Avoid using preg_match's offset since it is MB-unsafe. Also, remove 'UTF-8'
from mb_ functions (it's the default), reduce code duplication, and show
the right snippet for long search patterns.
Bug: T202310
Change-Id: Ieb06bdd80b0f915609afed7c7ad95e6318058ee9
As we do for user_age, since these will always change. Also, rework the
method to avoid repetition of unset().
Change-Id: Ie5ceedd89cae3813bacf6680d588bc925362c2c2
This wasn't changed in I5c370b54e6516889624088e27928ad3a1f48a821 but
really needs to be merged, to avoid setting wrong variables. At the
moment this is still fine due to temporary overrides in
AbuseFilter::generateTitleVars, but this should be merged ASAP anyway.
Bug: T173889
Change-Id: I2e6058a6fa122470a30cd4a96c68eccc66e18ae4
Align the checkbox label on the left to conform with dropdowns, avoid
two if with the same conditions, and give variables a better name. Also,
remove an unused message: with OOUI, the old design can't be reproduced.
We could add a fieldset, but then it would be greatly different from
options for other actions.
Change-Id: Ibdc993c1457636215601eb22f5202d2f6ad57bd9
The condition always evaluated to true: for global filters strpos
returned 0, otherwise it returned false, which is == 0. Fortunately, in
the second case the function returned false as it should. Anyway, be
safe and use === operator as it should always be for strpos.
Change-Id: I7ffc990b2b8b9c47ebfb64d5234f561faaff5e88
This will make tokenizer almost fully covered. The only uncovered parts
are the one with cache and an else condition which I think won't ever be
executed, and thus added a comment for that. Also, remove an obsolete
xxx comment from ComputedVariable (fixed in
I8e420f0259ef6c9e579f7a00beb58f28af9da37d)
Bug: T201193
Change-Id: I6e9a73aa9e437f096f6a1e20d53a7cb50e5ed85d
AbuseFilterParser::setVarsimply calls the setVar method in
VariableHolder and is currently unused. Its only call was removed in
I80cbc4033ff96f2fe8c1da263b1877bfb4c7c0c4. After this patch we'll only
have an uncovered line in the parser, which is likely due to a bug in
the coverage check.
Change-Id: Ic860b03b2d23fec073a9294e356e074ae1b14ae5
Several improvements, this is the list:
*Added highlighting for disabled and deprecated variables
*Simplified a bit Ace's keyword mapper
*Added highlighting for ternary operator
*Added logic to retrieve operators from AF tokenizer
*Removed $ symbol since it's not usable in declaring stuff
*Customized highlighting via CSS
Depends-On: I5c370b54e6516889624088e27928ad3a1f48a821
Change-Id: If95e34fc7260413c4fb39c18a1ef44f5a93e1a68
Adds page_age variable that reports the number of seconds since the
first edit to the current article (or 0 for new articles).
Bug: T30844
Change-Id: I0993cecc322806382a1b567b60c0a4af69054841
There is already one for the js field, but we can't reuse it since "one
by one" doesn't make any sense here.
Change-Id: Iaf01e19f4006b3d578bb2201cf9108fe46d56085
Like we do in core for similar special pages. This is really helpful
when (un)hiding an entry.
Bug: T200645
Change-Id: I16450a2573e8987e31a83ec34f3dbb16fac94f81
Variables regarding title (full list in task description) are quite
deceiving, since they use "text" instead of "title". As proposed in the
task, this is the first patch to add aliases for those variables and
slightly deprecate the old ones. In the future we may be able to replace
every occurrence (either with a search function or directly on the
database), but even a coexistence would be enough to avoid
confusion. A wfDebug log is generated whenever a deprecated variable is
parsed. The "article_" prefix is also changed to "title_", in the same
way as above.
Also, added a hook which other extension may use to specify their
deprecated variables, which will be handled the same as core ones.
Bug: T173889
Change-Id: I5c370b54e6516889624088e27928ad3a1f48a821
Add some tests and improve others to raise coverage percentage. This
should lead to almost 100% for the AbuseFilterParser class. Aside from
this, a couple of changes:
* Remove an unused function
* Let equals_to_any return a genuine result with empty strings
* Remove an if which will never be true in skipOverBraces, since the
function is called after checking the same conditions.
Bug: T201193
Change-Id: I7020b2ed996236c38c5784d161ad98ec44163406
Check if the entry is deleted first, since it's the strongest deletion
here (oversight level). Bonus: don't use implicit conversion when
checking the return value of SpecialAbuseLog::isHidden.
Bug: T200644
Change-Id: Ie5c4575ad29fe3dcb85a26cc74f1c59207df2852
Add an AbuseFilter log link to the subtitle of history pages.
Bug: T28934
Co-authored-by: Matěj Suchánek
Depends-On: I2e0e9e92d3fc303135b0eb9acf06b5fd120178a5
Depends-On: I58a3039b3755648bb0c8aaf87db48ace96ce9344
Change-Id: Ib89c48f2b8f3121ead184844844acee436e2fdd6
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionAnnotations.UnrecognizedAnnotation
* MediaWiki.Usage.InArrayUsage.Found
Change-Id: I46e414246c6597dd78b069f753d686c0d1c1c09d
A month ago SpecialBlock::getSuggestedDurations has been
modified, and now it also returns an "other" key. Since we don't need it
and it would break thing up, add a parameter to avoid dealing with that.
