Commit graph

7777 commits

Author SHA1 Message Date
Translation updater bot 4b01397324 Localisation updates from https://translatewiki.net.
Change-Id: I566cec67a166c1891b4b34d233260e414c1f9503
2021-08-31 08:15:08 +02:00
Sorawee Porncharoenwase 320e3d696f Add a static analyzer for the filter language
This commit adds a class AFPSyntaxChecker which can statically analyze
a filter code to detect the following errors:

- unbound variables (which comes in two modes: conservative and liberal,
  default to conservative)
- unused variables (disabled by default for compatibilty)
- assignment on built-in identifiers
- function application's arity mismatch
- function application's invalid function name
- non-string literal in the first argument of set / set_var

The existing parser and evaluator are modified as follows:

- The new (caching) evaluator no longer needs to perform variable
  hoisting at runtime.
  - Note that for array assignment, this changes the semantics.
- The new parser is more lenient, reducing parsing errors.
  The static analyzer will catch these errors instead, allowing us
  to give a much better error message and reduces the complexity of
  the parser.
  * The parser now allows function name to be any identifier.
  * The parser now allows arity mismatch to occur.
  * The parser now allows the first argument of set to be any expression.

Concretely, obvious changes that users will see are:

1. a := [1]; false & (a[] := 2); a[0] === 1

   would evaluate to true, while it used to evaluate to the undefined value
   due to hoisting

2. f(1)

   will now error with 'f is not a valid function' as opposed to
   'Unexpected "T_BRACE"'

3. length

   will now error with 'Illegal use of built-in identifier "length"'
   as opposed to 'Expected a ('

Appendix: conservative and liberal mode

The conservative mode is completely compatible with the current evaluator.
That is,

false & (a := 1); a

will not deem `a` as unbound, though this is actually undesirable because
`a` would then be bound to the troublesome undefined value.

The liberal mode rejects the above pattern by deeming `a` as unbound.
However, it also rejects

true & (a := 1); a

even though (a := 1) is always executed. Since there are several filters
in Wikimedia projects that rely on this behavior, we default the mode
to conservative for now.

Note that even the liberal mode doesn't really respect lexical scope
appeared in some other programming languages (see also T234690).
For instance:

(if true then (a := 1) else (a := 2) end); a

would be accepted by the liberal checker, even though under lexical scope,
`a` would be unbound. However, it is unlikely that lexical scope
will be suitable for the filter language, as most filters in
Wikimedia projects that have user-defined variable do violate lexical scope.

Bug: T260903
Bug: T238709
Bug: T237610
Bug: T234690
Bug: T231536
Change-Id: Ic6d030503e554933f8d220c6f87b680505918ae2
2021-08-31 03:28:24 +02:00
jenkins-bot ee5ff0077f Merge "Move parser exceptions to specific namespace and rename them" 2021-08-31 01:14:44 +00:00
Translation updater bot 32d5fd0218 Localisation updates from https://translatewiki.net.
Change-Id: Ifcff6e49b0690ebd9dca0a897d49f83f20dbb6a1
2021-08-30 08:19:21 +02:00
Daimona Eaytoy 704364a5e7 Move parser exceptions to specific namespace and rename them
Create a dedicated "Exception" sub-namespace and remove the "AFP"
prefix, a leftover from the pre-namespace era.

Change-Id: I7e5fded9316d8b7d1628bc1a6ba8b1879ac901e1
2021-08-29 23:38:31 +00:00
Translation updater bot 691e47a4a6 Localisation updates from https://translatewiki.net.
Change-Id: I1111bf7a2410c9fef6f3d4b1db6ba2bd759bd705
2021-08-26 08:35:01 +02:00
Translation updater bot aafbd68667 Localisation updates from https://translatewiki.net.
Change-Id: I24e6daae9e8909c7f0935ba53f02e2901388ce06
2021-08-24 10:16:42 +02:00
Matěj Suchánek 3630bb0a3f Use array_fill_keys() instead of array_flip() if that reflects the developer's intention
Do what Tim Starling did in core: If8d340a8bc816a15afec37e64f00106ae45e10ed.

Change-Id: Ic68e167e51ff8d289a0dab68874191b9b1a20665
2021-08-24 01:08:13 +00:00
Translation updater bot 5c3fbcfb83 Localisation updates from https://translatewiki.net.
Change-Id: I7c4e7977b632f8989b559c28f02d6bc81b7c0e14
2021-08-23 09:03:19 +02:00
Translation updater bot 052240a5a5 Localisation updates from https://translatewiki.net.
Change-Id: I60b9c7326f8d326d932f1ebe3ccc0e51396d727d
2021-08-20 08:23:36 +02:00
Amir Aharoni e03467102c Remove two unused messages
It looks like they were removed in 2008:
6c7b701cc2

