Commit graph

7780 commits

Author SHA1 Message Date
jenkins-bot 9b5261a678 Merge "Add code comments to help find dynamically-generated IDs in the codebase" 2024-10-29 13:02:23 +00:00
jenkins-bot 11e4ded1d0 Merge "Update copy for protected variable use on filters" 2024-10-29 11:10:54 +00:00
Translation updater bot 52ad3b108e
Localisation updates from https://translatewiki.net.
Change-Id: Iaf9ab1269d3fb4e4cd9106a09464f1dd45e3a98a
2024-10-29 08:38:38 +01:00
Anne Haunime 2f4ca44adf Add code comments to help find dynamically-generated IDs in the codebase
Bug: T378319
Change-Id: Id5dd2dc1a979423f2ec4e0f091fb854b2ff185cb
2024-10-29 03:10:27 +00:00
jenkins-bot 5a930d59d3 Merge "Simplify code by replacing isset() with falsy check" 2024-10-28 17:02:32 +00:00
STran c73e6f8cd5 Update copy for protected variable use on filters
- Clarify that to use protected variables in a filter, they must be
  enabled and will cause the filter to be considered protected.

Bug: T377553
Change-Id: I69b879f12cfe76e6fff0080dd93024d6bd29159d
2024-10-28 06:53:38 -07:00
Translation updater bot 0a62ce6587
Localisation updates from https://translatewiki.net.
Change-Id: Ia38b27a77d0a44b87ad3553f305d48fe6e636160
2024-10-28 08:20:36 +01:00
Anne Haunime 5c788d3da1 Clean up an unused OOUI infuse
Bug: T378319
Change-Id: Ibec17d5371b2b644db91186835905a5181fd50b7
2024-10-28 05:54:31 +00:00
Umherirrender 6252afcac7 Simplify code by replacing isset() with falsy check
Conditional set of variable is not easy to read.
Instead set the variable to null before try/catch
Reported by a new phan plugin (2efea9f989)
This bypass a false positive from phan (T378271)

Change-Id: I037efe8465747b8c915405f38546fc1ea4405a03
2024-10-27 13:20:18 +01:00
Umherirrender a02fe0a2dd Use a local variable for hitcount in AbuseFilterViewEdit
Assist static code analyzer that null is not passed to
Message::numParams

Change-Id: Ic0369493b274de3379067745573e1f8baed56dcb
2024-10-26 21:41:16 +02:00
Andre Klapper 63de22357d Use explicit nullable type on parameter arguments (for PHP 8.4)
Implicitly marking parameter $... as nullable is deprecated in PHP
8.4. The explicit nullable type must be used instead.

Bug: T376276
Change-Id: I303342cf1a002d5f0afc77ce147ce9453ea5282e
2024-10-26 14:38:46 +02:00
Umherirrender 6757ee9d32 Use type-declaration on api module constructor
Parent class constructor gets type-declaration in 1145328459
Remove simple doc-blocks without further information

Change-Id: I5d2179af0c7b826ca48df239152412205702cd77
2024-10-25 19:02:04 +02:00
Translation updater bot 43f8580bdf
Localisation updates from https://translatewiki.net.
Change-Id: I6ecb104597db0840c2740e4e8b983d2b8743fc57
2024-10-25 09:44:02 +02:00
Bartosz Dziewoński 3b2b1c4fee AbuseLogPager: Fix passing false as message parameter
Bug: T377917
Change-Id: I1e4eee10d7ee0cac777f89dd85f2e8bd364b8475
2024-10-23 17:53:07 +02:00
Translation updater bot 46ab46195c
Localisation updates from https://translatewiki.net.
Change-Id: I5a189932343051b4429b044b44419239de081f2f
2024-10-22 09:28:39 +02:00
jenkins-bot ad516227f4 Merge "Protected variable logs: fallback to accountname if user_name is not set" 2024-10-21 20:18:15 +00:00
Bartosz Dziewoński 6b0c6609d1 Migrate 'ArticleDelete' hook to 'PageDelete' to fix error display
Bug: T377384
Change-Id: Ia8df47ffc9a77dabd00c97731b2e335901897bf0
2024-10-21 21:35:27 +02:00
Kosta Harlan 05da3118aa
Protected variable logs: fallback to accountname if user_name is not set
Why:

- For account creations and account autocreations, the user_name
  property is deliberately unset, to avoid displaying the IP address of
  an unregistered user. Instead, `accountname` is set with the newly
  created account name
- For logging that someone has seen a protected variable value, we need
  to record the username that was seen

What:

- Use `accountname` as a fallback in case `user_name` is not set, when
  logging protected variable access
- Update tests to cover this case.

