Commit graph

71 commits

Author SHA1 Message Date
thiemowmde 5f0f61de5d Improve PHPDocs in SpecialAbuseFilter
Change-Id: I5364650dc31b69ab406fe1c12b6fb2ca66f02da1
2023-11-16 19:55:40 +01:00
Bartosz Dziewoński 1e54192b1b Fix non-escaped messages used in page subtitles
Reported by Phan, and also discoverable with ?uselang=x-xss.

Change-Id: Ieb41d11acf543784f1cfbca5ea2272ac0bffc9a9
2023-10-05 22:51:21 +02:00
C. Scott Ananian 0ff282dcc3 Use OutputPage::setPageTitleMsg() instead of ::setPageTitle()
The new method formats the message with Message::escaped() which
better protects from bad HTML in the message.

The ::setPageTitleMsg() method was added in 1.41 and this extension
already requires MW >= 1.41.

Bug: T343994
Change-Id: Ic07cde3bafeaa0325024fe89b4948680d04c4820
2023-09-22 21:18:03 +00:00
Matěj Suchánek 9beeca3752 Fix various typos and documentation issues
Change-Id: I1e9d297f665282d251343598e102e1d342488965
2023-09-04 12:55:17 +02:00
Umherirrender cd7e9d31a7 Use namespaced Title
Bug: T321681
Change-Id: I66fd9b70a5de06ac3c81bdf6a2a5bca64ed094c2
2023-08-19 19:49:36 +02:00
Matěj Suchánek 82ff324ae9 Remove faulty phan suppression
Change-Id: I5928d14f92d2bf7e8ceae9b40086533d7e0d0061
2023-07-21 21:47:34 +02:00
jenkins-bot c897335bd7 Merge "Various code style clean-ups" 2023-06-23 18:43:58 +00:00
thiemowmde d9bca83ec6 Various code style clean-ups
For example:
* Use the more meaningful str_contains().
* Add missing type hints.
* Make use of early returns/guard clauses.

Change-Id: Id150d1b17a80ea637a0639a8f2fd7fd017ad23b1
2023-06-23 12:32:12 +02:00
thiemowmde 24888bea15 Mark protected stuff in classes with no subclasses as private
Protected effectively means "public to subclasses" and should be
avoided for the same reasons as marking everything as public should
be avoided.

Change-Id: Iba674b486ce53fd1f94f70163d47824e969abb77
2023-06-23 12:28:06 +02:00
Timo Tijhof 110484b6a0 BlockedExternalDomains: De-duplicate validateDomain logic
Bug: T337431
Change-Id: Icbedf750f6ecaa9caf7bb900e8ad0bc2124e8743
2023-06-19 13:36:32 +00:00
Timo Tijhof ee238e79b9 BlockedExternalDomains: Minor code clean up and docs improvement
* Remove stray `@ingroup` from file blocks, move to class block.

* Fix mention of "WAN" cache where actually APCU is used.

* Document that the storage class takes a local-server cache.
  This is an important requirement since the class has no
  coordination for purging or other invalidation. It expects
  an uncoordinated cache.

* Rename "load" to "loadConfig" as it's ambigious what it means among
  the half dozen other "load*" methods in this class. Also inline
  loadFromConfig and loadComputedUncached while at it to further
  reduce this.

* Rename "loadConfigContent" to "fetchLatestConfig" to match
  the existing fetchConfig, which does the same thing except it queries
  the primary db using READ_LATEST.

* Use Html.php when building HTML, instead of legacy Xml.php.
  While at it, also switch a few to Html::element instead of
  Html::rawElement (aka Xml::tags) by using Message->text() for
  messages that are not expected to contain rich wikitext.

Change-Id: Ic74d1597aa9201b371894e7a4bf9361752d9db21
2023-06-19 13:36:23 +00:00
thiemowmde 7e6132d4d7 Remove bits of unused code across the codebase
Mostly found with the code inspection tools in PHPStorm.

Change-Id: I7f59dddca0aaab0ddd1093d52c07ec12efd20d6d
2023-06-14 19:41:00 +00:00
thiemowmde 518955f9c3 Fix error reporting in BlockedDomainStorage for real
This is a direct follow up for I6373fa6 where we apparently fixed
half of the cases while breaking the other half. There was actualy
a code path that can return null, and anther one that can return a
status object.

