Commit graph

198 commits

Author SHA1 Message Date
Siebrand b7ca16003a Merge "(bug 20272) AbuseFilter does not handle autocreation of accounts." 2012-09-23 18:21:26 +00:00
Krenair 4804699e70 (bug 30324#c9) Remove 'autoblock' log params for blocks
Change-Id: I86bd5fa949a06eed95708d7f1948b684251788bd
2012-09-21 16:26:02 +01:00
Werdna d34b3659d9 Merge "(bug 30324) Don't falsely claim to angry-autoblock in log entries, don't stop talk page access." 2012-09-16 13:14:15 +00:00
Krenair c3bd782ce5 (bug 30324) Don't falsely claim to angry-autoblock in log entries, don't stop talk page access.
Also autoblock.

Change-Id: I0563944752f2c5b536b6d05d74c0814183afe9de
2012-09-09 14:12:13 +01:00
raymond dabc66a883 Replace non standard 'tt' with 'code' for better HTML5 conformity
See http://www.w3.org/wiki/HTML/Elements/tt

Change-Id: Ia2ffb09c002bc3aededfb6bcb8a430da32b52cde
2012-09-07 10:50:13 +02:00
csteipp 1973ea6714 Add Global Rules
* Update rules list view to show global rules toggle, global rules
* Update rule processing to get global rules from memcache, if no
rule exists, get them from the central database and store them in
memcache
* Delete global rule key whenever global rules are updated
* Add filtering for log by wiki on the central database, updated
table definitions to add index on afl_wiki
* Add global $wgAbuseFilterDisallowGlobalLocalBlocks so local wikis
can prevent global rules from locally blocking, removing or revoking
permissions.

* patchset 13: Include recommendations from Tim. Add db updates to
LoadExtensionSchemaUpdates hook.
* patchset 14: forgot to add new files

Change-Id: Id69a9d603f9679f838e8691c651a3e9d8461b422
2012-08-27 03:30:07 +00:00
csteipp 56ca593a71 Add global throttling to AbuseFilter
Adds/checks keys to central memcache instance on throttle actions
to allow for global throttling of events.

Change-Id: Ic4ace6c4aa07990671fe75fbbc1b019a8395fc46
2012-08-16 16:01:19 -07:00
Reedy 268f976a12 Warning: Invalid argument supplied for foreach() in /usr/local/apache/common-local/php-1.20wmf8/extensions/AbuseFilter/AbuseFilter.class.php on line 1852
Change-Id: I9a00f341be161a8b33ff7a482a4f32f5b98b8716
2012-07-24 17:59:50 +00:00
Andrew Garrett 31dba52a94 AbuseFilter: Fix bug in 53aea9c where two log entries would be produced, one of them broken.
Change-Id: I075dce25756683ab4c04edab5f43ba451376ff6d
2012-07-24 10:55:58 -07:00
Reedy fad1fe4c41 Call to a member function getVars() on a non-object in SpecialAbuseLog.php on line 284
Seen on wmf fatal log

Change-Id: I50eb4f9d1b19c8c39ede07e1149baf475cccaaaf
2012-07-24 14:50:01 +01:00
Andrew Garrett 53aea9c0ce AbuseFilter: Resolve bug 18374, bug 28633.
* Store the revision ID associated with a log entry
 if the action is successful.
* Expose this as a diff link in the UI.
* Implicitly hide log entries if their
 corresponding revisions are also hidden.
* Includes scope for expanding to log entries if desired.

Change-Id: Ie2d43dd1bacf14289fdf0492bb22267590ee649d
2012-07-11 10:16:59 -04:00
Reedy 3da992692c Add a few bits of method documentation
De-indent a line

Tidy up method returns

Change-Id: I7aa93072c80a16eb27b7f7ac3d2f030ea63ebf60
2012-06-21 14:32:05 +01:00
Catrope c2869a28fd Merge "Abuse Filter: Allow filters to be split into "groups" for the purposes of operating them on different types of input." 2012-05-14 18:47:12 +00:00
Andrew Garrett dc207d0cbd Abuse Filter: Allow filters to be split into "groups" for the purposes of operating them on different types of input.
The purpose of this change is to allow AFTv5 developers to run a separate list of filters against article feedback actions without issues of cross-contamination and bumping up against the condition limit.

Change-Id: I758795f01eaf3ff56c5720d660cd989ef95764a7
2012-05-12 12:53:32 +10:00
Szymon Świerkosz 36257344f1 (bug 20272) AbuseFilter does not handle autocreation of accounts.
This change depends on I92f57fc2c3189c42157478de14a8d48045a253b5.

This change provides a handler for AbortAutoAccount hook and adds new
action to the filter: autocreateaccount. Every time the AbortAutoAccount
is invoked the filter is executed. This may create some issues with
users which are affected by a filter, because it may be triggered on
every page view. The AbuseFilter relies on CentralAuth session
blacklisting - for each session the filter will be triggered only
once and then the autocreationg of account will not be attempted.

