Commit graph

1883 commits

Author SHA1 Message Date
Umherirrender c72b6a20f0 Pass ParserFactory to LazyVariableComputer
Make the init of Parser lazy

Bug: T343070
Change-Id: If0f0ca3c4aa2136c85903289f7f80b95dc5132c8
2023-07-29 14:20:07 +02:00
AnaïsGueyte 2efd6d9ac9 Replace userNameUtils with UserIdentityUtils
Where UserIdentity is available and where it's necessary to check ::isNamed

Bug: T342741
Change-Id: I5b52686f1c072282e76874f3863962345ca8097e
2023-07-27 10:29:31 -03:00
Matěj Suchánek 82ff324ae9 Remove faulty phan suppression
Change-Id: I5928d14f92d2bf7e8ceae9b40086533d7e0d0061
2023-07-21 21:47:34 +02:00
jenkins-bot ad37cd8725 Merge "Get parsed content from PreparedUpdate" 2023-07-18 14:15:40 +00:00
jenkins-bot 78c7334d6a Merge "Split VariableGenerator::addEditVars" 2023-07-17 23:26:53 +00:00
Matěj Suchánek 1e93f8b674 Get parsed content from PreparedUpdate
This finally makes new_html work for non-wikitext contents.

Bug: T264104
Change-Id: I1174b63a8e3a96e83ee7472dd086bfc91636316c
2023-07-16 14:48:30 +02:00
jenkins-bot 9aa87e9234 Merge "Clean up AbuseFilterViewTestBatch" 2023-07-12 13:12:47 +00:00
Matěj Suchánek 49edc86a78 Split VariableGenerator::addEditVars
This method actually consists of two: add derived vars, and initialize
content vars. The former part depends on no parameters of this method.
On the other hand, the latter part combines multiple implementations
for some of the content variables using branching.

The branching is a dirty workaround and inferior to the GRASP principle:
"When related alternatives or behaviors vary by type, assign
responsibility for the behavior to the types for which the behavior
varies."
In other words, the callers (extensions) should be responsible for
choosing the initialization strategy themselves, instead of letting
VariableGenerator figure it out.

As the first step, split the former part to a separate method.
For now, it will be implicitly called by ::addEditVars.

Change-Id: I5ff00dbdbf29ec54eabfd95c44a4fd7f713969f5
2023-07-05 14:58:32 +00:00
Tim Starling fe592746b7 Use the new Wikimedia\Diff namespace
Bug: T339184
Change-Id: I381686678524868c85466bdafde3856a73a8cb1c
2023-06-29 11:56:13 +10:00
Abijeet b1e404fc79 ConsequencesFactory: Avoid creating Session object during service wiring
Service wiring should only depend on config, not on request state.

Creating a session object during service wiring causes issues with entry
points such as opensearch_desc.php that disable the session.

Bug: T340113
Change-Id: I2450b0b6821ff0b097e283ff660a0b8aeea9590a
2023-06-27 20:11:38 +05:30
Matěj Suchánek c2a40fb0ff Clean up AbuseFilterViewTestBatch
Inject dependencies, use implicit form validation.

Change-Id: I74afeeceb39ada93cf3c20d5d3fc417ab4e3bf4b
2023-06-27 10:53:45 +02:00
jenkins-bot c897335bd7 Merge "Various code style clean-ups" 2023-06-23 18:43:58 +00:00
jenkins-bot 0c33716f5b Merge "Mark protected stuff in classes with no subclasses as private" 2023-06-23 18:35:48 +00:00
thiemowmde 9316a7d65f Mark some unused public class features as private
These are not used anywhere outside of these classes.

Change-Id: I0a0a5cf1e84133bae69b95da771c285ee27f926c
2023-06-23 12:32:38 +02:00
thiemowmde d9bca83ec6 Various code style clean-ups
For example:
* Use the more meaningful str_contains().
* Add missing type hints.
* Make use of early returns/guard clauses.

Change-Id: Id150d1b17a80ea637a0639a8f2fd7fd017ad23b1
2023-06-23 12:32:12 +02:00
thiemowmde 24888bea15 Mark protected stuff in classes with no subclasses as private
Protected effectively means "public to subclasses" and should be
avoided for the same reasons as marking everything as public should
be avoided.

Change-Id: Iba674b486ce53fd1f94f70163d47824e969abb77
2023-06-23 12:28:06 +02:00
thiemowmde 0bb3aa38ed Fix removing a domain when the page doesn't exist
This was an unfortunate mistake in the refactoring in I2ccb587,
caused by incomplete documentation and a confusing mixture of
possible return types.

I9166c2b fixed one of the two places already. The situation in this
patch here cannot really happen in reality (there is nothing to
remove when the page is empty). Still I think the code is easier to
read when the two places behave the same.

Change-Id: Iea51c3a7a8185cbc3771143353f4795dde712ec4
2023-06-22 11:54:53 +02:00
Amir Sarabadani 8f216a6030 Fix adding a domain when the page doesn't exist
It should fail on null but it should create the page if it doesn't
exist or doesn't have any content yet.
This is breaking the special page, see:
[[de:234828092#New_special_page_to_fight_spam_//_Neue_Spezialseite_zur_Spam-Bekämpfung]]

Change-Id: I9166c2bdcfacb4b19706d246fbf99b2f24ca4cc6
2023-06-22 08:36:49 +00:00
Timo Tijhof 110484b6a0 BlockedExternalDomains: De-duplicate validateDomain logic
Bug: T337431
Change-Id: Icbedf750f6ecaa9caf7bb900e8ad0bc2124e8743
2023-06-19 13:36:32 +00:00
Timo Tijhof 203d54be11 BlockedExternalDomains: Optimize host extraction by using parse_url
Unlike what the 20-year old source comments in UrlUtils.php would
have you believe, parse_url() works fine nowadays, including for
protocol-relative URLs and indeed lots of prod code uses it directly.

The class still has some convenience value for case where you need to
expand or manipulate URLs, but for the common case of extracting a part
of it, you really don't need it.

Test plan:
$ php phpunit.php ../../extensions/AbuseFilter/tests/phpunit/integration/FilteredActionsHandlerTest.php

Bug: T337431
Change-Id: I1e76d2f5aef65365743214530faba656325b965a
2023-06-19 13:36:27 +00:00
Timo Tijhof ee238e79b9 BlockedExternalDomains: Minor code clean up and docs improvement
* Remove stray `@ingroup` from file blocks, move to class block.

* Fix mention of "WAN" cache where actually APCU is used.

* Document that the storage class takes a local-server cache.
  This is an important requirement since the class has no
  coordination for purging or other invalidation. It expects
  an uncoordinated cache.

* Rename "load" to "loadConfig" as it's ambigious what it means among
  the half dozen other "load*" methods in this class. Also inline
  loadFromConfig and loadComputedUncached while at it to further
  reduce this.

* Rename "loadConfigContent" to "fetchLatestConfig" to match
  the existing fetchConfig, which does the same thing except it queries
  the primary db using READ_LATEST.

* Use Html.php when building HTML, instead of legacy Xml.php.
  While at it, also switch a few to Html::element instead of
  Html::rawElement (aka Xml::tags) by using Message->text() for
  messages that are not expected to contain rich wikitext.

Change-Id: Ic74d1597aa9201b371894e7a4bf9361752d9db21
2023-06-19 13:36:23 +00:00
Amir Sarabadani 9dc1a601ac Blocked domains: Fix removing a domain via the special page
Doing unset on array leads to the final array turning into associative array
and gets blocked by the validator.

You can check that it's broken in Persian Wikipedia, beta cluster or
localhost. Tested locally, fixes the issue.

Bug: T337431
Change-Id: Ib1be294bae1ae057dfb9a4445a8e13ac72b333b9
2023-06-18 00:35:21 +02:00
Amir Sarabadani 8b67de5bc1 blocked domains: Make sure users can't bypass the list by using uppercase
Added tests too

Bug: T337431
Change-Id: Ie3406d0b3c7d82ba44c11865e493375453555664
2023-06-16 01:22:48 +02:00
jenkins-bot 596a36866b Merge "Add missing AbuseFilterServices::getHookRunner()" 2023-06-15 18:06:28 +00:00
jenkins-bot 12d6d204ce Merge "BlockedDomains: Add logging in case of hit" 2023-06-15 16:33:37 +00:00
Amir Sarabadani da53cfe9dd BlockedDomains: Add logging in case of hit
This is basically copy paste of SpamBlacklist logging with the added
extra bit of what triggered the hit.

Bug: T337431
Change-Id: Ieb9e3ca615af88ab56735b56e24c80c42a68d478
2023-06-14 22:23:50 +02:00
thiemowmde b63d5c138e Use much more narrow IReadableDatabase and related where possible
Much more narrow interfaces. This code doesn't need more.

Change-Id: Iab0f1da27968246333a4a555b02bfb750cf9eedb
2023-06-14 19:42:01 +00:00
thiemowmde 7e6132d4d7 Remove bits of unused code across the codebase
Mostly found with the code inspection tools in PHPStorm.

Change-Id: I7f59dddca0aaab0ddd1093d52c07ec12efd20d6d
2023-06-14 19:41:00 +00:00
Lucas Werkmeister 9bb4b1e5db Add missing AbuseFilterServices::getHookRunner()
And register AbuseFilterRunnerFactory as a service name that’s allowed
to not have a getRunnerFactory() method without the test complaining
(the service was renamed, getFilterRunnerFactory() exists).