Depends-On: Ic2dbc961f7eebad11da53724b9cce2f804ffad39
Change-Id: Ica37ba7015a04445c2cbafebcc85726368e23cb0
This settles almost everything, leaving the tags part ready to be
further improved in the follow-ups.
Also, replaced some fields with totally different ones, improved the
warn preview area and improved a bit nojs experience by hiding unusable
buttons.
Bug: T132284
Bug: T154749
Change-Id: I7a5caa862a32f9792140c6a4d9708a2d20472672
For the counting part I used this a relatively simple approach. It might
not be the best one, but should work without changing too much code. As
for the exception, I added it to every function which takes a single
parameter. Plus a couple of minor fixes: removed an unused function and
replaced "__METHOD__" with function names.
Bug: T198300
Change-Id: I484fe2994292970276150d2e417801453339e540
This line first used to be just an "strlen". Then we merged
Iaeae672dca66ffc745054daabd6f0eae7dfbc648 to clean input and this caused
some "undefined index" notices. These were in turn fixed in Ibebedb566da705e77ffb831ebda6476adba07c93 by adding an "empty". However, this slightly changed the range of accepted parameters, for instance refusing 0 and '0'. Those should never be used, so this is just a theoretical problem, but we'd better be consistent and simplify this line.
Change-Id: I4643d0632acf5926ac8de5da9bcb3e5dc715fdc1
Otherwise, if the user is warned for e.g. trying to move a page, and
after the warning he tries to delete it, he won't be warned again. Since
filtered action (edit, move, delete...) can be really different, we
should repeat the warning if the action changed.
Bug: T199621
Change-Id: Ia481b2bf552e16de8485c246aa5612d5bb2cd6ca
The patch adds the logid parameter to the queryAbuseLog API, so that
users will be able to retrieve a single result with the given logid.
Bug: T36731
Change-Id: I9160c3690e86ea40560f6fa7721918965234c29e
The function used to determine if a row is hidden has three possible
return values: true, false and "implicit". While the first and the
second one refer to AF own suppressing system, 'implicit' means that the
revision associated with the log entry is deleted. However, we checked
for such return value with a boolean cast, which caused true and
'implicit' to be equally treated, thus hiding revdel'ed revisions to
sysops. Bonus: fixed a comment typo.
Bug: T191699
Change-Id: I87d3a6437bb966198175e4bfd063e30ed79c345f
We still had three entries of "LogPage", which is legacy and has some
problems (I7bb0e92b2906a2511fc4290bdc76fc39ec4617fe). This patch updates
two of them to ManualLogEntry. The last one is handled separately in
Ic23e724997e4748c8d0da8138aa73d31b17b7064.
Change-Id: I2a4f18ea6baebdc114078c57d8937ce4ca2aace5
I've been noticing this problem for a long time: sometimes, when the
filter editor stays open for a long time and you try to click "save filter",
the page is scrolled and the edit isn't save (while it is indeed saved
when clicking save again). I found out that this is due to edit token
not matching. If that happens and the request was posted, warn user to
re-save the edit.
Change-Id: Id0c5600bf22632f57d237a19b492cc9c297be736
To generate an OOUI-friendly array with dropdown values, we need to
rearrange the array we already get from AbuseFilter::getBuilderValues().
Right now we do it in a pretty dirty way, which also causes errors if
external values (e.g. Flow variables) are in the list. With this patch,
such conversion is simplified, explained in a comment, and doesn't
output errors anymore.
Change-Id: I1063865aeff2dfb637e95d7b2ff30da39ceeab67
This is something that hasn't been working since January 2009, when AF
didn't have arrays and all variables were computed non-lazily. In fact,
when reverting "degroup", we used to take old groups from edit vars, but
the variable may not have been computed for such edit. Plus, we treated
the var collection as an array instead of an AbuseFilterVariableHolder
object, and exploded user_groups since it was a string. With this patch
everything should start working as intended.
Change-Id: I76917b2e331291bd42daeef8d048507dc38048cb
The message 'abusefilter-edit-notallowed' is used twice and outputted
as plain text. This makes it really, really hard to notice. Wrap it in a
block-level errorbox to make sure users see it.
Change-Id: I6e5579f9a5e33f05520001e10ffdde928ffdcff0
Introduced in I75ce47d247cf6949117370c8c78ab7c6980538f3, the message name
was misspelled in the code and thus the message doesn't show.
Change-Id: Iad515c48035259340c4824d456a14010c977e7a8
Html::warningBox makes use of Html::rawElement, where as noted in docblock the given html must *not* be escaped. Plus, bold text was broken due to escaping.
This reverts commit 7dfe4bfcfd.
Change-Id: I505be036291d4c6ff33c0c4fed4dd83a5bb56c54
This fixes the following minor issues:
* In HistoryPager's getQueryInfo, afh_id was listed twice
* In AbuseFilter::translateFromHistory a field named "af_" was produced
if no actions were in use
* The topnav link "Recent filter changes" wasn't STRONGed on pages like
"Special:AbuseFilter/history/123"
* In checkAllFilters and AbuseFilter::getFilter, select from DB only the
fields that will be used.
