Commit graph

141 commits

Author SHA1 Message Date
MusikAnimal 7db0e05aeb Show notification when editor links to a blocked domain
This leverages the new BlockedExternalDomains system that is now part of
AbuseFilter. It notifies editors in realtime if a link they add is
blocked. See https://w.wiki/7ZsF for more information.

BlockedExternalDomains is slated to have its own API tantamount to the
action=spamblacklist endpoint, after which case this code will need to be
updated. In the meantime, it's meant to serve as a minimal viable product
for the CWS 2023 wish <https://w.wiki/7ZsE> for wikitext users.

The new $wgAbuseFilterBlockedExternalDomainsNotification configuration
setting controls the availability of this feature.

A similar feature for VisaulEditor is tracked at T276857

Bug: T347435
Change-Id: I7eae55f12da9ee58be5786bfc153e549b09598e7
2023-10-31 15:32:02 +00:00
thiemowmde d9bca83ec6 Various code style clean-ups
For example:
* Use the more meaningful str_contains().
* Add missing type hints.
* Make use of early returns/guard clauses.

Change-Id: Id150d1b17a80ea637a0639a8f2fd7fd017ad23b1
2023-06-23 12:32:12 +02:00
jenkins-bot 25b1820f4c Merge "abusefilter.css: Increase the default abusefilter editor width" 2023-03-15 14:00:30 +00:00
xiplus a29520ad92 Re-add #mw-abusefilter-syntaxresult
It was accidentally removed in f3383dbea2.

Bug: T331787
Change-Id: Ia8aa40098029b34870afe5ae18cbca43404572c5
2023-03-11 23:36:54 +08:00
Jean-Luc Hassec b0a38cda68 Make Ace filter editor resizable
Bug: T294856
Change-Id: I9964440a0a1cf9a8ba0514c7db085efd791a3ce0
2023-03-10 23:07:08 +00:00
MarcoAurelio f3383dbea2 Increase CSS specifity to override MonoBook .special li
Bug: T331211
Change-Id: I3ad44c830f8d1f59b798820a2cba1c7950115492
2023-03-04 21:02:48 +00:00
TheresNoTime fdcf2aab36 abusefilter.css: Increase the default abusefilter editor width
Increase default widths from `65%` to `90%` for the editor, notes,
description, group inputs.
Add `mw-abusefilter-edit-description-input` id to
`abusefilter-edit-description` TextInputWidget.

Bug: T294856
Change-Id: Ia9472298170740a39fd24864003b766078fcdfaf
2023-02-07 20:59:13 +00:00
libraryupgrader c636c501bb build: Updating eslint-config-wikimedia to 0.24.0
Change-Id: I18191de8f0db09a237e73a079dda3f30bb8881e5
2023-01-18 00:31:04 +00:00
James D. Forrester 94034ad727 build: Upgrade eslint-config-wikimedia from 0.22.1 to 0.23.0
Manually fixed as there's no fixer (and we're likely to bin this
rule upstream anyway as it has too many false positives).

Change-Id: Ia00113afa56af57c851ee8730760a60d6f858e7c
2022-10-07 11:09:55 -04:00
Bartosz Dziewoński 4b0bc0f47d VE integration: Remove "unrecoverable" errors
Bug: T307330
Depends-On: I9680cc416da5b27881aeb3502f506dcb5d4bb71f
Change-Id: Ie133c74072fa3e9ab934a6a8b2052d25b68d1cbf
2022-07-19 21:46:48 +02:00
Klein Muçi 8ee570b3a7 Fix typo
Bug: T201491
Change-Id: I64175d78c3f01e4b2f2871e69c4b68a0c6d9f689
2022-05-03 16:05:43 +00:00
Thiemo Kreuz e73f2076ad Inline/simplify smaller pieces of JavaScript code
The check if $() found an element is not needed. Method calls will
operate happily on an empty result and do nothing, as expected.

Change-Id: I985ac4623d7968f037613174b14348885afed7d1
2022-04-26 17:44:17 +02:00
Ed Sanders 3892280f1d build: Update linters
Change-Id: Icc5076d5cf757e7e70511c2b75a82b0a45cb47c9
2022-03-17 22:19:08 +00:00
Umherirrender e9a80335d3 build: Update eslint-config-wikimedia to 0.21.0
This includes the update of lockFile version

Bug: T225730
Change-Id: Iebef765120d24c2969251fc4985a383e21cb136b
2021-12-21 22:53:00 +01:00
Daimona Eaytoy 1b41a61cf2 ace: Add support for multiline strings
In the AF language,
```
foo := "abc
   def"
```

declares a valid string with a linebreak inside. This wasn't previously
highlighted by ace, since normal rules are scanned line-by-line. The
code added here is essentially copied from the PHP highlighter [1],
whose rules should be almost the same as AF.