Change-Id: Idedb87e64a6df02b0edae8d9e7dbf441752dc480
Needed-By: If5af88e7f70b83d53f66b9617a5ef37daf81830f
2023-06-14 17:35:43 +02:00
Amir Sarabadani 191e719a79 Fix cases of LogicException in $update->getParserOutputForMetaData()
Abuse filter needs to check both if the update is available and if the
page is rendered. This is the exact issue FlaggedRevs have:
050b9593fb/backend/FlaggedRevs.php (L718)

Bug: T339094
Change-Id: I943c8dbb525dc4c988e97e180474ea71b4cf731d
2023-06-14 13:35:16 +02:00
Matěj Suchánek 8fb53edfbb Retrieve external links from PreparedUpdate
When forFilter is true and PreparedUpdate is available
(most save operations), retrieve all_links from
PreparedUpdate::getParserOutputForMetaData. Otherwise
do what was done before.

Note that this change probably leaves some dead code. It will be dealt
with later.

NOTE: this changes code potentially executed on every save operation.

Bug: T65632
Bug: T264104
Change-Id: I3628a56e5277846c1b90444fb55983870eb54c1e
2023-06-13 14:30:06 +02:00
Matěj Suchánek d82a716ad0 Make old_links retrieval cleaner
The method for old_links retrieval depends on the "forFilter"
value, which we know in advance. If it's true, old_links should
be retrieved from the database. Make a case in the switch
that does nothing but retrieves links from the database,
and direct the evaluation to it.

This change was split from I3628a56e5 to make its review easier.

NOTE: this changes code potentially executed on every save operation.

Change-Id: I33b688f6be3c58beec403f7bf26407a42e7c18ab
2023-06-13 14:03:21 +02:00
jenkins-bot fad3a6e888 Merge "Fix error reporting in BlockedDomainStorage for real" 2023-06-12 21:28:38 +00:00
jenkins-bot 54b9cbd6da Merge "BlockedDomains: Use cleaner array building and add tests" 2023-06-12 18:06:38 +00:00
Amir Sarabadani 60cbc3b464 BlockedDomains: Use cleaner array building and add tests
Regarding array building: Instead of adding to array with
$array[] = 'foo' and then doing array_flip(), simply do
$array['foo'] = true;

Regarding tests: I originally wanted to create a unit test but I ended
up mocking so many things that it wasn't worth it and the config variable
is globaly which first we need to clean up after deployment is done.

Bug: T337431
Change-Id: Iac8dca7078668ee3441d19b6aafe499c1aa0d732
2023-06-12 17:46:55 +00:00
thiemowmde 518955f9c3 Fix error reporting in BlockedDomainStorage for real
This is a direct follow up for I6373fa6 where we apparently fixed
half of the cases while breaking the other half. There was actualy
a code path that can return null, and anther one that can return a
status object.

Since there is never anything done with the status object we can as
well get rid of it and always return null in case of an error.

Bug: T337431
Bug: T279275
Change-Id: I2ccb58756182897bcd6649c9f589e2f7a0321b20
2023-06-12 17:11:49 +02:00
jenkins-bot afaf9d34f8 Merge "Fix broken error reporting in BlockedExternalDomains" 2023-06-12 14:20:20 +00:00
thiemowmde 1eb985c619 Fix broken error reporting in BlockedExternalDomains
Apparently a mistake from I3df949c.

Bug: T337431
Bug: T279275
Change-Id: I6373fa6de561b3018e85f61f5e45ed8c886ce311
2023-06-12 10:52:35 +02:00
thiemowmde 84058c3d96 Make use of the ??= operator and such where it makes sense
We can avoid a bit of code duplication and move code closer together
when it belongs together.

Change-Id: Iffca7e4abfbf03d4663ee909220057bcbd54da75
2023-06-12 10:27:03 +02:00
Amir Sarabadani 9ca20e7749 Make edit summary of blocked domain changes use i18n
It shouldn't be all in English.

Bug: T337431
Change-Id: I57c6b08b652e83baaef41ab0b74af7a4668698a2
2023-06-08 22:06:19 +02:00
Amir Sarabadani 0acfe05251 Add abusefilter-bypass-blocked-external-domains right
This is similar to sboverride right in SpamBlacklist. Defaults are also
the same

Bug: T337431
Change-Id: Iaff91c1f9f7aece0787348dd071701ef99e0291d
2023-06-08 22:06:19 +02:00
Amir Sarabadani 7658885d75 BlockedDomains: Make lookup for domains added in blocked domains faster
We will have a pretty large list of blocked domains that we need to
swift through in each edit for any added domain. In order to cacth
subdomains being added, we have to do all sorts of complicated
operations and string search in large set of strings which is quite
slow. To fix that, let's simply pretend a user who has added
foo.bar.com, also added bar.com and com and do exact match in array of
strings making it much faster.

h/t Krinkle for the idea

Bug: T337431
Change-Id: I96795ed7d1a25f051db0b591dde21b032b138ded
2023-06-08 21:50:43 +02:00
jenkins-bot d6d8608161 Merge "Replace deprecated MWException" 2023-06-07 23:25:54 +00:00
jenkins-bot 90414626fb Merge "Degroup: Return early if user is a temporary user" 2023-06-07 17:18:46 +00:00
Daimona Eaytoy caee78c24d Replace deprecated MWException
These are all unchecked.

Bug: T328220
Change-Id: I8d2f098a8b634d4a226b40ddaef31f0303a0789f
2023-06-07 17:41:20 +02:00
Amir Sarabadani 462096f523 Allow interface-admins to edit blocked domains json directly
For now, we will revisit this in the future. Specially if the
communities think otherwise.

Bug: T337431
Change-Id: I2847264eba9a3cc4fc47a22eacb523199015f9e7
2023-06-06 23:36:12 +02:00
Siddharth VP 8a22007034 BlockedExternalDomains: validate JSON structure before save
This makes raw page editing safer, and potentially enables opening up
access to less restricted user groups.

Bug: T337431
Change-Id: I14f21003a551f34b6e524e9b229613e79b0e5a70
2023-06-06 23:31:28 +02:00
Thalia 573838efc5 Degroup: Return early if user is a temporary user
Treat temporary users the same as IP users. Neither has user groups,
so return early for both.

Bug: T335062
Change-Id: I20b48608cf6ba5f8e8e36a378d66c603d84b032f
2023-06-06 14:10:21 +01:00
jenkins-bot 3feb7d5af0 Merge "BlockedDomains: Put a cache behind parsing of notes of blocked domains" 2023-06-04 15:33:00 +00:00
Amir Sarabadani be928818a4 BlockedDomains: Put a cache behind parsing of notes of blocked domains
It'll be 6K rows in enwiki, parsing 6000 wikitext notes is going to be
expensive.

Bug: T337431
Change-Id: I010d773a7b096c783f5da0d6997d946b3bfd6b6e
2023-06-02 20:13:33 +02:00
jenkins-bot 64ed21cff7 Merge "Use new DeferredUpdatesManager service" 2023-06-01 19:00:42 +00:00
James D. Forrester fb50c1f019 BlockedExternalDomains: Make this a special right, prohibit direct editing
Bug: T337431
Bug: T279275
Change-Id: I96d1e2c8d8728c26e38515032ef773770e26dda4
2023-06-01 09:20:44 -04:00
Amir Sarabadani adae5b95b5 Minor improvements to blocked domain filtering
See I3df949c4d41ce

Follows-Up: I3df949c4d41ce65bb4afa013da9c691ac05fc760
Change-Id: I81974a8d935838e00b4155454f2fb619f8a6bad9
2023-05-31 21:59:45 +02:00
Amir Sarabadani 53eb27f086 Introduce Special:BlockedExternalDomains
It is behind a feature flag. Improvements on it can happen in follow
ups. The patch is already quite massive.

Bug: T337431
Bug: T279275
Change-Id: I3df949c4d41ce65bb4afa013da9c691ac05fc760
2023-05-30 20:48:42 +02:00
Daimona Eaytoy 1c0e558c78 Use new DeferredUpdatesManager service
And remove some hacks for unit tests.

Change-Id: I4e9932a003ac7420f307f01b8d12062fd05a3bb8
2023-05-30 12:50:08 +00:00
Amir Sarabadani e9bec9ffa2 Improve support for read-new wikis with externallinks
Bug: T337149
Change-Id: I68e72243346725fa78281c78dbd6b4cab0b7cbca
2023-05-26 15:47:06 +02:00
jenkins-bot 17cb8ac514 Merge "Update user type checks to handle temporary users" 2023-05-26 11:56:35 +00:00
AnaïsGueyte d42b7335d5 Update user type checks to handle temporary users
* Set the same block expiry for temp and anon users
* Don't block autopromote for temp users; they can't be autopromoted
* Bail early from CheckUserHandler if the user is temporary

Bug: T335062
Change-Id: I6b72537f568c4c70a0b86f1825ea30b767f5634a
2023-05-25 17:26:58 -02:30
gerritbot 66c00defac Update moved class RawMessage
See T321882. Moved in I195cf4c67bd514

Bug: T321681
Change-Id: Ia5479b083c9c086b0fa11be6b1c8358ce9b920bf
2023-05-19 10:30:17 +00:00
gerritbot 3f7e5c9271 Update moved class WikiMap
See T321882. Moved in I60cf4b9ef02b9d5

Bug: T321681
Change-Id: I2c9a5dbde0080984dad1a23eba52504c4b7df4d1
2023-04-25 09:52:41 +00:00
Amir Sarabadani 66f79695d4 Use core's externallinks lookup
Depends-On: I8ae9ef388957b0c04efa281f3bc3b5796bec17fe
Bug: T326251
Change-Id: I34b4a151f23f834b695b0abba2982681b79f68e7
2023-04-24 15:12:41 +02:00
Umherirrender 6fabca14c8 Use renamed CheckUserInsert*Hook interfaces
Follow-Up: I8d632f2808fde57c977c0ed22531db7b3741beef
Change-Id: I88bee654f80d9c40996ebef75136f310520a496f
2023-04-22 20:06:24 +02:00
jenkins-bot d3b5dbb092 Merge "Add tests for extension.json and services" 2023-04-20 00:48:30 +00:00
Jean-Luc Hassec 9369d08773 When testing against a page creation in RC, set page_id to 0 as in the real filtering
Bug: T334617
Change-Id: Id4465cb36131b745d386168e7e158b6bb4d6418c
2023-04-13 08:55:35 +00:00
Jean-Luc Hassec 6c500f8ea9 Clean up unused DEMPTY data type
Bug: T334640
Change-Id: Ie20d760b6e31a9dc97083d3fe4008fb31c990076
2023-04-13 05:27:38 +00:00
Matěj Suchánek 0628dbdab6 Add tests for extension.json and services
Change-Id: Ie83e4a85a408e1ba1d2cc827c4bf353bdd5500df
2023-03-28 09:35:02 +02:00
jenkins-bot 290dd70bb2 Merge "Replace deprecated database object access methods" 2023-03-27 09:11:46 +00:00
jenkins-bot 9fcf5d92d1 Merge "Use actor table in AbuseFilter" 2023-03-26 00:25:50 +00:00
Matěj Suchánek bb78cb0a56 Use actor table in AbuseFilter
This patch migrates abuse_filter and abuse_filter_history tables
to new actor schema.

