Commit graph

102 commits

Author SHA1 Message Date
Umherirrender 57ecef75c5 Use namespaced classes
Changes to the use statements done automatically via script
Addition of missing use statement done manually

Change-Id: If80031678a474157e4cc78a3d3621dab53aded67
2024-10-19 21:55:40 +02:00
Reedy a98249d8f7 Blocked Domains: Minor tweaks
Change-Id: I424726677910911094ec28b152be267a7f494469
2024-10-05 22:56:17 +01:00
STran b66daede0a Log specific views of protected variables
Like CheckUser, AbuseFilter should also log when specific protected
logs are viewed.

- Add support for debouncing logs to reduce log spam
- Log when AbuseFilterViewExamine with protected variables available
  is accessed
- Log when SpecialAbuseLog with protected variables available is
  accessed
- Log when QueryAbuseLog with protected variables available is accessed

Bug: T365743
Change-Id: If31a71ea5c7e2dd7c5d26ad37dc474787a7d5b1a
2024-10-02 00:53:34 -07:00
STran 51381f0067 Bugfix: Fix minor issues with protected vars logging
- Fix an issue where if a user didn't have view permissions they could
  get the preference check error (a preference they wouldn't have) on
  SpecialAbuseLog
- Fix an issue where the `change-access` hadn't been updated to the used
  disabled/enabled log types
- Fix an issue where a ProtectedVarsAccessLoggerTest test wasn't
  correctly using the data provider data
- Improve naming since ProtectedVarsAccessLogger exists in its own test
  file instead of being a subset of tests on AbuseLoggerTest

Bug: T371798
Change-Id: I53f22855e63d9e1339361a5c9ee7886e0f74714a
2024-09-23 03:42:41 -07:00
jenkins-bot 4f272aeb02 Merge "Add preference for viewing protected variables in AbuseFilter" 2024-09-13 12:27:36 +00:00
STran bd819b98a2 Add preference for viewing protected variables in AbuseFilter
Users need to enable a preference before gaining access to the IPs
from `user_unnamed_ip`, a protected variable.

- Add a preference that the user can check to toggle their access
- Check for the preference and the view right for logs that reveal
  protected variables on:
  + AbuseFilterViewExamine
  + SpecialAbuseLog
  + QueryAbuseLog

Bug: T371798
Change-Id: I5363380d999118982b216585ea73ee4274a6eac1
2024-09-12 07:59:24 -07:00
jenkins-bot db67b31db2 Merge "Log entry IDs should not have thousands separators" 2024-09-05 08:00:34 +00:00
thiemowmde 0afb81f8da Use ConnectionProvider instead of LoadBalancerFactory
This requires 1.42. That works as this codebase already requires
1.43 via extension.json.

Change-Id: If1f194a3cea3b8d45d98183e294d65fe8568f7ab
2024-08-11 17:27:28 +02:00
Anne Haunime 335dbff81e Log entry IDs should not have thousands separators
Per discussion, as a compromise (that I’m fine with), I’m leaving these IDs localized (i.e. the digits may be other than arabic), and I’m only removing the thousands separators.

Bug: T348717
Change-Id: I77b484fec2071267c53a139104c23755a13f0129
2024-08-09 05:58:23 +00:00
Umherirrender e88494212e Use expression builder to avoid IDatabase::makeList
Bug: T350968
Change-Id: Iacb407a9aef293f401e0dbf754bb1f51f6b390c5
2024-07-22 21:42:28 +00:00
jenkins-bot 218627233b Merge "Only return filters visible to user in search" 2024-07-09 09:45:55 +00:00
STran ceaedb8b95 Only return filters visible to user in search
Search is restricted to users with the right to view private variables
but not necessarily the right to view protected variables. Users who
don't have the right to view protected variables shouldn't be able to
search against protected variables, as this might leak the PII.

- Filter out filters using protected variables in search results
  if the user doesn't have the right to view protected variables

Bug: T367390
Change-Id: I7412112c9cc676f29d706b116b779bc17183a952
2024-07-08 02:47:57 -07:00
Daimona Eaytoy 99bb44beb4 Miscellaneous minor fixes
- Rename `$hidden` to `$privacyLevel` in Flags::__construct for
  consistency with other places.
- Rename `shouldProtectFilter` and simplify its return value to always
  be an array, since that's how it's currently used. Rename a variable
  that is assigned the return value of this method.
- Add a missing message key to a list of dynamic message keys.
- Rename a property from 'hidden' to 'privacy' in FilterStoreTest for
  consistency. Add a test for removing the protected flag.
- Update old comment referencing `filterHidden`; the method was removed
  in I40b8c8452d9df.
- Use ISQLPlatform::bitAnd() instead of manual SQL in
  AbuseFilterHistoryPager.
- Update mysterious reference to "formatRow" in SpecialAbuseLog.
- Update other references to the very same method in two other places,
  this time credited as "SpecialAbuseLog".
- Add type hints to a few methods; this not only helps with type safety,
  but it also allows PHPUnit to automatically use the proper type in
  mocks.

