Commit graph

1881 commits

Author SHA1 Message Date
Daimona Eaytoy 2026e3ac3a Add an AbuseFilterPermissionManager service
This service should act as a mediator between the AF code and the
permission manager, and it should know what are the permissions required
by each action.

Change-Id: Ieb177d9992147b11fa7b8f05929da6c182cc2286
2020-10-10 14:03:29 +02:00
jenkins-bot f1de9145f5 Merge "Remove sorting by user from Special:AbuseFilter/history" 2020-10-10 11:58:54 +00:00
Matěj Suchánek d91ddd2169 Cleanup filter id handling on Special:AbuseFilter/history
In particular, the interface shouldn't generate links to
"Special:AbuseFilter/history/0" (AbuseFilterHistoryPager::getTitle,
can be seen when visiting "Special:AbuseFilter/history").

Change-Id: Id3dc1bb4fc3c5e853603bf0ec04a6b1751f7d862
2020-10-10 11:40:46 +00:00
Daimona Eaytoy f0539e0c1e Represent new filters with null instead of 'new'
PHP is not strongly typed, so it's not a good idea to use scalars of
different types (here it's an integer vs the string 'new') to represent
different possibilities. This can have bad effects when type juggling
occurs, and it's also harder to figure out what the type of the
parameter can be (because a numeric ID might have been passed as a
string). Using integer vs null avoids all of this, and also allows us to
use nullable typehints.

These changes were partly copied from
If981cb35bf19a8469aa6c43c907e107cf8c65bc2 and should help with the
migration to the Filter value objects.

Change-Id: I8837d46c3c33761fea53f67b530b721dc7bd49b0
2020-10-10 12:23:50 +02:00
jenkins-bot c0defc1055 Merge "Add a new FilterProfiler service" 2020-10-10 10:08:58 +00:00
jenkins-bot f4570e232d Merge "Hide filter group selector when filter selector is hidden" 2020-10-09 23:02:04 +00:00
jenkins-bot da3bfa3314 Merge "Reduce dependencies of AbuseFilter::saveFilter" 2020-10-09 14:58:30 +00:00
Matěj Suchánek 826f03d928 Remove sorting by user from Special:AbuseFilter/history
This feature didn't work and even if we fixed it as suggested
in the task, it would still be bogus. For deterministic paging,
the afh_user_text field should be in an index together with
another field(s). But currently it's indexed alone.

By the way, the indexes on abuse_filter_history should be fixed
anyway. Special:AbuseFilter/history also allows filtering by
filter/user which require index on the fields. They are present
but are not composite, so either the sorting is done
inefficiently without an index or there is a fullscan.

Also remove the getIndexField override. TablePager knows best
what value can be used there, we don't really have to override
it.

Bug: T204210
Change-Id: I7335f82c917a1d219fd7f0999da5b62433f14bd8
2020-10-09 15:41:19 +02:00
Matěj Suchánek 2c650f7710 Hide filter group selector when filter selector is hidden
This was a means to bypass the limitation to filter by
triggered filter (for example, when a group contains
a single filter).

Change-Id: Icd7b0b64ff16b4ce26f4d52ad9d9abce62972e60
2020-10-09 13:33:13 +00:00
Daimona Eaytoy 9f2906e34b Reduce dependencies of AbuseFilter::saveFilter
This patch removes the dependency of saveFilter on the ContextSource
kitchen sink. It also removes some unneded dependency, and adds
$originalRow/$originalActions as parameter, rather than hacky properties
in $newRow that are easy to forget. The related test can also be greatly
simplified.

This also introduces a behaviour change: checking $newRow instead of the Request allows us
to account for values normalization done in
AbuseFilterViewEdit::loadRequest, and to also work correctly for imports
(and generally speaking, it makes the method suitable for an
AbuseFilterEdit API module, too).

Next step is moving this method to a service. Some signatures,
indenting, name choices etc. are subpar, but this is just because these
methods are temporary anyway.

Bug: T213037
Change-Id: I235b928d7b9c2ef1c46ea0bf3e3ed212500b4161
2020-10-09 11:52:02 +00:00
jenkins-bot 73d6544bc6 Merge "Avoid array_filter on explode()" 2020-10-09 07:49:24 +00:00
jenkins-bot f2648afb15 Merge "Prevent cache pollution in fetchAllTags and clean up" 2020-10-08 18:02:21 +00:00
Daimona Eaytoy 7a1d6dbdbb Avoid array_filter on explode()
The array_filter is likely meant to empty the array if the empty string
was exploded ( `explode( "\n", '' ) === [ '' ]` ). However, it can also
remove other stuff, e.g. the string '0'. An explicit comparison is
easier to read & interpret, marginally faster, and avoids rare but not
impossible edge cases.

Change-Id: Ie77d65b56319664a2ac370f32341dc72b619a635
2020-10-08 18:56:27 +02:00
Matěj Suchánek 9e6bc2f4ee Move log formatters to a separate directory and namespace
This will clean up the includes/ directory a little.

Change-Id: I61adacf32257bb2402a272b60b52b69505d981c5
2020-10-07 16:25:38 +02:00
Matěj Suchánek b7cda4de4c Prevent cache pollution in fetchAllTags and clean up
Previously, the cached value would depend on the tags
parameter to be updated. The provided value may be
different for each call, so callers may receive
unexpected values.

For example, while core usually calls this with core-defined
hooks, our method AbuseFilter::isAllowedTag calls this
providing an empty array. If core's call happened shortly
after ours and hit cache, its array would be overwritten
with only AbuseFilter's tags, the rest would be lost.

Also do some clean up:

- only call array_filter on explode'd array
- call array_unique on the value, since it's usual that
  multiple filters share the same tag

Noticed when thinking about moving this to a service.

Change-Id: I4f4322e80ec89e48458a3bf46a1146863bec8237
2020-10-07 15:20:41 +02:00
Daimona Eaytoy 58538103c9 Delegate some switch cases to the parent in GlobalAFPager
af_actions and af_hidden are treated in the same way, so avoid
duplicating that code. Some of the remaining cases are also quite
similar (although not identical), so we might want to merge them in the
future.

Change-Id: I1b48502e077e58eb9ff459326bba18bb1d127242
2020-10-07 12:46:52 +02:00
jenkins-bot 1b0fa6bc6e Merge "Remove useless param to wfMessage" 2020-10-06 11:21:14 +00:00
jenkins-bot b0e68af5f5 Merge "ViewEdit: account for empty actions in imported data" 2020-10-06 09:34:30 +00:00
Daimona Eaytoy 11d922d1bd Remove useless param to wfMessage
Copying my investigation from I8c93e2ae7e7bd4fc561c5e8490ed2feb1ef0edc2:

This code was introduced in 2009, see rEABF0f1eb8db78bfa83ddb93427f39aad619523d8f25:

  $display = wfMsg( "abusefilter-action-$action" );
  $display = wfEmptyMsg( "abusefilter-action-$action", $display ) ? $action : $display;

And wfEmptyMsg looked like this:

  function wfEmptyMsg( $msg, $wfMsgOut ) {
    return $wfMsgOut === htmlspecialchars( "<$msg>" );
  }

so this made sense. But then, in 2010 (rMWae3ced88e535c7fd046f0ad6f0710cc87f0004ea) the function was changed:

  function wfEmptyMsg( $key ) {
    global $wgMessageCache;
    return $wgMessageCache->get( $key ) === false;
  }

without anyone removing the parameter from AbuseFilter.