MigrateActorsAF was copy-pasted from core's
maintenance/includes/MigrateActors.php before removal (ba3155214).

Bug: T188180
Change-Id: Ic755526d5f989c4a66b1d37527cda235f61cb437
2023-03-22 14:01:29 +01:00
jenkins-bot 25b1820f4c Merge "abusefilter.css: Increase the default abusefilter editor width" 2023-03-15 14:00:30 +00:00
Daimona Eaytoy 31210e66f5 Re-add BC alias for the VariableHolder class
Looks like it's needed for the UpdateVarDumps script, so add a note
about that. Also add a type check to the script so that it produces a
clearer error message if it finds an entity with unexpected type.

Bug: T331861
Change-Id: I68f8f954ed754c4282e13599ce06118e2336ecbb
2023-03-13 13:46:09 +01:00
Matěj Suchánek 8f6a428f02 Replace deprecated database object access methods
Use the very new getPrimaryDatabase and getReplicaDatabase.
We skip FilterLookup and CentralDBManager in this patch.

Change-Id: I22c6f8fa60be90599ee177a4ac4a97e1547f79be
2023-03-08 16:50:56 +01:00
Taavi Väänänen 7789ce1090
UserRenameHandler: Use core RenameUser classes
Bug: T27482
Change-Id: Ia36cd6d0ae8562101f8bcb0ddbf647097b6a8429
2023-03-08 12:53:43 +02:00
TheresNoTime fdcf2aab36 abusefilter.css: Increase the default abusefilter editor width
Increase default widths from `65%` to `90%` for the editor, notes,
description, group inputs.
Add `mw-abusefilter-edit-description-input` id to
`abusefilter-edit-description` TextInputWidget.

Bug: T294856
Change-Id: Ia9472298170740a39fd24864003b766078fcdfaf
2023-02-07 20:59:13 +00:00
Matěj Suchánek 5dbb4792b7 Add styles to display zero contributions link in red
Bug: T327603
Change-Id: I319b69d21f3c6195cd9192285a3f0ec3b52bcfd0
2023-01-24 15:11:19 +01:00
Dreamy Jazz 8e4a1237f1 Hook on privateEvent and logEvent insert hooks like CuChangesInsert
Hook on to CheckUserInsertPrivateEventRow and CheckUserInsertLogEventRow
to override the IP, XFF and User-Agent string when the user is the
abuse filter user for log events.

These two hooks are being added as log entries are being removed from
cu_changes and added into two new tables. Because the columns and their
names are different for these tables, reusing the same hook won't work
for callers that rely on setting values for a specific column name.

Edits and log entries performed by the abuse filter user need to be
marked as being by the software (and not using the IP, XFF and
User-Agent provided in the main request).

These hooks will not be run until the appropriate config is set to
write to the two new tables. Until that point using the one currently
defined hook will work for all actions.

Bug: T324907
Bug: T44345
Depends-On: I7c7754323ade9a8d96273c1742f30b1b5fbe5828
Follow-Up: Idd77545af94f9f9930d9ff38ab6423a72e680df9
Change-Id: Id78417e9d95220946f110afbe1430df5b3bb4f4f
2023-01-08 13:09:52 +00:00
Dreamy Jazz d3d0910bee Add RecentChange as a optional parameter for CheckUser hook
Add RecentChange as a optional parameter to the code that hooks
on CheckUserInsertChangesRow as this hook will soon provide a
RecentChange object if this row was triggered by a RecentChange.
If this row was not triggered by a RecentChange, then this
parameter will be null. This needs to be added before the parameter
is added to the definition of the hook in the CheckUser extension
as the tests will fail if all usages do not already have the new
parameter.

Bug: T324907
Change-Id: I44e54a3fca5558a1cb8d8f06a3990ded863454bc
2023-01-08 13:09:23 +00:00
jenkins-bot 595b0a9969 Merge "Ensure IP, XFF and UA are valid for abuse filter user actions in CheckUser" 2023-01-06 20:51:17 +00:00
jenkins-bot 1ff0e96e38 Merge "Replace VariableHolder::$forFilter" 2023-01-05 21:23:24 +00:00
jenkins-bot 24d797e6cc Merge "Create real integration test for variables" 2022-12-22 02:07:02 +00:00
Matěj Suchánek 3e0d1b0d38 Set old_content_model & new_content_model for past changes
We might consider adding an in-process cache because there
will be a duplicate database lookup for content model and
wikitext of the same revision.

Bug: T230295
Change-Id: I9723f21069e03a49fa7131bd8f79c6e7e442104b
2022-12-18 16:01:45 +00:00
Matěj Suchánek 396d892c60 Use ActionSpecifier to load the IP address
To avoid access to the global request context.

Change-Id: I4d97dbe8b693f1fcd5a4e84f2376752d8e954c18
2022-12-17 22:52:24 +01:00
Matěj Suchánek 52dcd4624f Use ActionSpecifier throughout the code
The motivation is to have a single immutable object providing
information about the action. It can represent the current
action being filtered, but also a past action stored in the
abuse log. It will hopefully help us get rid of passing
User(Identity) and Title/LinkTarget objects around together.

Change-Id: I52fa3a7ea14c98d33607d4260acfed3d3ba60f65
2022-12-16 22:52:03 +00:00
Umherirrender 4139e5ef05 pager: Avoid unneeded database connection
Change-Id: Id548d1adab39c4a9b4e7ead4c87510b2fed39ff1
2022-12-11 13:06:08 +01:00
Umherirrender 6d65684a34 Replace deprecated Linker::commentBlock
Bug: T324906
Change-Id: I3b8f9b1295315d3a3cae6bbda2c5553129d2ba13
2022-12-10 22:32:53 +01:00
Matěj Suchánek dc59cad0a5 Replace VariableHolder::$forFilter
Each generator knows in which situation it is executed, and it
can pass this information to the computer. VariableHolder should
just hold the variables.

Change-Id: I0fb2e01e3e9457cd63948afe2a20439a1c800790
2022-12-02 08:10:15 +01:00
Matěj Suchánek 702d77e3ce Create real integration test for variables
For fixing bugs like T65632, T105325, or T264104, we will need
to update code in more than one place at once. To prevent
regressions, create an integration test which tests the whole
pipeline, from the request submission to variable evaluation.
Edits are simulated using action=edit API call because the hook
AbuseFilter uses is run from EditPage.

To increase confidence in test coverage, remove some annotations
from AbuseFilterConsequencesTest or make them less greedy.
Ideally, it would only test consequences.

This patch includes refactoring of AbuseFilterCreateAccountTestTrait
which now only inserts the user into the database if it really
should be created.
It also restores test coverage of some other classes.

Change-Id: I661f4e0e2bcac4770e499708fca4e4e153f31fed
2022-11-26 18:51:38 +01:00
Jon Robson 62e96a46a8 Register AbuseFilter menu as standard tabs
Core now supports special pages registering sub menus
natively in skins. The menu is rendered when the skin
supports it, so at current time of writing this will
only work in Vector 2022 and MinervaNeue.

The existing menu that appears under the abuse filter
page title is converted into the new format. For other skins
no difference.

Bug: T315553
Change-Id: Ief51a9c60125c11e3b735fabee2a4544b7955f64
2022-11-17 16:35:34 +00:00
Reedy 4f4f01f96d EchoNotifierTest: Use namespaced Event class
Re-enables test

Depends-On: Ib57ea2db947285946f31fa9912b37181044df9d3
Change-Id: I082868f4759a5da14235803ebd8a80e794cfe41c
2022-11-12 06:28:33 +00:00
dreamyjazz 627a73ec5e Ensure IP, XFF and UA are valid for abuse filter user actions in CheckUser
Change the IP to 127.0.0.1 (to indicate an internal IP), and blank
the XFF and UA when the performer of an action being logged by
CheckUser is the abuse filter user. Actions performed by the abuse
filter user can only be initated by the software, and as such should
not use the request's IP, XFF and UA. Also test the newly added
code.

Bug: T44345
Depends-On: I28acaaebd2d0067b700da0930e7b7ba924fa5c1c
Change-Id: Idd77545af94f9f9930d9ff38ab6423a72e680df9
2022-11-11 23:19:22 +00:00
thiemowmde 8f50f2a1a6 Fix missing null check for deprecated configuration
$wgAbuseFilterAnonBlockDuration is documented to be deprecated and
fall back to $wgAbuseFilterBlockDuration. This was just missing here.
This makes code fail in PHP 8.x where null is not allowed any more in
functions that expect a string.

