Commit graph

4666 commits

Author SHA1 Message Date
Translation updater bot b5a0fba51e Localisation updates from https://translatewiki.net.
Change-Id: Ib6db2f82950da79bf158ff2832b12025a7f2fa74
2019-01-08 22:29:16 +01:00
Translation updater bot b9f9708e8a Localisation updates from https://translatewiki.net.
Change-Id: Ifd174360497a96ff8be3e39b0de8d7641cf7185b
2019-01-06 22:30:08 +01:00
Translation updater bot 1f572b324b Localisation updates from https://translatewiki.net.
Change-Id: I573f267f5b9328733e5953df5578530b340e7346
2019-01-05 22:33:24 +01:00
Daimona Eaytoy f12fdb4a32 Add unit tests for custom disallow messages
Follow-up of Ic1de03a6944c43a346fa317ee0a217551f0d284a, adding some unit
tests for this newly introduced feature, plus a couple of tweaks for
both tests themselves and i18n.

Change-Id: I8df247f61d9f3769e9580544f324dd174811e939
2019-01-05 10:58:47 +00:00
Translation updater bot 6de4d426f0 Localisation updates from https://translatewiki.net.
Change-Id: Id200f09d1bba63a1f0f00360f14d4ad3973d78c8
2019-01-03 22:52:02 +01:00
Daimona Eaytoy fda8f01431 Replace RecentChange::$mAttribs with getter functions
The RecentChange class has several getters and setters for the $mAttribs
property. Although the property is public, it's saner to use such
methods.

Change-Id: Ie8e37e80fdcf2917ee0e87b2a409f0afb91a4f92
2019-01-02 11:36:57 +01:00
Translation updater bot 1de0aaaab7 Localisation updates from https://translatewiki.net.
Change-Id: I467600aea57c69628879aa9db1c515bb1add2548
2019-01-01 22:20:00 +01:00
jenkins-bot e164f16349 Merge "Add test to guarantee tag uniqueness" 2018-12-31 18:16:57 +00:00
Thiemo Kreuz 8ccb9839e5 Add test to guarantee tag uniqueness
This is a direct follow up for the bug fixed in Iebbdeac.

Change-Id: I5cc5618aa6161460534804e46a8a3568d1af9af3
2018-12-31 18:26:47 +01:00
jenkins-bot 52f17f25c4 Merge "Add aliases for Serbian language" 2018-12-31 02:21:58 +00:00
jenkins-bot e6ca0f288d Merge "Really disable the minor_edit variable" 2018-12-31 02:21:56 +00:00
jenkins-bot 2539f6883e Merge "Remove workaround to complete phase 1 of variables migration" 2018-12-30 23:19:20 +00:00
jenkins-bot 90796123a8 Merge "Add a new method and hook for static variables" 2018-12-30 22:50:35 +00:00
Daimona Eaytoy 217b4b57ff Remove workaround to complete phase 1 of variables migration
When all the other patches will be merged, this workaround won't be
necessary, and by removing it we're finishing the first phase of
variables migration. Which could also be the only one if we decide not
to go on and remove the old ones.

Bug: T173889
Depends-On: I5c370b54e6516889624088e27928ad3a1f48a821
Depends-On: I6576497feaf6d2c475ee33a91feb6a640e2c20fe
Depends-On: I87a48fdc8b392b25eb02807e8d0f712d0a399ece
Depends-On: Ib29eb15c1a51c037d036be8dc1541d96ea4b174b
Depends-On: I909a99e80a895a9b009c33ea72e8e0a4ea0a1375
Change-Id: If5f238cddb41ef92b141e36b4f2f15fd4cc86476
2018-12-30 22:43:14 +00:00
Daimona Eaytoy b0c5b97b28 Add a new method and hook for static variables
This is for adding variables which can be computed even without an
ongoing action. Currently, we don't have any, except for timestamp (but
that's a bit special). Other extensions could. For instance, we'll be
able to expose the content of the spam blacklist.

Bug: T211680
Change-Id: Iba59fe8d190dd338ecc8cfd682205bce33c9738b
2018-12-30 18:15:33 +01:00
Daimona Eaytoy 2fc56ce014 Use array_unique on the array of tags to add
Otherwise calling bufferTagsToSetByAction multiple times makes the list
grow, and IIRC the core doesn't call array_unique on the tags to apply.
Also clean the list after applying tags.

Change-Id: Iebbdeac7898b35beea79aa3d0cdf9d0fb265d726
2018-12-29 15:19:02 +01:00
Daimona Eaytoy 921db0397e Really disable the minor_edit variable
The variable was disabled with I7f13773766e12f3d4b86451fdf3ae23e067ac373
in 2016, but not in the same way as old_text and old_html were disabled
in 2009. This patch uses the methods introduced with
Ife168522e6b1d8eb94ebbb8a16ae8831ec1dc497 to disable minor_edit in a
standard way, so that it won't be showed in new AbuseLog entries, and
won't be usable when writing filter syntax.
A warning will be emitted if a pre-existing filter is using it, so that
we'll be able to completely disable it in the future.

