Core change I2793a3f2 changes API handling in a way that needs updates
to extensions for proper operation:
* needsToken() now returns a string
* Most custom token types are being replaced with a 'csrf' token (the
former 'edit' token); any others need a new hook.
* All tokens must use a static salt. Compat with web UI using non-static
tokens is supported and also serves to handle the now-deprecated token
fetching.
* Documentation in getParamDescription() should return a string (not
array) for 'token', as the signal to core that it should be replaced
with a standardized message.
When compatibility with earlier versions of MediaWiki is no longer
maintained, the entry for 'token' from getAllowedParams() and
getParamDescription() may be removed, as may getTokenSalt(). This patch
leaves them in place.
Note this is intended to be compatible with earlier versions of
MediaWiki, and so should be safe to merge before the core change.
Change-Id: Ie1f483e2d0fd97d6ff5b2b953aa6390c35c75ee7
When examining AbuseFilter logs using user scripts, it is convenient to have
access to the variables shown in the table, without having to interact with
the page to get the content of the table cells.
This change introduces the variable wgAbuseFilterVariables on these pages:
* Special:AbuseFilter/examine
* Special:AbuseLog/<logId>
Change-Id: I2cebf141e6c1d26e62ed7e6ba0b5c327694e2ef8
The API provides more details about HTTP errors, so show these to
the user instead of a generic "An unknown error occurred."
Bug: 68767
Change-Id: I3188b9729c815a07c65a7dbef4d40deebe29b87d
For this, we just need to convert the associative array to an
instance of AbuseFilterVariableHolder.
Bug: 53501
Change-Id: Ie6925e1ce7df6c6c179e32ff69ff4138a3285545
Needed as tests take arbitrary user input through a textarea,
which can get rather big. GET cuts it off sometimes.
Follow-up to I317f5d7c372710617a7a6526cd4613de9660a40a
Bug: 47298
Bug: 68767
Change-Id: Ibab02be4c4e5640a09a1a76a4aa3e1a9520f489d
GlobalRename is having its page moves stopped by AbuseFilter rules
that shouldn't affect it at all. This is a temporary hack until
something like bug 67936 is fixed.
This is less evil than unsubscribing AbuseFilter from $wgHooks IMO.
Change-Id: I6b301fda119be167d3f092d86ba5914289045fab
If we don't map '\-' and '\+' to themselves, the leading slash gets escaped,
and the resultant pattern only matches a literal slash.
Bug: 67670
Change-Id: Ifa1e3edd6f41985a3bb97bfb1497985f8fa64af5
Allows for more broad filters to check for a given right, rather
than having to check against multiple groups, which becomes useful
with global groups.
Bug: 60191
Change-Id: I95b5477d6d868d4b83bcd98e779e6d535aa755b3
If multiple filters all add tags to an edit, make all of them be added
rather than just one of them.
Bug: 66387
Change-Id: Ib666c2765718d7d0603921ab94d22a7d51cbd3d2
fnmatch() will not recognize 'é' as a single character when the LC_CTYPE locale
is set to C / POSIX. So transform the shell-style pattern to PCRE, and use
preg_match() instead.
fnmatch() was not available on Windows prior to PHP 5.3, so code snippets for
preg_match()-powered polyfills abound. I used the pattern translation map from
<http://www.php.net/manual/en/function.fnmatch.php#100207> after testing
different implementations and finding it to be the most complete.
Bug: 66930
Change-Id: Ice12c7b9dbe6472fe4131679a48a0ad54fac6394