Change-Id: I0edb0f14630aed88635aa564a11d6f42e470c29f
2022-11-04 15:36:13 +00:00
samtar e9e45cd225 AbuseFilterPermissionManager: Add sitewide block check
Add sitewide block check to `canViewPrivateFilters`

Bug: T296137
Change-Id: I2e4bceb8e35424d5c0c5ea902ed8f682bd33b6dc
2022-10-21 17:34:01 +00:00
Daimona Eaytoy 6a48423861 Avoid phan suppression
Document the parameter as non-empty instead.

Change-Id: Ia0f6b231fd05da82c1967e6b4e22bdd258435bba
2022-10-09 13:57:39 +02:00
libraryupgrader 380f7b010a
build: Updating dependencies
composer:
* mediawiki/mediawiki-phan-config: 0.11.1 → 0.12.0

npm:
* stylelint-config-wikimedia: 0.13.0 → 0.13.1

Change-Id: I424244de96b2da894d781047a1e336514cb7707c
2022-10-07 21:05:41 +03:00
Brian Wolff c6d3e6638c Explicitly cast mod (%) operhands to ints.
PHP does this automatically, however in PHP8 this causes an
E_DEPRECATED warning.

This fixes a phpunit test

Change-Id: Ie2b2dbf4a1c0ff500ba251ee43a37823432e3047
2022-10-03 08:30:45 -07:00
Timo Tijhof d2fc2ff8bb maintenance,includes: Clean up file headers
Follows-up Iaa1b4683c5c856.

* Match $IP pattern verbatim from most other WMF extensions.

* Improve descriptions a bit, and move/merge any meaningful
  information from file docblock into class docblock. The file blocks
  are visually ignored and identical in each file, and often out of
  date or duplicated when given text separately from the class block.

  See also similar changes in core:
  https://gerrit.wikimedia.org/r/q/message:ingroup+owner:Krinkle

* Use `@internal` instead of `@private` as per Stable interface
  policy.

Change-Id: I8bed9a625af003446c7e25f6b794931164767b5a
2022-09-29 17:56:49 +01:00
jenkins-bot 415a958cf1 Merge "Use DISTINCT on LazyVariableComputer::getLinksFromDB" 2022-08-06 22:57:46 +00:00
Umherirrender 9c3fc24f85 Use DISTINCT on LazyVariableComputer::getLinksFromDB
A protocol-relative URL has two entries for el_to in externallinks table,
the different is on the el_index colum

Bug: T314373
Change-Id: I3d6229aaa10a089baf15d5ba3407f6a8870429e3
2022-08-02 11:27:31 +00:00
Matěj Suchánek 86c2695557 Treat consequences params less aggressively and consistently
In theory, it's possible that some consequences could use "0"
as one of their parameters. At least change tags, see T296642.
But PHP treats "0" as false.
Also make the code on all places consistent.

Change-Id: I5255dfb26878ceb4f78c4d8277521edbb4821d7d
2022-08-02 11:57:48 +02:00
Matěj Suchánek 08f42494d3 Send CheckUser the IP address on account creation
We mask the IP address on purpose, so that it is not
leaked to the abuse log. This breaks CheckUser because
it attempts to assign an actor id to the "fake"
(uncreated) user account. So unmask the IP address
when we send the data to CheckUser.

Bug: T233004
Change-Id: Ib58193927bc8254d36a8de0fd1b5f9fba68a0cb0
2022-08-01 09:17:35 +02:00
Umherirrender 4fca77068c Clean up line indent with mixed tabs and whitespaces
Change-Id: Icc418130ad34e5f169bfc51bb13b58a7806bd636
2022-07-31 16:34:07 +02:00
jenkins-bot a017d73509 Merge "Make a separate method for ManualLogEntry construction" 2022-07-31 12:57:46 +00:00
Matěj Suchánek f142fee102 Make a separate method for ManualLogEntry construction
This step is a simple copy-paste. In the next step,
we will change the code a bit.

Change-Id: Id303a5da33ce0bbc0b58656a3f935f6f4c02d84c
2022-07-31 12:39:43 +00:00
jenkins-bot 2cff210d31 Merge "Use UserIdentity in VariableGenerator::addEditVars" 2022-07-30 13:55:24 +00:00
Umherirrender 7e8162c705 Special:AbuseFilter: Include primary key for unique pagination
A unique column is needed in the order to ensure the next offset is
correct and does not skip items

As mention in the doc for IndexPager::getExtraSortFields the extra
columns are not for pagination, only to help the optimizer building a
better query plan by mention denormalized columns.

Bug: T191694
Change-Id: I9fb9f848a0b165dbaa0a2b31d9504324f43578de
2022-07-29 17:38:13 +02:00
Umherirrender 081a8e3c3c Add LinkBatch to Special:AbuseFilter/home and /history
Combine the check for red/blue user/talk links into one database query
This can improve the performance of the page view when many filters
from many different users are linked

Change-Id: I0b87ee15ecee4cecd5d5d6164e8c18e1b788ecd1
2022-07-29 13:56:03 +02:00
Umherirrender da4bc8643a Use UserIdentity in VariableGenerator::addEditVars
Change-Id: If0a65d7a86de776e6499d43949bfb217f20d9b07
2022-07-29 12:55:52 +02:00
jenkins-bot f13f3dcd2c Merge "Call IContextSource::getAuthority instead of IContextSource::getUser" 2022-07-29 10:25:23 +00:00
Matěj Suchánek 3914c913e3 Remove deprecated static methods
They are unused in Wikimedia code (finally).

Change-Id: I74c81d950d992552d3edf184b5eecc46e5e2c567
Depends-On: I62533e21d2bc1a22c3fcba4c7c650ca9d95700ef
Depends-On: I95ce9897d89213e358c436135278b729f0adc3a2
2022-07-27 13:01:10 +02:00
Umherirrender 11386c312d postgres: Fix changeNullableField calls
Follow-Up: I97cb12e6aa25d75ea24e187174db2fe88e5ce790
Change-Id: I61b8e102fd5041685941d89995f54a23ff5509c8
2022-07-13 22:13:48 +02:00
jenkins-bot eb20298739 Merge "Convert to abstract schema" 2022-07-13 16:47:22 +00:00
jenkins-bot 4329c21ba7 Merge "Delimit namespace and title text in warning keys" 2022-07-07 18:40:24 +00:00
dreamyjazz 0bb914c482 Add a space between the checkbox and timestamp in Special:AbuseLog
Add a space between the checkbox (shown for users who can hide abuse
filter entries) and the timestamp so that it looks nicer.

Change-Id: I6e495f8cb56ad8f0b53f06d2aecb8ac34b16ff25
2022-07-07 15:51:34 +01:00
jenkins-bot c3c70f7fa0 Merge "FilterProfiler: use WRStats" 2022-07-06 00:05:15 +00:00
Tim Starling cdf2f474e8 FilterProfiler: use WRStats
A new core facility written for this use case.

Bug: T310662
Depends-On: I26b1cdba0a06ad16ad8bb71b455e1b6180924d17
Change-Id: I2b902d034a8c3308c0ba9878b69e873ca8fbda52
2022-07-06 09:35:08 +10:00
dreamyjazz 13e6c1c06a Add the ListToggle to Special:AbuseLog for users who can hide entries
Add the ListToggle provided in core's ListToggle.php to
Special:AbuseLog when a list of abuse filter entries are being
shown and the user can hide abuse filter entries. This will allow
them to select multiple checkboxes to hide at once (without having
to shift and selecting the first and last).

Bug: T311954
Change-Id: I1aa4fa3fa7016a5d9ae4a904c151011743d2c8ed
2022-07-03 16:56:03 +01:00
Umherirrender dc4dd928b7 Call IContextSource::getAuthority instead of IContextSource::getUser
Change to use Authority object where possible
to use the interface instead of implementation

Change-Id: I90ef126b3d799c3fc27467a4ffe671785c446d3e
2022-07-03 16:37:18 +02:00
jenkins-bot 2709583b52 Merge "Clean up AbuseFilterViewExamine and AbuseFilterExaminePager" 2022-07-03 14:16:57 +00:00
Matěj Suchánek be247401bb Clean up AbuseFilterViewExamine and AbuseFilterExaminePager
Move most stuff from the pager to the view class to untangle
circular dependency. Declare class properties as private.
Leave input validation to the form.

Change-Id: Ia8b1a9d08af9c0cac23b34f6bbbe2c44d01f6c8c
2022-07-03 11:29:43 +02:00
Matěj Suchánek e7492a230f Replace unnecessary use of User
In action=abusefilterunblockautopromote, leave UserIdentity
instantiation to the parent. Note that this changes the "code"
in the response from "baduser_user" to "baduser".

Change-Id: I97d2bf3fa3c5486e461823f840cad2763e1bcfea
2022-07-02 23:58:08 +00:00
Matěj Suchánek 799e1db093 Convert remaining permissions checks to use Authority
Change-Id: I5e996cac37bc806db6c3d7ad5c666a606cd79236
2022-07-02 14:49:47 +02:00
DannyS712 139ca18efe Migrate AbuseFilterPermissionManager to authority
Almost all callers already provide an Authority in the form
of a User object, so mostly just need to change the typehints

Depends-On: I58661943c7e1acb6ff09798ee1a30be0fde3f459
Change-Id: I2ad86859c8194c14d7331f58db62b7cff4698085
2022-07-01 06:58:17 +00:00
Matěj Suchánek 3b5b3cbae7 Show syntax error message in an error box on Special:AbuseFilter/test
Otherwise it's barely noticable.