Finally, in 2012 (rEABF176227e721c9475de2c2163d3b6e20ca4769c406) the usage of wfEmptyMsg was removed, and $display became a parameter to wfMessage().

Long story short, no need to pass that parameter.

Change-Id: Iad875f0c0ab5aaa06c795232638f52e9ca62786e
2020-10-05 23:39:23 +02:00
jenkins-bot 2cdec2473e Merge "Actually apply patch-afl_change_deleted_patrolled." 2020-10-05 08:15:48 +00:00
jenkins-bot 2e1afd5a51 Merge "Add test traits for uploads and account creation" 2020-10-05 07:49:38 +00:00
Daimona Eaytoy bc9898f1a1 Add a new FilterProfiler service
Change-Id: Ib66c42ac220731f4e1da9ee6cfb5290759dd6494
2020-10-04 22:00:57 +00:00
jenkins-bot b45c9205e9 Merge "Add tests for retrieving RC variables" 2020-10-04 13:38:32 +00:00
Daimona Eaytoy 6c8a29698b Add test traits for uploads and account creation
Ideally, this might live in MediaWikiIntegrationTestCase. For the
createaccount one, AuthManager should also provide a method to log the
creation, because currently we are forced to copypaste that code here.

 - Add the missing tests for 'upload' in RCVariableGenerator, and adjust
the existing ones (delete file afterwards, more tablesUsed, use the
right extension).

 - Exclude from the coverage report a couple of lines which should
theoretically be unreachable. Escalate logging to WARN level, where it's
more likely to be spotted.

 - Remove an unused method (RCVariableGenerator::newFromID). This denies
   the need to maintain and cover it. We also don't want this generator
   to act as a factory.

Overall, this change brings the coverage for RCVariableGenerator to 100%

Bug: T201193
Change-Id: I425c3d9f6800f74eb6e4eda483b90cfb3bbbcb51
2020-10-04 13:16:58 +00:00
jenkins-bot 9530684878 Merge "Use null defaults for search options on Special:AbuseFilter" 2020-10-04 12:56:14 +00:00
Daimona Eaytoy 2e13d58c74 Add tests for retrieving RC variables
This was also long overdue. Also fix a bug that caused page creations to
not be shown when examining past edits (using rc_last_oldid doesn't work
for page creations).

Bug: T201193
Bug: T262903
Change-Id: I5f7a994add12332c950904146248c5de7c2beee5
2020-10-04 12:43:04 +00:00
Matěj Suchánek eb81b92c06 Refactor AbuseFilterView instantiation
- Make a separate method which determines the view
  to be shown from subpage syntax and test it.
- Reduce circular dependency between SpecialAbuseFilter
  and AbuseFilterView. Use params to transfer information
  to views.

Change-Id: Ib9442ea5f9990a5c48f9b9e04055aa22bf7e456e
2020-10-04 13:15:04 +02:00
Daimona Eaytoy f8c525fc52 Minor updates related to var dumps
- Include an attempt to restore the dump in case the text table
   contains a truncated dump (not 100% sure that this can really
   happen, nor do I know the cause, but it shouldn't hurt)
 - Remove a check for 'action'. The variable might be missing in case of
   a corrupted dump. Having an array at that point can only mean "new
   format".
 - Don't assume that old_wikitext and new_wikitext are set when showing
   past filter hits (again, might be unset due to data corruption).

Bug: T264513
Change-Id: I7510d28fc3f43f985a1283e23b413f07adfe7921
2020-10-04 01:18:14 +02:00
Daimona Eaytoy 04d735117f Use ::class in SpecialAbuseFilter
This is a simple change but with tons of benefits:
 - Easier to track usages for IDEs
 - Easier to understand in static analysis (phan)
 - Can be analyzed by phpda
 - Ensures no typos
 - These classes can be namespaced without affecting readability here

Change-Id: Ic04d19dfbe9184baf2ef4bac53011521e2e44953
2020-10-02 12:55:19 +02:00
Matěj Suchánek ce41ddb85b Remove void unset statement
The key isn't set in the above declaration.

Change-Id: If256acc85913fca10062d00e46092e298b6553f7
2020-10-01 15:01:06 +02:00
Daimona Eaytoy 752492c2ba Use null defaults for search options on Special:AbuseFilter
- Use null instead of empty strings
- Check the mode, and not the pattern, to decide whether the user
  searched for something
- The call to parent::__construct can now be moved up
- Note in a comment how this code is problematic due to "smart"
  constructors
- Avoid caching the headers, as that's not going to work anymore.

Change-Id: I420ab0215d53354a67d9d130ebd8d85dfbd2778b
2020-10-01 13:35:36 +02:00
jenkins-bot edb1c5289a Merge "Integrate with Renameuser" 2020-10-01 11:33:08 +00:00
Matěj Suchánek 65708afcea Integrate with Renameuser
Register abuse_filter and abuse_filter_history tables.
abuse_filter_log is more difficult (if possible).

Bug: T27377
Bug: T206477
Change-Id: If8289101a08887519d5a90ef84700421b8ed2406
2020-10-01 08:10:22 +00:00
Matěj Suchánek f851b529b3 Deduplicate instance variables in Pagers
These have been saved in the parent class for quite some time.
Refactor accessors in method overrides.

Change-Id: I9819caa5ab87ac3a8e47efb32b00d89c3e2a61af
2020-10-01 08:05:49 +00:00
jenkins-bot fa412f4e7e Merge "Rewrite the VariableHolder code to translate deprecated variables" 2020-09-30 09:10:37 +00:00
Daimona Eaytoy 1bdf4e5351 Rewrite the VariableHolder code to translate deprecated variables
The current code was more of a subpar, temporary solution. However, we
need a stable solution in case more variables will be deprecated in the
future (T213006 fixes the problem for the past deprecation round). So,
instead of setting a hacky property, directly translate all variables
when loading the var dump. This is not only stable, but has a couple
micro-performance advantages:
 - Calling getDeprecatedVariables happens only once when loading the
   dump, and not every time a variable is accessed
 - No checks are needed when retrieving a variable,
   because names can always assumed to be new

Some simple benchmarks reveals a runtime reduction of 8-15% compared to
the old code (8% when it had varsVersion = 2, 15% for varsVersion = 1),
which comes at no cost together with increased readability and
stability. It ain't much, but it's honest work.

Change-Id: Ib32a92c4ad939790633aa63eb3ef8d4629488bea
2020-09-29 15:06:14 +00:00
jenkins-bot 32baa3a166 Merge "Hide rule search if global filters are to be shown" 2020-09-29 14:18:17 +00:00
jenkins-bot 7a684c487c Merge "Move some misplaced AbuseFilterParser entry points" 2020-09-29 13:51:17 +00:00
jenkins-bot 261e551856 Merge "Fix check for central wiki" 2020-09-29 13:25:03 +00:00
Matěj Suchánek aa7f381bca Fix check for central wiki
It should be the other way around.

Change-Id: Ia55c70a9f5ac17d791352899ee0d38c4969ea6dd
2020-09-29 12:59:34 +00:00
Matěj Suchánek 86ad51a57a Hide rule search if global filters are to be shown
When the user selects to see global rules and it's a remote wiki, hide the rule search field. (Note that the list of search modes needs to listen to this setting as well.)

This was discussed during reviewing I0771fa048.

Also move local/global filters setting to the top as it's more important than that for disabled and deleted filters (which will both stay together).