Change-Id: Ib0167d993b761271c1e5311808435a616b6576fe
2024-07-03 02:31:38 +02:00
jenkins-bot 4e919e4338 Merge "Add protected variable view permission checks" 2024-06-13 13:18:14 +00:00
STran abe6f1f4ee Add protected variable view permission checks
Some features restrict access when filters are private. These features
should treat protected filters similarly.

If the user doesn't have view rights for protected filters:
  - Disallow viewing of logs generated by protected filters
  - Disallow querying of matches against protected filters

Bug: T363906
Change-Id: Id84bd4ca7c8e0419fccc3ad83afff35067c9bf70
2024-06-13 03:15:04 -07:00
Umherirrender c3af3157b4 Use namespaced classes
Changes to the use statements done automatically via script
Addition of missing use statement done manually

Change-Id: I48fcc02c61d423c9c5111ae545634fdc5c5cc710
2024-06-12 20:01:35 +02:00
jenkins-bot 4e14afa6fb Merge "Allow variables to be restricted by user right" 2024-06-04 17:20:17 +00:00
STran bf28dbce0e Allow variables to be restricted by user right
Some exposed variables (eg. `user_ip`) used in filters are sensitive
and need to only be available to restricted groups of users.

Back-end changes:
- Add `AbuseFilterProtectedVariables` which defines what variables are
  protected by the new right `abusefilter-access-protected-vars`
- Add the concept of a `protected` variable, the use of which will
  denote the entire filter as protected via a flag on `af_hidden`

New UX features:
- Display changes to the protected status of filters on history and diff
  pages
- Check for protected variables and the right to see them in filter
  validation and don't allow a filter to be saved if it uses a variable
  that the user doesn't have access to
- Check for the right to view protected variables before allowing access
  and edits to existing filters that use them

Bug: T364465
Bug: T363906
Change-Id: I828bbb4015e87040f69a8e10c7888273c4f24dd3
2024-06-04 06:54:53 -07:00
jenkins-bot 10663ed4fd Merge "Convert af_hidden into a bitmask" 2024-05-30 18:11:24 +00:00
Bartosz Dziewoński 94251ca97e Use StatusValue::getMessages() instead of deprecated methods
Added in MediaWiki in Ibc4ce11594cf36ce7b2495d2636ee080d3443b04.

Change-Id: I0b51f1210b9501961586fa25bf1f49bc68bab3d1
2024-05-28 21:04:59 +00:00
STran ca23e9f06b Convert af_hidden into a bitmask
Protected variables will cause the filter using them to become
protected as well. `af_hidden` can be used to track this flag,
as it is a TINYINT and can be converted into a bitmask with no
schema changes.

This is not a backwards-compatible change, as now all checks must
check the `hidden` flag specifically or otherwise will be cast to
true if any flag is set.

To support this change:
- "hidden" is considered a flag set in the `af_hidden`. This is a
  change in concept with no need for updates to the column values,
  as there is currently only one flag in the bitmask.
- `Flag`s store the bitmask as well as the state of single flags
  and can return either.
- Any checks against the `af_hidden` value no longer check a
  boolean value and instead now check the `hidden` flag value.

Bug: T363906
Change-Id: I358205cb1119cf1e4004892c37e36e0c0a864f37
2024-05-28 00:59:08 -07:00
jenkins-bot 58c5edce98 Merge "Add user_unnamed_ip variable" 2024-05-23 18:10:52 +00:00
STran fe0b1cb9e9 Add user_unnamed_ip variable
After temporary accounts are enabled, filters that rely on an ip
in the `user_name` will fail (eg. `ip_in_range` and `ip_in_ranges`).
To keep these filters working:

- Expose the IP through another variable, `user_unnamed_ip`, that can be
  used instead of `user_name`.
- The variable is scoped to only reveal the IPs of temporary accounts
  and un-logged in users.
- Wikis that don't have temporary accounts enabled will be able to see
  this variable but it won't provide information that `user_name`
  wasn't already providing
- Introduce the concept of transforming variable values before writing
  to the blob store and after retrieval, as IPs need to be deleted from
  the logs eventually and can't be stored as-is in the amend-only blob
  store

Bug: T357772
Change-Id: I8c11e06ccb9e78b9a991e033fe43f5dded8f7bb2
2024-05-23 07:19:48 -07:00
Umherirrender 1a56a29751 Use IReadableDatabase::expr for complex conditions on Special:AbuseLog
Bug: T350968
Change-Id: I3a86edd3f62d7276e33b5c155f0da1c8ef2a8cb5
2024-05-21 16:56:34 +00:00
thiemowmde fc50073fb5 Fix missing <thead> and <tr> in various places
This removes the last usages of the problematic open/closeElement
from this codebase.