* Simplify some inline comments and remove superfluous ones
Change-Id: If72b18bedac5e580487406e696aea1fd172ae45b
Right now it can manually be added when creating filters. Since the
distinction is interal to AbuseFilter, we can't use hooks to achieve the
goal (the tag isn't already usable from outside AF). Also making
isAllowedTag public to make it testable.
Change-Id: I75ce47d247cf6949117370c8c78ab7c6980538f3
Trying to write unit tests, there are some things in the code that make
it not well testable. Here, two of them are corrected:
1 - Use class constants instead of static variables inside a non-static
method. Otherwise such variables won't be reset between tests. The
change is made so that there'll be less impact on blame.
2 - Set af_enabled to true even in af_deleted is true as well. For three
reasons: the first is that we already perform validation for this, so no
need to secretly change the option to whatever we think would make
sense. Second, this redundant validation makes some tests fail. Third:
this way, if the user selects both enabled and deleted, when the warning
is shown he'll indeed see that both checkboxes are selected. Before, he
would only see wpFilterEnabled as selected.
Change-Id: Ib7a0335fa7fb3b8a21765438a720205656c1ea09
Actually, it seems like I almost got it right at the first try. I tested
every validation scenario and it worked as espected, so ready for
review.
Bug: T193596
Change-Id: I7fd1798030d83292ce46543e25c0c431ec345a28
All uses of "throw" inside AbuseFilterParser are now covered.
Bonus: added a standard suppresswarning when checking regex validity.
Change-Id: Iacb8f7a361079e3e117dc6845597c7bd8473e54a
doLevel- functions are currently documented in AFPToken. This patch
copies such comments on docblocks in AbuseFilterParser, the place where
this docs can really be helpful.
Change-Id: I4e47e760a56800faa9b0a1146e0d79f8955dca9a
Otherwise, a blank page will be considered as having a newline inside,
which won't be marked as added (or removed) in the diff. This requires
introducing a new method and leaving the old one for backward
compatibility, and may cause regressions.
Bug: T74329
Change-Id: I9a2397fd849544b499cad97a383e5331471e9d73
Disabled vars can currently be overwritten by assigning them custom
values (e.g. old_text := 'foo'). However, this shouldn't be allowed to
avoid confusion.
Change-Id: I49136bf19371aee1e8068a9ae621310e1ab97c86
Old_text and old_html were disabled a long time ago. With this patch,
the user will get a custom error message if trying to use them (instead
of the unrecognisedvar one), plus they'll stop appearing in /examine and
/details, unless they were computed for the examined edit (and in that case, their description message is now restored). Lastly, added a precisation to their messages.
Bug: T190698
Change-Id: Ife168522e6b1d8eb94ebbb8a16ae8831ec1dc497
Arrays were introduced with the name "lists". While it **may** look
user-friendlier and so on, it actually uses a wrong name: lists are
different from arrays. I ran a grep and I should've replaced
every occurrence, plus everything seems to work, however a double check
wouldn't be bad.
Change-Id: I6a858f02f5dd9250ba7e1abf9c6422fd98758c9e
This way, we can specify an action and it'll return only conditions for
that specific action. This is especially thought to make results
filterable by action type.
Change-Id: I2c51b695262b132a5c7cdfab20d56e36f43c7448
Now the required need will be abusefilter-modify OR
abusefilter-view-private for /tools, /test and /examine.
Bug: T193903
Change-Id: I3f1a91a2cc1df2272e5d4099cefd7c649a0683d5
The conversion to OOUI brought some extra whitespace that creates some
problems while viewing the page, especially with specific skins. This
patch compacts four different form fields in a single one, having the
side benefit of reducing the amount of used variables.
Bug: T189425
Change-Id: I75aa83e36d12db65d8b54c76b3ea14c8c797215e
With this patch, filters which are both enabled and throttled have an
"actions automatically disabled" label together with "enabled" and the
row is displayed in red. Plus, some minor changes like removing unused
fields from sortable ones and added a comment to getQueryInfo about used
columns (the idea is that it'll be easy to understand if a given column
is already there, plus if we'll need the missing one we may just replace
it with '*').
Bug: T154206
Change-Id: Iab157d094cbf2d50e9db537535fd48243e74af0b
Most of these are accidential, obsolete from a time when PHP4 required
these & to enforce passing by reference. This is the default since PHP5.
The issue with this & is that is (in theory) allows hook handlers to
replace the object with an entirely different one. Luckily this does
not work in all cases I'm aware of. But it is confusing, semantically.
Change-Id: If1e9e2723ef96308f9b4b27377398a5e497bfe70
This is the default for many years now. Returning true is not different
from returning nothing.
I'm not touching functions that can either return true or false.
Change-Id: I6c70b8ef44f17271201a69a85301a631b32763c0
In If67035991a0835ec3edc13be4543e6b40c76c3ea I changed a couple of links
to OOUI buttons, but forgot to add one of these to the output (and to
enable OOUI as well).
