Commit graph

4525 commits

Author SHA1 Message Date
Daimona Eaytoy 4950bf6664 Validate the abusefilter-blocker name
In T209565#4826952 I discovered that if the "abusefilter-blocker"
message is an invalid username, we silently end up without a system
user, thus risking to break something. Instead of silently failing, emit
a warning and use the default name. As I wrote in the code comment, we'd
better avoid throwing, because the message can be modified by anyone,
who could then break the site.

Change-Id: Ifa866bd9676945bf94e7e481adf6ad0d6cf4370c
2018-12-17 16:02:24 +01:00
jenkins-bot 102f6f7497 Merge "Fix big problems with normalizeThrottleParameters" 2018-12-17 03:34:34 +00:00
Daimona Eaytoy aa280998c0 Fix big problems with normalizeThrottleParameters
My final testing unveiled 4 problems, see T209565#4780868. Testing again
after this patch yields the expected outcome.

Update: A fifth problem is that we cannot disable throttling if throttle
groups are empty or fully invalid: that case is similar to the one with
invalid rate, the throttle limit is never reached and thus throttle just
doesn't work. Instead, ask users to fix it by hand.

Bug: T203336
Bug: T209565
Change-Id: Id03c9880f60764efc596ac40b8662087fdb30550
2018-12-15 18:36:16 +01:00
Daimona Eaytoy f49d4e5caa Emit debug logs when filtering without title
We have two situations where we try to execute filters without a title.
However, the code doesn't handle it correctly: some points expect $title
to actually be a Title object, and we also pass it around using a hook
which explicitly says it always pass a Title. This patch adds two debug
points to help understand why we end up with null titles, so that we can
fix it upstream.

Bug: T144265
Change-Id: I35bfc483a0c69a5cbd38eae8ba299189955fa1ec
2018-12-13 20:34:21 +00:00
Translation updater bot d7629efb7c Localisation updates from https://translatewiki.net.
Change-Id: Ia04342b79dd9b1f417bde496bbee73161539c68c
2018-12-11 22:39:26 +01:00
Translation updater bot c496545573 Localisation updates from https://translatewiki.net.
Change-Id: Ib777ddf8193849f1b708d8df16e1a265cdbac43d
2018-12-09 22:38:41 +01:00
jenkins-bot be8fda1bde Merge "ve.init.mw.AbuseFilterSaveErrorHandler: Update to receive entire response" 2018-12-07 19:41:50 +00:00
Bartosz Dziewoński 800ff6d899 ve.init.mw.AbuseFilterSaveErrorHandler: Update to receive entire response
Change-Id: I8d5f60f8d54cbaaf1801a85cb6e12a8f3d4370a4
Depends-On: I818d916275b8451af6910ddaa7cd4d7c653085ee
2018-12-07 14:18:12 -05:00
MarcoAurelio 5bff9385eb build: Update phan-taint-check-plugin to 1.5.1
Change-Id: I9ba855b041958b995f1139cb3e36298e1247f5b9
2018-12-05 22:18:15 +00:00
daniel 688eccea47 Expose text from all slots to AbuseFilter
This is a first step towards MCR support in AbuseFilter. The textual
representation of all slots is concatenated. Since AbuseFilter uses
getTextForSearchIndex to determine the textual representation of
content, blind concatenation should not break any assumptions
made by AbsueFilter rules: this naive approach is no worse than
AbuseFilters handling of non-textual content in general, and should
work fine for textual content.

Bug: T209291
Change-Id: Ic141085cad2e11bfe106fe83dafcb35ac31206ba
2018-12-05 09:24:08 -08:00
MarcoAurelio 5ad80d2c13 build: Update npm dev dependencies
stylelint                   9.2.0  →  9.9.0
 stylelint-config-wikimedia  0.4.3  →  0.5.0

Change-Id: Id818e6273bc0f416e0b8fcf5bb5d52494a418ee8
2018-12-05 11:44:28 +00:00
Translation updater bot 3238b3205c Localisation updates from https://translatewiki.net.
Change-Id: If4d2c796280785d48d8e7c550b9cd95ff3a3a7d9
2018-12-04 22:14:22 +01:00
jenkins-bot 1dd8f41d0d Merge "Use the updated TitleMove hook to filter move actions" 2018-12-04 19:32:04 +00:00
Daimona Eaytoy 206bdc1f6a Use the updated TitleMove hook to filter move actions
For several reasons:
*We're not really checking permissions (and the hook previously used is
meant to be used in such case)
*We'll show a cleaner error message (i.e. without the "You do not have
permission..." part)
*Filtering will happen closer to the actual move