Change-Id: I0912aa1f5d7a5d75e6ae5a2a3362b8d38260c611
2020-09-29 13:49:11 +02:00
Daimona Eaytoy 55ba083b13 Introduce a KeywordsManager service
This will decouple a bit the huge and chaotic tangle of AF classes. Some
boilerplate code for AbuseFilter services is also added with this patch.

Note that this requires injecting a KeywordsManager in
AbuseFilterVariableHolder, or unit tests would fail. This is still
incomplete, and the Manager is only injected in tests, because
VariableHolder still has to be refactored.

The test for the UpdateVarDumps script had to be updated, because
serializing VHs in there was a bad choice. As pointed out in a comment,
the test is likely going to break again once we remove the BC code, but
I hope that we'll be able to remove the test at that point.

Change-Id: I12a656a310adb8c5f75cab63f6db9e121e109717
2020-09-28 23:03:52 +00:00
Daimona Eaytoy a1626a0d7f Move some misplaced AbuseFilterParser entry points
These methods had no reals reason to be static and belong to the
AbuseFilter class. Most of them were moved to Parser class as common
variations of the existing entry points. One was specific to the
EvalExpression API module and was moved there.

This change comes at no cost, and will make it possible to inject a
parser where needed.

Change-Id: Ifd169cfc99df8a5eb4ca94ac330f301ca28a2442
2020-09-29 00:36:08 +02:00
Daimona Eaytoy 8fa9e6625a Add tests for 'upload' action
This adds some coverage for the *VariableGenerator classes. It's still
not perfect, but something to start with in sight of future
refactorings.

Bug: T201193
Change-Id: Iafa85fb8623ea278ce6e42118df72751806382c2
2020-09-28 11:53:53 +00:00
jenkins-bot f07f7348ee Merge "Move link to /import in a button on ViewList" 2020-09-27 08:50:58 +00:00
Matěj Suchánek 5fcb826519 Hide rules search options if the pattern is empty
This reduces the consumed space if the user is not going to search through filter rules.

Change-Id: Ic53edeab75f8110871bdf69afc1184ea7d72cee9
2020-09-25 17:47:34 +02:00
Martin Urbanec eeb7ee8cef HookRunner: onAbuseFilterGenerateUserVars should run generateUserVars
Bug: T263750
Change-Id: I23751b78f363f35ca47f9af5c0c70129c838f4c6
2020-09-24 16:40:03 +02:00
jenkins-bot a9309c9921 Merge "Revert "Drop duplicate index wiki_timestamp"" 2020-09-23 11:06:12 +00:00
Daimona Eaytoy 01cc79e1d4 Revert "Drop duplicate index wiki_timestamp"
This reverts commit 6a268e7339.

Reason for revert: Ic1252efe9f96743d9402fa31a7b2dca1f57ff6ae ended up not renaming the index, so this patch removed an index that was still in use.

Change-Id: Ide4a600a57bcfa4da0c7354b972cc89709ccd660
2020-09-23 10:39:19 +00:00
jenkins-bot b6c21df589 Merge "Inject a user into RCVariableGenerator" 2020-09-22 12:10:29 +00:00
jenkins-bot 8e75557ac8 Merge "ViewTools: hide the result box when empty" 2020-09-22 11:59:21 +00:00
DannyS712 801e1f57e5 Inject a user into RCVariableGenerator
Needed in ::addUploadVars

Bug: T263033
Change-Id: Iedde4a39dcc3192616e36a45690a0619efeb7309
2020-09-21 16:15:21 +00:00
Alexia E. Smith 422b77ab0e Actually apply patch-afl_change_deleted_patrolled.
This fixes the abuse_filter_log patch-afl_change_deleted_patrolled
not being applied. The patch is provided for (and should work with) all
the supported DBMS.
Additionally, fix the base table files, which would report
afl_patrolled_by as 'NULL', whereas on the WMF cluster it's 'NOT NULL
DEFAULT 0'. The schema patch takes care of converting that column as
well.

Note that this schema change needs not be applied on the WMF cluster, as
that's already up-to-date.

Finally, note that this patch must be backported to 1.33 and 1.34 (and
it might be fairly hard due to the recent schema changes on the
abuse_filter_log table).

Bug: T240895
Change-Id: Ibdbc9b50c25b9e871ebdeae93a54d10877b585f8
2020-09-21 14:52:22 +00:00
jenkins-bot ed160a69a7 Merge "Let sysops see difflinks to deleted revisions on Special:AbuseLog" 2020-09-20 14:44:16 +00:00
jenkins-bot 6140d688f7 Merge "parser: Add a BC option to get DNULL for unset variables" 2020-09-20 13:58:27 +00:00
Matěj Suchánek 4605baa289 Let sysops see difflinks to deleted revisions on Special:AbuseLog
Bug: T261630
Change-Id: I01eeecea28cbd3520702155860b340ea673bab0d
2020-09-20 15:41:12 +02:00
Daimona Eaytoy c1b4f1084c ViewTools: hide the result box when empty
The <pre> element is now hidden with CSS, and is only shown after the
user clicks the "Eval" button.
Moreover, make the button primary and progressive, as to indicate that
it activates the primary function of that page.

Bug: T253492
Change-Id: I300ce6ec0a84ea73025a5af9173024df7c291e03
2020-09-19 12:37:06 +00:00
Matěj Suchánek f1ecdd4aff Inject PermissionManager to SpecialAbuseLog
Change-Id: I1c80490567ac2d9f716c988ebdad6b59cf28aa06
2020-09-18 23:22:11 +00:00
jenkins-bot f1ab4a1777 Merge "Cleanup abuse log code and join it with revision" 2020-09-18 23:05:37 +00:00
Daimona Eaytoy f8c9b8fa36 Move link to /import in a button on ViewList
We have many topnav links, and future patches may add others (e.g.
Ia5fd4f0b35fcabf045a7b49fa40fa85b72c92544). The "import" feature is
probably the less used, and is also pretty similar to creating a new
filter.
Thus, remove its link from the topbar and move it to a button next to
the "Create a new filter" button.
Note that the old message is reusable, and thus it should be moved on
translatewiki after merge.

Change-Id: I52042d62b2bab7e4a1e9bbc027e7de5addec8157
2020-09-18 14:59:00 +00:00
Daimona Eaytoy 8a7a576cb0 ViewEdit: account for empty actions in imported data
Empty actions are JSONified as [], not {}, hence they're not objects.

Bug: T252181
Change-Id: Ieb5e315ad87bd3a489ade26f5f0dd202810ae896
2020-09-18 14:52:43 +00:00
Daimona Eaytoy e5746bbb0e parser: Add a BC option to get DNULL for unset variables
While checking a filter, if a variable is not set (e.g. added_lines for
an account creation), the VariableHolder will return a DNULL, rather
than a DUNDEFINED. This means that some filters will resume working, and
the WMF servers will stop getting AF warnings at a rate of 4 millions per
day. This also requires adjusting some tests to reflect the new
behaviour (which is actually the OLD behaviour, that filters had until
last year when we introduced the DUNDEFINED data type). It also requires
adjusting a check in the old parser, but that's not really relevant
because the plan is to remove the old parser before 1.36 is released
(see I0e75f334c7e0dfc1239f2e5f5f7d7452b0bbf29e).