This new syntax also highlights escape sequences inside strings, e.g. in
"foo\\bar" see how the backslashes have a different color.

[1] - https://github.com/ajaxorg/ace/blob/master/lib/ace/mode/php_highlight_rules.js#L1058

Change-Id: Idb51001af00ff2ef118741cd686dc1adf19aebee
2021-10-03 16:24:51 +00:00
Daimona Eaytoy 607be2d5bb Check response code and prevent exception in worker-abusefilter
Bug: T274401
Change-Id: I53be8e91c8d4e85df8062504de19929994f56f15
2021-02-12 00:01:51 +00:00
jenkins-bot 38772b193d Merge "Partial integration of EditBoxBuilder with HTMLForm" 2021-02-04 17:41:29 +00:00
Daimona Eaytoy bf9142a644 Partial integration of EditBoxBuilder with HTMLForm
This patch adds a transparent HTMLForm field that can be used to insert
the edit box inside an HTMLForm, and updates /test and /tools to use
that. The field class, together with the other editbox-related classes,
is now in a dedicated namespace. A future TODO is making it a real
HTMLForm field.

Also improve a bit the form in /test: add section labels and
avoid reusing the same label message used on Special:AbuseFilter.

Bug: T261584
Change-Id: Ib74bb5fdba4f8476169b754030fce6d4f72ce65a
2021-02-01 16:23:42 +00:00
Daimona Eaytoy 7008aca2fe Fix JS emptying warn/disallow message if filter group is changed
Bug: T273390
Change-Id: Ia105de5c59644956300a817f23b6378c016be6f6
2021-01-31 23:35:34 +01:00
Daimona Eaytoy b9efb9ec7d Don't pass protocol-relative URLs to the Ace worker
Bug: T271487
Change-Id: Ib344e7c021f9224f08c0c844d4e96e5bede356c8
2021-01-11 13:33:11 +01:00
Daimona Eaytoy 7c1d1c6d7d Return warnings from the parser, add warning for catch-all regexps
This commit introduces some boilerplate for emitting warnings from the
AbuseFilter parser, and also code for showing these warnings in the ace
editor. Adding new warnings should be as simple as appending to
AbuseFilterParser::warnings (and adding the relevant i18n).

Bug: T264768
Bug: T269770
Change-Id: Ic11021b379f997a89f59c8c0572338d957e089a6
2020-12-18 18:22:41 +01:00
Daimona Eaytoy 2a3b636a45 Run real-time validation of rules with an Ace worker
The worker itself is essentially a wrapper around the
abusefilterchecksyntax API.

NOTE: As written in code comments, basically the whole
worker-abusefilter.js script consists of boilerplate code. You can
verify this by diffing this file and 6cb8a9cae1/modules/ace/worker-json.js
This means that there are only ~60 lines of code to review in that file.

Bug: T187686
Change-Id: I8950fcd5917ba226dda80b47b2bb713e685fad36
2020-12-18 15:05:28 +00:00
jenkins-bot 170bd831e7 Merge "ViewEdit: avoid linebreaks in form labels" 2020-10-14 15:29:02 +00:00
jenkins-bot c5a1ab7899 Merge "ext.abuseFilter.edit.js - minor cleanup" 2020-09-30 09:30:14 +00:00
Daimona Eaytoy 62adeb3ce5 Add a lot of selenium tests for the editing view
The editing view is currently full of tech debt, brittle and surprising
code and whatnot. It's basically a miracle if it works without problem,
and it'd be an even bigger miracle if you could change something there
without breaking anything.

For these reasons, and because that class must be refactored as part of
the upcoming overhaul, this patch adds a bunch of selenium tests to test
the main functionality of that page.

In particular, these tests cover all possible cases (each corresponding
to a data source) for which buildFilterEditor can be called, which FTR are:
1 - View the result of importing a filter
2 - Create a new filter
3 - Load the current version of an existing filter
4 - Load an old version of an existing filter
5 - Show the user input again if saving fails after one of the steps
  above

Having automated tests to cover these cases means that we don't have to
manually test all the scenarios manually each time the class is touched.

Bug: T201193
Change-Id: I408e0a132905416effe0d6d6dc0921991edd66bd
2020-09-29 14:22:53 +00:00
Daimona Eaytoy 03becdd2e9 ViewEdit: avoid linebreaks in form labels
This will prevent the labels from being squeezed under certain
conditions (e.g. if the interface is in Chinese). The labels are now
taking up more space for all languages, but that's not a problem because
we have plenty of space on the right.

