Commit graph

54 commits

Author SHA1 Message Date
Daimona Eaytoy 1f2b7474ed Clarify code and docs for automatic throttling
For the docs part: make it clear how things work there. For the code
part, these are mostly style changes: shorter variable names, no
unnecessary parameters, make the method private, use clearer variable
names.

Change-Id: Ic3bc6e36506973b19a9b1bcecbc1a5080faed2ec
2018-11-26 16:51:10 +01:00
jenkins-bot 6541d7c5cc Merge "Check that the user block is sitewide when determining permissions" 2018-11-15 17:26:21 +00:00
Daimona Eaytoy 346063eec0 Check that the user block is sitewide when determining permissions
And bump MediaWiki version.

Bug: T208621
Change-Id: Icfcf09c5d7c7498711cb000c3bb16480270efb9c
2018-11-15 17:59:22 +01:00
Daimona Eaytoy d3a8491c3f Change throttle selector to restore old functionality, overall improvement
Long (sigh) explanation in T203587#4569698. Also, simplified the way
TagMultiselect are generated, this one and the one for change tags.
This new selector is back-compat both with the old textarea and the OOUI
checkboxMultiselect; actually, this one is //fully// compatible with the
old textarea.
Add validation for throttle parameters and unit tests for validation
(split from I976c95658cddb2585910b6f8a5f047aadc4e4d47).
Added a trim when retrieving throttle identifier to allow syntax like
'ip, user'.
Improved the message shown on history.
Re-added the maintenance script to clean DB.

As I wrote in the task, a review by two other people would be great, at
least for the maintenance script (it could potentially break the DB).

Bug: T203587
Bug: T203336
Bug: T203584
Bug: T203585
Depends-On: I3b2e763bd8835207dc5df1db43d3e1881e6961c3
Change-Id: I7831dbb0bab55807392ac1f7915d6cb0cb713593
2018-11-14 12:51:36 +01:00
se4598 9d12e1b353 Allow selecting custom disallow message
You can now select a custom message to be displayed for disallowing a edit
the same way as for warn mode. This can be the same or a totally different
message.

This also solves the usecase, when a edit filter is set to warn AND disallow,
to be able to show the user a custom message, but the generic is shown
on the second try (disallow). Now it can be only set to disallow.

Bug: T27086
Change-Id: Ic1de03a6944c43a346fa317ee0a217551f0d284a
2018-10-11 10:35:01 +02:00
Jayprakash12345 8ad2203ce0 Move all apihelp translatable messages to separate files
Should be merged along with
Ib66f4614285411e5fd971dc0cb4291ea8113418c

Bug: T189982
Change-Id: Id9beb08ee34e6861543cf59d80abfac616bf9238
2018-09-21 08:21:38 +00:00
Matěj Suchánek 10ad58a6f3 Migrate AbuseFilter suppress log
Also make entries in Special:Log/suppress filterable.

Change-Id: Ic23e724997e4748c8d0da8138aa73d31b17b7064
2018-08-21 16:05:54 +00:00
tinajohnson.1234 c9003fe1fa Use HistoryPageToolLinks hook to add a log link to history pages
Add an AbuseFilter log link to the subtitle of history pages.

Bug: T28934
Co-authored-by: Matěj Suchánek
Depends-On: I2e0e9e92d3fc303135b0eb9acf06b5fd120178a5
Depends-On: I58a3039b3755648bb0c8aaf87db48ace96ce9344
Change-Id: Ib89c48f2b8f3121ead184844844acee436e2fdd6
2018-07-27 11:25:12 +00:00
Daimona Eaytoy b825e396b5 Switch editing interface to OOUI & improve NoJS usability
This settles almost everything, leaving the tags part ready to be
further improved in the follow-ups.
Also, replaced some fields with totally different ones, improved the
warn preview area and improved a bit nojs experience by hiding unusable
buttons.

Bug: T132284
Bug: T154749
Change-Id: I7a5caa862a32f9792140c6a4d9708a2d20472672
2018-07-17 14:49:50 +02:00
Daimona Eaytoy dd0569c00b Fix extension doc for AbuseFilterPrivateLog
This variable is actually here to determine whether accessing private
info should be logged, not if it's possible to access such info. In
fact, you can still do it if this variable is set to false.

Change-Id: Ieba191bff4ea56eb166bbbd03cb7b1a05ca42c52
2018-07-16 15:32:38 +02:00
jenkins-bot b86208d381 Merge "Add phan seccheck to composer and remove deprecated module" 2018-07-05 17:34:38 +00:00
Daimona Eaytoy 3c1dae9e14 Allow users with abusefilter-view-private to use testing interface
Now the required need will be abusefilter-modify OR
abusefilter-view-private for /tools, /test and /examine.