Change-Id: I7dd4b554bae406bc0c8326867298302ee10b47f2
With I5e3764dbec8ac21f20c460181ae78ed73eca92f6 I introduced a function
to check that two blocks with different wordings refer to the same
duration. While that functions works good 99.9% of the time, there's a
highly unlikely but actual problem: if one of the operand is parsed at
time x and the other at time x+1 (in seconds, and this may happen even
if it gets parsed 1 ms later), the 2 durations will be considered
different and this may be annoying. With this patch I introduce another
tiny function which uses strtotime to parse a duration, but uses the
second parameter (=0) to avoid relativeness to the current time. Again,
this isn't likely to occurr, but since the fix is straightforward we'd
better do it. Also, now global durations aren't parsed at every
iteration (previously they were due to the same problem, amplified by
time distance between the first and the last iteration).
Change-Id: I11a078f298aaed9631d7f422c6b9b722d28e73cc
While the change itself is simple, the only problem here is the desing,
since we're adding even more vertical space with this.
Bug: T164108
Change-Id: Ic5373dd4f0b85dc1311d90ac165d4520ac956e68
With I91a9c5cca55e540a6c95b750579c1c369a760b15 we replaced some globals
with Config and, in doing this, we added "$config->has()" to check if a
variable was null. However, "has" will always return true even if the
value is null (it only checks if it exists), and thus we end up showing
a global abusefilter pager even if no central DB is set.
Bug: T195022
Change-Id: I751fdefd29b6af1361021d4343ba67f16c99a037
Use TextContent::normalizeLineEndings instead of manually replacing
carriage returns, plus avoid the if with a simple string cast. This also
fixes some cases where a null edit isn't counted as such due to a "\n"
in new_wikitext which isn't trimmed.
Bug: T168736
Change-Id: Idfafab3fcf7912bf0aec22700d2c0137bdd6c3c8
With the introduction of custom block durations in Ib072433d19dabae48d8514e08be9893135b5d63c, the method which generates action display was enlarged in order to provide a more readable and complete message. However, for throttling we currently have an unreadable message like "Throttle: xx, yy, zzz". This is wrong for two reasons: first, those numbers need to be deciphered; second, the first number is the filter ID which is totally unuseful here.
Change-Id: I0ec6a27ff5f37aae864dfd91161bf44f0a217ef1
They were defaulted to false with
I93ad51ffe7bee597d2d127f4c5d6b2929ffc8f7e, which broke use cases where
the page field is NOT required, nor has a 'required' => false explicitly
declared.
Bug: T194425
Change-Id: I5ab768c02a30b6d053104e590729ef22bb4e0808
Pretty self-explanatory and straightforward, since recentchanges has a
dedicated column for bot edits.
Bug: T193994
Change-Id: I76d41e082aed262640e9fff856eeb97df49633d5
With If16975dd394cfdb3c57ff263366c2fc865de362a I broke flags checkboxes,
i.e. the one for enabling/deleting/etc. a filter. In fact, I
misunderstood the way cbReadOnlyAttribute was used (a dirty way,
actually) and this caused such checkboxes not to be disabled if the user
didn't have rights to edit the filter.
Change-Id: Ibf80b54e0f620734ad7767e4769a93bbf1feccff
Like we do for built-in values. If a blacklisted variable is overridden,
it still works, but there's no reason to allow it.
Bug: T191715
Change-Id: Ia4d42ec56dc4805454b96c52c2eace1924f6536c
Quite self-explanatory. If the talk page is blocked, a sentence is
added, otherwise it remains as it is. Plus, improved the way messages
are generated and reduced their reuse.
Bug: T193692
Change-Id: I01f5113ca586b94c25e1102c73d158ebb01c5a4b
The $deadActions array is populated but never used. At first I thought
it was about actions which aren't available, but this isn't right.
Instead, it's only used to keep track of available actions which aren't
used in the current filter. Which is some data that we don't need, nor
there's nothing we may do with that.
Bug: T188181
Change-Id: Ibdfeb92ccd790c0b1a4d79b382b053b9361459f8
We used to display the checkbox to block talk without checking if
it was defined. This caused a warning and an empty space with
wgBlockAllowsUTEdit set to false.
Change-Id: I97f82633e932de7e325615473c85245a406a55ef
After Id4dc1debf0240d5b336f4d9ab5b363c240f08807, the method has been
moved, and in doing that I forgot to change this line.
Change-Id: I20caf06f2c568605bd6a90c9cf2b425cd51512e7
Like we did for other links in /diff and /histories, there are some
links that we'd better display as OOUI buttons. Also, use the Html
class' specific method to show errorboxes.
Bug: T132284
Change-Id: If67035991a0835ec3edc13be4543e6b40c76c3ea
I'd like to have this reviewed by more than one user before merging, to avoid regressions of annoying typos.
Change-Id: I91a9c5cca55e540a6c95b750579c1c369a760b15
I found these vulnerabilities while trying to setup seccheck. Although
I'm not sure whether seccheck recognised them, I'm sure that they exist
since I did manual tests, and it's possible to inject custom scripts
with these.
Change-Id: I97804be8352a1b784d483195edb29e363a0c616e
'disallow' rules with a missing first parameters are perfectly fine (and
quite common), so don't throw notices when that happens.