Bug: T376885
Change-Id: I688a3529fac0ad8455977a0cfdb950f0105f550d
2024-10-21 21:15:51 +02:00
jenkins-bot 8b57be7358 Merge "Give the sysop group protected vars access rights" 2024-10-21 14:17:20 +00:00
Translation updater bot 50ace84768
Localisation updates from https://translatewiki.net.
Change-Id: I977f853b5d747046a38fa2c8394bd820065912f3
2024-10-21 09:19:12 +02:00
Umherirrender 57ecef75c5 Use namespaced classes
Changes to the use statements done automatically via script
Addition of missing use statement done manually

Change-Id: If80031678a474157e4cc78a3d3621dab53aded67
2024-10-19 21:55:40 +02:00
Translation updater bot 8c0255acc3
Localisation updates from https://translatewiki.net.
Change-Id: I48c5c471792b7f11bd59d066086ab5244356e1fb
2024-10-18 09:24:15 +02:00
STran ce79c13031 Give the sysop group protected vars access rights
- Define `abusefilter-protected-vars-log` as an available right as
  it wasn't already
- Give the `sysop` group the `abusefilter-access-protected-vars` and
  `abusefilter-protected-vars-log` rights

Bug: T369610
Change-Id: I44d3824e3d47ad94e8a94e185997c4a8e9d50199
Depends-On: Id8898c17396af0f59ef2d82967e7d85ae4f0cd88
2024-10-17 03:00:32 -07:00
Translation updater bot 594bca41ba
Localisation updates from https://translatewiki.net.
Change-Id: I66b8dbef307cfce96eb6bc5f00815cd38188fc66
2024-10-17 09:20:44 +02:00
Translation updater bot 08910fcf38
Localisation updates from https://translatewiki.net.
Change-Id: I36cb9c9bb8a5665a21d4b33b526360c60397048a
2024-10-15 09:38:49 +02:00
jenkins-bot aaa858f822 Merge "Blocked Domains: Minor tweaks" 2024-10-14 07:37:22 +00:00
Translation updater bot 24439fd5c3
Localisation updates from https://translatewiki.net.
Change-Id: Ie2ac20947bd66742aaa8114112cf266ae2b01a0a
2024-10-14 09:28:01 +02:00
jenkins-bot e9d3f25424 Merge "Add docs, i18n to eslintignore" 2024-10-10 22:38:35 +00:00
Translation updater bot c5dfb16a17
Localisation updates from https://translatewiki.net.
Change-Id: I456f027e7627a7d5706d0c176159f55f1b5c9ad7
2024-10-10 09:20:59 +02:00
Translation updater bot 11901beaed
Localisation updates from https://translatewiki.net.
Change-Id: I8eb4075784d69a24bded10ecfa0822cb64a0e12c
2024-10-08 09:41:15 +02:00
Translation updater bot 9d942c2a74
Localisation updates from https://translatewiki.net.
Change-Id: Ie8dba5e41887cefddd0f4f91677dd599e93432fd
2024-10-07 09:24:35 +02:00
jenkins-bot ea3e064e1d Merge "Update messages to be more language-friendly" 2024-10-06 10:52:34 +00:00
Reedy a98249d8f7 Blocked Domains: Minor tweaks
Change-Id: I424726677910911094ec28b152be267a7f494469
2024-10-05 22:56:17 +01:00
JJMC89 c0390eeff3 add links to blocked domains messages
- abusefilter-blocked-domains-intro: link to Special:Log/abusefilterblockeddomainhit
- log-description-abusefilterblockeddomainhit: link to Special:BlockedExternalDomains

Bug: T376506
Change-Id: If21c6e2de8b9d524d5299487f58a09d2a8d53720
2024-10-05 14:28:37 -07:00
Amir E. Aharoni f8bd3775e3 Add GENDER to English log messages
To hint to translators that gender can be used,
and to avoid warnings on translatewiki about
missing parameters.

Change-Id: Ie9523527d1ce138f978145ddaa565137a7b34ab1
2024-10-04 13:56:53 -04:00
jenkins-bot 743bb64924 Merge "Log specific views of protected variables" 2024-10-03 14:37:48 +00:00
STran b66daede0a Log specific views of protected variables
Like CheckUser, AbuseFilter should also log when specific protected
logs are viewed.

