Commit graph

95 commits

Author SHA1 Message Date
Marius Hoch 83357aafd0 Make use of the APIEditBeforeSave hook for nicer errors
Bug: 32216
Change-Id: I654eb21faffa1371f637d98d0fcd38c005048507
2013-07-08 19:10:25 +02:00
Marius Hoch 3ab18c2306 Don't try to filter uploads with an invalid title
This was causing fatals and is pointless anyway as
these uploads will never succeed.

Bug: 49399
Change-Id: Ifb16afe3e02854b8f53eb8dae87e13de669381ab
2013-06-11 15:21:26 +02:00
Marius Hoch 3c5a074881 Use the UploadVerifyFile hook
Use the UploadVerifyFile hook instead of the UploadVerification
one as it provides more data about the upload.
This is the first step towards better upload filtering.

Change-Id: Ie535c7d20ed79a1e26d8d399a7c25d632c9c7fa0
2013-05-16 23:13:10 +02:00
jenkins-bot 84487b86d8 Merge "Deprecate addHolder for addHolders." 2013-04-23 21:22:37 +00:00
nischayn22 454a7cc897 Deprecate addHolder for addHolders.
lot of code was using ::merge() to create a new AbuseFilterVariableHolder
this is now simplified using a single addHolders method.

merge() still exists as its usful as a static function.
addHolder() is deprecated.

Change-Id: Ia4f6a56f642242a04cf2973b74ce44d91fce00eb
2013-04-23 23:19:32 +02:00
Tim Starling 7450622fff Update afl_rev_id even if the edit summary changed
(bug 28633) With $wgUseAutomaticEditSummaries=true, the edit summary is
different between EditFilterMerged and ArticleSaveComplete. AbuseFilter
was using edit summary changes to attempt to detect whether the two
hooks refer to the same edit. If it really is possible for multiple
edits to be performed in the same request, with arbitrary patterns of
EditFilterMerged and ArticleSaveComplete calls, then some more robust
method would be needed to match the hook calls. But I don't think that
is necessary at present.

Change-Id: I94321905f38eafde8add00eff73745af255c1f15
2013-03-19 11:34:30 +11:00
Marius Hoch 42bd0d84f4 AbuseFilter: Change format of database logging/ performance
AF is setting several lazy load variables for the currently editing user.
To do this it's passing along the user name extracted from a user object
and generating a new user object later from that name which is of course
pointless. With this patch I'll pass user objects directly to prevent that.
On top of that I've deprecated a method in AFComputedVariable::compute which
was redundant as there is a more generic one which can solve that task
just fine.

Furthermore I've changed the logging behaviour from serializing the whole
AbuseFilterVariableHolder object to only store the variables. That has two
major advantages:
 * The amount of data that needs to be saved on a filter hit is reduced
   to about 1/10 of what the old version needed.
 * This is much more forward compatible as the old way of saving this
   relied on the class structure to stay the same while this is a simple
   array containing the vars.

On top of that we now only log variables already set by the time
a filter is hit. On top of the obvious performance increasement
that makes it easier for the user to spot the relevant data.

Another thing this change alters is the way the AbuseFilter internally
works with AbuseFilterVariableHolder objects. Right now we use one for
testing the filter(s) and later we use another one to compute the same
data again in case a filter was hit (for logging)!

This is not thoroughly tested yet, but way more sane than what we're
currently doing!

Change-Id: Ib15e7501bff32a54afe2d103ef5aedb950e58ef6
2013-02-28 22:35:22 +01:00
jeblad 53e230c5c7 Check that $title is defined and is a Title object
During testing the context does not always contain a valid
Title object. In those cases AbuseFilter will fail hard.
This changeset makes the filter survive some of those
failures.

Change-Id: I0b2247432619ddf15cc17ed41b4b7a6a11e910e0
2013-02-19 13:39:47 +01:00
daniel 6522f70fb8 Use Status object to report filter results.
This changes the AbuseFilter to use Status objects for internal
error handling. This allows for more flexibility in passing error
messages back from hooks and avoids double escaping.

Change-Id: I72e1a6dd7dee19f889fc13b60456e9bfebd5e22b
2013-01-17 18:34:19 +01:00
daniel f3788c4f0c (bug 42064) AbuseFilter + EditFilterMergedContent
This makes AbuseFilter use EditFilterMergedContent if support for
the ContentHandler infrastructure is present. This means living
without some nice bits of context, because EditFilterMergedContent
doesn't provide an EditPage object.