This broke Flow's unit tests, and caused exceptions for all api.php
edits that triggered a 'disallow' rule.
Change-Id: Ibebedb566da705e77ffb831ebda6476adba07c93
This seems like the logical way to be sure that multiple mass actions
won't be counted as one, thus reaching the conditions limit. I tried to
test this locally, but I actually had troubles to simply replicate the
issue of the reached limit in a stable manner, so I'm not totally sure.
Anyway, this shouldn't do any harm.
Bug: T193374
Change-Id: Icdc172f76705870ee502339a53e912e15a3bd31d
The variable was declared in the "if" branch but also used in the "else"
one. This caused the rules textarea to not have the readonly attribute
if the user wasn't allowed and CodeEditor wasn't installed.
Change-Id: I2bf69dc0f2d24efac41d1ac6100ed7e286e3afa4
This is taken from I6a57a28f22600aafb2e529587ecce6083e9f7da4 and makes
all the needed changes to make phan pass. Seccheck will instead fail,
but since it's not clear how to fix it (and it is non-voting), for the
moment we may merge this and enable phan on IC.
Bug: T192325
Change-Id: I77648b6f8e146114fd43bb0f4dfccdb36b7ac1ac
Follow-up of Iaeae672dca66ffc745054daabd6f0eae7dfbc648. Some actions
were still marked with red, specifically the ones with block inside. The
reason is that we stored the 'blocktalk' parameter as an emtpy string if
false, which wasn't filtered when loading request. Changing the empty
string to something different is enough to fix the problem, hopefully
without regressions. Note that this isn't retroactive and needs an edit
to become effective.
Bug: T189681
Change-Id: I7d7f0606fc23bad5ba342076066ab0e935680b3f
Introduce a new function which can be used to group multiple comparisons
in a single condition. In particular, equals_to_any(S, A, B) is the
equivalent of S === A || S === B. This is especially useful in checking
for multiple namespaces, as proposed in the Community health initiative.
Change-Id: I9dcfe303eb5e51e1882fe4a65fa876aa93db7686
I left as ToDo the checks between an array and something else. With this
patch, it'll work like PHP: the result will be true iff the comparison
is loose, the array is empty and the other operand is either false or
null.
Change-Id: Idc5cadb697ed4fc7f4856967274169f77495ed9f
I added searchEnabled in I0771fa048d21031ed1e0f8a6909213bdb869a5ed, but
forgot to pass it as parameter when there's an error with the regex.
This means that, if you try to make a search with a wrong regex, when
the page is reloaded the fields for searching aren't shown and you get a
PHP warning. Here I also added warning suppressions as usually done when
checking regex validity to avoid unnecessary PHP warnings.
Change-Id: Ibc3110c30959c99d0825e1e3d7edb1e96dd9d536
Basically, with this we always start with a functioning textarea. If JS
is enabled (and CodeEditor installed), it gets then replaced by the Ace
editor.
Bug: T192241
Change-Id: Id4dc1debf0240d5b336f4d9ab5b363c240f08807
As discussed in the task, wgTitle was used (overridden) since it was null in API
calls. However, the problem has been fixed in api.php in 2009, so we
don't need to deal with it anymore. This also means that we may remove
anything else that was added to restore the original title at the end of
the function. At last, this was the only remaining exception for PHPCS.
Bug: T178007
Change-Id: Id043c74ec8d57c5fb0ab22f54acf6a31fe6b6f06
This should fix every error with excluded rules, leaving only the one
for $wgTitle. A double check would be nice in order to avoid regressions
due to stupid mistakes.
Bug: T178007
Change-Id: I22c179f3a01d652640304b59e43fcb5b5a9abac3
IP::isInRange() can return true for invalid IPs so this can
cause false positives. Instead of letting this happen, don't
allow it in the first place.
See also Ibfe55c2ebac0fccfa8329436
Bug: T124117
Change-Id: Id10552e117ce2b231504e41627b44f8cfb0d4329
Right now we don't have a specific exception for that, plus we don't
really check if they're closed. In fact, we use the result of strpos
without checking if it evaluates to false; if so, in some particular
cases like the one reported on phab, the while loop will never end.
Bug: T134124
Change-Id: I3b6000f197502a4832a53465b6617b4217080739
So that type and value will be identical to PHP's ones.
Bug: T191688
Depends-On: I1140900cdda63eed292d9f20aefd721ef9247fcd
Change-Id: I398c9a972b7e9fcb27d055d23939be2b8bb68244
Right now they're always returned as float values, even stuff like 1+1.
With these patch the results will have the same type as they would with
pure PHP calculation. Added a method to convert numbers to int/float
depending on their type.
Bug: T191688
Change-Id: I1140900cdda63eed292d9f20aefd721ef9247fcd
Otherwise old filters try to use it and return an error. I restored it
at the old version, like in PS1 of Ib23c418ded6ffdae7311809bf5fcbbfb2093e752
Bug: T191696
Change-Id: Ib23c418ded6ffdae7311809bf5fcbbfb2093e752
We already do it for variables and functions, so that any new feature
won't need the ace files to be edited. I originally didn't implement it
for keywords too, but it's actually much better this way.
