Commit graph

5322 commits

Author SHA1 Message Date
Daimona Eaytoy 0119108ee7 Fix params to ParserOutputStashForEdit
$summary and $user are always guaranteed to be passed, and $user is
guaranteed to be a User object. Hence, update the hook handler to
reflect that.

Change-Id: I3a7fcb074b460b77210de5a6bad43f500aff3249
2019-09-23 23:33:51 +02:00
Translation updater bot 8dbbe859e7 Localisation updates from https://translatewiki.net.
Change-Id: I5afd496088aa23f026e5bc08a642a7f3ae18546e
2019-09-23 09:22:33 +02:00
Daimona Eaytoy 9a6dd1307c Add new schemas for splitting afl_filter
It'd be great if we could get this included in 1.34.

Bug: T220791
Change-Id: I62d429d0eb6a7adc51cc37fe18f878077f85a006
2019-09-22 16:04:45 +00:00
TheSandDoctor 4a933e034f ext.abuseFilter.tools.js: Replace deprecated editToken with csrfToken
The editToken key of mw.users.tokens is deprecated since MediaWiki 1.27.
This commit resolves it for AbuseFilter.

Bug: T233442
Change-Id: I445313088cef40caf0d0695a64515cd16e83504d
2019-09-22 01:54:34 +00:00
Translation updater bot 0f4c126497 Localisation updates from https://translatewiki.net.
Change-Id: I668292bef50131d591aa7b2a8b3605261878aa3d
2019-09-20 11:40:10 +02:00
Daimona Eaytoy e2570a4c2b Actually provide a StatsdDataFactory to the parser
Follows-up Ib934be34a953166fe1b94cfe8ed216afe3b906ca

Bug: T156095
Change-Id: Ia8df84cf7c43071f304ce729b811dfd5aa96b951
2019-09-19 19:06:14 +02:00
Daimona Eaytoy e7926114ff SECURITY: Avoid info leak in SpecialAbuseLog
Deleted/suppressed usernames and summaries leak through AbuseLog.
Temporarily hide all non-public revision from AbuseLog, until we can
properly fix the issue.

Bug: T224203
Change-Id: If3d3256404d0f3dbde171831937d1a816b3e2734
2019-09-19 17:46:12 +02:00
jenkins-bot 4eb56d162c Merge "Localisation updates from https://translatewiki.net." 2019-09-19 08:04:10 +00:00
jenkins-bot 9c786ca776 Merge "Use StringUtils::isValidRegex" 2019-09-19 08:03:39 +00:00
Translation updater bot 7fd6707c9b Localisation updates from https://translatewiki.net.
Change-Id: Idcd02ce986815175f59ea58380de856fd87068ed
2019-09-19 09:53:26 +02:00
jenkins-bot 58fc7a93d1 Merge "Add profiling points throughout the code for the CachingParser switch" 2019-09-18 17:56:49 +00:00
Daimona Eaytoy 4c8be4d374 Add profiling points throughout the code for the CachingParser switch
Bug: T156095
Change-Id: Ib934be34a953166fe1b94cfe8ed216afe3b906ca
2019-09-18 10:02:55 +00:00
Daimona Eaytoy 0646b4fe7d Add config for Selenium and basic tests
This is some sort of Hello World for selenium. This patch adds the
config files and a couple of very basic tests.

Bug: T214478
Change-Id: I8193b4edb40332bea1d08e24ec020bf36004320d
2019-09-17 16:23:07 +00:00
Translation updater bot 27a0fe8e79 Localisation updates from https://translatewiki.net.
Change-Id: I63efceaf5b72390e479b7c66bc08e425712afe5b
2019-09-17 09:04:34 +02:00
jenkins-bot f8c72d3b30 Merge "Show link to test filter to all users who can use it" 2019-09-16 10:30:09 +00:00
Translation updater bot 95f4ed5bd7 Localisation updates from https://translatewiki.net.
Change-Id: Ibba31880b0ab9476bcc308ad947c101627741027
2019-09-16 09:53:14 +02:00
DannyS712 6699237b86 Show link to test filter to all users who can use it
Bug: T232962
Change-Id: I67357975a7064991e47c60b70c487d12bdf6b7b4
2019-09-15 22:03:56 +00:00
jenkins-bot 8f4711c8ca Merge "Prevent blocked users from using /revert" 2019-09-15 12:07:43 +00:00
jenkins-bot 7add89b252 Merge "Don't show the form for restoring autopromotion to unprivileged users" 2019-09-15 11:26:19 +00:00
Daimona Eaytoy 127fd4ac3c Prevent blocked users from using /revert
Bug: T232916
Change-Id: I67e464f3182e74129186f7e803d05105a0f2ec23
2019-09-15 11:21:18 +00:00
jenkins-bot 48713c824b Merge "Throw AFPUserVisibleExceptions for empty operands in CachingParser" 2019-09-15 08:36:39 +00:00
Daimona Eaytoy a4e25c1ac9 Throw AFPUserVisibleExceptions for empty operands in CachingParser
Instead of TypeErrors. Basically, only empty parenthesis had to be
fixed.