Bug: T193903
Change-Id: I3f1a91a2cc1df2272e5d4099cefd7c649a0683d5
2018-06-24 14:10:38 +00:00
Daimona Eaytoy 29492513cf Add phan seccheck to composer and remove deprecated module
Seccheck is currently being executed as non-voting, but it always
succeeds because AbuseFilter is not requiring it in composer. Instead,
let's add it: tests will start to fail, but we'll be able to see how
things are going with it. As a bonus, remove the mediawiki.api.parse
module, which is deprecated in 1.32 and replaced by mediawiki.api
(already loaded).

Change-Id: I094a8af4f97c03f8b538ede00420b123de25138a
2018-06-12 15:37:03 +02:00
MarcoAurelio 5724ca14d0 add grant to view private abusefilter log entries
Bug: T191703
Change-Id: I56233786ddaa6c44e6778b56070cf9b13df20dcc
2018-04-11 08:59:36 +00:00
Gergő Tisza ebcc751e7c
Remove abusefilter-revert right from sysops
No point in that right without abusefilter-modify-restricted and
it makes the user interface more confusing.
Undoes part of I4e3125a.

Change-Id: I4afaaa98a5c1b3d0d9518117a28e7e46466f87a1
2018-04-09 19:25:45 +02:00
Gergő Tisza 8f53c11a85
Add default rights config
Add a conservative default configuration so that admins can use
abuse filters without any need for manual setup, and users can
see what's happening. Also expand grants a bit.

Bug: T191740
Change-Id: I4e3125a708277474f416903928397db7f8fb850d
2018-04-09 10:47:35 +02:00
Daimona Eaytoy 55cac6f1b0 Move actions limit to a global variable
This opens the door to further customization and allows every wiki to
set its own value.

Bug: T132925
Change-Id: I63985f2809c3253b07b33caef30fcd8d4c62dfd4
2018-04-05 00:06:40 +00:00
Max Semenik 5c89246fce Rename files to match class name
Change-Id: Ia19bfec6c2289912699b6c90261afda311afb56e
2018-04-02 22:08:13 -04:00
Daimona Eaytoy 2779c9cd3c Move documentation to extension.json
This way we'll be able to go on with
I0e95e9b15e3733d85bdfac2a4d27a4d5ba7db928 and dependencies.

Change-Id: I16aa7c839a71ecae0554ef43fa12423e76118fe0
2018-04-02 17:59:48 +02:00
Daimona Eaytoy 3350183fe3 Revert "Revert "Switch editor to Ace and provide syntax highlight""
Make Ace use a fixed size in em.

This reverts commit 272775ff81.

Change-Id: I9b439b20df91eb367bcef4b6f33ff087aded0b62
2018-03-30 11:10:16 -04:00
Huji 272775ff81 Revert "Switch editor to Ace and provide syntax highlight"
This reverts commit 89e6778793.

Change-Id: I41aee10fdd5633d56692334696fb750f41b15433
2018-03-30 02:07:00 +00:00
Daimona Eaytoy 89e6778793 Switch editor to Ace and provide syntax highlight
Replace the conditions textarea with Ace editor for editing and testing
filter. This uses a soft dependency on CodeEditor; if the latter isn't
installed, the classic textarea is used. The user is still able to
switch between the editors on the go; the new buttons may look a bit
ugly now, but after switching to OOUI they should get much better.
Finally, added a custom syntax highlight for AbuseFilter rules.

Bug: T39192
Change-Id: If3d6a994142e34686bb7fc9f09093f751b599485
2018-03-23 12:39:22 +01:00
Dan Mattern fd3987baee Add option to turn off logging IPs
Adds option to stop logging IPs in afl_ip in the abuse_filter_log table.
Introduces a new global variable: $wgAbuseFilterLogIP