I don't know why AbortNewAccount hook takes as $message argument
a text of message, however AbortAutoAccount takes a name of the
message. This makes impossible to produce a user friendly message
why account creation is not allowed.

Change-Id: Ie3a7ee9210fd884d214ad3132a502a00332c3138
2012-05-10 10:08:48 +02:00
Szymon Świerkosz fb01065583 Replace a deprecated wfGetIP() call with $wgRequest->getIP()
Change-Id: Iad77e7e352afb0d7e065769048ed1d1da25cf867
2012-05-08 09:50:11 +02:00
Szymon Świerkosz 93b7990fa3 (bug 18080) Send filter hits and changes to irc.wikimedia.org.
I have introduced a new option $wgAbuseFilterNotifications which
allows to configure the extension to send hit notifications to
Special:RecentChanges or UDP. It uses ManualLogEntry class:
ManualLogEntry->publish( 0, $wgAbuseFilterNotifications )

Log entries are _not_ accessible using Special:Log, that's bug 19494.

Change-Id: Ie4bda2f97aa295c0504ba869ef1a99c7a3d20f70
2012-05-04 16:45:19 +02:00
Sam Reed 8417c901f7 Few more types top flesh out the previous revisions
Change-Id: I1215dcf92f1b64e744c9ab41e0c5c046114dd48c
2012-03-26 16:03:23 +02:00
Sam Reed 69e582dc17 More documentation stubs
Fix Html::inputLabel to Xml::inputLabel

Fix up some deprecated code

Change-Id: If6503b1794d89666206802591094949e5d715ac1
2012-03-26 16:03:23 +02:00
Sam Reed bea9cb0874 A LOT of function level documentation
Change-Id: I8b591be3c2da7cfb29d3be026772816d14037d37
2012-03-26 16:03:22 +02:00
Roan Kattouw 6c4bd57043 Revert r111217 (unreviewed rev in AbuseFilter) and its dependencies r113585, r113587, r113588, r113589.
All of these revisions are tagged with 'gerritmigration' and will be resubmitted into Gerrit after the Gerrit switchover. See also http://lists.wikimedia.org/pipermail/wikitech-l/2012-March/059124.html
2012-03-21 19:41:11 +00:00
Sam Reed 06e4721b80 Few more types top flesh out the previous revisions 2012-03-11 21:01:29 +00:00
Sam Reed 05a9d4d061 More documentation stubs
Fix Html::inputLabel to Xml::inputLabel

Fix up some deprecated code
2012-03-11 20:51:54 +00:00
Sam Reed 0c99b2bc15 A LOT of function level documentation 2012-03-11 20:40:04 +00:00
Sam Reed 857ae7c546 Bug 35156 - Harmonise spelling of getArticleID() and getArticleId()
Mass change ->getArticleId() to ->getArticleID()
2012-03-11 19:04:37 +00:00
Chad Horohoe 96e4807e08 Actually fix whitespace from r111202, only 83 characters => no need for silly indentation 2012-03-02 22:02:40 +00:00
Andrew Garrett 452ed4ed64 Armour page titles in MD5 when putting information about AbuseFilter warnings in the session. Resolves bug 26635. 2012-02-10 23:45:04 +00:00
Andrew Garrett 5e4289ce4e AbuseFilter: Resolve bugs 18374, 28633.
* Store the revision ID associated with a log entry if the action is successful.
* Expose this as a diff link in the UI.
* Implicitly hide log entries if their corresponding revisions are also hidden.
* Includes scope for expanding to log entries if desired.
2012-02-10 23:41:05 +00:00
Andrew Garrett 9aa60b4ace Fix whitespace 2012-02-10 21:36:31 +00:00
Andrew Garrett fb41b28dbf Revert formatting changes in r111131 2012-02-10 18:20:41 +00:00
Andrew Garrett 624426c490 AbuseFilter: Do not show the syntax checking / boxes / etc if the user cannot edit.
* Resolves bug 20472.
* Patch by EdoDodo with modifications.
2012-02-10 00:26:39 +00:00
Robin Pepermans c103fac20f It's better to set directionality in html than in css. Also fixes bug 34297, because the css only affected the edit form and not the test form.
Also add a bit of docs.
2012-02-09 17:00:34 +00:00
Tim Weyer c9c2a803ae Use no message when removing rights because \n will be replaced by the 'rightsnone' message if nothing follows 2012-01-20 12:53:02 +00:00
Mark A. Hershberger 4e8be82722 Bug 33380 - Details of actions caught by a private filter should be private
Author: Nikola Kovacs

