Commit graph

7777 commits

Author SHA1 Message Date
STran ceaedb8b95 Only return filters visible to user in search
Search is restricted to users with the right to view private variables
but not necessarily the right to view protected variables. Users who
don't have the right to view protected variables shouldn't be able to
search against protected variables, as this might leak the PII.

- Filter out filters using protected variables in search results
  if the user doesn't have the right to view protected variables

Bug: T367390
Change-Id: I7412112c9cc676f29d706b116b779bc17183a952
2024-07-08 02:47:57 -07:00
Translation updater bot 993fa76c25
Localisation updates from https://translatewiki.net.
Change-Id: I3f4a8deafc80c7f23627b88f76303a37e01fbdf1
2024-07-08 09:31:57 +02:00
jenkins-bot 69508bf153 Merge "Add missing permission check to canSeeLogDetailsForFilter" 2024-07-05 10:09:47 +00:00
Matěj Suchánek bf180e0490 Simplify FilterEvaluator::getUsedVars using ::checkSyntax
Alternative approach to fixing the regression proposed by
Daimona in I78d3a2cd7bada962d7ef9b0f2c39d898bf8987ce.

Bug: T368203
Change-Id: I637367c3b3850f7988d890379fef7f4753159953
2024-07-05 11:32:09 +02:00
jenkins-bot 6b26f27927 Merge "Miscellaneous minor fixes" 2024-07-03 16:46:19 +00:00
Translation updater bot bdf0937a27
Localisation updates from https://translatewiki.net.
Change-Id: I3695bef66d72e4039db55ea1d0a74e86709893b9
2024-07-03 09:25:22 +02:00
Daimona Eaytoy 99bb44beb4 Miscellaneous minor fixes
- Rename `$hidden` to `$privacyLevel` in Flags::__construct for
  consistency with other places.
- Rename `shouldProtectFilter` and simplify its return value to always
  be an array, since that's how it's currently used. Rename a variable
  that is assigned the return value of this method.
- Add a missing message key to a list of dynamic message keys.
- Rename a property from 'hidden' to 'privacy' in FilterStoreTest for
  consistency. Add a test for removing the protected flag.
- Update old comment referencing `filterHidden`; the method was removed
  in I40b8c8452d9df.
- Use ISQLPlatform::bitAnd() instead of manual SQL in
  AbuseFilterHistoryPager.
- Update mysterious reference to "formatRow" in SpecialAbuseLog.
- Update other references to the very same method in two other places,
  this time credited as "SpecialAbuseLog".
- Add type hints to a few methods; this not only helps with type safety,
  but it also allows PHPUnit to automatically use the proper type in
  mocks.

Change-Id: Ib0167d993b761271c1e5311808435a616b6576fe
2024-07-03 02:31:38 +02:00
Daimona Eaytoy 6ac574dada Add missing permission check to canSeeLogDetailsForFilter
`canSeeLogDetails` should also be checked when a filter is protected, as
it is the base right for being able to see abuselog entries. With this
in mind, check that immediately at the beginning of the method, instead
of repeating calls. Also merge the conditionals, and return early when a
permission check fails.

Move a test up so that it comes immediately after its data provider, and
add test cases for a few combinations of rights.

Change-Id: Ic3cf58f43803bef8bf2d65566434baff145b3fd5
2024-07-02 22:43:09 +02:00
Translation updater bot 71b1c0d0e6
Localisation updates from https://translatewiki.net.
Change-Id: I635f2c56c409540927635aceba53aa615fe45267
2024-07-01 09:24:18 +02:00
jenkins-bot 3b005bfedc Merge "Tests: Repalce "db" with getDb() method" 2024-07-01 06:08:29 +00:00
anterdc99 2f502fb564
Add new special page aliases for Chinese variants
What:
* Translated "Special:BlockedExternalDomains", using existing
  translations from message "abusefilter-blocked-domains-title"

Change-Id: I3ce46f08e827fb4dcd0a80600bb21c064dfb03b7
2024-06-30 15:55:02 +08:00
anterdc99 d1b7bf8e06
Update messages to be more language-friendly
Change-Id: Id18278496381b1abd69120712ca23ede6336ee11
2024-06-30 14:42:23 +08:00
jenkins-bot bc0ab54e2d Merge "Support more log actions in testing interface" 2024-06-29 21:43:59 +00:00
jenkins-bot 7cca085e24 Merge "Remove modification of wgCheckUserLogAdditionalRights" 2024-06-28 17:05:35 +00:00
Wandji69 6a091dcb39 Tests: Repalce "db" with getDb() method
Bug: T316841
Change-Id: I40eb000f008e51aba581ee8e33a8421ff111fbf1
2024-06-28 16:32:16 +00:00
Jakob Warkotsch 9fc29beb09 Reset setForceShowCaptcha to false after test
This test globally set `setForceShowCaptcha` to true, which caused
problems for following tests.