Bug: T187169
Change-Id: I1615ba6949c9f8bcdd6ee6aef580c87a05f43e6a
2018-03-03 23:16:24 +00:00
Huji Lee 146820185c Log accessing private information in abuse filter logs
Bug: T152934
Change-Id: I8049df3b2b9343a6877e9a306d2781d3f27ec657
2018-02-07 18:35:36 +00:00
Jayprakash12345 9ec6c98eb0 Removed deprecated position statements from resource loader module
Bug: T184257
Change-Id: Iadfd2cb039042ca4bcce4926bb4d4508eb9b23ca
2018-02-02 16:33:22 +00:00
MarcoAurelio 59ff4aed5d Actually mark abusefilter creations as such in the AbuseFilter log
Bug: T178283
Co-Authored-By: Matěj Suchánek <matejsuchanek97@gmail.com>
Change-Id: I89776eff2fc420b1fe3e2c3b88671749fadb57b4
2018-01-12 17:03:13 +00:00
Kunal Mehta e5b952449d Use SPDX 3.0 license identifier
SPDX released version 3 of their license list (<https://spdx.org/licenses/>),
which changed the FSF licenses to explicitly end in -only or -or-later
instead of relying on an easy to miss + symbol.

Bug: T183858
Change-Id: Ib7a48d3a432f12ce1c27fe989e85a80335a25801
2018-01-03 19:01:35 -08:00
Umherirrender 80418b1f93 Move classes to own files
Makes MediaWiki.Files.OneClassPerFile.MultipleFound pass

Change-Id: I3b08a69fe7990d6fe5f71cda51d6ac01f11aad2d
2017-12-23 13:43:37 +00:00
Huji Lee 7b7be07957 AbuseFilter block range should not exceed $wgBlockCIDRLimit
This patch introduces a config variable for the range block sizes.
It changes the default IPv6 block size from /16 to /19 using the
same reasoning as  Ia25e156fd8234519c4d74f1d41d93f94a313ce14

Using a config var (as opposed to hardcoded range size) allows
future changes proposed in T179454 to make the range size vary
for different IPs, based on the actual subnet they belong to.

Bug: T179455
Bug: T179456
Change-Id: I8dfa17f553a7af524f0a11c0fd51c48773e27be5
2017-11-02 12:08:49 +00:00
jenkins-bot 689b7abaff Merge "Remove back-compat code paths" 2017-10-31 16:12:40 +00:00
Brad Jorsch 6071e7a43f Remove back-compat code paths
Per T178092, AbuseFilter now maintains compatibility with older versions
of MediaWiki using release branches. Thus, various back-compat code
paths may be removed from the master branch.

Change-Id: Ia1b5eade30d7486e3b1b386b15a7db4e5c8cfead
2017-10-31 09:37:54 -04:00
Dayllan Maza 3e1c5b9099 Add slow filters debug data to the logs.
When $wgAbuseFilterRuntimeProfile is true, all filters taking
longer than $wgAbuseFilterRuntimeLimit will be logged for
later analysis

Bug: T174205
Change-Id: Id81833afa8421476a6cee47eb3393acdb3a38d65
2017-10-12 17:41:49 -04:00
Dayllan Maza c07294cc9c Add runtime metrics to statsd
Metrics per edit:
    - Execution time of all filters
    - Number of filters executed
    - Number of conditions executed

Due to the current structure of abuse filter there was not
a clean way to include filter actions and abuselog creation
as part of the runtime metrics.

Bug: T161059
Change-Id: I6208b620453863133c6623aa419775f63c7d3eb1
2017-08-24 15:58:52 -04:00
matejsuchanek 3b29498f21 Migrate abusefilter/modify log
Bug: T32553
Change-Id: I7e33d1064329124755c77ffe6efbd5d572f43cb9
2017-08-12 10:00:42 +02:00
Matěj Suchánek 55c27a8f6b Require MediaWiki 1.29
After I544cdfa75c7472f2d98b2561bc6f6f9c2d2ad639 (dieWithError
and checkUserRightsAny), this is the oldest MediaWiki version
AbuseFilter can be run on.

AbortMove was removed from MediaWiki in 1.25, UploadVerifyFile
is only relevant for 1.27 and older.

(Replaces I1e962217c3b20d901a5742cf76339a3f488a6e97.)

Change-Id: Iec237b2887f72b115fdcef78d2d7a944ba82c784
2017-08-10 11:01:34 +02:00
Max Semenik 2f250127b4 Normalize file layout
Aka move all code into includes/.

Change-Id: I21f7b80bb6df04abbed6bfccb94f92100dc8f071
2017-08-07 16:11:38 -07:00
Matěj Suchánek eb8541eab5 Use mw.Api.parse() for previewing warnings
And add the filter id as the second parameter to the message.