This requires core change I99a19c93 to work correctly.

Change-Id: Ibb9d4c9a36b8a199213958b920902e8006c71fe8
2013-01-17 11:18:28 +01:00
jeblad 68ecb6f985 (Bug 42064) Add a hook to AbuseFilter
The hook 'AbuseFilter-interceptVariable' can be used
for intercepting any request to recalculate a variable,
and if a handler is returning false the later code
will be skipped. That makes it possible to avoid using
content if the content model is wrong, as it could be
for a Wikibase entity.

The hook uses the same arguments as the hook
'AbuseFilter-computeVariable', thereby making it simple
to move handlers around.

The arguments to the hook are
@param string $method
@param AbuseFilterVariableHolder $vars
@param array $parameters
@param AFPData|array|int|mixed|null|string &$result

Patchset 2: Fix for arg 1 to the hook, it got $this
	instead of $this->mMethod

Change-Id: I4944ea612369d6f96319e24c96d97cf9739358c7
2012-12-19 10:13:31 +01:00
jeblad ae2c2f7e67 (Bug 42064) Change getText to getContent in AbuseFilter
Patchset 2: Handle more content types
Patchset 3: Change cover letter
Patchset 4: Make it b/c
Patchset 5: Refactor and use previous audience
Patchset 6: Fixed/ minor changes

Change-Id: Ib1d2f9803bc95bb9efd445e3778126d5c3090a71
2012-11-25 18:09:47 +01:00
Siebrand Mazeland 176227e721 Maintenance for AbuseFilter extension.
* Replace deprecated methods.
* Remove no longer needed function fnmatch().
* Remove superfluous newlines.
* Remove unused and redundant local variables and globals.
* Deglobalization.
* Update documentation.
* Fix incorrect return values or add FIXMEs when in doubt.
* Escape output in a few places where needed.
* Remove unneeded MEDIAWIKI constant checks.
* Fix various JSHint/JSLint issues.

Patch Set 11: Merged https://gerrit.wikimedia.org/r/24701 into
this one per Siebrand's request

Change-Id: I02ba4ce31b6aca5b7324114093f8ece143abc295
2012-10-09 22:26:45 +02:00
Siebrand b7ca16003a Merge "(bug 20272) AbuseFilter does not handle autocreation of accounts." 2012-09-23 18:21:26 +00:00
csteipp 1973ea6714 Add Global Rules
* Update rules list view to show global rules toggle, global rules
* Update rule processing to get global rules from memcache, if no
rule exists, get them from the central database and store them in
memcache
* Delete global rule key whenever global rules are updated
* Add filtering for log by wiki on the central database, updated
table definitions to add index on afl_wiki
* Add global $wgAbuseFilterDisallowGlobalLocalBlocks so local wikis
can prevent global rules from locally blocking, removing or revoking
permissions.

* patchset 13: Include recommendations from Tim. Add db updates to
LoadExtensionSchemaUpdates hook.
* patchset 14: forgot to add new files

Change-Id: Id69a9d603f9679f838e8691c651a3e9d8461b422
2012-08-27 03:30:07 +00:00
Andrew Garrett 53aea9c0ce AbuseFilter: Resolve bug 18374, bug 28633.
* Store the revision ID associated with a log entry
 if the action is successful.
* Expose this as a diff link in the UI.
* Implicitly hide log entries if their
 corresponding revisions are also hidden.
* Includes scope for expanding to log entries if desired.

Change-Id: Ie2d43dd1bacf14289fdf0492bb22267590ee649d
2012-07-11 10:16:59 -04:00
Reedy 3da992692c Add a few bits of method documentation
De-indent a line

Tidy up method returns

Change-Id: I7aa93072c80a16eb27b7f7ac3d2f030ea63ebf60
2012-06-21 14:32:05 +01:00
Reedy 1536d0dd73 Merge "Bug 36499 - AbuseFilter: Call to a member function getRawText() on a non-object" 2012-05-29 08:40:29 +00:00
Andrew Garrett dc207d0cbd Abuse Filter: Allow filters to be split into "groups" for the purposes of operating them on different types of input.
The purpose of this change is to allow AFTv5 developers to run a separate list of filters against article feedback actions without issues of cross-contamination and bumping up against the condition limit.

