Make selectors for groups and warnings read-only and also don't show
edit button for users without editinterface permission.
Change-Id: I7c27f27ed080396b3a64ccaf9a7ccf2c3231b839
Various pieces of the tagging system will break if the tag name contains
slashes or commas, so that should be checked for.
MediaWiki core (as of Ic5d75432) contains a method for doing just that,
so use it if possible.
Also require that tag names be either:
* Intended for reuse (canAddTagsAccompanyingChange)
* Already in use
* Creatable
This prevents the use of software-defined tags (unless whitelisted)
or tags that are blocked from creation (e.g. OAuth reserved tag
prefixes)
Add caching for tag lookup since it's used more often now.
Bug: T92956
Bug: T27151
Depends-On: Ic5d754323cbfd2c2b54c4df1245767946ebb1821
Change-Id: Ibc3095879f276a5436362f471b885e64f338522e
These are also user-provided tag names, so should be checked with
ChangeTags::canCreateTag, which is intended for that purpose.
This check also applies on edits.
Bug: T164133
Change-Id: Iaf161d538f225a86c7abf8a8a347de9169d781bf
This also changes the previous behavior - users who lost their rights
between opening and saving a filter now also get the message.
Additionally, User::matchEditToken() now doesn't use the global
$wgRequest.
Bug: T142389
Change-Id: I931068ff79a6835ad6e63a12ce9dbfcc1cb6c8b9
Admins already have the ability to edit site JS, etc., so I don't think we should be concerned about malicious content
This patch allows markup in all messages in the edit interface, except the labels for the checkboxes
Bug: T157235
Change-Id: I5f1a2cd536a2c7ec5f7a5d7afbf124104bfcd975
Stash may return false if the value hasn't been set yet. This basically
means 'zero'.
Steps to reproduce: create a new filter and open it. If it doesn't have
any hits, the second message parameter is missing instead of being '0'.
Change-Id: I8f240dd87664ec99a98b843f9e5c4c8c9eed0532
Users can now sort filters by whether they are visible and which group
they belong to. Sorting by hit count is only possible if the user can
actually see it.
Change-Id: I516111f96b9ef0beaa0c04f902e03712591371d1
If the user cannot see hit counts, this field is always empty, so there
is no need to have it shown.
Change-Id: I27c8639f901a3c7fa686378a1205b2ddebb7d665
All usages of Linker::link() and Linker::linkKnown() has been replaced with LinkRenderer
Bug: T149346
Change-Id: Id087fe2aeaae81445e83e020ef66b541d9da4060
d0439337 (I9e15326c) made abusefilter-view-private required
even for users with abusefilter-modify that can see and
change private filters.
Bug: T143365
Change-Id: I401effc5f1e429b5ec12c7f48dcc00ada74eafb6
These pages are read only pages so it's better to let users with
'abusefilter-view-private' to view history and diff of private filters
as 'abusefilter-modify' is a read+write right.
Bug: T126129
Change-Id: I9e15326c8d681000ab13ef8a50fa0eed4c24dbe6
Rename $wgAbuseFilterAvailableActions / $wgAbuseFilterRestrictedActions
to $wgAbuseFilterActions / $wgAbuseFilterRestrictions and make
them an associative array instead of a plain one, as that works more
sanely with extension registration. (The renaming helps to give more
useful errors to sites using the old config.)
Change-Id: I790d39c2849922d7daf7479f298cd90cf30af129
* Defer the slow profiling updates to post-send
* Convert to the object stash, so that all DCs see
the same values
Change-Id: I08316c6a3192bd69248cf5ab5a3ed8185341c313
Follow-up to b60829a60c.
I'll fix up message translations on Translatewiki when this is merged.
Bug: T132189
Change-Id: I1ecaedd7489b264ed621309b6fbfb63b9287a437
This reverts commit afb78deb84.
I'll guard this behind a global and fix up the localisation messages
in a separate commit. This is a straight revert.
Bug: T132189
Change-Id: Iff4aa6d7d543db8f47c5f81f3c206dafcd5373dc
Also
* Fix a bug where action-reverts doesn't work for anons
since the userid is always 0 for them, instead use the username.
* Start adding block log flags consistently with core
Bug: T124789
Change-Id: Ic6680dad891e2169b392fcfefc1e313af85bc92f
These boolean values go through DatabaseBase::makeList,
which passes them along to DatabaseBase::addQuotes, which
shoves the value through DatabaseMysqlBase::strencode,
which in turn passes it on to DatabaseMysqli::mysqlRealEscapeString,
which eventually calls mysqli::real_escape_string on it.
This last one will turn trues into '1' and falses into ''.
MySQL (or at least my version, 5.6.17 Homebrew) complains about
receiving incorrect integer value '' for these tinyint(1) columns.
Bug: T67807
Change-Id: Iaef98c08589370f9288c1f3c80803b1a16b2506e
It'll show the timestamp at which the filter was last triggered.
If there is no hit or if the user does not have the proper permissions,
it'll be blank.
Bug: T93564
Change-Id: I435af5caf457c548fa0737ed226d7f8640ff25d8