Bug: T368705
Change-Id: I5077e4b874c1bf1c6b68895349af0c9ecd4094ed
2024-06-28 12:15:49 +02:00
Jakob Warkotsch 0bd53dfeb1 Remove unused phan suppressions
Change-Id: Ib42f9b00948506ae2c053f51cb7dfddb0f7eb480
2024-06-28 12:15:49 +02:00
Translation updater bot bc5ff46176
Localisation updates from https://translatewiki.net.
Change-Id: I8cd502dac3414f6ca4f8ca93b7a3330a1c447402
2024-06-28 09:40:09 +02:00
jenkins-bot b9a4848fae Merge "ConfirmEditHandler: Use SimpleCaptcha API to invoke CAPTCHA display" 2024-06-27 16:55:01 +00:00
Dreamy Jazz 7254e65665 Remove modification of wgCheckUserLogAdditionalRights
Why:
* The wgCheckUserLogAdditionalRights global is shortly being
  removed as no-longer necessary after T324907 removed the need to
  generate the action text on insert time. As such, the action
  text can be generated on view and therefore respect the rights
  that the viewing user has.
* This means that the config can be removed, as users with the
  'abusefilter-view' right will be able to see the action text
  associated with the entry because the log formatter will check
  for the right on view.

What:
* Remove the modification of wgCheckUserLogAdditionalRights in
  AbuseLogger::insertLocalLogEntries.

Bug: T346022
Change-Id: I7504e4729fde5e51f6a795fc3e60d735152b2eea
2024-06-27 16:43:25 +00:00
Translation updater bot 3164bdd105
Localisation updates from https://translatewiki.net.
Change-Id: I77225b94e5a4741be4cb7e6844d351510617d14f
2024-06-27 09:19:53 +02:00
Kosta Harlan b93543ef00 ConfirmEditHandler: Use SimpleCaptcha API to invoke CAPTCHA display
Why:

- The previous attempt to integrate AbuseFilter with ConfirmEdit set
  a flag on the request object
  (I110a5f5321649dcf85993a0c209ab70b9886057c) didn't work in WMF
  production because in WMF, we load ConfirmEdit first, followed by
  AbuseFilter. Therefore any flag set in an AbuseFilter hook is ignored
  by ConfirmEdit

What:

- Remove implementation of ConfirmEditTriggersCaptchaHook, as this does
  not work when AbuseFilter is loaded after ConfirmEdit.
- Repurpose onConfirmEditTriggersCaptcha to handle non-edit actions only
- Implement the EditFilterMergedContent hook and call SimpleCaptcha's
  public confirmEditMerged method if CaptchaConsequence has specified
  that a CAPTCHA should be displayed, and if the CAPTCHA has not already
  been solved

Soft-Depends-On: Idc47bdae8007da938f31e1c0f33e9be4813f41d7
Bug: T20110
Change-Id: I7dd3a7c41606dcf5123518c2d3d0f4355f5edfd3
2024-06-26 16:07:40 +00:00
jenkins-bot 554583d13c Merge "build: Add quibble.yaml and enable early warning bot feedback" 2024-06-26 12:07:28 +00:00
Translation updater bot 0ce2096ac8
Localisation updates from https://translatewiki.net.
Change-Id: Ia3b760fbbc691143ad084cddfbf92e8602f0617e
2024-06-26 09:20:32 +02:00
Bartosz Dziewoński 0a83eb9b5d FilterValidatorTest: Use MediaWiki core status assertions
Depends-On: Ie4b3ebc03abb0e352e82394ced6ab9e733c83fb4
Depends-On: I8718cf7890f05c09a6e5712ee3dc4d171a6637cf
Change-Id: I6cb0cee65646b2b108319df6a9f862cbdd881691
2024-06-25 20:44:51 +00:00
Translation updater bot 4dc11add8e
Localisation updates from https://translatewiki.net.
Change-Id: I32243a432bee13c317daae57e8b4e6d3ffeabeb9
2024-06-24 09:24:32 +02:00
Translation updater bot d83e1316dc
Localisation updates from https://translatewiki.net.
Change-Id: I0485bd7561b1d6468f35186743c8374ad6ad11a4
2024-06-21 09:40:51 +02:00
jenkins-bot 788571fb3a Merge "LoadExtensionSchemaUpdates: Remove unused path from 'runMaintenance' action" 2024-06-20 16:29:16 +00:00
jenkins-bot 8dd15bac76 Merge "Fix variable descriptions showing raw "($1)"" 2024-06-20 15:46:12 +00:00
jenkins-bot 72ab79dcd1 Merge "Remove AbuseFilterActorMigration" 2024-06-20 15:44:49 +00:00
Bartosz Dziewoński 29e8b6e13b LoadExtensionSchemaUpdates: Remove unused path from 'runMaintenance' action
MediaWiki has never used this path for running the maintenance
scripts, only the class name provided in the other parameter.
Providing the parameter is no longer needed in MediaWiki 1.43.