Change-Id: I5d91d846523307d8a3adb104503d255d8c726ed8
2021-08-19 22:29:53 +03:00
jenkins-bot 9b93b0256a Merge "Avoid passing invalid offset to mb_strpos" 2021-08-18 18:45:12 +00:00
Translation updater bot d955f2f050 Localisation updates from https://translatewiki.net.
Change-Id: Ieb79b02caef2dafe7d3fe32b588ec1095b3366a2
2021-08-18 08:13:08 +02:00
jenkins-bot 4e47974eb7 Merge "Switch filterable actions hooks to the new system" 2021-08-17 07:48:39 +00:00
Daimona Eaytoy e9795468c4 Switch filterable actions hooks to the new system
Bug: T261067
Bug: T211680
Change-Id: I0e7e4a48b56c3e5fde56f50693fd0cdc19c30dd0
2021-08-16 14:18:56 +00:00
Translation updater bot ce420438d8 Localisation updates from https://translatewiki.net.
Change-Id: I8b23a371a1884e7242b970db6042bd6234f6f940
2021-08-16 08:15:32 +02:00
Translation updater bot 67528ede69 Localisation updates from https://translatewiki.net.
Change-Id: Iee1758f64d041c6f7b9f12555aa37cdc2b42e50a
2021-08-12 08:09:13 +02:00
jenkins-bot 6dfc673226 Merge "Use MovePageFactory" 2021-08-11 19:26:52 +00:00
libraryupgrader efdbc2db25 build: Updating path-parse to 1.0.7
* https://npmjs.com/advisories/1773 (CVE-2021-23343)

Change-Id: Idf536fa01cd3dd2ba302c71e6f6cf6f3786c341a
2021-08-11 06:47:32 +00:00
Translation updater bot e6eafdf496 Localisation updates from https://translatewiki.net.
Change-Id: I986c4c7c229c0808b6b374a143e42fd6c169faf2
2021-08-11 08:18:59 +02:00
TChin bfa72b9caf Use MovePageFactory
Bug: T252934
Change-Id: I39440ef05d9318f9ab4abd34990887971197a045
2021-08-10 16:31:05 -04:00
Translation updater bot d512f01e8f Localisation updates from https://translatewiki.net.
Change-Id: I2ed4e9d2c6889b0621010a00eeb10b83444d16b9
2021-08-10 08:06:15 +02:00
Translation updater bot cd7958ba60 Localisation updates from https://translatewiki.net.
Change-Id: Ieb3481038beb857b0eabbae1035af852e92c00cd
2021-08-09 08:22:54 +02:00
Translation updater bot 4be9ef8332 Localisation updates from https://translatewiki.net.
Change-Id: Ia5d42d3b38e18201020a9debb729c753fe61344a
2021-08-06 08:13:09 +02:00
Alexander Vorwerk 8e7d389029 Disallow interwiki on Special:AbuseLog
Bug: T288155
Depends-On: Ic00f4a0f27747b5ff0893b4c01f42f68a99771ab
Change-Id: I62574460bfaea04af2f617ca0929246c784cb4e8
2021-08-05 11:15:39 +02:00
Translation updater bot 6af66eba3d Localisation updates from https://translatewiki.net.
Change-Id: I4e81fa4d3dbe513540fc6470020c3329cebb4211
2021-08-04 08:14:28 +02:00
Translation updater bot 1dfb191585 Localisation updates from https://translatewiki.net.
Change-Id: I89b8759cf45e79debf47d73608f60f8c52bc2ddc
2021-08-03 08:11:19 +02:00
Translation updater bot 455b4d1a6d Localisation updates from https://translatewiki.net.
Change-Id: I05f20f4d65e5f080fef97adcff8cf53339953d51
2021-07-30 08:27:11 +02:00
jenkins-bot e50e1f507e Merge "AbuseFilterConsequencesTest: Don't call non-static method statically" 2021-07-30 01:42:54 +00:00
jenkins-bot ca31a12be4 Merge "Clean up Throttle::throttleIdentifier" 2021-07-30 01:37:24 +00:00
Matěj Suchánek ace6f652af AbuseFilterConsequencesTest: Don't call non-static method statically
Change-Id: I0b4ed2f456bf4a52756eb0b98a29994a4a53812c
2021-07-30 01:24:15 +00:00
Translation updater bot 122862cedc Localisation updates from https://translatewiki.net.
Change-Id: I637a0f345e22bb1c41ac9c167437562a94e90310
2021-07-26 08:11:26 +02:00
Matěj Suchánek 83794d7cb4 Clean up Throttle::throttleIdentifier
In 1.37, UserEditTracker was changed to allow anonymous users
as well.

Change-Id: I70d9e6db13416b7c017319ecac3e7e604aacd586
2021-07-22 16:56:12 +02:00
Lucas Werkmeister a2e42d5050 Don’t generate current content text twice
Previously, for non-newly-created pages, AbuseFilter would get the text
for filtering twice: once in AbuseFilterHooks::filterEdit(), and then
again in RunVariableGenerator::getEditTextForFiltering(). (Plus another
call for the text of the previous revision.) The first copy of the text
is only passed into RunVariableGenerator::getEditVars(), and there only
used if the title doesn’t exist, otherwise it’s overwritten with the
second copy. Instead, let’s make AbuseFilterHooks not get the text at
all, and only get the text from the content when we actually need it
(the content is new).