Change-Id: I5ad5219ee19a5e6ba2bfdffb4e0aad63c8951491
2018-12-29 14:14:27 +01:00
Translation updater bot e7684d8925 Localisation updates from https://translatewiki.net.
Change-Id: I336822d68571bd7efc2fd86a70681639a983e18e
2018-12-27 09:50:25 +01:00
zoranzoki21 d4bce52953 Add aliases for Serbian language
Bug: T212586
Change-Id: I40d9dad9c0d5c61e3c0a4ec3e4a1510e3e80c093
2018-12-24 02:16:55 +00:00
jenkins-bot f00b89fd40 Merge "Set alias name of Special:Abusefilter for Urdu language" 2018-12-24 02:13:31 +00:00
Translation updater bot a7f67f3599 Localisation updates from https://translatewiki.net.
Change-Id: I6205a506cbf30a4cead97bad7ba9a432cc8c307f
2018-12-20 22:41:31 +01:00
محمد شعیب 75b0b9c948 Set alias name of Special:Abusefilter for Urdu language
Change-Id: I5d1d8275287ca478b4cac1894646fc9403dec67d
2018-12-20 19:48:22 +00:00
Translation updater bot 4f5dc59f9f Localisation updates from https://translatewiki.net.
Change-Id: Idd83753f9b716e1798018ab9bd43ce0215225570
2018-12-19 22:22:23 +01:00
jenkins-bot 6dd183857d Merge "build: Set "root": true, in .eslintrc.json" 2018-12-18 07:29:25 +00:00
jenkins-bot 1a154ca0c8 Merge "Report all filters with wrong throttle parameters" 2018-12-18 04:56:49 +00:00
Kunal Mehta f2ce7bb7e2 build: Set "root": true, in .eslintrc.json
This ensures that each repository's "npm test" command is fully
independent of wherever it might be in the filesystem.

Bug: T206485
Change-Id: I4b9598d41b2fe01703b89914f9c1a470ed1a9cf2
2018-12-17 18:52:49 -08:00
jenkins-bot 6421187a13 Merge "Validate the abusefilter-blocker name" 2018-12-17 22:17:03 +00:00
Translation updater bot 2367e666a0 Localisation updates from https://translatewiki.net.
Change-Id: I3f731eb17bff9e9f8f37b1bcfc46a70e216de26b
2018-12-17 22:18:46 +01:00
Daimona Eaytoy ea89dd4ca3 Report all filters with wrong throttle parameters
Instead of only the first one. This is quite hacky, but I don't have
much time right now, and this script is written in the spirit of JFDI.

Bug: T209565
Change-Id: Ic12ff21dd41b619bea9c71001555fd4d6299e58b
2018-12-17 20:19:20 +01:00
Daimona Eaytoy 4950bf6664 Validate the abusefilter-blocker name
In T209565#4826952 I discovered that if the "abusefilter-blocker"
message is an invalid username, we silently end up without a system
user, thus risking to break something. Instead of silently failing, emit
a warning and use the default name. As I wrote in the code comment, we'd
better avoid throwing, because the message can be modified by anyone,
who could then break the site.

Change-Id: Ifa866bd9676945bf94e7e481adf6ad0d6cf4370c
2018-12-17 16:02:24 +01:00
jenkins-bot 102f6f7497 Merge "Fix big problems with normalizeThrottleParameters" 2018-12-17 03:34:34 +00:00
Daimona Eaytoy 3fa6e2d31c Expand AbuseFilter::getFilter to select all fields and fix caching
This partly reverts If72b18bedac5e580487406e696aea1fd172ae45b. While
it's true that we don't need every filter, that method is public and
other code may need fields that we don't need. This way we can encourage the
use of this function (which caches the result) instead of direct DB
access.
Also, the method can currently accept global filters passed as
"global-<integer>", but saves them to cache with the same key as local
filters (i.e. local filter 15 and external global filter "global-15" are
both saved in AbuseFilter::$filterCache[15], which could lead to subtle
bug).

Change-Id: Ieb04f019453033c275e211cfc9fd68d5d7c392ef
2018-12-16 14:23:45 +01:00
Daimona Eaytoy aa280998c0 Fix big problems with normalizeThrottleParameters
My final testing unveiled 4 problems, see T209565#4780868. Testing again
after this patch yields the expected outcome.

Update: A fifth problem is that we cannot disable throttling if throttle
groups are empty or fully invalid: that case is similar to the one with
invalid rate, the throttle limit is never reached and thus throttle just
doesn't work. Instead, ask users to fix it by hand.

Bug: T203336
Bug: T209565
Change-Id: Id03c9880f60764efc596ac40b8662087fdb30550
2018-12-15 18:36:16 +01:00
Daimona Eaytoy f49d4e5caa Emit debug logs when filtering without title
We have two situations where we try to execute filters without a title.
However, the code doesn't handle it correctly: some points expect $title
to actually be a Title object, and we also pass it around using a hook
which explicitly says it always pass a Title. This patch adds two debug
points to help understand why we end up with null titles, so that we can
fix it upstream.