Hide private information from logs
2012-01-03 17:29:10 +00:00
Mark A. Hershberger 504d830106 Revert r107454 based on concerns raised by Prodego. 2011-12-28 00:48:15 +00:00
Mark A. Hershberger 8e81b37871 Fix Bug 33380 - Details of actions caught by a private filter should be private
Author: Nikola Kovacs

Related patch on r107451
2011-12-28 00:26:13 +00:00
John Du Hart 7cf809bb0e Changes from r103817 2011-11-22 16:08:18 +00:00
John Du Hart 453af554b9 Added context where possible to main AbuseFilter class
Most of the rest cannot get a context since it originates from hooks with no context sources. Instead of just getting the main context we might as well wait for a proper solution.
2011-11-17 00:55:53 +00:00
Alexandre Emsenhuber 675e4c673a * (bug 29092) Removed usage of $wgArticle from AbuseFilter extension
Instead pass the Article object from the EditFilterMerged hook to the AFComputedVariable object and see whether the object is present to do a parse operation since other code paths won't pass an Article object

Also simplified the fallback code in AFComputedVariable::compute() to simply continue instead of calling the function again.
2011-11-09 08:36:26 +00:00
Alexander K. 4e133035b8 Followup r102138 -- fixes according to Werdna's comment 2011-11-06 21:05:03 +00:00
Alexander K. f128bd5931 Allow to define custom actions and their callback functions 2011-11-06 01:15:55 +00:00
Victor Vasiliev 9075e03709 * (bug 24109) Add regex escaping function to abuse filter 2011-10-18 17:54:25 +00:00
Roan Kattouw 49525acfc5 Switch to using canonical URLs where appropriate in various extensions
* ActiveAbstract: output is stored XML, as I understand it, so use canonical URLs throughout
* AbuseFilter: URLs go into log entries and need to be fully-qualified for the format to work
* EmailCapture: URLs go into e-mails
* SecurePoll: one URL goes to an XML file, make that one canonical. Made the URLs identifying users canonical too, because they would otherwise change when $wgServer is made protocol-relative and possibly break SecurePoll. Of course this means SP might still break if and when we change $wgCanonicalServer to point to HTTPS, but we'll worry about that later
* DoubleWiki: the surrounding code looks scary, but from what I can tell it seems to assume the URL starts with a protocol, then derive some data from it and put it in memcached. That means a canonical URL is needed so the protocol assumption is still valid and the cache isn't polluted
* OAI: use canonical URLs throughout
* LiquidThreads: use canonical URL in e-mail
2011-08-29 12:33:53 +00:00
John Du Hart b30697e94c Adds ResourceLoader support to AbuseFilter
Rewrote javascript to use jQuery
Added API modules to replace sajax_* calls
Solves bug 29714
2011-08-26 20:12:34 +00:00
Sam Reed a9e738f099 More document
Few minor code improvements
2011-08-24 22:11:52 +00:00
John Du Hart 0f274e5b32 (bug 30444) Add variables user_name and user_groups for action createaccount. Patch by Beau 2011-08-24 00:29:26 +00:00
Sam Reed 65981f0edb Swap else if for elseif
Trimming trailing whitespace also
2011-06-17 16:25:46 +00:00
Raimond Spekking 5dfc27d3c3 Show navigation bar as subtitle as all other navbars too for consistency 2011-04-29 14:48:33 +00:00
Happy-melon 9a2a9b919a Blame hashar for this giant commit; he teased me for making so many smaller ones earlier... :D
* Internalise $mAddress/$mUser, $mBy/$mByName, $mEnableAutoblock, $mId as getTarget(), getBlockers(), isAutoblocking(), getId().  
* This required editing AbuseFilter and CheckUser backwards-incompatibly, so push the rest of the changes out to those extensions.
* Attack the evil 14-parameter constructor and gratuitously-confusing newFromDB( $notVeryImportantParameter, $moreImportantParameter)
* Reimplement the hack for bug 13611 in a slightly less fragile fashion; could still do with further cleanup, but then again the login frontend is its own can of worms... :S
* Remove transitionary getTargetAndType() and newFromTargetAndType() methods
* Some optimisation in parseTarget()
* Fix the broken phpunit test mentioned in r84251
2011-03-21 19:12:41 +00:00
Happy-melon 12e1428629 * Implement an extensible Block::prevents( <action> ) function to replace the plethora of direct member variable accesses This pushes the historic *disable*-createaccount-vs-*allow* usertalk-edit wierdness down to the database layer
* Implement accessors for isHardblock() and getRangeStart()/getRangeEnd() in the same fashion.
* Make the corresponding variables private, removing external accessors.  This required updating AbuseFilter with non-B/C code, so I also implemented the rest of the changes I've made to the blocking backend in that extension.
* Move the "get an IP range which encompasses the given IP/range" logic to Block.php; will be needed later... :D
2011-03-19 23:47:08 +00:00