Bug: T230256
Change-Id: I4d06303047397674c1edbfc32628f1bc83ac3340
2020-09-18 15:05:58 +02:00
jenkins-bot 36a0f41873 Merge "Add separate abusefilter-log-search-filter-help-central message" 2020-09-18 07:55:02 +00:00
DannyS712 a75e01dcb6 Add separate abusefilter-log-search-filter-help-central message
On the central abuse filter wiki, show a different help message

Bug: T238510
Change-Id: I7f60e279f0301b1636e19a31535cb3bac87c241a
2020-09-17 23:50:35 +00:00
Umherirrender bd45434102 Add MessageLocalizer to AbuseFilter::getActionDisplay
Avoid global state when parsing messages

Change-Id: Ib65182f6d41430fb87337082a16b8006a73fe95d
2020-09-17 22:45:52 +02:00
jenkins-bot 3f8e61b42f Merge "Allow Blockautopromote duration to be configured for wikis." 2020-09-17 17:53:06 +00:00
DannyS712 bf74fd0c23 Allow Blockautopromote duration to be configured for wikis.
Rather than always using 5 days, the length (in days) can be configured by setting
`AbuseFilterBlockAutopromoteDuration` to the desired length.

Bug: T231756
Change-Id: I996e08a9099ab59657fe511ec2934d26edfa5c7b
2020-09-17 17:19:00 +00:00
Matěj Suchánek 02962b9665 Cleanup abuse log code and join it with revision
This is an intermediate step for better "diff" links
on abuse log. With this first change, only links
to existing revisions are shown.

Change-Id: Ib420d46fd34dc38d8c7fd3d511a905738e49db0b
2020-09-17 16:36:31 +02:00
jenkins-bot 12586812c2 Merge "Hide "User:" prefix from autopromote log entries" 2020-09-17 11:26:57 +00:00
jenkins-bot 6bf5e2ce6f Merge "Standardize the order of options in dropdown filters for search" 2020-09-17 11:26:55 +00:00
Matěj Suchánek cba29fe85b Hide "User:" prefix from autopromote log entries
Bug: T247173
Change-Id: I40aa888bc45d8274d03eb7ead7bedaf1d087fb1c
2020-09-17 12:12:00 +02:00
DannyS712 9c1868d55e Update hook calling to use new HookContainer
Bug: T254306
Change-Id: Ic5c82a367e34135bbc0f00ece5aeef4f2d92881b
2020-09-17 10:05:45 +00:00
jenkins-bot 001d8b92fb Merge "Hardcode 'abusefilter-view' right when adding CU log entry" 2020-09-15 11:16:33 +00:00
jenkins-bot 91f4a1e5a8 Merge "AbuseFilter: Remove duplicate filter log link" 2020-09-15 01:44:59 +00:00
proc 3e5b9f18fd Hardcode 'abusefilter-view' right when adding CU log entry
Bug: T255506
Change-Id: I397e1160d0fee28873ff73404fefa8edd08652ac
2020-09-15 01:20:12 +00:00
DannyS712 1601bbf0f6 Reduce direct references to $wgUser
Bug: T246733
Change-Id: I2c919fcb01476e8299e15046789023b42cccc6ee
2020-09-13 22:49:46 +00:00
C. Scott Ananian 1bd6f2aa94 AbuseFilterViewEdit: only invoke Language::filterNum on a numeric string
Bug: T237467
Change-Id: I9dcbe91fa926dba1cfd24d9bf075ee1ebef36b9e
2020-09-09 01:38:20 -04:00
Umherirrender f932ba8328 Use LinkBatchFactory in Special:AbuseLog
Change-Id: I2ccf9cd36475a65e61ad0e80ec159f841849089f
2020-09-06 09:31:49 +00:00
Ammar Abdulhamid 679c777c33 AbuseFilter: Remove duplicate filter log link
For history action, the link would be already added by
HistoryPageToolLinks hook, so it should not be duplicated by this hook.

See images on https://phabricator.wikimedia.org/T261087#6430172

Change-Id: Ia8dd5be49d3ffb48f298ea287e0b2f98c3052015
2020-09-03 17:55:42 +01:00
jenkins-bot 03f1190bf9 Merge "SpecialAbuseLog: Add redirect=no to page link" 2020-08-31 06:34:01 +00:00
jenkins-bot 08f68c77c2 Merge "Use LogFormatter::getLinkRenderer in AbuseLogHitFormatter" 2020-08-29 00:23:40 +00:00
Umherirrender 64ef0fe00c Use LogFormatter::getLinkRenderer in AbuseLogHitFormatter
Available since 1.30

Change-Id: Ia5e0d5561692f78ac91feca5dddcb67d2809a9ba
2020-08-29 00:03:26 +00:00
DannyS712 f06a632c3d SpecialAbuseLog: Add redirect=no to page link
Bug: T247615
Change-Id: Ifa8f7b949336ae735fd0067dbc2dec15748be7cf
2020-08-28 23:19:54 +00:00
DannyS712 bf0ed6d631 Fix abusefilter-log-cannot-see-private-details
Should be privatedetails, not private-details

Change-Id: I58d8f0ce760e92739876cc783b8dd4258965cd1e
2020-08-28 21:29:37 +00:00
jenkins-bot e5cefc7d18 Merge "Hard-deprecate a few methods in the AbuseFilter class" 2020-08-25 23:48:33 +00:00
Daimona Eaytoy f673a04026 Add updateVarDumps to update.php
This shouldn't happen before the script has been tested thoroughly on
WMF wikis with --dry-run.

Bug: T213006
Change-Id: I51425c85bd6932a5c60eb870b02195aae1c24117
2020-08-25 12:49:00 +00:00
jenkins-bot 14be09701b Merge "Use $user param when filtering edits" 2020-08-20 07:10:52 +00:00
Daimona Eaytoy 28ea0e525a Use $user param when filtering edits
This can be different from the User set inside the $context object, as
seen e.g. in Wikibase jobs. Given that the hook provides a $user param,
it makes more sense to use that, rather than extracting it from the
ContextSource kitchen sink.

Bug: T258717
Change-Id: Ib5961068d3df6ae2bfc3f9c6a7b9e555d248b332
2020-08-19 14:24:57 +02:00
Daimona Eaytoy 5faea5ee58 Add BC hack for some 2009 AbuseLog entries causing a fatal error
Some AbuseLog entries from 2009 are missing the 'timestamp' parameter
used to compute the old wikitext of the page. This was only used for a
short amount of time before
https://phabricator.wikimedia.org/rEABFd1d27eede6536067c5180b2515ea937d71525d4d.

Nowadays, it's causing a fatal error when we try to migrate the affected
entries, see T246539#6388362.

Since we only have a Title available, we cannot rebuild what the old
wikitext would look like, so a placeholder text is used (this should
hopefully be clearer than showing an empty string).

Bug: T246539
Change-Id: I5230f2fdc84da121728a5a75da458f1a4ef1ecd3
2020-08-19 12:37:40 +02:00
C. Scott Ananian a135c2f4da Remove calls to ParserOptions::setTidy()
ParserOptions::setTidy() was already a no-op in MW 1.35, and
AbuseFilter already requires MW >= 1.35 in extension.json.
ParserOptions::setTidy() was deprecated in MW 1.35 and will be removed
in a future release.

Bug: T198214
Change-Id: I269e829cf1f33e233bfcf7f95388e041180c2556
2020-08-12 23:39:36 -04:00
Umherirrender e10b7e4208 Fix broken PHPDoc comments not starting with /**
Change-Id: Id9579ad6ca4dc75921e8fd4aaaccdffd530c2e35
2020-08-09 01:04:29 +02:00
Timo Tijhof 314a1f419f Avoid use of unfiltered 'getTraceAsString' in debug logs
These render string arguments with potentially sensitive information
that we don't want to store in debug logs. Use the standard
'exception' field instead per T233342, letting the central
logic be in charge of creating 'exception.trace' with the normalised
trace rendering and filtering logic we have there.