Bug: T367918
Change-Id: Ie098fa124039cc1122135cae72c74579d43dc04f
2024-06-19 19:58:17 +02:00
Matěj Suchánek 92334b698b Support more log actions in testing interface
- Allow testing "move_redir" page moves.
- Allow testing "create2" and "byemail" account creations.
- Add remarks in the code that "autocreate" account creations
  cannot be tested since they are not in the recent changes.

Change-Id: Idd38327df1477e1cba4396003a6c0f23cb75d276
2024-06-19 17:35:43 +02:00
Translation updater bot 67aea2aa7e
Localisation updates from https://translatewiki.net.
Change-Id: Ia610542c2f8482bb176dbf6a00bfcfd722a0ffb7
2024-06-18 09:26:37 +02:00
jenkins-bot c1961b9d99 Merge "Use expression builder in AbuseFilterView::buildTestConditions" 2024-06-17 19:55:35 +00:00
jenkins-bot bb026443dd Merge "Drop af_user(_text) and afh_user(_text) fields" 2024-06-17 12:25:54 +00:00
Translation updater bot d4d04d1138
Localisation updates from https://translatewiki.net.
Change-Id: If946cd2ec431718b2812f2dabe2584bf751bf28d
2024-06-17 09:29:07 +02:00
Matěj Suchánek 1373bf8d11 Fix variable descriptions showing raw "($1)"
In 1904cf8, "($1)" were appended to the messages, but
the argument was not substituted in the var dump table,
showing literal ($1). Substitute <code>var_name</code>
to keep previous experience.

However, many translations have not been updated yet.
If the variable name was indicated by the message
argument, it would often be missing. Therefore, make
sure the placeholder is always present.

Bug: T360909
Change-Id: I1e4a97210c891c375b0f14c0891c2d25a0a389d1
2024-06-16 22:11:08 +02:00
libraryupgrader cb20be6b58 build: Updating npm dependencies
* eslint-config-wikimedia: 0.28.1 → 0.28.2
* grunt-stylelint: 0.20.0 → 0.20.1

Change-Id: I8329c44daf60817de62d3a64714df50cd4600341
2024-06-16 16:32:36 +00:00
Matěj Suchánek cb08d684d5 Remove AbuseFilterActorMigration
Bug: T188180
Change-Id: Idcacc9f63075b621bbc858a461dc6fb7ab7a9a39
Depends-On: I7dd5fc0f9d80636b0cdf3d995fe22c1f43a5b68d
Depends-On: Ibdb2b4096f26fc6752456a05f8d70a9a6d9609ad
2024-06-15 09:42:27 +02:00
Translation updater bot 16aa6eaaff
Localisation updates from https://translatewiki.net.
Change-Id: I440eacb6bf5151efa48ae2c8c641aca52ca5f634
2024-06-14 09:47:57 +02:00
jenkins-bot 92e1335cc8 Merge "Use ObjectCacheFactory" 2024-06-13 13:45:45 +00:00
jenkins-bot 4e919e4338 Merge "Add protected variable view permission checks" 2024-06-13 13:18:14 +00:00
Wandji69 5336a5ea41 Use ObjectCacheFactory
Bug: T363770
Change-Id: I465e251d4bbccd4ce98eb34ff05d749d3de84c43
2024-06-13 12:34:16 +01:00
STran abe6f1f4ee Add protected variable view permission checks
Some features restrict access when filters are private. These features
should treat protected filters similarly.

If the user doesn't have view rights for protected filters:
  - Disallow viewing of logs generated by protected filters
  - Disallow querying of matches against protected filters

Bug: T363906
Change-Id: Id84bd4ca7c8e0419fccc3ad83afff35067c9bf70
2024-06-13 03:15:04 -07:00
Translation updater bot 6e72123efe
Localisation updates from https://translatewiki.net.
Change-Id: Idabdd0812e9f5ddc9335c6aeac4397163674a6d0
2024-06-13 09:27:20 +02:00
Umherirrender bd52ef6263 Use expression builder in AbuseFilterView::buildTestConditions
Bug: T350968
Change-Id: I2b91a7e5b18ac9bb4f79018014ed60e2f0830487
2024-06-12 20:43:46 +00:00
jenkins-bot f5fa2511ef Merge "Use namespaced classes" 2024-06-12 20:40:36 +00:00
jenkins-bot 683634482e Merge "maintenance: Remove reference to cleanupUsersWithNoId.php" 2024-06-12 20:15:52 +00:00
Umherirrender c3af3157b4 Use namespaced classes
Changes to the use statements done automatically via script
Addition of missing use statement done manually

Change-Id: I48fcc02c61d423c9c5111ae545634fdc5c5cc710
2024-06-12 20:01:35 +02:00
Matěj Suchánek e1858da1fa maintenance: Remove reference to cleanupUsersWithNoId.php
It isn't available anymore, and it wouldn't even make
any change.

Bug: T367129
Change-Id: Ifd926856264aef8f2648cdb983c7710d9f23aa77
2024-06-12 18:49:10 +02:00