Change-Id: I1ee81feace2ea90d5dbb2e443f01bc0f6cf74eb7
This feature was never implemented. I'm not sure whether we need a way to compare array and other types of variables (left as ToDo), since e.g. in PHP it's always false.
Bug: T179238
Change-Id: I5d2c33fd117e69cbc84c0b04b6cb82edbdcadf16
It solves a bug and other problems, especially related to permissions.
Tested as much as I could but with an imperfect global filters system,
so there may still be something wrong.
Bug: T191539
Change-Id: I0771fa048d21031ed1e0f8a6909213bdb869a5ed
This is the long-term solution for the problem. The ToDo may be
unnecessary, but leaving it there as a caveat.
Bug: T190602
Change-Id: I5e3764dbec8ac21f20c460181ae78ed73eca92f6
This opens the door to further customization and allows every wiki to
set its own value.
Bug: T132925
Change-Id: I63985f2809c3253b07b33caef30fcd8d4c62dfd4
Otherwise ContentTranslation will break. Also, that way the order was
wrong (mandatory parameter after optional ones).
Bug: T191468
Change-Id: I4558aba48782e83b73023061e8f213bf6a785a18
Yes, this is a sniff bug - however, ideally every variable should
be on its own line with documentation anyway.
Change-Id: Ic8a96d9ea4dd20d8f689aac0a7dece01a4208929
Currently, due to a tiny math error, the cap is variable (although
limited). This way it's really fixed and produces uniform results.
Bug: T191222
Change-Id: I8102db7894e5481a77e1a5771d9981258000731e
Hopefully this is really the last one: the tiny form at the bottom of
Special:AbuseLog/# to access private details.
Bug: T132284
Change-Id: I3f91beb482b3b85e12b65464914b0ac57ec983df
Currently, strict comparisons aren't listed. This way they don't appear
in the dropdown and users may not be aware of their existence.
Change-Id: I93185781de3b698096130c673156a67823375c6b
Currently users can save filters without title or pattern. This
shouldn't be allowed since it leads to lack of clarity. The check is
only performed server-side, since when implementing Ace editor we won't
be able to (easily) add a pure HTML requirement for the pattern field.
Bug: T173947
Change-Id: I1a0418b87cdb1ff423238fcdf1c743930500e605
Otherwise it will return wrong stats and waste resources. This seems to
fix the problem, while a more long-term solution isn't that clear. I
hope that this won't introduce regressions, which as far as I could see
shouldn't happen.
Bug: T191032
Change-Id: I243605b26fe310488dc7419edf31f652ccda0094
Standardized Special:AbuseFilter/test and /examine/# to OOUI. They need
to be updated together, since they share the same load filter button
(now centralized) which needs to be handled in a different way.
Bug: T132284
Bug: T58367
Bug: T58368
Depends-On: If3d6a994142e34686bb7fc9f09093f751b599485
Change-Id: Ib935e8c9706e987468e52ec2ad1c7219b35fb9d5
Conversion of the builder dropdown, the syntax checker button and also
the button for switching editor coming from ace.
Bug: T132284
Depends-On: If3d6a994142e34686bb7fc9f09093f751b599485
Change-Id: Ic7f17437f4f0dcc0ea0edbab24eb976e2f76bdbd
This one was left out, probably because it's not well documented.
Together with the simple conversion, I also added a cap to time
selectors (otherwise users may create huge breaking queries) and wrapped
in a class=success P the success message, like we do when saving
filters.
Bug: T132284
Change-Id: I2ba0a54e27608949cd28b9ac0447d1f2157b0ea2
Since it'll always be a subtraction of integer numbers. Otherwise, if
calculated as float, values won't triple-compare.
Bug: T190652
Change-Id: Ia58a4e3429a012a94a43ffadb190154fcdb9bcaa
Replace the conditions textarea with Ace editor for editing and testing
filter. This uses a soft dependency on CodeEditor; if the latter isn't
installed, the classic textarea is used. The user is still able to
switch between the editors on the go; the new buttons may look a bit
ugly now, but after switching to OOUI they should get much better.
Finally, added a custom syntax highlight for AbuseFilter rules.
Bug: T39192
Change-Id: If3d6a994142e34686bb7fc9f09093f751b599485
Adds an option for searching filters with a
specific pattern in the main page, together with already existing options.
Plain search and regex are available, only for users with the
view-private right. The search is performed directly on the database.
If the user actually searched for something, it is also added a column to
Special:AbuseFilter showing a snippet of the pattern from each filter, with the query match highlighted.
Depends on: I8144062b1f273d0d8932203ffcb7a71aca60bba9
Bug: T87455
Change-Id: Ibcd84ff84edca481328210ee857b0ab723028632
Public comments are parsed in some places and they are
shown as plain text in others. Always show them as
plain text instead of parse them.
Bug: T173249
Bug: T141670
Change-Id: I173ffab1a99c1536cca260b76be0d95a4966b139
With https://gerrit.wikimedia.org/r/#/c/412892/ I introduced an error
with action display in history: every action except for block would have
been displayed without parameters.
Change-Id: I273cd908b698c49056c176de9ead5a78d818c7be
I had unwillingly substed a variable with a string in the wrong case. It
needs to be fixed before .25 is deployed, otherwise in history there
might be actions != block which'll be displayed as 'block'.