Bug: T233342
Change-Id: I4620f36229fd5076b4370d20149c890030bf4c64
2020-07-23 22:41:27 +01:00
proc a31f4e46af
Strict type comparison
Bug: T248806
Change-Id: I039ab7f103bb37052987b815412b71f70643a6d2
2020-06-27 15:55:57 +01:00
Huji Lee b523b71fc3 Standardize the order of options in dropdown filters for search
Any should always be the first choice. Other/None should always be
the last choice. The rest of the choices come in between and should
be sorted alphabetically.

Also capitalize the first letter of "None" for filtering logs down
to those in which no action taken. This makes the options uniform.

Bug: T255533
Change-Id: Id106bbc352531437af95a303b7dcf32e44383f95
2020-06-25 19:01:16 +00:00
Daimona Eaytoy 3d06e2d165 Hard-deprecate a few methods in the AbuseFilter class
All usages fixed, see https://codesearch.wmflabs.org/search/?q=AbuseFilter%3A%3A(generate%7CgetEditVars)&i=nope&files=&repos=

Depends-On: I49c635efbe46820e6340f64504f3bc417b78dde3
Change-Id: I45d11b2b015f4abf1ec9cedd14355f9c1c049bba
2020-06-23 14:48:42 +02:00
Ostrzyciel 99e2766f26 Update PageSaveComplete hook to use EditResult
Bug: T254074
Change-Id: I3922d9a92242c9a6469058a2a2c2a95891e9e429
2020-06-23 14:25:38 +02:00
Umherirrender c55a12993d Handle null from VariableGenerator::getVars in AbuseFilterViewExamine
Bug: T255633
Change-Id: I94ce4303d9250b84181b1cb230e680c2351d887b
2020-06-17 19:42:58 +02:00
DannyS712 4b35336638 Update hooks to use PageSaveComplete
Extension requires MW 1.35+, always available

Bug: T250566
Change-Id: I60cf3cc42db989d8ccb0d06d3cf9eae8a85784ac
2020-06-16 04:18:39 +00:00
Daimona Eaytoy 6a268e7339 Drop duplicate index wiki_timestamp
For MySQL it was renamed Ic1252efe9f96743d9402fa31a7b2dca1f57ff6ae, but
the old index isn't being deleted, hence creating a duplicate.

Change-Id: I09b9f64759f6a897c393caa77458d63995d5713b
2020-06-12 19:34:41 +02:00
Umherirrender 6e2d7931a5 Pass function name to database functions
Useful for logging

Change-Id: Ib6b3ad814dd24d31aab37be486ff32d3f57c7905
2020-06-07 01:54:41 +02:00
jenkins-bot 1f72bc838c Merge "Do not abuse RCDatabaseLogEntry" 2020-06-05 12:08:05 +00:00
Umherirrender 82f549bed9 Do not abuse RCDatabaseLogEntry
When using RecentChange::getQueryInfo() it should be used to instance a
RecentChange class
RCDatabaseLogEntry is only useful in context of LogFormatter

This is a breaking change for the hook variable,
but "RC entry" refers more to the RecentChange class than to the
RCDatabaseLogEntry class

Change-Id: I3af1e42594f8235be815ce38e3411c762ae01092
2020-06-04 21:28:23 +00:00
libraryupgrader ef7f867f35 build: Updating mediawiki/mediawiki-phan-config to 0.10.2
Additional changes:
* Removed phan-taint-check-plugin from extra, now inherited from mediawiki-phan-config.

Change-Id: Ib63be75df4bfdbd2c5b97de5f80dbec715108c01
2020-06-02 21:33:38 +00:00
Daimona Eaytoy b9346a3eba runner: Improve blocking methods
This is necessary for future improvements.

Bug: T234164
Change-Id: Ia334cdc84ac1408ad72ffd8c87c958ae7deebb54
2020-05-28 18:42:31 +00:00
Daimona Eaytoy 61efc9ad87 runner: Move the filtered action to a class prop
Change-Id: I4d7666f5e2a5df0e0ed8d38855cbd32c8518a28f
2020-05-28 16:17:34 +00:00
Daimona Eaytoy 8d435ee463 Make the form on Special:AbuseLog collapsible
The form is now collapsed by default, as that seems to be the most
common way to do that.

Bug: T252584
Change-Id: Ie3fa3d2858519e6bc03854a12f90f76a684e7648
2020-05-14 18:56:53 +00:00
DannyS712 4844bfe26a Use ParserOptions::newFromUser() instead of relying on global $wgUser
Bug: T246861
Change-Id: Ie304f962c8d1e23c897e87471990db85a7d909de
2020-05-11 14:27:36 +00:00
Reedy 7a2373f7d8 Remove some SQLite specific files
Bug: T251613
Change-Id: Ic1252efe9f96743d9402fa31a7b2dca1f57ff6ae
2020-05-04 17:50:18 +00:00
jenkins-bot b118fd50dc Merge "Improve var dumping in /details, /examine and /tools" 2020-04-29 20:00:54 +00:00
DannyS712 1b65bd1862 Remove a remaining use of Revision objects
Remove use of Title::getFirstRevision and Revision::getUserText

Bug: T249393
Bug: T250579
Change-Id: I0f77b124a0c7de1dec6baf4c997e0997ecdd55f8
2020-04-23 18:39:20 +00:00
Daimona Eaytoy 1d6b9f6617 Add new methods for checking DUNDEFINED recursively, use them
The problem is explained at T250570#6068702; basically, the previous
check didn't account for DUNDEFINED nested deep inside arrays.

Bug: T250570
Change-Id: Iacee2db54ca00108de6339bb3dae70af7e2eeb56
2020-04-19 13:58:14 +02:00
Aaron Schulz 6375287964 Cleanup unique keys parameter to IDatabase::replace() calls
Bug: T248147
Change-Id: Ic355dece67eda323e5c6129ef4d1275c1235fb9a
2020-04-17 15:10:27 -07:00
Daimona Eaytoy 4c98aecf4d Improve var dumping in /details, /examine and /tools
Using var_export for better visual effect, especially for arrays.
The result from /tools is much clearer and the 'wrong syntax' message is
a bit more explicative than before.

Bug: T190653
Bug: T239972
Change-Id: I79a17305c7f19f7900f896f895e9365bb5f2fd58
2020-03-28 17:35:43 +01:00
DannyS712 25fd11f7ac Use lowercase for primitive type 'string'
Change-Id: I65d322ffbed399fddb1fbf3cb25272e812171a46
2020-03-20 16:00:05 +00:00
ArtBaltai 096fe88993 Replace usage of deprecated Page in favor of WikiPage/Article
Use Article instead object/Page
delete deprecated unused method

Bug: T239975
Change-Id: Ic3c8e3bee66c63177f51621bf727029a87b51105
2020-03-19 04:03:15 +03:00
Daimona Eaytoy cd1a8efb90 Minor fixes for the updateVarDumps script
- Increase batch size to 500
- Add an option to print progress markers
- Fix some bad logic which caused some JSONified data to be stored in
the text table without checking (and respecting) old_flags. This caused
some errors on the beta cluster.