Since there is never anything done with the status object we can as
well get rid of it and always return null in case of an error.

Bug: T337431
Bug: T279275
Change-Id: I2ccb58756182897bcd6649c9f589e2f7a0321b20
2023-06-12 17:11:49 +02:00
thiemowmde 1eb985c619 Fix broken error reporting in BlockedExternalDomains
Apparently a mistake from I3df949c.

Bug: T337431
Bug: T279275
Change-Id: I6373fa6de561b3018e85f61f5e45ed8c886ce311
2023-06-12 10:52:35 +02:00
jenkins-bot 3feb7d5af0 Merge "BlockedDomains: Put a cache behind parsing of notes of blocked domains" 2023-06-04 15:33:00 +00:00
Amir Sarabadani be928818a4 BlockedDomains: Put a cache behind parsing of notes of blocked domains
It'll be 6K rows in enwiki, parsing 6000 wikitext notes is going to be
expensive.

Bug: T337431
Change-Id: I010d773a7b096c783f5da0d6997d946b3bfd6b6e
2023-06-02 20:13:33 +02:00
James D. Forrester fb50c1f019 BlockedExternalDomains: Make this a special right, prohibit direct editing
Bug: T337431
Bug: T279275
Change-Id: I96d1e2c8d8728c26e38515032ef773770e26dda4
2023-06-01 09:20:44 -04:00
Amir Sarabadani 53eb27f086 Introduce Special:BlockedExternalDomains
It is behind a feature flag. Improvements on it can happen in follow
ups. The patch is already quite massive.

Bug: T337431
Bug: T279275
Change-Id: I3df949c4d41ce65bb4afa013da9c691ac05fc760
2023-05-30 20:48:42 +02:00
gerritbot 3f7e5c9271 Update moved class WikiMap
See T321882. Moved in I60cf4b9ef02b9d5

Bug: T321681
Change-Id: I2c9a5dbde0080984dad1a23eba52504c4b7df4d1
2023-04-25 09:52:41 +00:00
Matěj Suchánek 8f6a428f02 Replace deprecated database object access methods
Use the very new getPrimaryDatabase and getReplicaDatabase.
We skip FilterLookup and CentralDBManager in this patch.

Change-Id: I22c6f8fa60be90599ee177a4ac4a97e1547f79be
2023-03-08 16:50:56 +01:00
Matěj Suchánek 5dbb4792b7 Add styles to display zero contributions link in red
Bug: T327603
Change-Id: I319b69d21f3c6195cd9192285a3f0ec3b52bcfd0
2023-01-24 15:11:19 +01:00
Jon Robson 62e96a46a8 Register AbuseFilter menu as standard tabs
Core now supports special pages registering sub menus
natively in skins. The menu is rendered when the skin
supports it, so at current time of writing this will
only work in Vector 2022 and MinervaNeue.

The existing menu that appears under the abuse filter
page title is converted into the new format. For other skins
no difference.

Bug: T315553
Change-Id: Ief51a9c60125c11e3b735fabee2a4544b7955f64
2022-11-17 16:35:34 +00:00
libraryupgrader 380f7b010a
build: Updating dependencies
composer:
* mediawiki/mediawiki-phan-config: 0.11.1 → 0.12.0

npm:
* stylelint-config-wikimedia: 0.13.0 → 0.13.1

Change-Id: I424244de96b2da894d781047a1e336514cb7707c
2022-10-07 21:05:41 +03:00
Umherirrender 081a8e3c3c Add LinkBatch to Special:AbuseFilter/home and /history
Combine the check for red/blue user/talk links into one database query
This can improve the performance of the page view when many filters
from many different users are linked

Change-Id: I0b87ee15ecee4cecd5d5d6164e8c18e1b788ecd1
2022-07-29 13:56:03 +02:00
jenkins-bot f13f3dcd2c Merge "Call IContextSource::getAuthority instead of IContextSource::getUser" 2022-07-29 10:25:23 +00:00
dreamyjazz 13e6c1c06a Add the ListToggle to Special:AbuseLog for users who can hide entries
Add the ListToggle provided in core's ListToggle.php to
Special:AbuseLog when a list of abuse filter entries are being
shown and the user can hide abuse filter entries. This will allow
them to select multiple checkboxes to hide at once (without having
to shift and selecting the first and last).