Change-Id: I6d251fa011238509a8fdf264e865573140e7a20d
Core change I8d825eb0 begins the process of changing core database
tables from using xx_user and xx_user_text fields to using xx_actor.
This updates the extension to continue to function during and after the
transition.
Bug: T167246
Change-Id: I4065716022aa60c0fa1a258659db22be2b7f43de
This is part of a project to enchance blocking in AF. With this patch,
users are allowed to specify two block durations for each filter, one
for anonymous and one for registered users. For backward compatibility,
default values are set to the global variables.
Bug: T32024
Change-Id: Ib072433d19dabae48d8514e08be9893135b5d63c
Blocks preventing edit of own talk currently don't show "cannot edit own
talk page". Added it to the flags to make it display properly.
Bug: T188970
Change-Id: Ia8d1c2b93038c3c43bb224a8cae073b694d74cbe
The IP is currently displayed as plain text. Add instead userLinks in
the usual way to provide some handy links for CUs.
Bug: T188600
Change-Id: I47ee007f450f06a1a19b4c7598373a952efbe06a
Currently, array_diff is only performed in one direction. This way, some
edits to tags (and, in future, to custom block durations) aren't catched
and the filter isn't saved.
Bug: T180194
Change-Id: I22fb9368208380c1a8205a566ac5ff07bbb6e05b
So that users have no longer to modify the URL.
Links like "Special:AbuseFilter/history/1" will still
work but request parameters have higher priority.
Bug: T27897
Change-Id: I2d8c26d3350fdd4052b68c7bced10e3fae859d18
Adds option to stop logging IPs in afl_ip in the abuse_filter_log table.
Introduces a new global variable: $wgAbuseFilterLogIP
Bug: T187169
Change-Id: I1615ba6949c9f8bcdd6ee6aef580c87a05f43e6a
Users can choose whether they want to see entries
that changed the wiki or didn't (or they can apply
no filter).
Bug: T159061
Change-Id: I6cee9b001c26c4bbc837131781deef27d5e3ef1a
Currently, the message informing that some actions have been disabled is
quite impossible to notice at a first glance, since it's a bit confused
with other form elements. However it actually is a warning and needs to
be treated as that.
Change-Id: I0d851333f8da200fb0b9b0c7d05ccd1f63e9e948
Change I758795f01eaf3ff56c5720d660cd989ef95764a7, first released
in 1.20, added columns to AbuseFilter tables for MySQL, but not for
PostgreSQL.
This adds those columns for PostgreSQL, both for the installer and
for the updater.
Combined with already-merged change 192002, this change closes
bug T89514.
Bug: T89514
Change-Id: Ie33a5a932ffd85fa8a4111b949bd0a4d07a2af91
When an action reaches the limit, the remaining filters are not executed.
But there is no way find out which one it was.
Bug: T71492
Change-Id: I28fac76d4e9ca341bed25cd35e1249b19586b773
Added the contains_all function, with basically the same role as
contains_any but using logic AND instead of OR. Also added
ccnorm_contains_all, that is the same of ccnorm_contains_any but with
AND mode. Finally, fixed three wrong task IDs.
Co-authored with Valerio Bozzolan.
Bug: T21176
Change-Id: Ib0a8b783db6ce0d5db64771c8e0c70f0f8d13d36
This parameter was never documented. It was just
a leftover from migrating to the current message API
in Id69a9d603. Note that the same message pair further up
in this file does not use it.
Change-Id: I38caa1611d78b6cb182861c8f5d731b27379f62a
This patch introduces a config variable for the range block sizes.
It changes the default IPv6 block size from /16 to /19 using the
same reasoning as Ia25e156fd8234519c4d74f1d41d93f94a313ce14
Using a config var (as opposed to hardcoded range size) allows
future changes proposed in T179454 to make the range size vary
for different IPs, based on the actual subnet they belong to.
Bug: T179455
Bug: T179456
Change-Id: I8dfa17f553a7af524f0a11c0fd51c48773e27be5
Per T178092, AbuseFilter now maintains compatibility with older versions
of MediaWiki using release branches. Thus, various back-compat code
paths may be removed from the master branch.
Change-Id: Ia1b5eade30d7486e3b1b386b15a7db4e5c8cfead
Various selectFields() methods were deprecated in MediaWiki core change
Idcfd1556, replaced with getQueryInfo() methods.
Change-Id: If75d2e76c2f166bc40a544dd502da43171ce1e7b
Depends-On: Idcfd15568489d9f03a7ba4460e96610d33bc4089
This PHP extension doesn't have any speed benefits over our minimum
required PHP and so isn't used in WMF production anymore.
Change-Id: I4883643908f765eee5db6b3ca88eed179264e93f
Use the new equivset library instead of AntiSpoof.
Bug: T175413
Change-Id: I439387deeba99543e194c210953ac73ff98bc5b7
Depends-On: I977d3498b2084a426e2ab4d85c000d1b9dcfe824
When $wgAbuseFilterRuntimeProfile is true, all filters taking
longer than $wgAbuseFilterRuntimeLimit will be logged for
later analysis
Bug: T174205
Change-Id: Id81833afa8421476a6cee47eb3393acdb3a38d65
When you are in Specia:AbuseFilter/test and you test a filter
against RC if the filter has a regex with a rlike condition
you receive a Call Stack warning for a wrong regex.