Additionally, add a return typehint to AbuseFilter::loadVarDump to make
sure that errors are caught asap. Not only there's no apparent way that
loadVarDump can return an array, but most code is already using the
result as a VariableHolder, unconditionally. This is probably another
leftover from the past.

Bug: T213006
Bug: T246539
Change-Id: Iaebd28badb70d27693fa809cad4db956881e3e5e
2020-03-03 18:31:52 +00:00
jenkins-bot 76f8cb0ced Merge "Add fixOldLogEntries to update.php" 2020-02-28 18:35:01 +00:00
jenkins-bot 7e66b01cf3 Merge "Factor out get(Local|Global)Filters methods" 2020-02-27 20:33:56 +00:00
Daimona Eaytoy c9a4146f2c Add fixOldLogEntries to update.php
Already done in WMF production, see T228655.

Bug: T208931
Change-Id: Id477387d1607e263a6bf054060dc6dd440e88467
2020-02-27 18:19:50 +00:00
jenkins-bot 08c0a3f482 Merge "ViewEdit: add af_id to the row" 2020-02-26 16:53:35 +00:00
jenkins-bot b28e9e8c1f Merge "Start using new format for var dumps" 2020-02-26 16:51:02 +00:00
jenkins-bot 22adab7159 Merge "Stop using the Revision class" 2020-02-26 16:47:37 +00:00
Daimona Eaytoy f454e60e83 Start using new format for var dumps
Migrating old log entries is I22cf698c5be77506727cbd227c67e037a5d89b5c.

Bug: T213006
Change-Id: I3242acd5c5163a941f584d6119e3ad3b3cad8c29
2020-02-26 16:03:38 +00:00
jenkins-bot 8de3ecdb89 Merge "Replace usage of deprecated Page in favor of WikiPage/Article" 2020-02-26 15:49:19 +00:00
Daimona Eaytoy 518c176754 Stop using the Revision class
Change-Id: Ie257c9b1ea94dcadce59f4541d5947465262bd75
2020-02-26 15:39:12 +00:00
Daimona Eaytoy fe28aff82a ViewEdit: add af_id to the row
A PHP notice is sporadically emitted in production, e.g. reqId XlVEMgpAMNAAA6zMVhQAAACV

Change-Id: Ie42d00c6520aa31daf127c5df9515a3ab01d986f
2020-02-26 15:27:54 +00:00
Daimona Eaytoy b9a1e86245 Remove old number syntax
Bug: T212730
Change-Id: I7573da1683efc83b5002b8948c97dd7f6658a488
2020-02-25 23:38:19 +00:00
Daimona Eaytoy 1bac110205 Remove dependency on $wgRestrictionTypes
This was used to dynamically generate *_restriction_* variables.
However, it had two big problems:
 - We only have i18n for 'create', 'move', 'edit', and 'upload' (the
 default value of the global); other restrictions would show missing
 messages in various pages.
 - We had to access the global state in various points.

This change also makes some code in AbuseFilterVariableHolder simpler,
and also allows us to make AbuseFilterTest a unit test.

Change-Id: I321ad6e07f8243200af67a581b6e485970efd3ce
2020-02-25 23:17:54 +00:00
jenkins-bot e802e6556d Merge "Add string typehint to $summary in onParserOutputStashForEdit" 2020-02-25 22:56:27 +00:00
ArtBaltai 22925c5344 Replace usage of deprecated Page in favor of WikiPage/Article
Complete WikiPage/Article split and deprecate Page interface
Using actual WikiPage/Article contract

Bug: T239975
Change-Id: I343c3ca2e30715656950cab49c6470061c72b9a0
2020-02-26 01:03:49 +03:00
Ammar Abdulhamid 323fe4666c Draw suppression reason from Revdelete-reason-dropdown-suppress
Bug: T245990
Change-Id: Ic5adcf4e6693cb5b4c849156e54d97cf35b70dee
2020-02-24 14:06:43 +01:00
Daimona Eaytoy aa15267c79 Add string typehint to $summary in onParserOutputStashForEdit
Bug: T245928
Depends-On: I8fa287f335e90a59ac18365e7401a5cf703130a3
Change-Id: Ia075e4bdf3a3f011a181c8026ff1cdb8e186f096
2020-02-22 19:27:05 +00:00
jenkins-bot 76a1be97a4 Merge "Add site name and language variables" 2020-02-10 19:06:01 +00:00
jenkins-bot b6ca1402d0 Merge "Rename addStaticVars and related hook" 2020-02-10 19:03:34 +00:00
Daimona Eaytoy 0d2cab0deb Validate imported data
At the moment there's no validation for import data, so it's totally
possible to insert rubbish in the field, and the code will produce other
rubbish. For instance, it's not so uncommon to see lots of PHP notices
on logstash for ViewEdit code trying to access members of the imported
data as if it were an object.

Change-Id: If9d783f0f9242d3d1bc297572471e62f51ee0e40
2020-02-10 18:41:36 +00:00
Daimona Eaytoy 57415d8a31 Fix PHPNotice caused by missing row fields
Follow-up Ie9aae938cca06e38a7a834a3f74f3e8735ab01ee.

Some fields are actually necessary when the filter isn't saved. This
would cause PHP notices when showing the editor again.

Change-Id: I2b9e0f04b3e8ad4eea8e334e16ee422bb40f0eb5
2020-02-09 13:36:36 +00:00
Daimona Eaytoy d9ae71f578 Add site name and language variables
In T43172 it was told that adding the site name could increase the risk of
attracting more spam, but I don't see how this variable could cause that.

Bug: T240948
Bug: T97933
Change-Id: I1d2aeabaf008ac06798b8d7e4af7d61ae1702776
2020-02-09 14:32:02 +01:00
Daimona Eaytoy 661a77f0eb Rename addStaticVars and related hook
This code was introduced with Iba59fe8d190dd338ecc8cfd682205bce33c9738b
and is unused since then. The name should highlight that those variables are not
supposed to be "static", i.e. immutable. Examples are: timestamp, spam
blacklist, site name, site language. These are not immutable, but rather
"generic", and they're known even without an ongoing action.

Also add an RC row param and update docs.

Change-Id: I402f04585e9154059fc413e527e39dcb8e6b3d7c
2020-02-09 14:29:08 +01:00
jenkins-bot 391bbee53c Merge "Fix some edge cases in ViewEdit" 2020-02-08 16:36:19 +00:00
jenkins-bot c0b58d7699 Merge "Factor out variables-related methods" 2020-02-08 14:42:13 +00:00
Daimona Eaytoy 0834f37e42 Fix some edge cases in ViewEdit
Follow-up Iabd0ae5b18571f8cad44ef2d86bcf2519e7f95ba.

This patch:
 - Moves some save-related code to a separate method
 - Reduces conditionals nesting
 - Fixes an edge case where the content of the form would be
 wiped in case the token didn't match.
 - Adds another (basic) selenium test
 - Standardizes return types
 - Moves data load outside of buildFilterEditor

Change-Id: I89444b59f04c495c9ab59244151c8ed5d38cf0fe
2020-02-08 15:35:46 +01:00
jenkins-bot 430058f2c0 Merge "Avoid keeping superfluous row properties" 2020-02-07 21:26:34 +00:00
jenkins-bot 02cd866f53 Merge "Refactor data load in ViewEdit" 2020-02-07 21:26:32 +00:00
Daimona Eaytoy 3f83e57ad7 Factor out variables-related methods
This is another step needed to reduce the size of the gigantic
AbuseFilter and AbuseFilterHooks classes. It also makes many methods
non-static, for more testability.