Change-Id: Iff10036996c9e190c850d0b24f3ea0817624b95f
2022-06-30 20:23:22 +00:00
Matěj Suchánek 93acf0d80b Delimit namespace and title text in warning keys
Bug: T311543
Change-Id: I20f42d27d35390dcba96cc26bcc245cbeeff59f5
2022-06-29 19:39:24 +02:00
Matěj Suchánek 60e03c965e Fix form input normalization
Prevent invalid assignments to properties. On
Special:AbuseFilter/test/123, handle when id of
a non-existing filter was provided. Allow '0'
as user and title on Special:AbuseLog and
Special:AbuseFilter/test.

Change-Id: I196ae62b165d1a60babaf4fe6bd733aa52be1726
2022-06-29 12:19:24 +02:00
jenkins-bot 8d4c5d4d33 Merge "Use LinkTarget in ConsequencesExecutor" 2022-06-29 08:52:37 +00:00
Reedy 60cb198e81 SpecialAbuseLog: Don't call explode() on null
Bug: T311579
Change-Id: I2481beb2344a57242795a722e255e119ea29ac18
2022-06-29 01:14:07 +01:00
jenkins-bot 8ee28b2373 Merge "pager: Declare Title only for local filters" 2022-06-28 21:40:48 +00:00
Matěj Suchánek 4beca85154 Compute user and page age relative to recent change timestamp
These are apparently the only two variables for which we can
quickly determine their value in such simple way.

Later, we can also try it for recent contributions.

Bug: T102944
Change-Id: Iecfa9e5c5ba8c078691334b676cc6f289790cb74
2022-06-28 20:53:33 +00:00
jenkins-bot e6c61b94f3 Merge "Replace deprecated HTMLForm methods" 2022-06-28 19:47:11 +00:00
jenkins-bot 5f7e69757c Merge "pager: Fix LinkBatch for user name" 2022-06-28 19:33:19 +00:00
jenkins-bot c8dacb59d9 Merge "Use UserIdentity/Authority in SpecialAbuseLog" 2022-06-28 19:33:10 +00:00
Matěj Suchánek 5dca456535 Replace deprecated HTMLForm methods
Change-Id: Ic9ba981b94541b181acf88c3c40c205ab81962a8
2022-06-28 19:01:54 +00:00
Matěj Suchánek 7ae2060b27 Avoid array to object cast in filterToDatabaseRow
Both callers immediately call get_object_vars
to cast it back to array. Avoid this roundtrip.

Change-Id: I6525d76f8a03a4d28c2b50b580c539affe98064f
2022-06-28 18:46:28 +00:00
Umherirrender 1f8e6f5737 pager: Fix LinkBatch for user name
Adding the user id to the LinkBatch does not preload the correct page

Change-Id: Iacc852fe1f3ee74849af6146218aecaff70363d9
2022-06-28 20:37:41 +02:00
Umherirrender 5c8296393c pager: Declare Title only for local filters
No need to get the Title for the global filter

Change-Id: I9d282f0112e7e380615ea3760c17f02792694113
2022-06-28 20:33:46 +02:00
Umherirrender 20fd8f7b07 Use LinkTarget in ConsequencesExecutor
The Parameters class already only needs a LinkTarget

Change-Id: I4e8e1d7c92f41502a084be3359b97e0d434f08c0
2022-06-28 19:46:50 +02:00
Umherirrender 9abc464e3d Use UserIdentity/Authority in SpecialAbuseLog
Change-Id: I5b3b2b758e17c94298e7217d755dd8c7b08cb1ac
2022-06-28 19:30:37 +02:00
jenkins-bot f9a2d4cf6c Merge "Use UserIdentity in FilterStore::doSaveFilter" 2022-06-27 21:56:57 +00:00
Umherirrender 5f979bcf16 Use UserIdentity in FilterStore::doSaveFilter
Change-Id: I8cbdaff1bd049a893b69f2ce13f0ba30b96f93b4
2022-06-27 22:39:37 +02:00
Umherirrender 30fefb75bf Use UserIdentity in ConsequencesExecutor
Change-Id: I281a30610595ed3e984f43aa747eff37abe72939
2022-06-27 22:05:18 +02:00
Daimona Eaytoy f33bc5868c Set the 'timestamp' var in addGenericVars
This was most definitely my intention when I introduced the concept of
"generic vars", so it's a bit surprising to discover, 3.5 years later,
that the timestamp isn't computed there.

Also make the timestamp always be a string for consistency, since that's
the type documented on mw.org. I've manually checked all filters on
Wikimedia wikis using the timestamp variable, and added explicit int
casts where needed (although I think they'd still work due to implicit
casts).

Change-Id: Ib6e15225dd95c2eead7e48c200d203d6918e0c18
2022-06-26 14:49:40 +02:00
Matěj Suchánek 40c5712311 Pass RecentChange to addGenericVars
Change-Id: Ia843c23b46ecf8e9fe987a538a09e69f845f4488
2022-06-25 13:03:03 +02:00
jenkins-bot f78a92cb2e Merge "Remove $info argument from ReversibleConsequence::revert" 2022-06-24 02:07:31 +00:00
Umherirrender e18136f269 Convert to abstract schema
Rename index on postgres and fix nullable fields

Bug: T259377
Change-Id: I97cb12e6aa25d75ea24e187174db2fe88e5ce790
2022-06-20 17:19:57 +00:00
Tim Starling 855347b4a4 Configure FilterProfiler cache separately
Since it seems to be the bulk of the traffic to the mainstash in
production.

Bug: T212129
Change-Id: Id20223ac03ada16b3ad4bd47744dea5e415cf160
2022-06-14 15:30:02 +10:00
Matěj Suchánek 40564ca635 Remove $info argument from ReversibleConsequence::revert
It was a temporary catch-all variable, but we can replace it
(and probably won't need it).

Change-Id: Ie1a64455c47445050bd83c853b3cafd283d5d020
2022-06-08 11:59:18 +02:00
jenkins-bot 6fe7cd9648 Merge "Add class to AF log contribs link" 2022-06-07 08:11:46 +00:00
jenkins-bot 1a6985469b Merge "Inline/simplify smaller pieces of duplicate/complex PHP code" 2022-06-03 20:38:22 +00:00
Thiemo Kreuz bbded6231c Inline/simplify smaller pieces of duplicate/complex PHP code
Change-Id: I59d0f17b77c8c3d47bc532bdefd9d8c0883f180b
2022-06-03 21:04:38 +02:00
TerraCodes 2c0e61a030 Add class to AF log contribs link
Continuation of MW core change 603941

Change-Id: I16ade657179fdce40b8acb7f8be8cde8b9a64949
2022-06-02 09:34:38 +00:00
jenkins-bot bb94c0914c Merge "Add support for regex string replacements." 2022-05-31 14:54:33 +00:00
jenkins-bot f0ae0ec101 Merge "Optimize loop in 'diff-split' case" 2022-05-21 18:32:31 +00:00
Matěj Suchánek d4b15cb7ee Optimize loop in 'diff-split' case
The "substr( $line, 0, 1 )" expression has already assumed
the prefix has length 1. Therefore, it's pointless
to compute its length later. The assumption does hold,
the only two prefixes the code works with are '+' and '-'.

Not changing the check to use str_starts_with now, because
it was suggested in I113a8d052b6845852c15969a2f0e6fbbe3e9f8d9
that this shouldn't be done for performance-sensitive code
at least until we are on PHP 8.

Change-Id: I00cb2fc50ed534bb2bbef3ee1e5f6f466afeeb27
2022-05-21 18:07:21 +00:00
jenkins-bot 00ad47bab3 Merge "Fix validation for ip_in_ranges" 2022-05-21 15:24:20 +00:00
jenkins-bot 2779c92cf7 Merge "Add ip_in_ranges function" 2022-05-21 15:15:17 +00:00
Daimona Eaytoy a46db47bd5 Fix validation for ip_in_ranges
We want to make sure that all parameters are valid regardless of whether
there's a match.

Also make the minimum number of parameters = 2, so it's easier to switch
between this function and ip_in_range.

Change-Id: I141558a7ef4533485e315b3d93ea9b64f0959db7
2022-05-21 15:39:21 +02:00
jenkins-bot f1ccb60272 Merge "AbuseFilterViewDiff: simplifications to prepare for refactor" 2022-05-15 23:05:32 +00:00
fossifer b1739a588f Add ip_in_ranges function
Added support for ip_in_ranges which allow multiple ranges to be
checked at the same time. If the IP is in any of the ranges, the
function returns true.

Bug: T305017
Change-Id: Ic75c87ecd4cacf47ce2ff1b04173405230ff81d0
2022-05-11 12:27:16 +08:00
DannyS712 9de0b19ba4 AbuseFilterViewDiff: simplifications to prepare for refactor
Clean up the existing code a bit before refactoring to be reusable
for a diff button in the edit form.

Includes:
* use the Html class rather than the Xml class for building the display html, and avoid manual
html strings

* replace formatVersionLink() with getVersionHeading() to reduce duplication in the handling of
the headings for the old and new versions, and in the process fix the name used as a parameter to
the old version heading (should be the old version editor, not the new version editor)

* rename some parameters for clarity

* organization and other cleanup

Bug: T180954
Change-Id: I1c02f407e72789a871a23b0d4a279a5c341b1e93
2022-04-30 19:31:21 +00:00
Thiemo Kreuz be3af66876 Simplify code dealing with filter ids in FilterStore
Before the information if a filter was new was stored in 2 places:
In the bool $isNew and in the two variables $filter and $newID.
$newID was especially confusing because it was used for both old and
new ids.