One actual issue gets fixed: Some of the <th> floated around without
a <tr>. That's technically invalid. Luckily the browsers are flexible
and show it correctly. Visually nothing changes.

Similarly <th> should be wrapped in a <thead>. This wasn't done
before.

Change-Id: Ia45096670888173e49f9c25e72f429f0961b75ae
2024-05-14 21:28:32 +00:00
Matěj Suchánek f9dcf46d70 Replace most Xml methods with Html
Xml::buildForm and Xml::fieldset are left.

Change-Id: Iff88869fd002165ec9ee80897d4deb585005b9d1
2024-05-08 13:08:52 +02:00
Umherirrender 6dccb17255 Migrate to IReadableDatabase::newSelectQueryBuilder
Also use expression builder to avoid raw sql

Bug: T312420
Change-Id: I83eb39f1c65a698108ae5bb72f633afda37a9f23
2024-04-30 20:45:51 +02:00
Bartosz Dziewoński ac777ee88a Fix new Phan errors
MediaWiki core change Icb8822def9ce56f42ff52a8e469bb08d61d576c6
improved the type hints for OutputPage::addWikiMsg(), resulting in
two new errors:

* AbuseFilterViewEdit.php: False positive, update suppression
  to include new error code.

* SpecialAbuseLog.php: Genuine bug, the return value of
  Status::getErrors() can't be used directly as a message key.
  I have another change pending that introduces a nicer way
  to do this: Ibc4ce11594cf36ce7b2495d2636ee080d3443b04,
  but in the meantime, make do with the available getters.

Change-Id: Iee0e87496e27a5261adccb977361b3ccf4c9ee2c
2024-04-10 23:12:28 +00:00
libraryupgrader a8c9fab2cc build: Updating mediawiki/mediawiki-codesniffer to 43.0.0
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic

Change-Id: I6075c76d53a899aac56af027f9a956a6b9e6a667
2024-03-16 18:53:05 +00:00
Amir Sarabadani d628a99442 Blocked domains: Add support for "added by" field
This field gets added automatically when using the special page form but
is only shown to admins and other people who have access. It's not private
information (users can find it in history) but this is to avoid making
these admins an easy target for harassment (Talking to PM of moderation
team he agreed this is a good compromise).

Bug: T341626
Change-Id: I8410f39db54b96981b05de8e064fed65df30ef2f
2023-12-27 04:37:42 +01:00
Umherirrender bd84a6514c Use namespaced classes
This requires 1.42 for some new names

Changes to the use statements done automatically via script
Addition of missing use statements and changes to docs done manually

Change-Id: Ic1e2c9a0c891382744e4792bba1effece48e53f3
2023-12-10 23:03:12 +01:00
thiemowmde 5f0f61de5d Improve PHPDocs in SpecialAbuseFilter
Change-Id: I5364650dc31b69ab406fe1c12b6fb2ca66f02da1
2023-11-16 19:55:40 +01:00
Bartosz Dziewoński 1e54192b1b Fix non-escaped messages used in page subtitles
Reported by Phan, and also discoverable with ?uselang=x-xss.

Change-Id: Ieb41d11acf543784f1cfbca5ea2272ac0bffc9a9
2023-10-05 22:51:21 +02:00
C. Scott Ananian 0ff282dcc3 Use OutputPage::setPageTitleMsg() instead of ::setPageTitle()
The new method formats the message with Message::escaped() which
better protects from bad HTML in the message.

The ::setPageTitleMsg() method was added in 1.41 and this extension
already requires MW >= 1.41.

Bug: T343994
Change-Id: Ic07cde3bafeaa0325024fe89b4948680d04c4820
2023-09-22 21:18:03 +00:00
Matěj Suchánek 9beeca3752 Fix various typos and documentation issues
Change-Id: I1e9d297f665282d251343598e102e1d342488965
2023-09-04 12:55:17 +02:00
Umherirrender cd7e9d31a7 Use namespaced Title
Bug: T321681
Change-Id: I66fd9b70a5de06ac3c81bdf6a2a5bca64ed094c2
2023-08-19 19:49:36 +02:00
Matěj Suchánek 82ff324ae9 Remove faulty phan suppression
Change-Id: I5928d14f92d2bf7e8ceae9b40086533d7e0d0061
2023-07-21 21:47:34 +02:00
jenkins-bot c897335bd7 Merge "Various code style clean-ups" 2023-06-23 18:43:58 +00:00
thiemowmde d9bca83ec6 Various code style clean-ups
For example:
* Use the more meaningful str_contains().
* Add missing type hints.
* Make use of early returns/guard clauses.