Note, this layout is still not final. We should somehow merge the
functionality of VariableGenerator and AFComputedVariable, for which
I already have plans.

Change-Id: I366d598b69ad866496b7cb0059e0835c02e54041
2020-02-07 20:27:26 +00:00
Daimona Eaytoy 1686042a91 Move variable generators to new classes
RunVariableGenerator is for generating variables based on the current
action;
RowVariableGenerator is for RC entries;
VariableGenerator is the generic one.

This patch only moves the methods to the new classes, to keep the diff
easier to read, and facilitate conflict resolution. These classes will
then be revamped in I366d598b69ad866496b7cb0059e0835c02e54041.

Note that these classes are now namespaced.

One method, AbuseFilter::getEditVars, was renamed to
AbuseFilterVariableGenerator::generateEditVars, because it would
otherwise conflict with an incompatible method in RunVariableGenerator.

Change-Id: Iff412e5492873d4fae55402939a51609e64d55a8
2020-02-07 19:44:31 +00:00
Daimona Eaytoy 6b7be78534 Use RCDatabaseLogEntry as wrapper in get*VarsFromRCRow
This provides various shortcuts for user, target, comment, etc.,
avoiding direct access to the row, and thus a dependency on the
schema.

Change-Id: I250f94e0ac6cade33441a31ae8a27093a4d937a0
2020-02-07 19:19:10 +00:00
Daimona Eaytoy 472d1221bd tests: Increase and rebalance code coverage
Also fix a couple of broken tests in Consequences:
 - For createaccount, $user->addToDatabase must be called before
   testForAccountCreation, or it will throw a CannotCreateActorException.
 - In testThrottleLimit, also set wgAbuseFilterEmergencyDisableThreshold
   to avoid relying on the local config.

Bug: T201193
Change-Id: If1a50b0a729e4d554485f2e2225d5877510966b6
2020-02-07 18:32:17 +00:00
libraryupgrader a14ec744f7 build: Updating composer dependencies
* mediawiki/minus-x: 0.3.2 → 1.0.0
* mediawiki/mediawiki-phan-config: 0.9.0 → 0.9.1

Change-Id: I119f4d56cce674302f34e938e598e6cc6bf28dc0
2020-01-28 17:51:38 +00:00
Ammar Abdulhamid 641aeebbcf Replace deprecated IP class with IPUtils
Bug: T242556
Change-Id: If8e9034885726b673d1500fa8b538b5302e66165
2020-01-24 18:27:26 +01:00
Daimona Eaytoy 102789f62a Avoid keeping superfluous row properties
Most of them are overwritten either in ViewEdit::loadRequest or
AbuseFilter::saveFilter. af_hit_count and af_throttled are actually
relevant for the old version, so list them explicitly. And also add
default af_group and af_global, which are later read, for import action.

Depends-On: Iabd0ae5b18571f8cad44ef2d86bcf2519e7f95ba
Change-Id: Ie9aae938cca06e38a7a834a3f74f3e8735ab01ee
2020-01-23 12:50:03 +00:00
James D. Forrester bdef1200f8 Follow-up 87459ec: When no registration date is recorded, use 2008-01-15
Before the phan upgrade, this was silently choking on null as so falling
back to age since 1970-01-01 (~50 years); since the upgrade, the code is
breaking filters by responding with 0. The approximation of using 2008's
Wikipedia Day is less wrong and more fun (credit to Roan for making this
suggestion).

Bug: T243469
Change-Id: Ibc25ab09ecd0bf0b2292425c2768b1dc911b9974
2020-01-22 15:38:09 -08:00
jenkins-bot 5db1032618 Merge "Simplify throttling code" 2020-01-22 17:19:52 +00:00
jenkins-bot 81fd6af030 Merge "Actually record all filters in total_filters" 2020-01-22 17:19:50 +00:00
jenkins-bot 70d31da673 Merge "Stop using deprecated stuff with easy replacements" 2020-01-22 16:44:57 +00:00
Daimona Eaytoy 53b9f38888 Refactor data load in ViewEdit
Instead of having a single loadRequest method (which could end up
loading from the DB...), split it in a DB-only method and a request-only
one. Simplify the logic used to show the filter editor. Show the page
without changes or warnings if the user lost editing rights in the
meanwhile. Avoid two static properties, and pass them in when relevant
instead. Bonus: optimize a query to sort by afh_id instead of afh_timestamp to avoid filesort.

This will allow a subsequent patch to clean the $row object in
loadRequest.

Change-Id: Iabd0ae5b18571f8cad44ef2d86bcf2519e7f95ba
2020-01-21 14:15:41 +01:00
Daimona Eaytoy e9fe252def Fix remaining PHPCS issues
Mainly, add visibility modifiers on constants.

Change-Id: I41e8e2d691b2bad6ea6f244d54517d37d7783181
2020-01-21 12:36:37 +00:00
libraryupgrader 1d911b8187 build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 28.0.0 → 29.0.0
  The following sniffs are failing and were disabled:
  * MediaWiki.Commenting.FunctionComment.MissingParamTag
  * MediaWiki.Commenting.FunctionComment.ParamNameNoMatch

npm:
* eslint-config-wikimedia: 0.13.1 → 0.15.0
* grunt-stylelint: 0.11.1 → 0.13.0
* stylelint-config-wikimedia: 0.6.0 → 0.8.0

Additional changes:
* Remove direct "stylelint" dependency in favor of "grunt-stylelint".
* Also sorted "composer fix" command to run phpcbf last.
* Removing manual reportUnusedDisableDirectives for eslint.

Change-Id: I8f73202db1333fbc36ccf556b3bb05b1e8c279cb
2020-01-21 07:38:54 +00:00
Daimona Eaytoy d8cb1a33a0 Factor out get(Local|Global)Filters methods
This is a preparatory step for T234427 (although not strictly related),
and in the future it will enable us not to use the DB in several tests.

Change-Id: Id069f6e74f9c4df43b3a602d4224473d5ca68ed1
2020-01-20 17:13:06 +01:00
Daimona Eaytoy 87459ec679 build: Upgrade phan
Depends-On: I6d538ce3ca7fd2d495c2bafbab7cc279da69db1c
Change-Id: Ic8c3a01a5c37fdf461f4fd5598e597eb9c9073d3
2020-01-19 18:48:51 +00:00
Daimona Eaytoy 44ea3aa7f4 Fix generation of HTML vars, simplify tests
-new_html: also strip the "Transclusion limit" comment if present, and
anyway take it into account (as well as a "</div>"), which right now
prevent the PP limit report from being stripped as well.
-new_text: trim extra whitespace on the right, which is created when
stripping the aforementioned comments.

Also simplify the test for getEditVars, make it not blindly copy what
AFComputedVariable does.

Extra: kill a temporary variable.

These changes are partly taken from
I96785c6c5fdf381c21d5f8930ee12e706abb7f3f.

Change-Id: I2b4c84a3d9d0d17ce229088197b75781d5181b4f
2020-01-12 17:44:02 +00:00
Daimona Eaytoy 10c2fe7151 Stop using deprecated stuff with easy replacements
This patch is mostly replacing Revision::* constants,
Wikimedia\(restore|suppress)Warnings, and wfWikiId.