Bug: T311954
Change-Id: I1aa4fa3fa7016a5d9ae4a904c151011743d2c8ed
2022-07-03 16:56:03 +01:00
Umherirrender dc4dd928b7 Call IContextSource::getAuthority instead of IContextSource::getUser
Change to use Authority object where possible
to use the interface instead of implementation

Change-Id: I90ef126b3d799c3fc27467a4ffe671785c446d3e
2022-07-03 16:37:18 +02:00
Matěj Suchánek be247401bb Clean up AbuseFilterViewExamine and AbuseFilterExaminePager
Move most stuff from the pager to the view class to untangle
circular dependency. Declare class properties as private.
Leave input validation to the form.

Change-Id: Ia8b1a9d08af9c0cac23b34f6bbbe2c44d01f6c8c
2022-07-03 11:29:43 +02:00
DannyS712 139ca18efe Migrate AbuseFilterPermissionManager to authority
Almost all callers already provide an Authority in the form
of a User object, so mostly just need to change the typehints

Depends-On: I58661943c7e1acb6ff09798ee1a30be0fde3f459
Change-Id: I2ad86859c8194c14d7331f58db62b7cff4698085
2022-07-01 06:58:17 +00:00
Matěj Suchánek 60e03c965e Fix form input normalization
Prevent invalid assignments to properties. On
Special:AbuseFilter/test/123, handle when id of
a non-existing filter was provided. Allow '0'
as user and title on Special:AbuseLog and
Special:AbuseFilter/test.

Change-Id: I196ae62b165d1a60babaf4fe6bd733aa52be1726
2022-06-29 12:19:24 +02:00
Reedy 60cb198e81 SpecialAbuseLog: Don't call explode() on null
Bug: T311579
Change-Id: I2481beb2344a57242795a722e255e119ea29ac18
2022-06-29 01:14:07 +01:00
Umherirrender 9abc464e3d Use UserIdentity/Authority in SpecialAbuseLog
Change-Id: I5b3b2b758e17c94298e7217d755dd8c7b08cb1ac
2022-06-28 19:30:37 +02:00
jenkins-bot 50311e750d Merge "Remove SpecialAbuseLog::isHidden" 2022-03-27 18:27:05 +00:00
Func 24f5ca6e2d Use setTitle() instead of setAction() where posible
The getLocalURL() method can return url with query string when
wgArticlePath is configured to do so, and query string of GET form
would be ignored by browsers.
The setAction() method is problematic (T285464 and above) and hard to
warn the wrong usage. I'm going to go through and fix every use case,
and finally deprecate it.

Change-Id: I66b634f0cc996be3d7048d410b46fe77c88f9879
2022-03-27 21:06:38 +08:00
Daimona Eaytoy 773d553c8e Remove SpecialAbuseLog::isHidden
This is a breaking change for the API: 'hidden' is now either true or
false, depending on afl_deleted. 'implicit' is no longer a possible
value, the caller should compute it instead if necessary.

Then simplify the remaining usage of isHidden, using a temporary private
method.

Bug: T291718
Change-Id: I97b5195d306c35ddca3f071d9ff4d896f9fd5c8d
2022-03-25 21:22:59 +00:00
Alexander Vorwerk 4aedfe8d91 Use updated ObjectFactory namespace
Change-Id: I99c5e5664d2401c36a9890f148eba7c25e6e8324
2022-03-09 22:17:07 +00:00
C. Scott Ananian aecfc7e62e Replace use of deprecated OutputPage::enableClientCache( false )
Replaced with the more readable ::disableClientCache() method, added
in 1.38.  Minimum MW version bumped to match.

Depends-On: I7c89e20528a0d91173f0edcb997dcae631935ee5
Change-Id: I91d0b8e8f69a2d309b6fc61e13bfb5d86dc0218d
2022-02-04 14:29:43 -05:00
Umherirrender 1b2551701e Avoid SpecialPage::getContext in SpecialAbuseLog::__construct
The special page itself is a MessageLocalizer
SpecialPage::getContext on constructor results in global state

Change-Id: I6a3dd263dbe02111aea65a087ce69a5a191f63fc
2021-11-09 22:09:49 +00:00
Daimona Eaytoy 020f8a09b4 Remove leftovers of AbuseFilterAflFilterMigrationStage
On second thought, no need to keep the migration script now, since it's
unusable anyway.