Bug: T68351
Change-Id: Iee8ac20d3cc9c0f6340ec6f339b0e51d7c88f976
2017-05-31 09:06:31 +02:00
Huji Lee 8f53126853 Remove the "flag the edit in the abuse log" checkbox
Bug: T154091
Change-Id: I40c3176127bb168672b376147bffcdbd2aaff237
2017-02-13 14:27:44 -05:00
Aaron Schulz 2d57141600 Move AbuseFilterVariableHolder up to /includes
This class is not for parsing logic or tree nodes

Change-Id: I07a499cc972c30fc249ec4de3250900a3b703443
2016-12-18 17:13:06 -08:00
Aaron Schulz 9b1021b055 Move various classes to their own files
Change-Id: I5d418b3fa27aa6e04b9a680922e5eab2439ffb20
2016-12-17 11:40:10 -08:00
Paladox 2beb56348c Replace ArticleSaveComplete hook usage
Bug: T147390
Change-Id: Id0fb48d867d7a7542f589deed90bae8195daa556
2016-10-09 17:27:54 +00:00
Victor Vasiliev aa399da279 Implement a tree-caching abuse filter parser
This filter is fully functional.  The old filter is still enabled by
default for a transitional period in case the new one suddenly has
issues.

Change-Id: I4aea5f00c62420108030e60e79d5bf34e913e95d
2016-09-24 02:53:26 +00:00
MusikAnimal d76de81f66 Add basic AbuseFilter reading rights for OAuth
Bug: T126756
Change-Id: Iace64d3b8c2a8ba1eaa5b49efd8362de5d36d3eb
2016-09-02 22:58:17 +00:00
jenkins-bot 6bd39475bb Merge "Only run filters once for direct uploads (without stash)" 2016-08-11 04:44:52 +00:00
Kunal Mehta 722550e431 Remove 'UnitTestsList' hook
Extension unit tests are now autodiscovered.

Bug: T142120
Change-Id: I45dc300b24d27e2a36533600e1232ee56b76b2b8
2016-08-04 13:16:06 -07:00
Bartosz Dziewoński f2e05b105b Only run filters once for direct uploads (without stash)
Uses the new UploadStashFile hook.

Bug: T140522
Depends-On: I2f574b355cd33b2e9fa7ff8e1793503b257cce65
Change-Id: Ic7c2dbc54c6ad300d26172796ee21027a8c372ee
2016-08-03 16:30:18 +02:00
Bartosz Dziewoński 069e0c89a5 Provide page text and edit summary when filtering file uploads
This allows filters using `action='upload'` to use the variables
`summary`, `new_wikitext` and several others that previously were only
provided when editing pages (`action='edit'`).

This is achieved using the new UploadVerifyUpload hook, introduced in
MediaWiki core in change Ie68801b307de8456e1753ba54a29c34c8063bc36.

`action='upload'` is now only used when publishing an upload, and not
for uploads to stash. A new `action='stashupload'` is introduced,
which is used for all uploads, including uploads to stash. This
behaves like `action='upload'` used to, and only provides file
metadata variables.

Filter authors should use `action='stashupload'` when a file can be
checked based only on the file contents, and `action='upload'` only
when the wikitext edit needs to be examined too.

Bug: T87381
Bug: T89252
Bug: T139848
Change-Id: I9654f82ecda82e4917fd0ac6b364b947a1434c73
2016-07-09 13:31:15 +00:00
Bartosz Dziewoński c03ac953ad Remove backwards-compatibility code using APIEditBeforeSave hook
It was only needed for MediaWiki prior to 1.25
(09a5febb7b024c0b6585141bb05cba13a642f3eb).
We no longer support those versions after
d527574d2b.

Bug: T137832
Change-Id: I9d0b7e7713c805ebc7bf59f55456e69c6491e265
2016-06-17 01:45:29 +02:00
Gergő Tisza ed5cc1b5fc Update for AuthManager
Repeats I61e4327ef3c7a31b19feef727de7d683f69e260b (which had to be
reverted due to a problem with an ancestor patch) without any
significant change.

Bug: T110448
Bug: T135360
Change-Id: I1688cf9fbcb04bb56d075c9f0876bd0ffeced4f6
2016-06-06 19:54:26 +00:00
Gergő Tisza 6a2627e944 Change some globals to work better with extension registration
Rename $wgAbuseFilterAvailableActions / $wgAbuseFilterRestrictedActions
to $wgAbuseFilterActions / $wgAbuseFilterRestrictions and make
them an associative array instead of a plain one, as that works more
sanely with extension registration. (The renaming helps to give more
useful errors to sites using the old config.)

Change-Id: I790d39c2849922d7daf7479f298cd90cf30af129
2016-06-06 19:53:53 +00:00