Bug: T177744
Change-Id: I2bc62b5709d2863eb355a249610b3e80fab55448
Forcing user namespace will handle IPv6 correctly as well
as possible "User:" prefix supported by the former code.
Bug: T176045
Change-Id: I0b4a5468ca44799cade0b0774d749e05d4ff5865
The following sniffs are failing and were disabled:
* MediaWiki.VariableAnalysis.ForbiddenGlobalVariables.ForbiddenGlobal$wgTitle
Change-Id: I7163cd8f97a7d2fe5b4410245a72eb416302f4f6
A confusing warning message was displayed when filters
have af_throttled = true. That message was replaced with a
new one reflecting the behavior that is actually ocurring and
how to solve it
Bug: T54525
Change-Id: I5c6e434249d5c9649eb2d7c5b16b9ecb1f530c8a
Metrics per edit:
- Execution time of all filters
- Number of filters executed
- Number of conditions executed
Due to the current structure of abuse filter there was not
a clean way to include filter actions and abuselog creation
as part of the runtime metrics.
Bug: T161059
Change-Id: I6208b620453863133c6623aa419775f63c7d3eb1
It should have been deleted in I02ba4ce31b6aca5b7324114093f8ece143abc295
but accidentally survived.
Change-Id: Icdbe8fb0154513d643905f7f8bd6391780cd44a7
- Use rc_source with values that we know we support. In
particular, this drops categorization changes.
- Filter on rc_log_type and rc_log_action (which itself
may be shared across types).
- Use the same query on both Special:AbuseFilter/test
and Special:AbuseFilter/examine.
Bug: T170574
Change-Id: I79b903b4424d3c15095a1e0491d35f6e005db0b8
Cleaned ccnorm method to use AntiSpoof::normalizeString instead going
after AntiSpoof extension files and doing a manual implementation of it.
Also removed composer requirement for AntiSpoof extension.
Bug: T172766
Depends-On: I731733671b650b6bb2f480c41c4f6f2d2f5c62e8
Change-Id: Ib38ba0b06918e81e8af03032eef95e3942773bc1
After I544cdfa75c7472f2d98b2561bc6f6f9c2d2ad639 (dieWithError
and checkUserRightsAny), this is the oldest MediaWiki version
AbuseFilter can be run on.
AbortMove was removed from MediaWiki in 1.25, UploadVerifyFile
is only relevant for 1.27 and older.
(Replaces I1e962217c3b20d901a5742cf76339a3f488a6e97.)
Change-Id: Iec237b2887f72b115fdcef78d2d7a944ba82c784
As described in the task, anyone can view the page but do nothing
with it. It doesn't make sense, it should either work or be disabled.
I chose the latter.
Bug: T124096
Change-Id: I7271cd5a0d00d5fdba28ce3974c50ea5dfd0ad9b
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected
* MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic
* MediaWiki.Commenting.FunctionComment.MissingParamComment
* MediaWiki.Commenting.FunctionComment.MissingParamName
* MediaWiki.Commenting.FunctionComment.MissingParamTag
* MediaWiki.Commenting.FunctionComment.MissingReturn
* MediaWiki.Commenting.FunctionComment.ParamNameNoMatch
* MediaWiki.Commenting.FunctionComment.WrongStyle
The following sniffs now pass and were enabled:
* MediaWiki.Commenting.FunctionComment
Change-Id: I0874c547ef2bc8a7c3fa4ca72738aa3320f2bdbe
It seems that move actions have rc_this_oldid set. rc_log_type
should have higher priority.
Bug: T170586
Change-Id: I9bb4ea599f12ef01fad823ac3232330966b0d281
Also move --ignore to phpcs.xml for use by phpcbf
Short array syntax will be used in follow ups
to keep this patch set small
Change-Id: Ib91f3768cc7cdccdc26a4d5200178ceb8e61e098
The return value from the method is only suitable for passing to
$db->insert(). To get the inserted ID, you need to call $db->insertId()
even if $db->nextSequenceValue() returned non-null.
Change-Id: Id5a0df17c77445e9f29564a55fb850c3ecad2630
We add FORCE INDEX to revision because probably we have hit a MariaDB
bug that can potentially create an outage on pages with thousands of
revisions due to extreme resource usage by this query when using the
wrong index page_user_timestamp, instead of page_timestamp.
This is considered to be a hack, and once we are in the clear, I promise
to review this an try to get a saner execution path (both in MySQL and
in PHP.
Bug: T116557
Change-Id: I41853da5c0e1a15efad5594eff0cee62be1ad9a4
Follows-up e4ac1ef. A lot of this class gets its own cache object
in key-generation methods because of legacy compat with public
methods and because of how wfMemcKey used to be.
However where possible, we should encourage passing $cache
so that makeKey() can be used on the same instance that uses
the key.
This is a no-op since it's exactly the same object.
Change-Id: Ib3c31110176659a9175679eb716369e7f0a1d3b2