Bug: T156096
Change-Id: I019615c7bfaa179c2184b5d3ea2c6b5da91366e3
2019-09-14 18:35:40 +00:00
Daimona Eaytoy 5267082c85 Better logging for unset variables
We have many log entries, so we need some more debug data.

Bug: T230256
Change-Id: I0e9638c1ffe537ea6cfd6886ff32ef447fdacc28
2019-09-14 16:49:55 +00:00
Daimona Eaytoy fe395bd96b Use dieBlocked instead of directly using apierror-blocked
This allows us to:
 - Defer handling of the block to the main module
 - Choose the right message depending on the block type
 - Avoid directly using the apierror-blocked message, which could change
 in the future.

Change-Id: If2e32bd2ccf5e314aa51203afd1522b8481377e0
Follows-up: I35f2c6e701a24dccb6e26e3f3c578fd44f68127d
2019-09-14 10:18:01 +02:00
jenkins-bot f8ee9fb959 Merge "Prohibit sitewide blocked users from restoring autopromotion" 2019-09-14 02:59:41 +00:00
jenkins-bot 45d7bd5971 Merge "CachingParser: ensure to catch errors inside short-circuited blocks" 2019-09-14 01:56:35 +00:00
jenkins-bot b8ad85cac7 Merge "Annotate the AST with var names before caching the AST" 2019-09-14 01:03:53 +00:00
Daimona Eaytoy 6e9a9a3bc2 CachingParser: ensure to catch errors inside short-circuited blocks
This is similar to the old parser: when discarding a node, actually
evaluate it if short-circuit is not allowed.
Add a whole lot of tests for all possible exceptions.
Move the logic to extract a message from an AFPUserVisibleException away
from the parser, to keep unit tests working.

Bug: T232498
Change-Id: I31ee4e255c6a87dd693b9bcd582539fdf57acd45
2019-09-13 21:13:15 +00:00
Daimona Eaytoy 004ccfdb5c Annotate the AST with var names before caching the AST
This implements T230982#5475400, and it should speed up the CachingParser by roughly 40%.

Bug: T230982
Change-Id: I803cc58637d50eb90e57decf243f5ca78075d63d
2019-09-13 19:43:50 +00:00
DannyS712 467fba75a0 Prohibit sitewide blocked users from restoring autopromotion
Bug: T232884
Change-Id: I35f2c6e701a24dccb6e26e3f3c578fd44f68127d
2019-09-13 18:32:55 +00:00
Daimona Eaytoy ed2bc7badf Don't show the form for restoring autopromotion to unprivileged users
Bug: T232881
Change-Id: I80c34c823f505c81e20f83ccf5c5a99e8e69b626
2019-09-13 20:31:17 +02:00
Translation updater bot f4b555f113 Localisation updates from https://translatewiki.net.
Change-Id: I5fafc0db337f86708d2a3bf3b545d815c862dd78
2019-09-13 10:16:51 +02:00
Translation updater bot 3b0fb102f1 Localisation updates from https://translatewiki.net.
Change-Id: Ie62d45a631c1f5289c0175363907e7d36433e290
2019-09-12 09:58:30 +02:00
jenkins-bot cfad7d6f14 Merge "Actually return errors for action=edit API" 2019-09-10 19:59:03 +00:00
jenkins-bot 3c869b9290 Merge "Remove script for blockautopromote entries" 2019-09-10 08:22:16 +00:00
Translation updater bot fa1e458e25 Localisation updates from https://translatewiki.net.
Change-Id: Ib48ec6f6ebcbc3b9c3266072700a523c7120dcb5
2019-09-10 09:33:11 +02:00
Bartosz Dziewoński 82b6f191d4 Actually return errors for action=edit API
Setting 'apiHookResult' results in a "successful" response; if we want
to report an error, we need to use ApiMessage. We already were doing
this for action=upload. Now our action=edit API responses will be
consistent with MediaWiki and other extensions, and will be able to
take advantage of errorformat=html.

Since this breaks compatibility anyway, also remove some redundant
backwards-compatibility values from the output.

To avoid user interface regressions in VisualEditor, the changes
I3b9c4fef (in VE) and I106dbd3c (in MediaWiki) should be merged first.