Change-Id: I15bdf36c96c8d86a37f305aab2647f7d57bc2bf1
2022-04-27 19:29:55 +02:00
jenkins-bot b1ea4f2d69 Merge "FilterStore: Use upsert instead of replace" 2022-04-27 11:58:24 +00:00
Thiemo Kreuz a25e2c784a Fix capitalization of method calls accross the codebase
Change-Id: Icbbad4858735c24611daee693c53af479c75d1fb
2022-04-26 17:42:34 +02:00
Amir Sarabadani c1d8037815 FilterStore: Use upsert instead of replace
You should never write to auto_increment value.

Bug: T306692
Change-Id: I363711336658a24a0dedf42643296185dfa4a024
2022-04-26 17:10:03 +02:00
Umherirrender 89df7dfddb Remove index detection 'rev_page_timestamp'
Rename in 1.37

Change-Id: Ia9a7682f9f9751de3071b0a644d945dbbd3ed824
2022-04-22 19:26:36 +02:00
proc 1d1215bafb
Add support for regex string replacements.
Bug: T285468
Change-Id: I25f8ad1b58cc10f4c6f6ef5ebab99fe58ec71b1e
2022-04-20 18:38:24 +01:00
Daimona Eaytoy 59eb3b70fb Inject dependencies into the authentication provider
- Define it with the extension.json key, instead of using the
  registration callback
- Inject the services it needs
- Replace direct User instantiation with UserFactory
- Move log subtypes to extension.json as well

Change-Id: I86a761c7fa844b1f417b974798373622a15f6411
2022-04-09 18:44:25 +02:00
jenkins-bot c7903f9a7c Merge "Fix check for null Content in getEditTextForFiltering" 2022-04-06 17:40:31 +00:00
gerritbot 8e55018613 Fix usage of ApiBase::PARAM_* deprecated constants
The ones that are replaced with ParamValidator

Bug: T275455
Change-Id: If1fbef4707eecd7a6bfa5947614fe46d70c62dd6
2022-04-04 00:49:37 +00:00
gerritbot a617a846f0 Replace deprecated ApiBase::PARAM_ with IntegerDef ones
The rest of ApiBase::PARAM_  will be done in separate patches

Bug: T275455
Change-Id: I1c836d2d85e3004e8b6b1a53e11770910acc0616
2022-04-03 22:13:20 +02:00
Matěj Suchánek 58dfab4aeb Fix check for null Content in getEditTextForFiltering
The check was not consistent and the code could still crash
when $oldContent was null. RevisionRecord:getContent only
returns null when audience check fails, but we don't ask
for that.

Change-Id: Id64646a6762167f552e104f623130bedc6b2dd18
2022-04-03 13:06:24 +02:00
jenkins-bot 59def97891 Merge "Use RestrictionStore instead of deprecated method" 2022-03-30 09:59:35 +00:00
Matěj Suchánek 686d7ea88c Use RestrictionStore instead of deprecated method
Also restructure the unit test a bit.

Change-Id: If5ce26f1bc4efdb29653aed3fc47335dddc1e44c
2022-03-29 16:11:55 +02:00
jenkins-bot 50311e750d Merge "Remove SpecialAbuseLog::isHidden" 2022-03-27 18:27:05 +00:00
Func 24f5ca6e2d Use setTitle() instead of setAction() where posible
The getLocalURL() method can return url with query string when
wgArticlePath is configured to do so, and query string of GET form
would be ignored by browsers.
The setAction() method is problematic (T285464 and above) and hard to
warn the wrong usage. I'm going to go through and fix every use case,
and finally deprecate it.

Change-Id: I66b634f0cc996be3d7048d410b46fe77c88f9879
2022-03-27 21:06:38 +08:00
Daimona Eaytoy 773d553c8e Remove SpecialAbuseLog::isHidden
This is a breaking change for the API: 'hidden' is now either true or
false, depending on afl_deleted. 'implicit' is no longer a possible
value, the caller should compute it instead if necessary.

Then simplify the remaining usage of isHidden, using a temporary private
method.

Bug: T291718
Change-Id: I97b5195d306c35ddca3f071d9ff4d896f9fd5c8d
2022-03-25 21:22:59 +00:00
jenkins-bot def507f6d3 Merge "Refactor ConsequencesExecutor to process consequences in more steps" 2022-03-23 09:06:55 +00:00
Func 3ff1a7f34d ViewRevert: Adjust use cases of HTMLForm
Use setTitle() instead of setAction(), T285464.

HTMLForm would set edit token for post form, use setTokenSalt() to amend.

HTMLForm would fetch user input value from the request itself, since
the two form shared the same field name, the 'default' params assigned
are unfunctional.

HTMLForm would prefix descriptor keys with 'wp' as the default name
of generated input fields, make use of this feature.

Bug: T285464
Change-Id: I2cc3c1d042998b65df5ee51f0715fe25a5e18e72
2022-03-20 23:28:06 +08:00
Daimona Eaytoy 2de5fce177 Refactor ConsequencesExecutor to process consequences in more steps
Introduce shorter methods, one for each steps, so that it's easier to
understand what the code is doing and figure out if the order makes
sense. The ConsequencesExecutor test is now a proper unit test. Also
simplify AbuseFilterConsequencesTest, removing old/wrong logic and
fixing two expected values that were actually wrong (but worked because
of the aforementioned wrong logic).

The only functional changes should be:
 - We pick the longest block *after* checking the ConsequenceDisabler
   consequences, so e.g. if a filter has a long block + warn and another
   filter has a shorter block, we still keep the second one if warn will
   disable the block.
 - Remove disallow in presence of dangerous actions after checking
   ConsequenceDisabler's and deduplicating blocks. Otherwise we may
   remove disallow for filters where block (etc.) doesn't end up being
   disabled. We may also want to consider not removing disallow at all,
   now that messages are customizable.

Bug: T303059
Change-Id: If00adbf2056758222eaaea70b16d3b4f89502c20
2022-03-19 15:49:36 +00:00
jenkins-bot 1e105c8821 Merge "Cast filter id to integer in AbuseLogPrivateDetails output" 2022-03-12 17:22:55 +00:00
Matěj Suchánek 7232bfc647 Cast filter id to integer in AbuseLogPrivateDetails output
Change-Id: If4a1bf4181e3a84281299bf4aa66fd314100f3dc
2022-03-12 12:37:47 +01:00
Matěj Suchánek 222aebab91 QueryAbuseLog: Cast revision id to integer
Change-Id: Id670a1cd7e3695211b202dba45b60c9f9c69649e
2022-03-12 01:19:56 +00:00
Alexander Vorwerk 4aedfe8d91 Use updated ObjectFactory namespace
Change-Id: I99c5e5664d2401c36a9890f148eba7c25e6e8324
2022-03-09 22:17:07 +00:00
Daimona Eaytoy d5bb976f51 Fix logging for parser exceptions
This was likely a rebase artefact or something: the 'implode' was meant
to be called with two parameters as usual. Currently, the parameters are
simply concatenated which makes the logs quite hard to read.

Change-Id: I84f9a7cb05e210f60a791d513dfb5b74fa7dfb8a
2022-03-07 13:32:54 +01:00
jenkins-bot 894b94bf7d Merge "Add logging when the 'block' action fails" 2022-03-07 09:26:42 +00:00
jenkins-bot 3da40866f8 Merge "Move throttle range sizes to class constants" 2022-03-06 20:22:13 +00:00
Alexander Vorwerk 9bc01b4986 Use namespaced Renameuser classes
Change-Id: Ibac446d50a34a26182b801fa15c8a8ddffd2eea0
2022-03-06 17:10:41 +00:00
Daimona Eaytoy 4b6fff36e1 Move throttle range sizes to class constants
Change-Id: Iac436578f94022762b7f67959af894261c59fc66
2022-03-06 16:37:11 +01:00
Daimona Eaytoy a0fd0bae01 Overhaul throttle identifiers
- Use a /64 range for IPv6 instead of /16.
- Fix a curious and serious bug for IPv6, where grouping by range
  would only use the first (!) number of the IP address, due to the
  'v6-' prefix returned by IP::toHex.
- Fail hard if the identifier is unknown -- it's not something that's
  supposed to happen.
- Include the type name in each identifier, instead of prefixing all
  type names to all identifiers. This makes it easier to understand the
  parts of the key.
- Test the whole lot.

Bug: T211101
Change-Id: I54c4209f2f0d5a4c5e7b81bed240ca3e28a2ded7
2022-03-06 13:31:06 +00:00
Daimona Eaytoy 496c2ee370 Add logging when the 'block' action fails
Also avoid using User, use Authority instead.

Bug: T303059
Change-Id: I419ab3726d95ef600e2aa14dca5fa14066d245e3
2022-03-05 19:12:53 +00:00
russ-rogovetz 3505fa63f6 Change comment for TextExtractor getNativeData to getText
Update TextExtractor comment, change Content::getNativeData to TextContent::getText.
Code got already updated.

Bug: T283667
Change-Id: I09e3c537c7e55737d79e69abdd3b7faf693e58cc
2022-03-04 11:01:13 +02:00
Umherirrender 533e3dc5da Use new namespace for MediaWiki\Revision\RevisionLookup
MediaWiki\Storage is alias since 1.35

Change-Id: I1688cb27847b9154c5133b157ac9c18bd4859a47
2022-02-26 20:39:01 +01:00
jenkins-bot 829009b8d9 Merge "Normalize logged parser error messages" 2022-02-26 16:45:40 +00:00
jenkins-bot ac0ed20e4f Merge "Improve debug messages of loading ext. links" 2022-02-26 14:26:13 +00:00
Daimona Eaytoy 2f5a587b1d Normalize logged parser error messages
Change-Id: I31cf73533a46ab5e452c2870fccb8603bb54d3df
2022-02-26 12:57:42 +01:00
Daimona Eaytoy b5c22f2b77 Improve wording for throttled filter warnings
List which actions were disabled, or explicitly say that no actions were
disabled if that's the case. Also avoid the word "throttle" in messages
as it may be hard to translate. Also don't suggest optimizations to the
filter conditions -- unoptimized rules have nothing to do with a filter
being throttled.