Bug: T231962
Change-Id: I8569cc63c4116c3a8978258d5656c72fcf2552b0
2020-09-20 13:55:06 +02:00
Daimona Eaytoy c1b4f1084c ViewTools: hide the result box when empty
The <pre> element is now hidden with CSS, and is only shown after the
user clicks the "Eval" button.
Moreover, make the button primary and progressive, as to indicate that
it activates the primary function of that page.

Bug: T253492
Change-Id: I300ce6ec0a84ea73025a5af9173024df7c291e03
2020-09-19 12:37:06 +00:00
DannyS712 5f9c1ab053 ext.abuseFilter.edit.js - minor cleanup
Avoid saving variables only used once, and other cleanup

Change-Id: Id47ebb889fa41373694f226c1a8f39cb2a6d8250
2020-09-17 17:53:33 +00:00
Ed Sanders 4b5e2362fe VE: Add explicit dependency on targetLoader
Change-Id: Ied1af70713b3595b87e2ea2f45797777f32ff7a0
2020-06-30 22:47:18 +01:00
jaredblumer 12f9be5e69 eslint: Update to eslint-config-wikimedia 0.16.0
* Update ESLint config with Selenium WebdriverIO test suite
* Update modules and Selenium pageobjects and specs per ESLint
requirements
* Update grunt-eslint package to 23.0.0 as required by
eslint-config-wikimedia 0.16.0

Bug: T254495
Change-Id: Ibfcf9115adedf9f2c3e7dac1ac626b41fc97b7c4
2020-06-08 21:17:50 -04:00
Daimona Eaytoy 4c98aecf4d Improve var dumping in /details, /examine and /tools
Using var_export for better visual effect, especially for arrays.
The result from /tools is much clearer and the 'wrong syntax' message is
a bit more explicative than before.

Bug: T190653
Bug: T239972
Change-Id: I79a17305c7f19f7900f896f895e9365bb5f2fd58
2020-03-28 17:35:43 +01:00
Ed Sanders d86b74d3de eslint: Add /mediawiki rules
Change-Id: I1853e273fad3308349c79d188bc30de98fe116c4
2020-02-22 15:59:28 +00:00
TheSandDoctor 4a933e034f ext.abuseFilter.tools.js: Replace deprecated editToken with csrfToken
The editToken key of mw.users.tokens is deprecated since MediaWiki 1.27.
This commit resolves it for AbuseFilter.

Bug: T233442
Change-Id: I445313088cef40caf0d0695a64515cd16e83504d
2019-09-22 01:54:34 +00:00
Daimona Eaytoy ed2bc7badf Don't show the form for restoring autopromotion to unprivileged users
Bug: T232881
Change-Id: I80c34c823f505c81e20f83ccf5c5a99e8e69b626
2019-09-13 20:31:17 +02:00
Bartosz Dziewoński 82b6f191d4 Actually return errors for action=edit API
Setting 'apiHookResult' results in a "successful" response; if we want
to report an error, we need to use ApiMessage. We already were doing
this for action=upload. Now our action=edit API responses will be
consistent with MediaWiki and other extensions, and will be able to
take advantage of errorformat=html.

Since this breaks compatibility anyway, also remove some redundant
backwards-compatibility values from the output.

To avoid user interface regressions in VisualEditor, the changes
I3b9c4fef (in VE) and I106dbd3c (in MediaWiki) should be merged first.

Before:
    {
        "edit": {
            "code": "abusefilter-disallowed",
            "message": {
                "key": "abusefilter-disallowed",
                "params": [ ... ]
            },
            "abusefilter": { ... },
            "info": "Hit AbuseFilter: Test filter disallow",
            "warning": "This action has been automatically identified ...",
            "result": "Failure"
        }
    }

After:
    {
        "errors": [
            {
                "code": "abusefilter-disallowed",
                "data": {
                    "abusefilter": { ... },
                },
                "module": "edit",
                "*": "This action has been automatically identified ..."
            }
        ],
        "*": "See http://localhost:3080/w/api.php for API usage. ..."
    }

For comparison, a 'readonly' error:
    {
        "errors": [
            {
                "code": "readonly",
                "data": {
                    "readonlyreason": "foo bar"
                },
                "module": "main",
                "*": "The wiki is currently in read-only mode."
            }
        ],
        "*": "See http://localhost:3080/w/api.php for API usage. ..."
    }

Bug: T229539
Depends-On: I106dbd3cbdbf7082b1d1f1c1106ece6b19c22a86
Depends-On: I3b9c4fefc0869ef7999c21cef754434febd852ec
Change-Id: I5424de387cbbcc9c85026b8cfeaf01635eee34a0
2019-09-09 20:15:19 +02:00
jenkins-bot 8527a10774 Merge "Restyle edit box dimensions" 2019-08-20 16:33:16 +00:00
Daimona Eaytoy b235e1040a Restyle edit box dimensions
Now it's always wider, and so is the "notes" field. Moreover, the
fallback textarea has the exact same size. Plus removed a parameter
which only made it hard to write a CSS rule for the textarea. Since the
textarea is generated by the same code, and we're always using it for
the same thing (filter syntax, regardless of the final goal), make it
always use the same name.