Before:
    {
        "edit": {
            "code": "abusefilter-disallowed",
            "message": {
                "key": "abusefilter-disallowed",
                "params": [ ... ]
            },
            "abusefilter": { ... },
            "info": "Hit AbuseFilter: Test filter disallow",
            "warning": "This action has been automatically identified ...",
            "result": "Failure"
        }
    }

After:
    {
        "errors": [
            {
                "code": "abusefilter-disallowed",
                "data": {
                    "abusefilter": { ... },
                },
                "module": "edit",
                "*": "This action has been automatically identified ..."
            }
        ],
        "*": "See http://localhost:3080/w/api.php for API usage. ..."
    }

For comparison, a 'readonly' error:
    {
        "errors": [
            {
                "code": "readonly",
                "data": {
                    "readonlyreason": "foo bar"
                },
                "module": "main",
                "*": "The wiki is currently in read-only mode."
            }
        ],
        "*": "See http://localhost:3080/w/api.php for API usage. ..."
    }

Bug: T229539
Depends-On: I106dbd3cbdbf7082b1d1f1c1106ece6b19c22a86
Depends-On: I3b9c4fefc0869ef7999c21cef754434febd852ec
Change-Id: I5424de387cbbcc9c85026b8cfeaf01635eee34a0
2019-09-09 20:15:19 +02:00
Daimona Eaytoy 173bd089b3 Remove script for blockautopromote entries
It was executed on WMF wikis, and since they were the only affected
wikis we can remove the script.
Also remove a temporary back-compat check in the log formatter.

Bug: T231131
Change-Id: I534acd9c86894eb1bdd96331e9fa85afc7502f88
2019-09-09 13:56:56 +02:00
Translation updater bot e308343c42 Localisation updates from https://translatewiki.net.
Change-Id: I7c91906286b93b5f621c7534a251a28011c50d11
2019-09-09 09:21:47 +02:00
jenkins-bot b381b87267 Merge "Remove redundant logic from special pages" 2019-09-08 13:15:12 +00:00
jenkins-bot c0be18a6e9 Merge "Localisation updates from https://translatewiki.net." 2019-09-08 11:05:16 +00:00
Daimona Eaytoy 7917354716 Remove redundant logic from special pages
SpecialPage::setHeaders already handles page title, robot policy and
articleRelated. Moreover, avoid having different messages for the H1
title on the special page and the description shown elsewhere, just like
the base SpecialPage class suggests doing. The deleted messages have
been moved to the default message used by SpecialPage::getDescription.

Change-Id: Iab6beaf64b142e30469afd798c569ef40182153e
2019-09-08 12:30:01 +02:00
Daimona Eaytoy 8587576655 Use StringUtils::isValidRegex
Depends-On: I257a096319f1ec13441e9f745dcd22545fdd5cc6
Change-Id: Iafe54285384bc28b3e8812b495166f2682d4571c
2019-09-07 18:13:27 +00:00
Daimona Eaytoy 7b06be0204 Allow dangling commas in variargs
This is because there are many filters using this feature. Moreover, it
could make it a little easier to add new arguments, just like dangling
commas in PHP arrays do.
Also re-align the CachingParser code of doLevelFunctions to the one in
the old Parser.

Bug: T153251
Change-Id: Ie4325159f47310788da57415a5e36e62aa4efad0
2019-09-07 11:19:14 +02:00
Translation updater bot 6a895ba422 Localisation updates from https://translatewiki.net.
Change-Id: I9acdd552d4b190e24e932d977b9082f3478429d1
2019-09-06 09:12:37 +02:00
jenkins-bot 5be19f6f65 Merge "Add a 'strict' option to VariableHolder::getVar" 2019-09-05 19:23:23 +00:00
Daimona Eaytoy 489da0d229 Add a 'strict' option to VariableHolder::getVar
This will help mitigating problems like T230256 by enforcing that the
requested variables must exist. For now, it will only log bad usages,
thus providing a way to identify affected filters and fix them.

Bug: T230256
Change-Id: I7a61916576e444a56f0e07da7b6e5033346226bd
2019-09-04 18:19:23 +00:00
Daimona Eaytoy 13b1e880f2 Hotfix other DUNDEFINED casts to bool
These were spotted on testwiki with wmf.21.

Change-Id: Ic4d67a2b83aedfeb574fa1363a9fc618b2862f95
2019-09-04 18:06:22 +00:00
jenkins-bot f2ae634831 Merge "Fix filter validation in ViewEdit" 2019-09-04 13:34:33 +00:00
Daimona Eaytoy 15e9f34115 Fix filter validation in ViewEdit
Currently it's impossible to create new filters!

Bug: T231985
Change-Id: I92a7739fe9defae6b3d74381792340c7125d9086
2019-09-04 14:04:45 +02:00