Also remove an usage in SpecialAbuseLog, likely a rebase artefact.

Change-Id: I938924b3617ef30046d8317e68a101ed2c1883d3
2021-09-25 03:48:37 +02:00
jenkins-bot a332b3ff0f Merge "Remove afl_filter entirely" 2021-09-25 01:39:08 +00:00
Daimona Eaytoy e8471a717c Add method to properly check visibility of AbuseLog entries
This replaces the previous pattern of callers having to use
RevisionLookup if the result was 'implicit'. Also, in some cases where
we were just hiding things if the visibility was !== true, properly
handle the implicit case by using the new method. Make the new method
return string constants rather than bool|string.

The new method also fixes some potential info leaks which happened when
the row was hidden, the user could view suppressed AbuseLog entries, but
the associated revision was also deleted and the user couldn't see it
(this shouldn't be relevant for WMF wikis since AF deletion is
oversight-level).

Also add a bunch of tests for the various cases to ensure we don't
regress again.

Bug: T261532
Change-Id: I929f865acf5d207b739cb3af043f70cb59243ee0
2021-09-25 00:08:33 +00:00
Daimona Eaytoy dae374aec2 Remove afl_filter entirely
As per T220791, the old schema and the flag can be removed in 1.38.

Bug: T220791
Change-Id: Ic6b1c8a22d17a301faf32d2e23778d90c41c39de
2021-09-18 11:06:10 +00:00
Daimona Eaytoy a722dfe1a4 Rename ParserFactory -> RuleCheckerFactory
The old parser now has the correct name "Evaluator", so the
ParserFactory name was outdated. Additionally, the plan is to create a
new RuleChecker class, acting as a facade for the different
parsing-related stages (lexer, parser, evaluator, etc.), which is what
most if not all callers should use. The RuleCheckerFactory still returns
a FilterEvaluator for now.
Also, "Parser" is a specific term defining *how* things happen
internally, whereas "RuleChecker" describes *what* callers should expect
from the new class.

Change-Id: I25b47a162d933c1e385175aae715ca38872b1442
2021-09-08 21:59:34 +02:00
libraryupgrader 2a4860e322 build: Updating mediawiki/mediawiki-phan-config to 0.11.0
Change-Id: I097d051e3c30e61d74a8e329b6110b219c72ec1a
2021-09-07 19:30:42 -07:00
Alexander Vorwerk 8e7d389029 Disallow interwiki on Special:AbuseLog
Bug: T288155
Depends-On: Ic00f4a0f27747b5ff0893b4c01f42f68a99771ab
Change-Id: I62574460bfaea04af2f617ca0929246c784cb4e8
2021-08-05 11:15:39 +02:00
libraryupgrader 5377ebe819 build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 36.0.0 → 37.0.0

npm:
* postcss: 7.0.35 → 7.0.36
  * https://npmjs.com/advisories/1693 (CVE-2021-23368)

Change-Id: I2b382f3bb236fb44eb24c6a257b13b8fd886541c
2021-07-21 18:51:18 +00:00
jenkins-bot 997e665530 Merge "Don't use p class="success" for success messages" 2021-06-04 08:59:58 +00:00
Umherirrender 1fa7a83f60 Use static closures where safe to use
Created by I25a17fb22b6b669e817317a0f45051ae9c608208

Change-Id: I533690311ca559685de8a4bf123348c9bcfa5931
2021-04-30 20:55:35 +02:00
mainframe98 a32d483ef4 Don't use p class="success" for success messages
These are part of legacy styles and aren't provided by all skins.
Using Html::successbox abstracts the classes away.
Internally that uses div class="successbox" instead.

Bug: T280766
Change-Id: I0cca59e2f391510095c2c6fb187ace5e91fdde8b
2021-04-30 18:19:31 +00:00
Matěj Suchánek 644b7aa288 Clean up AbuseFilterViewHistory and AbuseFilterHistoryPager
- Untangle circular dependency.
- Inject dependencies.
- Declare class properties as private.

Change-Id: I7b9892c85d168024d6b44d182af9443fdfee45cc
2021-04-18 18:31:17 +02:00