Bug: T144265
Change-Id: I35bfc483a0c69a5cbd38eae8ba299189955fa1ec
2018-12-13 20:34:21 +00:00
Translation updater bot d7629efb7c Localisation updates from https://translatewiki.net.
Change-Id: Ia04342b79dd9b1f417bde496bbee73161539c68c
2018-12-11 22:39:26 +01:00
Daimona Eaytoy db31c6dfea Rewrite the method for getting a global emergency value
Currently it barely has any reason to exist, as it's a single-line
method. This patch moves there the global state, and also changes the
signature to allow shorter calls.

Change-Id: I7851fa41cbd96912b3859319ba97a501b1cbaa57
2018-12-10 18:28:32 +01:00
Translation updater bot c496545573 Localisation updates from https://translatewiki.net.
Change-Id: Ib777ddf8193849f1b708d8df16e1a265cdbac43d
2018-12-09 22:38:41 +01:00
Daimona Eaytoy 1dcf3fc98c Move a method out of AbuseFilter.php
AbuseFilter::buildFilterLoader is only used in ViewExamine and
ViewTestBatch, so this patch moves it to AbuseFilterView and makes it
non-static.

Change-Id: I7f11cfd7ac81e536492eb59c40da7c14771cee2b
2018-12-09 14:33:30 +01:00
jenkins-bot be8fda1bde Merge "ve.init.mw.AbuseFilterSaveErrorHandler: Update to receive entire response" 2018-12-07 19:41:50 +00:00
Bartosz Dziewoński 800ff6d899 ve.init.mw.AbuseFilterSaveErrorHandler: Update to receive entire response
Change-Id: I8d5f60f8d54cbaaf1801a85cb6e12a8f3d4370a4
Depends-On: I818d916275b8451af6910ddaa7cd4d7c653085ee
2018-12-07 14:18:12 -05:00
MarcoAurelio 5bff9385eb build: Update phan-taint-check-plugin to 1.5.1
Change-Id: I9ba855b041958b995f1139cb3e36298e1247f5b9
2018-12-05 22:18:15 +00:00
daniel 688eccea47 Expose text from all slots to AbuseFilter
This is a first step towards MCR support in AbuseFilter. The textual
representation of all slots is concatenated. Since AbuseFilter uses
getTextForSearchIndex to determine the textual representation of
content, blind concatenation should not break any assumptions
made by AbsueFilter rules: this naive approach is no worse than
AbuseFilters handling of non-textual content in general, and should
work fine for textual content.

Bug: T209291
Change-Id: Ic141085cad2e11bfe106fe83dafcb35ac31206ba
2018-12-05 09:24:08 -08:00
MarcoAurelio 5ad80d2c13 build: Update npm dev dependencies
stylelint                   9.2.0  →  9.9.0
 stylelint-config-wikimedia  0.4.3  →  0.5.0

Change-Id: Id818e6273bc0f416e0b8fcf5bb5d52494a418ee8
2018-12-05 11:44:28 +00:00
Translation updater bot 3238b3205c Localisation updates from https://translatewiki.net.
Change-Id: If4d2c796280785d48d8e7c550b9cd95ff3a3a7d9
2018-12-04 22:14:22 +01:00
jenkins-bot 1dd8f41d0d Merge "Use the updated TitleMove hook to filter move actions" 2018-12-04 19:32:04 +00:00
Daimona Eaytoy 206bdc1f6a Use the updated TitleMove hook to filter move actions
For several reasons:
*We're not really checking permissions (and the hook previously used is
meant to be used in such case)
*We'll show a cleaner error message (i.e. without the "You do not have
permission..." part)
*Filtering will happen closer to the actual move

Bug: T208907
Depends-On: I4733724075b7514e9db59e7be772d9409aa9da87
Change-Id: If88f736a446247f8b4b13c055c641d56f544d1ea
2018-12-04 18:58:04 +01:00
jenkins-bot 23a7aa69a5 Merge "Fix regex group counting for get_matches" 2018-12-04 13:58:06 +00:00
Daimona Eaytoy 38749b46bb Warn the user if they try to leave the page with unsaved changes
While editing filters, sometimes it happen that you make some change,
forget about it and then reload/close the page, and no warnings will be
issued. This patch makes use of the core module used for normal page
editing to display a warning if trying to leave a filter editing page
with any unsaved change (both to the filter pattern or other form
elements).

Change-Id: I78d79215565d5c82028b1a2a4276497ccbffdea2
2018-12-04 13:06:46 +01:00
jenkins-bot bb289862ff Merge "Remove code for old global variables" 2018-12-04 06:27:32 +00:00
Huji Lee b523194032 SECURITY: Remove private information from the API results
Later, we will add a new POST request which will allow retrieving
the private details; it will have a mandatory "reason" parameter,
and will result in a log entry in the private details access log,
just like the web interface.

Bug: T210329
Change-Id: Iaca492371f48fecf543268c179a651841ed12c3f
Signed-off-by: sbassett <sbassett@wikimedia.org>
2018-12-03 23:11:32 +00:00