Bug: T200036
Change-Id: Id989fb185453d068b7685241ee49189a2df67b5f
2022-02-22 11:10:19 +00:00
Daimona Eaytoy 167f6cb642 Introduce ActionSpecifier
This is a plain value object that represents the action being filtered,
replacing associative arrays that were being used up to this point.

We should now check whether it's possible to make it not require an
accountname (which complicates things), and then use it in related
classes as well, e.g. Parameters.

Change-Id: I9550c14819b600c97c46b632cc1c2d447972d69c
2022-02-18 11:30:56 +00:00
Matěj Suchánek 95c0978dc6 Clean up AbuseLogPager
- Make $mConds private and rename it.
- Use the injected permission manager.

Change-Id: Ie92b63da50264226bde5b3b361916bb31fd9448e
2022-02-11 11:21:12 +01:00
jenkins-bot 6b9098eae1 Merge "Replace use of deprecated OutputPage::enableClientCache( false )" 2022-02-10 07:01:54 +00:00
Reedy 62380ccb9a Drop non namespaced back compat aliases
Change-Id: I013959b13e233b6ee577d2b959c2f222687b0c7b
2022-02-06 14:16:10 +00:00
jenkins-bot 59e2bfcaff Merge "Make rmspecials preserve whitespace" 2022-02-06 06:22:38 +00:00
Huji 52827acbab Make rmspecials preserve whitespace
The existing filters on WMF wikis has been changes such that calls
to rmspecials() are now rmspecials(rmwhitespace()) to ensure no change
is made in behaviour. Filter admins can change this back if filter is
not meant to trigger when part of the input is contains spaces.

Bug: T263024
Change-Id: Idde09b50fb8eda357afbedc1199a5483fa8217c1
2022-02-06 06:07:46 +00:00
C. Scott Ananian aecfc7e62e Replace use of deprecated OutputPage::enableClientCache( false )
Replaced with the more readable ::disableClientCache() method, added
in 1.38.  Minimum MW version bumped to match.

Depends-On: I7c89e20528a0d91173f0edcb997dcae631935ee5
Change-Id: I91d0b8e8f69a2d309b6fc61e13bfb5d86dc0218d
2022-02-04 14:29:43 -05:00
Matěj Suchánek 238649ebc1 Declare AbuseFilterView::$mParams as protected
It is not supposed to be read or written to by other classes.

Change-Id: I02fe2861a6102ddf1a587cdd7e7423a62d8e0c57
2022-02-02 12:32:09 +01:00
Matěj Suchánek 2694751355 Don't implode and explode links
old_links and all_links are an array. Casting
them to string and then splitting by newlines
is a no-op.

Change-Id: I05c69f14e981ac2842032e7db888f4841d6b48b7
2022-01-24 12:58:56 +00:00
Amir Sarabadani d1ce258a9b Use MainStash instead of db-replicated
We should avoid using ObjectCache directly and use services instead. On
top of that, db-replicated writes to objectcache table that should be
avoided and it's now blocking schema changes.

This should go to MainStash.

Bug: T272512
Change-Id: I9c76399ec4c0ea6644f9ca1b4536428052e5ac38
2022-01-19 18:51:19 +01:00
Alexander Vorwerk d22ea2b57e Don't use array keys for OOUI in AbuseFilterViewDiff
Bug: T299463
Change-Id: I3d02e18566532e9e4824a089c9504ec13b6ad33e
2022-01-18 22:57:02 +00:00
Alexander Vorwerk edcefa729c Don't use array keys for OOUI
Bug: T299463
Change-Id: Id1f6e0c43db38003c1b198ab86c37b1c37412124
2022-01-18 23:20:32 +01:00
Thiemo Kreuz 489cfa4f3d Don't use array keys for OOUI GroupElement items
Change-Id: Id120e49c7e6d62c1ad30a3109afbe9bf77c4d81d
Required-For: I7a19fba8bce65640bdb69b3a63812537e1d29af3
2022-01-13 16:37:04 +01:00
Matěj Suchánek 1d31c86ee4 Improve debug messages of loading ext. links
These are not necessarily old links, the new links
can also be retrieved using this code path.
Also print debug messages before the code execution.

Change-Id: I1a85bb7b5a2af4fe514625d2236cf92f15daf304
2021-12-19 14:19:16 +01:00
Alexander Vorwerk e0b781e32e build: Upgrade mediawiki-phan-config to 0.11.1
Somehow LibUp-Bot is not doing this. The last run for Abusefilter was a
month ago.

Change-Id: Id9ee5a73f403d8391937d699727470cb78e959aa
2021-12-05 11:29:54 +00:00
jenkins-bot 3cb985ad7e Merge "Update docs after PP limit report core change" 2021-12-04 12:46:46 +00:00
Umherirrender 1b2551701e Avoid SpecialPage::getContext in SpecialAbuseLog::__construct
The special page itself is a MessageLocalizer
SpecialPage::getContext on constructor results in global state

Change-Id: I6a3dd263dbe02111aea65a087ce69a5a191f63fc
2021-11-09 22:09:49 +00:00
Daimona Eaytoy 4344d4e438 Update docs after PP limit report core change
The report is now generated in ParserOutput, not Parser, meaning we can
simply avoid passing the `enableLimitReport` option (off by default) if
we don't want the report to be there.

Depends-On: I154c0a77a5b0287b5572614d56339fb57ac56c33
Change-Id: I8cdab35c475f10433234ddb55b5e6a0cc8109498
2021-11-09 13:33:42 +00:00
Daimona Eaytoy 5e95676e99 Rename filter_timestamp index in a different file
Otherwise there might be interferences with the remove-afl_filter patch.

Bug: T291725
Change-Id: If339663d491e1da4a118c13cd667d228365b4864
2021-10-20 15:22:04 +02:00
Daimona Eaytoy f2e2f5ae48 Move renaming of the afl_wiki_timestamp index to its own file
Note that this doesn't have to be applied in WMF prod, since the indexes
are already correct there.

Bug: T291725
Change-Id: I7fcee0581f469e0d7ada43d1f30f31061c5bf5c0
2021-10-16 16:55:52 +00:00
jenkins-bot 0dae59616c Merge "Replace custom regex with TextContent::normalizeLineEndings()" 2021-10-01 14:04:36 +00:00
Thiemo Kreuz 0e8a08ebca Replace custom regex with TextContent::normalizeLineEndings()
This does the same as before, replacing \r\n as well as \r with \n.
Additionally the new method applies an rtrim() on both strings. I
believe this is even a good thing. It possibly removes irrelevant
noise from the diff.

Change-Id: I584740a24e6b25bbcbc928c2369f09b785a485c8
2021-10-01 08:49:49 +02:00
Thiemo Kreuz 8db314612d Update incomplete type hints in TablePager subclasses
Change-Id: Ia19a2507282f7973adb312428d04561cbd25035e
2021-10-01 08:46:54 +02:00
Matěj Suchánek 632b39f8ca Stop requiring the Skin interface in AbuseFilterChangesList
IContextSource is now enough for ChangesList.

Change-Id: Iebb525227efe841a17c799d460d352017a2cfc4f
2021-09-25 10:28:50 +02:00
Daimona Eaytoy 020f8a09b4 Remove leftovers of AbuseFilterAflFilterMigrationStage
On second thought, no need to keep the migration script now, since it's
unusable anyway.

Also remove an usage in SpecialAbuseLog, likely a rebase artefact.

Change-Id: I938924b3617ef30046d8317e68a101ed2c1883d3
2021-09-25 03:48:37 +02:00
jenkins-bot a332b3ff0f Merge "Remove afl_filter entirely" 2021-09-25 01:39:08 +00:00
Daimona Eaytoy e8471a717c Add method to properly check visibility of AbuseLog entries
This replaces the previous pattern of callers having to use
RevisionLookup if the result was 'implicit'. Also, in some cases where
we were just hiding things if the visibility was !== true, properly
handle the implicit case by using the new method. Make the new method
return string constants rather than bool|string.

The new method also fixes some potential info leaks which happened when
the row was hidden, the user could view suppressed AbuseLog entries, but
the associated revision was also deleted and the user couldn't see it
(this shouldn't be relevant for WMF wikis since AF deletion is
oversight-level).

Also add a bunch of tests for the various cases to ensure we don't
regress again.

Bug: T261532
Change-Id: I929f865acf5d207b739cb3af043f70cb59243ee0
2021-09-25 00:08:33 +00:00
jenkins-bot 72d03778d0 Merge "Refactor ParserStatus" 2021-09-24 09:34:20 +00:00
Umherirrender 2deea7bb01 Avoid non-namespaced aliases for Wikimedia\Rdbms namespace
Change-Id: Iadc147ff96649253a4b83709f8ebe291305e4bf8
2021-09-18 20:06:16 +02:00
Daimona Eaytoy dae374aec2 Remove afl_filter entirely
As per T220791, the old schema and the flag can be removed in 1.38.

Bug: T220791
Change-Id: Ic6b1c8a22d17a301faf32d2e23778d90c41c39de
2021-09-18 11:06:10 +00:00
Daimona Eaytoy b2dc2c4dd8 Refactor ParserStatus
ParserStatus is now more lightweight, and doesn't know about "result"
and "from cache". Instead, it has an isValid() method which is merely a
shorthand for checking whether getException() is null.