Change-Id: I758795f01eaf3ff56c5720d660cd989ef95764a7
2012-05-12 12:53:32 +10:00
Szymon Świerkosz 36257344f1 (bug 20272) AbuseFilter does not handle autocreation of accounts.
This change depends on I92f57fc2c3189c42157478de14a8d48045a253b5.

This change provides a handler for AbortAutoAccount hook and adds new
action to the filter: autocreateaccount. Every time the AbortAutoAccount
is invoked the filter is executed. This may create some issues with
users which are affected by a filter, because it may be triggered on
every page view. The AbuseFilter relies on CentralAuth session
blacklisting - for each session the filter will be triggered only
once and then the autocreationg of account will not be attempted.

I don't know why AbortNewAccount hook takes as $message argument
a text of message, however AbortAutoAccount takes a name of the
message. This makes impossible to produce a user friendly message
why account creation is not allowed.

Change-Id: Ie3a7ee9210fd884d214ad3132a502a00332c3138
2012-05-10 10:08:48 +02:00
Reedy 05c082af20 Bug 36499 - AbuseFilter: Call to a member function getRawText() on a non-object
PHP Fatal error:  Call to a member function getRawText() on a non-object in /usr/local/apache/common-local/php-1.20wmf1/extensions/AbuseFilter/AbuseFilter.hooks.php on line 29

Change-Id: I4ce74e641cc10371ef75dc872add23aa052022d2
2012-05-04 00:36:12 +01:00
Szymon Świerkosz 1ba92ac870 (bug 20310) Invalid value of edit_diff
This change makes EditFilterMerged handler replace all \r\n with \n.

Parser::preSaveTransform replaces \r\n with \n for all texts, so
there are no \r in the database. The hook EditFilterMerged is run
before the text is processed by Parser::preSaveTransform, so the
diff will be useless if the client sends content with \r\n as line
endings.

Change-Id: If81fe7cc5e3af51a6564f86597d3afaefc7ad4b7
2012-04-29 11:03:42 +02:00
Alexandre Emsenhuber 686fb84777 (bug 35964) Fix warning in maintenance/update.php with AbuseFilter extension
The fourth parameter to "changeField" call was not present resulting in
"Warning:  Missing argument 4 for PostgresUpdater::changeField()" and
"Notice:  Undefined variable: default"
($default is the fourth parameter of PostgresUpdater::changeField()).

Change-Id: I271be91e5ba248692dcd9d48c5a5e97f938003aa
2012-04-14 22:18:20 +02:00
Sam Reed deeb01adaa Documentation
Ping r111217, fix $fdb, rename it $dbw

Change-Id: I004615a13b3292d5b071a48494125a9d7c5aad73
2012-03-26 16:03:22 +02:00
Roan Kattouw 6c4bd57043 Revert r111217 (unreviewed rev in AbuseFilter) and its dependencies r113585, r113587, r113588, r113589.
All of these revisions are tagged with 'gerritmigration' and will be resubmitted into Gerrit after the Gerrit switchover. See also http://lists.wikimedia.org/pipermail/wikitech-l/2012-March/059124.html
2012-03-21 19:41:11 +00:00
Tim Starling f17a5178a4 During update, defer creation of the AbuseFilter user until after the core updates have run, so that you don't get "Table 'user_properties' doesn't exist" etc. 2012-03-19 09:50:48 +00:00
Sam Reed c1e83a2245 Documentation
Ping r111217, fix $fdb, rename it $dbw
2012-03-11 20:32:31 +00:00
Andrew Garrett 5e4289ce4e AbuseFilter: Resolve bugs 18374, 28633.
* Store the revision ID associated with a log entry if the action is successful.
* Expose this as a diff link in the UI.
* Implicitly hide log entries if their corresponding revisions are also hidden.
* Includes scope for expanding to log entries if desired.
2012-02-10 23:41:05 +00:00
Mark A. Hershberger 27d9fbc1bf User::newFromName() can return false — warnings seen on beta.wmflabs.org 2012-01-18 02:37:14 +00:00
Sam Reed 7f6a9eb119 Removed $updater === null code
Add create user code from install.php