Bug: T208907
Depends-On: I4733724075b7514e9db59e7be772d9409aa9da87
Change-Id: If88f736a446247f8b4b13c055c641d56f544d1ea
2018-12-04 18:58:04 +01:00
jenkins-bot 23a7aa69a5 Merge "Fix regex group counting for get_matches" 2018-12-04 13:58:06 +00:00
jenkins-bot bb289862ff Merge "Remove code for old global variables" 2018-12-04 06:27:32 +00:00
Huji Lee b523194032 SECURITY: Remove private information from the API results
Later, we will add a new POST request which will allow retrieving
the private details; it will have a mandatory "reason" parameter,
and will result in a log entry in the private details access log,
just like the web interface.

Bug: T210329
Change-Id: Iaca492371f48fecf543268c179a651841ed12c3f
Signed-off-by: sbassett <sbassett@wikimedia.org>
2018-12-03 23:11:32 +00:00
Translation updater bot 88ccbfcf48 Localisation updates from https://translatewiki.net.
Change-Id: Ic25dc7ce09e4ed369c00c32cdbcb76700abbd3c8
2018-12-02 22:14:51 +01:00
Daimona Eaytoy 7ca0941d1f Remove code for old global variables
Those two global config variables were removed more than 2 years ago, in
I790d39c2849922d7daf7479f298cd90cf30af129. Nothing else in the code
references them, so we can just remove the warning.

Change-Id: I427d06a80131447ea64064f45e84349f93e72cca
2018-12-02 16:24:09 +01:00
Translation updater bot 36740c0d2f Localisation updates from https://translatewiki.net.
Change-Id: Ia08508a1dd490476f9812536abce43b89ca594ff
2018-12-01 22:17:28 +01:00
jenkins-bot dff5cd89f9 Merge "Further clarify docs for emergency disable" 2018-12-01 01:32:31 +00:00
Translation updater bot 0ce3eb201e Localisation updates from https://translatewiki.net.
Change-Id: I2219139d93c0d6d0937392a5e054da5e27fe5c88
2018-11-30 22:49:36 +01:00
jenkins-bot 8d1231e88b Merge "Bring in VE support from VE extension" 2018-11-30 20:02:20 +00:00
Ed Sanders 687106d8af Bring in VE support from VE extension
Change-Id: Ib1354f0404209a15194895026ff9d179d16b1900
2018-11-30 10:59:16 +00:00
Translation updater bot b1a0f6f8e3 Localisation updates from https://translatewiki.net.
Change-Id: I0c067d16b221d9257e1caf05bd18644d35b71aeb
2018-11-29 22:26:17 +01:00
Daimona Eaytoy 6aff37fb52 Further clarify docs for emergency disable
This is a follow-up to Ic3bc6e36506973b19a9b1bcecbc1a5080faed2ec. I
believe it's important to specify how many recent actions we're looking
at, and I also think it's not nice to rely on a variable amount of
actions to determine whether a filter should be throttled. Also, require
a $group parameter in filterUsedKey (we always pass one, and there's no
reason not to).

Change-Id: I0384d3f1913ead593f605248950606c81c8f8542
2018-11-28 19:29:15 +01:00
jenkins-bot 6460cbc750 Merge "Migrate AbuseFilterConsequencesTest from tag_summary to change_tag" 2018-11-28 07:52:09 +00:00
Amir Sarabadani fd3e3e78cb Migrate AbuseFilterConsequencesTest from tag_summary to change_tag
Bug: T209525
Change-Id: I6ab0b29800d7654164e8d23fb24b81529b0d2c88
2018-11-28 08:04:51 +01:00
Translation updater bot 9d2e968b14 Localisation updates from https://translatewiki.net.
Change-Id: I66592aa90e17c69f1fcd63465ae8cff1af752666
2018-11-27 22:14:25 +01:00
Translation updater bot c79f4b3b83 Localisation updates from https://translatewiki.net.
Change-Id: I9944b8b31f605a62fdd6c6d38288423d65dc4a72
2018-11-26 22:31:54 +01:00
jenkins-bot 6be748aae5 Merge "Clarify code and docs for automatic throttling" 2018-11-26 16:11:28 +00:00
Daimona Eaytoy 1f2b7474ed Clarify code and docs for automatic throttling
For the docs part: make it clear how things work there. For the code
part, these are mostly style changes: shorter variable names, no
unnecessary parameters, make the method private, use clearer variable
names.