Change-Id: Id150d1b17a80ea637a0639a8f2fd7fd017ad23b1
2023-06-23 12:32:12 +02:00
thiemowmde 24888bea15 Mark protected stuff in classes with no subclasses as private
Protected effectively means "public to subclasses" and should be
avoided for the same reasons as marking everything as public should
be avoided.

Change-Id: Iba674b486ce53fd1f94f70163d47824e969abb77
2023-06-23 12:28:06 +02:00
Timo Tijhof 110484b6a0 BlockedExternalDomains: De-duplicate validateDomain logic
Bug: T337431
Change-Id: Icbedf750f6ecaa9caf7bb900e8ad0bc2124e8743
2023-06-19 13:36:32 +00:00
Timo Tijhof ee238e79b9 BlockedExternalDomains: Minor code clean up and docs improvement
* Remove stray `@ingroup` from file blocks, move to class block.

* Fix mention of "WAN" cache where actually APCU is used.

* Document that the storage class takes a local-server cache.
  This is an important requirement since the class has no
  coordination for purging or other invalidation. It expects
  an uncoordinated cache.

* Rename "load" to "loadConfig" as it's ambigious what it means among
  the half dozen other "load*" methods in this class. Also inline
  loadFromConfig and loadComputedUncached while at it to further
  reduce this.

* Rename "loadConfigContent" to "fetchLatestConfig" to match
  the existing fetchConfig, which does the same thing except it queries
  the primary db using READ_LATEST.

* Use Html.php when building HTML, instead of legacy Xml.php.
  While at it, also switch a few to Html::element instead of
  Html::rawElement (aka Xml::tags) by using Message->text() for
  messages that are not expected to contain rich wikitext.

Change-Id: Ic74d1597aa9201b371894e7a4bf9361752d9db21
2023-06-19 13:36:23 +00:00
thiemowmde 7e6132d4d7 Remove bits of unused code across the codebase
Mostly found with the code inspection tools in PHPStorm.

Change-Id: I7f59dddca0aaab0ddd1093d52c07ec12efd20d6d
2023-06-14 19:41:00 +00:00
thiemowmde 518955f9c3 Fix error reporting in BlockedDomainStorage for real
This is a direct follow up for I6373fa6 where we apparently fixed
half of the cases while breaking the other half. There was actualy
a code path that can return null, and anther one that can return a
status object.

Since there is never anything done with the status object we can as
well get rid of it and always return null in case of an error.

Bug: T337431
Bug: T279275
Change-Id: I2ccb58756182897bcd6649c9f589e2f7a0321b20
2023-06-12 17:11:49 +02:00
thiemowmde 1eb985c619 Fix broken error reporting in BlockedExternalDomains
Apparently a mistake from I3df949c.

Bug: T337431
Bug: T279275
Change-Id: I6373fa6de561b3018e85f61f5e45ed8c886ce311
2023-06-12 10:52:35 +02:00
jenkins-bot 3feb7d5af0 Merge "BlockedDomains: Put a cache behind parsing of notes of blocked domains" 2023-06-04 15:33:00 +00:00
Amir Sarabadani be928818a4 BlockedDomains: Put a cache behind parsing of notes of blocked domains
It'll be 6K rows in enwiki, parsing 6000 wikitext notes is going to be
expensive.

Bug: T337431
Change-Id: I010d773a7b096c783f5da0d6997d946b3bfd6b6e
2023-06-02 20:13:33 +02:00
James D. Forrester fb50c1f019 BlockedExternalDomains: Make this a special right, prohibit direct editing
Bug: T337431
Bug: T279275
Change-Id: I96d1e2c8d8728c26e38515032ef773770e26dda4
2023-06-01 09:20:44 -04:00
Amir Sarabadani 53eb27f086 Introduce Special:BlockedExternalDomains
It is behind a feature flag. Improvements on it can happen in follow
ups. The patch is already quite massive.

Bug: T337431
Bug: T279275
Change-Id: I3df949c4d41ce65bb4afa013da9c691ac05fc760
2023-05-30 20:48:42 +02:00
gerritbot 3f7e5c9271 Update moved class WikiMap
See T321882. Moved in I60cf4b9ef02b9d5

Bug: T321681
Change-Id: I2c9a5dbde0080984dad1a23eba52504c4b7df4d1
2023-04-25 09:52:41 +00:00