- Add support for debouncing logs to reduce log spam
- Log when AbuseFilterViewExamine with protected variables available
  is accessed
- Log when SpecialAbuseLog with protected variables available is
  accessed
- Log when QueryAbuseLog with protected variables available is accessed

Bug: T365743
Change-Id: If31a71ea5c7e2dd7c5d26ad37dc474787a7d5b1a
2024-10-02 00:53:34 -07:00
Translation updater bot 5b6dd9b04b
Localisation updates from https://translatewiki.net.
Change-Id: I65716d0056c0e35e789924495c9bef207feab1a3
2024-10-02 09:23:18 +02:00
Translation updater bot 2e9c100eb6
Localisation updates from https://translatewiki.net.
Change-Id: If68ecb082be111fb60b053d841972bc08f172b6b
2024-10-01 09:36:08 +02:00
Dreamy Jazz 48b26792a9 SECURITY: abusefiltercheckmatch: Check if user can see log details
CVE-2024-PENDING

Why:
* The 'abusefiltercheckmatch' API allows callers to match
  arbitary filter conditions against existing AbuseFilter logs
* The API does not check if the performer has the ability to
  see the log details for the given filter, so can allow a user
  to bypass hidden and protected visibility settings.

What:
* Call AbuseFilterPermissionManager::canSeeLogDetailsForFilter
  before attempting to match a filter against a given AbuseFilter
  log.
* Add a test to verify that this security fix works.

Bug: T372998
Change-Id: I4a2467dc4e0d1f8401d5428a89c7f6d6ebcdfa70
2024-10-01 00:18:55 +01:00
Translation updater bot 4cce1db84a
Localisation updates from https://translatewiki.net.
Change-Id: I08b9f50c67038caa88659aaab4b22ed09c2c15ed
2024-09-30 09:20:19 +02:00
Translation updater bot d82460057d
Localisation updates from https://translatewiki.net.
Change-Id: Id6704a452d914ab1e8772c9da0cf3d5fb9e574d2
2024-09-26 09:19:08 +02:00
Translation updater bot 39299abcd6
Localisation updates from https://translatewiki.net.
Change-Id: I29b382fca7dba5010cc42c7de79b507dd8a081ed
2024-09-25 09:16:37 +02:00
Ed Sanders ddad49f138 Add docs, i18n to eslintignore
Change-Id: I6a3fc8f24cd34e141dda06b55e011facebd23550
2024-09-24 12:40:48 +01:00
Translation updater bot bd85e77d80
Localisation updates from https://translatewiki.net.
Change-Id: Ic3e3f3b931f186c927dda1f15764013d413030fd
2024-09-24 09:28:08 +02:00
Ed Sanders 48b5da806d Add missing typehints
Change-Id: I3003d40e641b1ebfff8fd986a58cbc2c4f8f18d6
2024-09-23 14:25:50 +01:00
STran 51381f0067 Bugfix: Fix minor issues with protected vars logging
- Fix an issue where if a user didn't have view permissions they could
  get the preference check error (a preference they wouldn't have) on
  SpecialAbuseLog
- Fix an issue where the `change-access` hadn't been updated to the used
  disabled/enabled log types
- Fix an issue where a ProtectedVarsAccessLoggerTest test wasn't
  correctly using the data provider data
- Improve naming since ProtectedVarsAccessLogger exists in its own test
  file instead of being a subset of tests on AbuseLoggerTest

Bug: T371798
Change-Id: I53f22855e63d9e1339361a5c9ee7886e0f74714a
2024-09-23 03:42:41 -07:00
Translation updater bot 79a47d01db
Localisation updates from https://translatewiki.net.
Change-Id: I8862ff7552a7e778a508f6a7f55493ee6475e339
2024-09-23 09:20:34 +02:00
Jon Robson 4124d56fd7 Update Selenium tests to obtain correctly element
This change is needed to unblock a change in core to the markup.
(I0195d4b0f790f6595cc626a6db96b4fc6380a0f4). The current markup
in core is loading additional CSS styles to support legacy
markup.

Bug: T360668
Change-Id: I4bd1a8a9d4eda1b3e89d067d6671d3f8bad4f584
2024-09-20 14:40:46 -07:00
Translation updater bot dcf992aa89
Localisation updates from https://translatewiki.net.
Change-Id: I7adbcfdec086f5540b438aaee21812e3ace66297
2024-09-20 09:22:55 +02:00