Introduce a child class, RuleCheckerStatus, which knows about result and
cache and can be (un)serialized.

This removes the ambiguity of the $result field, and helps the
transition to a new RuleChecker class.

Change-Id: I0dac7ab4febbfdabe72596631db630411d967ab5
2021-09-17 11:25:54 +00:00
Daimona Eaytoy ccd9b8c889 Re-add space in AbuseLog entries
Follows-up: I097d051e3c30e61d74a8e329b6110b219c72ec1a

Bug: T291206
Change-Id: Id5b6a715019b715a2da96dee71d52850b7984b21
2021-09-16 19:16:28 +02:00
jenkins-bot 0ba45db169 Merge "Remove various AtEase and error_reporting" 2021-09-16 15:29:36 +00:00
Timo Tijhof 3f33e08bac Remove various AtEase and error_reporting
Something somewhere is leaving error_reporting in a dirty state
causing AbuseFilter's ConsequencesExecutorTest case to fail for
the core change Ic9fee6cdd88001025.

Per T253461, we're meant to eventually remove this anyway, so might
as well remove it in areas that are known to get it wrong somehow.

Change-Id: I2a665f09a357f2f2cc258d8c4011d49a7ab9c13b
2021-09-16 02:59:37 +00:00
Daimona Eaytoy 742cc865ad Bump EditStashCache version
I0a30e044877c6c858af3ff73f819d5ec7c4cc769 added a new param to
ParserStatus.

Bug: T291123
Change-Id: Ie82d01d85a189081b45a1d34a0f5390536163ee4
2021-09-15 21:17:16 +02:00
Daimona Eaytoy 7c26c4b8d5 More cleanup for parser-related classes
Change-Id: I6a2bbf519e1d5c6fe2778f69624bd80b9ea1ef86
2021-09-10 12:50:20 +00:00
Daimona Eaytoy a722dfe1a4 Rename ParserFactory -> RuleCheckerFactory
The old parser now has the correct name "Evaluator", so the
ParserFactory name was outdated. Additionally, the plan is to create a
new RuleChecker class, acting as a facade for the different
parsing-related stages (lexer, parser, evaluator, etc.), which is what
most if not all callers should use. The RuleCheckerFactory still returns
a FilterEvaluator for now.
Also, "Parser" is a specific term defining *how* things happen
internally, whereas "RuleChecker" describes *what* callers should expect
from the new class.

Change-Id: I25b47a162d933c1e385175aae715ca38872b1442
2021-09-08 21:59:34 +02:00
Daimona Eaytoy 357ddd498c Clean up / simplify parser-related classes
Remove unnecessary setters, injecting everything in the constructor.
These were leftovers from before the introduction of ParserFactory.
Remove public access to the conds used, include the information inside
the returned ParserStatus instead, and consequently simplify callers.

Change-Id: I0a30e044877c6c858af3ff73f819d5ec7c4cc769
2021-09-08 13:41:52 +02:00
Daimona Eaytoy f8e9ac7e2a Rename AbuseFilterCachingParser -> FilterEvaluator
It's an evaluator, not a parser.

Change-Id: Ib6d33e8423ea72709cf5a33f4397ba33e352ea80
2021-09-08 13:40:47 +02:00
libraryupgrader 2a4860e322 build: Updating mediawiki/mediawiki-phan-config to 0.11.0
Change-Id: I097d051e3c30e61d74a8e329b6110b219c72ec1a
2021-09-07 19:30:42 -07:00
Daimona Eaytoy 6684ea6450 Remove AFPTransitionBase
Also cleanup the mPos hack in the CachingParser.

Change-Id: Ib5693802a3ceb80cb736880ed65e27340abef689
2021-09-06 19:33:48 +00:00
jenkins-bot 199cf1edf8 Merge "Add a static analyzer for the filter language" 2021-09-03 19:51:58 +00:00
Matěj Suchánek 0af21948fc Replace WikiPage::factory in non-test code
Change-Id: I1442ca6603ce5151b98fc88cd84c25af0f34e4f6
2021-09-01 04:55:25 +00:00
Daimona Eaytoy 86257d825c tests: Use DBConnRef, not IDatabase, as retval of getConnectionRef
So that the method can be typehinted in core.

Also add phan-var to fix broken master build due to typehint additions
in core.

Change-Id: I4a072e00ffeeb437753fc3d3c1f15de9929df510
2021-08-31 21:45:10 +02:00
Sorawee Porncharoenwase 320e3d696f Add a static analyzer for the filter language
This commit adds a class AFPSyntaxChecker which can statically analyze
a filter code to detect the following errors:

- unbound variables (which comes in two modes: conservative and liberal,
  default to conservative)
- unused variables (disabled by default for compatibilty)
- assignment on built-in identifiers
- function application's arity mismatch
- function application's invalid function name
- non-string literal in the first argument of set / set_var

The existing parser and evaluator are modified as follows:

- The new (caching) evaluator no longer needs to perform variable
  hoisting at runtime.
  - Note that for array assignment, this changes the semantics.
- The new parser is more lenient, reducing parsing errors.
  The static analyzer will catch these errors instead, allowing us
  to give a much better error message and reduces the complexity of
  the parser.
  * The parser now allows function name to be any identifier.
  * The parser now allows arity mismatch to occur.
  * The parser now allows the first argument of set to be any expression.

Concretely, obvious changes that users will see are:

1. a := [1]; false & (a[] := 2); a[0] === 1

   would evaluate to true, while it used to evaluate to the undefined value
   due to hoisting

2. f(1)

   will now error with 'f is not a valid function' as opposed to
   'Unexpected "T_BRACE"'

3. length

   will now error with 'Illegal use of built-in identifier "length"'
   as opposed to 'Expected a ('

Appendix: conservative and liberal mode

The conservative mode is completely compatible with the current evaluator.
That is,

false & (a := 1); a

will not deem `a` as unbound, though this is actually undesirable because
`a` would then be bound to the troublesome undefined value.

The liberal mode rejects the above pattern by deeming `a` as unbound.
However, it also rejects

true & (a := 1); a

even though (a := 1) is always executed. Since there are several filters
in Wikimedia projects that rely on this behavior, we default the mode
to conservative for now.

Note that even the liberal mode doesn't really respect lexical scope
appeared in some other programming languages (see also T234690).
For instance:

(if true then (a := 1) else (a := 2) end); a

would be accepted by the liberal checker, even though under lexical scope,
`a` would be unbound. However, it is unlikely that lexical scope
will be suitable for the filter language, as most filters in
Wikimedia projects that have user-defined variable do violate lexical scope.

Bug: T260903
Bug: T238709
Bug: T237610
Bug: T234690
Bug: T231536
Change-Id: Ic6d030503e554933f8d220c6f87b680505918ae2
2021-08-31 03:28:24 +02:00
Daimona Eaytoy 704364a5e7 Move parser exceptions to specific namespace and rename them
Create a dedicated "Exception" sub-namespace and remove the "AFP"
prefix, a leftover from the pre-namespace era.

Change-Id: I7e5fded9316d8b7d1628bc1a6ba8b1879ac901e1
2021-08-29 23:38:31 +00:00
Matěj Suchánek 3630bb0a3f Use array_fill_keys() instead of array_flip() if that reflects the developer's intention
Do what Tim Starling did in core: If8d340a8bc816a15afec37e64f00106ae45e10ed.

Change-Id: Ic68e167e51ff8d289a0dab68874191b9b1a20665
2021-08-24 01:08:13 +00:00
jenkins-bot 9b93b0256a Merge "Avoid passing invalid offset to mb_strpos" 2021-08-18 18:45:12 +00:00
Daimona Eaytoy e9795468c4 Switch filterable actions hooks to the new system
Bug: T261067
Bug: T211680
Change-Id: I0e7e4a48b56c3e5fde56f50693fd0cdc19c30dd0
2021-08-16 14:18:56 +00:00
Alexander Vorwerk 8e7d389029 Disallow interwiki on Special:AbuseLog
Bug: T288155
Depends-On: Ic00f4a0f27747b5ff0893b4c01f42f68a99771ab
Change-Id: I62574460bfaea04af2f617ca0929246c784cb4e8
2021-08-05 11:15:39 +02:00
jenkins-bot ca31a12be4 Merge "Clean up Throttle::throttleIdentifier" 2021-07-30 01:37:24 +00:00
Matěj Suchánek 83794d7cb4 Clean up Throttle::throttleIdentifier
In 1.37, UserEditTracker was changed to allow anonymous users
as well.

Change-Id: I70d9e6db13416b7c017319ecac3e7e604aacd586
2021-07-22 16:56:12 +02:00
Lucas Werkmeister a2e42d5050 Don’t generate current content text twice
Previously, for non-newly-created pages, AbuseFilter would get the text
for filtering twice: once in AbuseFilterHooks::filterEdit(), and then
again in RunVariableGenerator::getEditTextForFiltering(). (Plus another
call for the text of the previous revision.) The first copy of the text
is only passed into RunVariableGenerator::getEditVars(), and there only
used if the title doesn’t exist, otherwise it’s overwritten with the
second copy. Instead, let’s make AbuseFilterHooks not get the text at
all, and only get the text from the content when we actually need it
(the content is new).

Change-Id: Id12430fa6ba4643113b945e0d0c01b9c0ee1742f
2021-07-22 13:45:32 +02:00
libraryupgrader 5377ebe819 build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 36.0.0 → 37.0.0

npm:
* postcss: 7.0.35 → 7.0.36
  * https://npmjs.com/advisories/1693 (CVE-2021-23368)

Change-Id: I2b382f3bb236fb44eb24c6a257b13b8fd886541c
2021-07-21 18:51:18 +00:00