Delete install.php
2011-12-27 16:35:30 +00:00
Alexandre Emsenhuber 675e4c673a * (bug 29092) Removed usage of $wgArticle from AbuseFilter extension
Instead pass the Article object from the EditFilterMerged hook to the AFComputedVariable object and see whether the object is present to do a parse operation since other code paths won't pass an Article object

Also simplified the fallback code in AFComputedVariable::compute() to simply continue instead of calling the function again.
2011-11-09 08:36:26 +00:00
Mark A. Hershberger f90dc2bcc9 Split AbuseFilter schema updates for SQLite out after briefly talking
with MaxSem about the desired course of action.  Perhaps later these
can be merged back, but this seemed to be the quickest way to get
AbuseFilter working with SQLite working for now.
2011-11-08 03:07:01 +00:00
Antoine Musso efecf8b244 (bug 31656) AbuseFilter skips non null edits
That bug is triggering when a user submit an old revision unchanged.
The previous Article->getContent() would fetch the old revision which is
then compared to the user submitted text. Since they are identical, filtering
is skipped entirely.
Any editor can then reinstate an old "bad" revision.

Fix:
* Get latest stored revision to compare user submitted text against. This is
  done by using: Article->getRevision()->getRawText().
* Move caching related calls after that.

Follow up r52740.
Redo r100687 I had reverted.
2011-10-25 12:46:05 +00:00
Antoine Musso c2d03ddd7f revert r100687 2011-10-25 12:12:02 +00:00
Antoine Musso 6cdebb7ac0 (bug 31656) AbuseFilter skips non null edits
This bug is triggering when a user submit an old revision again. AbuseFilter
considered it to be a null edit although the old revision is certainly
a different text than the current one in the database.

This patch make sure we skip filtering only if we will be comparing with the
lastest content.

Follow up r52740
2011-10-25 10:22:18 +00:00
Antoine Musso 5043700b44 Document onEditFilterMerged with hook doc 2011-10-25 09:41:25 +00:00
John Du Hart 39f30c3f22 Followup r95572 to change variable names and use an associative array per Krinkle and Roan on IRC 2011-08-26 20:26:57 +00:00
John Du Hart b30697e94c Adds ResourceLoader support to AbuseFilter
Rewrote javascript to use jQuery
Added API modules to replace sajax_* calls
Solves bug 29714
2011-08-26 20:12:34 +00:00
Sam Reed a9e738f099 More document
Few minor code improvements
2011-08-24 22:11:52 +00:00
John Du Hart 0f274e5b32 (bug 30444) Add variables user_name and user_groups for action createaccount. Patch by Beau 2011-08-24 00:29:26 +00:00
Sam Reed 6d548203f7 Parameter and Return Type hints 2011-02-10 17:32:57 +00:00
Sam Reed 6b782a96dd while to foreach
Remove unused variables

Condense css
2011-02-10 17:25:25 +00:00
Roan Kattouw 802ea446a4 Revert 75677 for AbuseFilter, caused fatals 2011-02-08 15:33:02 +00:00
Sam Reed 272013d0f2 Conditionals in loops to foreachs 2010-10-29 21:30:20 +00:00
Sam Reed 961f512452 More deprecated method call removals and updates 2010-10-29 15:32:44 +00:00
Alexandre Emsenhuber 2263b44ab3 Converted AbuseFilter extension to use the new version of the LoadExtensionSchemaUpdates hook 2010-10-03 15:51:04 +00:00
Jack Phoenix 5e0330c6cc AbuseFilter: coding style tweaks, changed some while loops to foreach (as per http://www.mediawiki.org/wiki/Manual:Coding_conventions#Assignment_expressions) and added __METHOD__ to one DB query 2010-08-19 21:12:09 +00:00
Raimond Spekking 23b2f711e6 Follow-up r68534: Add new db patch to onLoadExtensionSchemaUpdates so that it runs with update.php 2010-06-27 15:44:18 +00:00
Chad Horohoe 5fce797b18 Revert r66934 (Removing wfLoadExtensionMessages() from everything). I disagree on principle...we branch extensions for this very reason. But people want trunk extensions compatible for several versions back, meh. 2010-05-27 15:56:53 +00:00
Chad Horohoe 3283b90f01 Large commit. Removed 800+ references to no-op wfLoadExtensionMessages() 2010-05-26 22:25:32 +00:00