55:46 +02:00
Daimona Eaytoy caa4b1c763 Add phan configuration
This is taken from I6a57a28f22600aafb2e529587ecce6083e9f7da4 and makes
all the needed changes to make phan pass. Seccheck will instead fail,
but since it's not clear how to fix it (and it is non-voting), for the
moment we may merge this and enable phan on IC.

Bug: T192325
Change-Id: I77648b6f8e146114fd43bb0f4dfccdb36b7ac1ac
2018-04-30 08:32:58 +00:00
Daimona Eaytoy 3c3a521fec Fix coding conventions exclusion rules
This should fix every error with excluded rules, leaving only the one
for $wgTitle. A double check would be nice in order to avoid regressions
due to stupid mistakes.

Bug: T178007
Change-Id: I22c179f3a01d652640304b59e43fcb5b5a9abac3
2018-04-20 08:40:18 +00:00
Daimona Eaytoy bc99694d07 Add reasons dropdown to hidelog form and convert it to OOUI
Bug: T153018
Bug: T132284
Change-Id: Idf74765d9f5c475d2e0d48d546cdf7c1aaa99104
2018-04-05 00:08:49 +00:00
Daimona Eaytoy fc5aeeaaeb Convert Special:AbuseLog/# to OOUI
Hopefully this is really the last one: the tiny form at the bottom of
Special:AbuseLog/# to access private details.

Bug: T132284
Change-Id: I3f91beb482b3b85e12b65464914b0ac57ec983df
2018-04-02 18:58:43 +02:00
jenkins-bot baa0cd082a Merge "Always show abuse filter public comments as plain text" 2018-03-29 16:13:27 +00:00
Matěj Suchánek e5db4b47f9 Use LIKE to filter AbuseLog by action taken
Bug: T187971
Change-Id: Id2a9feb395077c5391a4145284d667101dedfa7b
2018-03-16 15:03:38 +00:00
Melos 799a2fb1ed Always show abuse filter public comments as plain text
Public comments are parsed in some places and they are
shown as plain text in others. Always show them as
plain text instead of parse them.

Bug: T173249
Bug: T141670
Change-Id: I173ffab1a99c1536cca260b76be0d95a4966b139
2018-03-15 20:14:00 -04:00
Matěj Suchánek 4637d19f69 Fix Special:AbuseLog::getUserLinks call
IP addresses have no user id, reusing af_user for them was a complete nonsense.

Change-Id: Iaebf5e57c445452896dce6b3edf0018ebbb6e3dc
2018-03-09 09:26:58 +01:00
Daimona Eaytoy 6e42340af9 Add userLinks in private details page
The IP is currently displayed as plain text. Add instead userLinks in
the usual way to provide some handy links for CUs.

Bug: T188600
Change-Id: I47ee007f450f06a1a19b4c7598373a952efbe06a
2018-03-05 11:52:41 +01:00
Huji Lee 43530957e7 Better order of form elements (dropdowns together, filter ID last)
Bug: T159061
Change-Id: I7ea1d30f4ed57f014b7df43fa04957b1348428e6
2018-02-27 17:09:17 +00:00
Matěj Suchánek d19ced4cef Filter AbuseLog by the "impact" of the change
Users can choose whether they want to see entries
that changed the wiki or didn't (or they can apply
no filter).

Bug: T159061
Change-Id: I6cee9b001c26c4bbc837131781deef27d5e3ef1a
2018-02-24 15:25:50 -05:00
Matěj Suchánek 6f1e15c5ff Filter Special:AbuseLog by action taken by filters
Bug: T187971
Change-Id: I4c786ac312b9095f3055622677b78c2ce7be6b0c
2018-02-24 14:49:39 +01:00
Matěj Suchánek 35373155a1 Select only needed columns in queries
Change-Id: I6338906eede533fda76ce96fe10b9c4de314135c
2018-02-10 20:35:05 +00:00
Huji Lee 146820185c Log accessing private information in abuse filter logs
Bug: T152934
Change-Id: I8049df3b2b9343a6877e9a306d2781d3f27ec657
2018-02-07 18:35:36 +00:00
Umherirrender 80418b1f93 Move classes to own files
Makes MediaWiki.Files.OneClassPerFile.MultipleFound pass

Change-Id: I3b08a69fe7990d6fe5f71cda51d6ac01f11aad2d
2017-12-23 13:43:37 +00:00
Umherirrender cbb7415c5a Change doc type from DatabaseBase to IDatabase
Change-Id: I2657188040aacb758ae5b7048b477776eacf4a2e
2017-12-22 22:09:52 +00:00
Huji Lee 0f7f4ad917 Add missing documentation for protected functions
Bug: T178007
Change-Id: Ia1ae78b30b889b7a8965354ae0a404bf9a520917
2017-11-02 03:20:34 +00:00
Huji Lee ace1822575 Filter ID should always go through formatNum()
Change-Id: I2bd833c35128b3c39c7882321747837184095bef
2017-10-31 22:11:55 -04:00
jenkins-bot 82ce683000 Merge "Pass LinkRenderer instance to AbuseFilter::addNavigationLinks" 2017-10-22 04:09:59 +00:00
Umherirrender a2ebd0c70a Improve some parameter docs
Change-Id: Ibac10a20243a4eedd826485d56eddd5234da6fec
2017-10-07 00:54:58 +02:00
Max Semenik 0686f99653 DB_SLAVE -> DB_REPLICA
Change-Id: I371e092b3cd7f0af3770bf4e64b01a630e23ff92
2017-08-29 19:51:39 -07:00
Matěj Suchánek 174be6dc9c Restore specific submit message on Special:AbuseLog
This line was dropped in Ifad07bac45eadc4ed377967aa4ab3e3b9e14aa8b.

Bug: T173995
Change-Id: I84982620abbda38c86159b3aa7ed408c44d447ad
2017-08-24 09:46:27 +02:00
Matěj Suchánek 748978fda5 Pass LinkRenderer instance to AbuseFilter::addNavigationLinks
Change-Id: I1de60955344d06e5b55f4d2cfdfa8f2d13df831a
2017-08-20 14:38:40 +02:00
Rendann 51924f3a92 Convert Special:AbuseLog to OOjs
Bug: T132284
Change-Id: Ifad07bac45eadc4ed377967aa4ab3e3b9e14aa8b
2017-08-14 17:19:28 +02:00
NoRandom 389995916c Allow searching for visible-only/hidden-only/both on abuselog entries
Bug: T153065
Change-Id: I44ca86ff8564328ae932ccad9675298b686dc6ab
2017-08-10 11:46:57 +02:00
Max Semenik 2f250127b4 Normalize file layout
Aka move all code into includes/.

Change-Id: I21f7b80bb6df04abbed6bfccb94f92100dc8f071
2017-08-07 16:11:38 -07:00