Change-Id: Ic3bc6e36506973b19a9b1bcecbc1a5080faed2ec
2018-11-26 16:51:10 +01:00
Translation updater bot 1edc6e99e4 Localisation updates from https://translatewiki.net.
Change-Id: Icf17cfa81a32b55f6469f4139557a6bf77530d80
2018-11-25 22:33:38 +01:00
Translation updater bot 5b9cc7610b Localisation updates from https://translatewiki.net.
Change-Id: I0e820fbe59c1d54474ca422e532b967db0cbd986
2018-11-23 22:17:22 +01:00
Ed Sanders 052c68f639 build: Update eslint-config-wikimedia to 0.9.0
Change-Id: Ia31860b5fcf43ec512fb82c2c332ac08cbf12cf1
2018-11-23 15:50:29 +00:00
Ed Sanders 663a66dc0a Remove obsolete aliases from closures
Bug: T208951
Change-Id: I1330672b62c9d8f49cf31264995e7a07b467178f
2018-11-23 15:44:58 +00:00
Translation updater bot 426dd086c8 Localisation updates from https://translatewiki.net.
Change-Id: I04fa0fb3fc70448cb1f58badd8b2bc3784f8514f
2018-11-22 22:21:32 +01:00
Translation updater bot 8cdd899c16 Localisation updates from https://translatewiki.net.
Change-Id: I860431e05635a439d5a27f6e5740b1ff9e519e57
2018-11-21 22:28:51 +01:00
jenkins-bot e10dc54067 Merge "Remove wgParser and wgRequest" 2018-11-20 00:50:05 +00:00
Translation updater bot ee74df554f Localisation updates from https://translatewiki.net.
Change-Id: I3e6fba12f7f2fbeed4deaef740e9b7049f9b7ab7
2018-11-19 22:10:52 +01:00
Daimona Eaytoy 4480c9493a Remove wgParser and wgRequest
As part of the deprecation process of non-config globals.

Change-Id: Ia84ddc20adbfda72347cf256601050b055b87ecf
2018-11-19 13:40:58 +01:00
Translation updater bot 2b5fb86f97 Localisation updates from https://translatewiki.net.
Change-Id: I08e09856184c6ed997a56ec4a695333a56f8bb43
2018-11-18 22:48:19 +01:00
jenkins-bot 0d58f78030 Merge "Revert "Revert "Add typehinting for every object-only parameter""" 2018-11-18 16:27:27 +00:00
Translation updater bot bc53b92ec2 Localisation updates from https://translatewiki.net.
Change-Id: Ib329c8cbc0bc946e584f0458d4702418fa595ffc
2018-11-17 22:19:36 +01:00
Translation updater bot 127862a7db Localisation updates from https://translatewiki.net.
Change-Id: I80148cdf6f4d3b159eb8d023dbb54da255690ceb
2018-11-16 22:29:19 +01:00
Translation updater bot 2c57dc9330 Localisation updates from https://translatewiki.net.
Change-Id: Ic8a8a9069d67716962cbe39b97e1b5042d5fb852
2018-11-15 22:59:52 +01:00
jenkins-bot 6541d7c5cc Merge "Check that the user block is sitewide when determining permissions" 2018-11-15 17:26:21 +00:00
Daimona Eaytoy 346063eec0 Check that the user block is sitewide when determining permissions
And bump MediaWiki version.

Bug: T208621
Change-Id: Icfcf09c5d7c7498711cb000c3bb16480270efb9c
2018-11-15 17:59:22 +01:00
Daimona Eaytoy badde6ba75 Revert "Revert "Add typehinting for every object-only parameter""
This reverts commit 1ed75b4ae0.
Fixed the one which caused errors, by making articleFromTitle
only use WikiPage, instead of silently mixing WikiPage and Article.

Note for reviewers: this patch is identical to the one which was
previously +2ed, which was mostly correct. To see the actual change,
diff AFComputedVariable with 1..current.

Change-Id: I6747eaed861af6c40a3b1610aebcc1174296e9ed
2018-11-15 10:09:16 +01:00
jenkins-bot 213c2aa011 Merge "Change throttle selector to restore old functionality, overall improvement" 2018-11-15 00:58:11 +00:00