Change-Id: Id12430fa6ba4643113b945e0d0c01b9c0ee1742f
2021-07-22 13:45:32 +02:00
Translation updater bot 274be621ef Localisation updates from https://translatewiki.net.
Change-Id: If660263b08f22a3d8cd84126ed3d108ea136e6ee
2021-07-22 08:12:51 +02:00
libraryupgrader 5377ebe819 build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 36.0.0 → 37.0.0

npm:
* postcss: 7.0.35 → 7.0.36
  * https://npmjs.com/advisories/1693 (CVE-2021-23368)

Change-Id: I2b382f3bb236fb44eb24c6a257b13b8fd886541c
2021-07-21 18:51:18 +00:00
Translation updater bot ff5ada68aa Localisation updates from https://translatewiki.net.
Change-Id: I3e36ba4d1e8b53e439b9329dbce9f41391fd949d
2021-07-19 08:15:08 +02:00
Translation updater bot 708ae9a76d Localisation updates from https://translatewiki.net.
Change-Id: Ia7185f1946c5cb08a3fef63708b12ab3f08a8416
2021-07-16 08:43:08 +02:00
Translation updater bot 6133a26f66 Localisation updates from https://translatewiki.net.
Change-Id: Iea0fda8e87dddb1c08c9f7653ea05cf485418c62
2021-07-15 08:11:39 +02:00
Translation updater bot ee583dc212 Localisation updates from https://translatewiki.net.
Change-Id: Ia10387670f4da80ba279d00321cd2e278333bb13
2021-07-14 08:02:33 +02:00
jenkins-bot 65bea22761 Merge "Add tests for afl_rev_id being set" 2021-07-13 19:32:02 +00:00
Translation updater bot ab1128afde Localisation updates from https://translatewiki.net.
Change-Id: I2bc8ce57e939be53d151f264b7b916f546c8798b
2021-07-13 08:11:20 +02:00
Translation updater bot 28b09f6e21 Localisation updates from https://translatewiki.net.
Change-Id: I8620632dcc352ab4a94e5c9bef5945dcec2838c2
2021-07-12 08:05:46 +02:00
Translation updater bot 47158f6d26 Localisation updates from https://translatewiki.net.
Change-Id: Icd7b1407f9216d7d15ba425995d806f0ccf62626
2021-07-08 08:46:21 +02:00
Translation updater bot 3b699cd53b Localisation updates from https://translatewiki.net.
Change-Id: I6fa144789bdac812e5cd77f16d82b793dba4676c
2021-07-07 08:07:35 +02:00
Translation updater bot 66103a441e Localisation updates from https://translatewiki.net.
Change-Id: I49142d8ba7c7dfba61c50d7bf8bc7b8c79d2ab34
2021-07-06 08:38:05 +02:00
Translation updater bot 02b755d40b Localisation updates from https://translatewiki.net.
Change-Id: If32adbbd0b1b224840452ac7b22b468a7464ccdd
2021-07-05 08:06:20 +02:00
DannyS712 745d911d68 Add tests for afl_rev_id being set
Regression tests to make sure T286140 does not
happen again.

In the process, discovered what caused that bug
with afl_rev_id not being set: EditRevUpdater::updateRev()
compares the WikiPage given in the PageSaveComplete hook
to the one given to it by AbuseFilterHooks from
onEditFilterMergedContent, and compares the two using
`===`, meaning that they must refer to the same underlying
object. That bug was caused because AbuseFilterHooks
changed to providing a different object, despite still
referring to the same underlying page.

We should probably change that behavior in EditRevUpdater,
but for now updated AbuseFilterConsequencesTest to pass
the same object around by using RequestContext::setWikiPage()
and providing the WikiPage object to
MediaWikiIntegrationTestCase::editPage().

Bug: T286140
Change-Id: I6562f513c463538af6b59b12a64564b254024613
2021-07-04 08:04:06 +00:00
jenkins-bot edaf650151 Merge "Revert "Replace depricating method IContextSource::getWikiPage to WikiPageFactory usage"" 2021-07-04 06:17:09 +00:00
DannyS712 3f4430473e Revert "Replace depricating method IContextSource::getWikiPage to WikiPageFactory usage"
This reverts commit 15fc159cb1.

Reason for revert: this is breaking the addition of rev ids to filter
hits after edits are saved. I suspect this is because the context wikipage
is for a different title than the one being edited, though I'm not sure
way - regardless, testing on patchdemo shows that with this revert
is applied, rev ids are once again added to filter hits.

Bug: T286140
Change-Id: I3ab6324a73050154cef1c20a2bf8307eb11eea2d
2021-07-04 05:54:30 +00:00