Bug: T230591
Change-Id: Ibb308e80d954c0e81aa09249c38c39572f157948
2019-08-17 18:53:13 +02:00
Bartosz Dziewoński 34cbad3d45 Distinguish AbuseFilter warnings and errors in VE
The VE save dialog will now only display a retry button for
AbuseFilter warnings, and not for errors.

Bug: T211241
Change-Id: I865e8078f79e6bbcb7134b11d5f834f84bb72589
2019-08-01 04:59:18 +02:00
MarcoAurelio f07bf610c0 build: Update npm dependencies
- eslint-config-wikimedia  0.12.0  →  0.13.1
 - grunt-banana-checker      0.7.0  →   0.7.1
 - grunt-eslint             21.0.0  →  22.0.0
 - grunt-stylelint          0.10.1  →  0.11.0
 - stylelint                 9.9.0  →  10.1.0

Also npm audit (fix) them afterwards.

Addresses CVE-2019-10744.

Change-Id: I3153e269decab7f2637e2a41934e0ee07a5df760
2019-07-31 17:29:00 +00:00
Fomafix d73105191d Simplify by using mw.util.getUrl
Change-Id: I97a0716e3ff69894c86fae04234d43fcab335b4a
2019-07-03 08:43:40 +02:00
Daimona Eaytoy c73d5b5bde Restore highlighting of all keywords, functions, etc.
Short explanation on phab. Ace stops at the first regex match, so we
must use a function to specify the token type.

Bug: T219593
Change-Id: If7e6e98de81ce7e1be334732518425c8115e4aea
2019-03-29 10:44:02 +01:00
jenkins-bot 44d602b9a9 Merge "Use lowercase for built-in variables" 2019-03-22 10:44:24 +00:00
Daimona Eaytoy 553facee1e Move the throttle help tooltip to a message
Follow-up of I982d67aa62a899916a26452aceb9646df8c31232. The help text
was meant to be localized, and I probably forgot to do so in the
mentioned patch.

Change-Id: If394b02819911f9c97519b5c972977c38e6d83fa
2019-03-18 17:38:45 +01:00
Daimona Eaytoy bae9c5bb8f Use lowercase for built-in variables
The uppercase is just a leftover from a long time ago. Currently,
variables are case-insensitive, and we already perform a strtolower when
saving them. Since most parts of the code already use lowercase, the
uppercase leftovers only make it harder to grep the code to find
variables. As a bonus, make Ace recognize variables in a
case-insensitive fashion.

Change-Id: I72933fcc9952fc1aabf6464b2fc0b04ec39c024b
2019-03-17 14:23:11 +01:00
jenkins-bot 001a83272d Merge "Add help links for throttle groups" 2019-03-17 09:59:25 +00:00
Daimona Eaytoy c49707e463 Make text fields use readonly instead of disabled
So that they're easier to read, and because readonly is semantically
more appropriate.

Bug: T217143
Change-Id: I76be8e7fb1cf46efd0c03cde74344be6cb2a0902
2019-02-27 11:52:59 +01:00
Daimona Eaytoy 6e2b66f96d build: Update eslint-config-wikimedia to 0.10.1
And exclude no-global-selectors for now...

Change-Id: I0cea497ff8d8c749ea4f365c968428af01e85d18
2019-02-18 19:26:42 +01:00
Daimona Eaytoy fe03de6e4f Add help links for throttle groups
Several people have reported throttle groups being hard to use, mostly
because the field doesn't have options with the usable groups. This is
because users can combine valid groups in many ways, and thus we don't
provide options. However, let's add an help link pointing to mw.org.

Change-Id: I982d67aa62a899916a26452aceb9646df8c31232
2019-01-24 12:58:41 +01:00
Daimona Eaytoy 4b33b2b5a7 Strike suppressed AbuseLog entries
Instead of adding a message, do like core does by striking and greying
out the row. Plus, don't show the AbuseLog page description when hiding
entries, as it doesn't fit.

Change-Id: I645a89dd8df79d45ca440e0ba62adcdee921b8e9
2019-01-23 11:34:43 +01:00
jenkins-bot 9ce4afb010 Merge "Add names to anonymous JS function" 2019-01-19 13:27:43 +00:00