Change-Id: I13544cc3e12955a9376ccce3c120e2cee1f2ee2e
2020-01-08 14:59:30 +01:00
jenkins-bot f0e4c22b53 Merge "Simplify a query in AFComputedVariable" 2020-01-07 19:30:20 +00:00
Daimona Eaytoy c54e2fc180 Simplify throttling code
Change-Id: I54ebdf0bc61d5628d1755b75232a934358b112ff
2020-01-07 17:52:16 +01:00
jenkins-bot eef2760d7b Merge "Use explicit variarg for VariableHolder functions" 2019-12-27 10:24:31 +00:00
jenkins-bot 8fea62529b Merge "Fix AbuseFilterCachingParser violating return type constraint" 2019-12-27 10:04:57 +00:00
jenkins-bot a46c0e7359 Merge "Restore the ability to filter content model changes" 2019-12-27 10:02:50 +00:00
jenkins-bot 5c9fe8bd9b Merge "Always evaluate the offset when retrieving array elements" 2019-12-27 09:58:50 +00:00
Daimona Eaytoy 8ad4ecd31d Always evaluate the offset when retrieving array elements
Even if the array is DUNDEFINED, we need to check the offset to ensure
that it's valid.

Bug: T237351
Change-Id: Ibfa360c4ae1d80abe14d9fdf66991b76cb5954df
2019-12-23 16:04:45 +00:00
jenkins-bot d43756a7f4 Merge "i18n: Rename msg key for abusefilter-view-oldwarning" 2019-12-23 12:16:57 +00:00
jenkins-bot db3b4703c5 Merge "Don't use mFilter in ViewTestBatch" 2019-12-23 12:11:52 +00:00
Daimona Eaytoy b3e0529d55 Log deprecated vars in the cached phase in the new parser
For the new parser, xhgui shows that AbuseFilterParser::getVarValue is
taking up a lot of time; in turn, most of the time spent inside
getVarValue is used to log the use of deprecated variables. Hence, given
that:
 - We should keep the new parser performant
 - There are tons of deprecated variables out there and they likely
 won't be replaced
 - Having gazillions of debugLog entries doesn't help

log them only in the cached phase.

Bug: T234427
Change-Id: I2bfc692c829c3cbe889e5076f5205e2c99097087
2019-12-16 13:54:58 +01:00
Daimona Eaytoy a7dd20b040 Don't use mFilter in ViewTestBatch
In other View* classes, AbuseFilterView::mFilter contains the ID of a
filter, e.g. the filter being edited in ViewEdit. In ViewTestBatch,
however, it is a string containing some filter text. Hence, use a new
private property instead (without the legacy "m" prefix).

Change-Id: Ib22ce238aff4ca5ed57ba725ee9bff7f8c3d153b
2019-12-16 12:17:49 +01:00
Daimona Eaytoy b814c0827a i18n: Rename msg key for abusefilter-view-oldwarning
Thinking about it again, all messages on ViewEdit start with
abusefilter-edit. Also add a reference to the other message to
facilitate translations.

Follow-up: I3717d06d4a757684fe6622961391ae06b5bd3c38
Bug: T235590
Change-Id: I4cbaa2e92d22296f55a4b5ef0c633fe959fe9ea3
2019-12-16 10:56:30 +00:00
DannyS712 12efe4a0ad ApiAbuseLogPrivateDetails: private-details should be privatedetails
Bug: T240812
Change-Id: I263e3a57a48ab6a58e4c7f2181a914d9800a2fc5
2019-12-16 03:25:15 +00:00
Daimona Eaytoy f382304aae Add a base class for parser transition
Change-Id: I31282b8632c332b6d46a6bb4a42f57ac0d005b5f
2019-12-15 13:29:56 +00:00
Daimona Eaytoy c432f058fd Restore the ability to filter content model changes
Follows-up I3fb7b36ab38ca1544889a4c233b8ffdfc6c80936

Bug: T240485
Change-Id: I2e8337e6f505932a18a5bb5a0d97b9d6bc3f42c8
2019-12-11 19:42:45 +01:00
Daimona Eaytoy 20c6810039 Use explicit variarg for VariableHolder functions
This is easier to read and to document, and it also allows typehints.

Change-Id: Ibd6642aa26e25a785faadf5139e64ea884ff4de2
2019-12-10 19:28:07 +00:00
Daimona Eaytoy 6be070e5a2 Strengthen the check for null edits
Even if the Content objects are different, the normalized text contents
may be identical.
Also, stop misattributing null edits by adding the last revision of the
page as afl_rev_id.

Bug: T240115
Change-Id: I3fb7b36ab38ca1544889a4c233b8ffdfc6c80936
2019-12-10 17:03:49 +01:00
Daimona Eaytoy d5ab147dcf Fix AbuseFilterCachingParser violating return type constraint
This is identical to I8a3c31e7385283d95b4712d457784016239a0b3b, except
for the array append case.

Bug: T236870
Change-Id: Iac033ba467232f6ff110d575920e968759ce0e15
2019-12-04 18:27:46 +00:00
jenkins-bot 357dcdce5c Merge "SECURITY: Unbreak blocks shorter than one hour" 2019-12-04 18:17:58 +00:00
Daimona Eaytoy 759cb38bf5 SECURITY: Unbreak blocks shorter than one hour
Bug: T238768
Change-Id: I8820a6e2953255f409ff8ddc2b41dcef2f338e37
2019-12-04 18:46:40 +01:00
jenkins-bot 6959bc3a89 Merge "Really throw for too many params" 2019-12-03 19:18:32 +00:00
jenkins-bot 156b9b7f26 Merge "Forbid assignments where the LHS is a built-in identifier" 2019-12-03 19:18:05 +00:00
DannyS712 e42a40bc06 ApiQueryAbuseFilters: Return abfstartid as an integer
Bug: T239528
Change-Id: Iee4d885c9b7fe1ee255ba9c0ac9e7e8f99938ef8
2019-12-01 14:21:31 +00:00
Daimona Eaytoy 07572da2fe Really throw for too many params
Bug: T230803
Change-Id: I4e68bb7220f1151bb32b2be859f6cffc55888a30
2019-11-30 10:57:16 +00:00
Daimona Eaytoy 2ddd79fd98 Forbid assignments where the LHS is a built-in identifier
And not just a built-in variable.

Bug: T237130
Bug: T237216
Change-Id: Ie1d86dc324993efcb863be23697732e6aa1dac10
2019-11-28 14:40:38 +00:00
Daimona Eaytoy b44c9da561 Use af_deleted as secondary sorting for af_enabled
Otherwise deleted and disabled filters would be mixed. Needs dependency
in core, otherwise we'd use af_deleted as secondary sort for every other
sortable field.

Bug: T191694
Depends-On: I0e695f96f18c7a9229753b1225dd473feb936a31
Change-Id: I979849e66bdcc158b7a3d0793ee3196e20db37b6
2019-11-22 16:23:46 +00:00
jenkins-bot a8c50150d6 Merge "Convert static arrays to constants" 2019-11-22 13:39:39 +00:00
jenkins-bot 2d2e524dca Merge "Tokenizer: don't strip backslashes from \x" 2019-11-22 13:36:49 +00:00
jenkins-bot 9a7027fe64 Merge "SECURITY: Require view-private or modify for the evalexpression API" 2019-11-21 15:54:46 +00:00
Daimona Eaytoy cee8e14cf1 SECURITY: Require view-private or modify for the evalexpression API
This is consistent with the "anti-DoS" measures on other API modules.
Although this may not be a serious DoS vector, it makes sense to
restrict this module. Moreover, it's also consistent with
Special:AbuseFilter/tools (which is the corresponding web interface),
which requires the same user rights.

Bug: T238451
Change-Id: Id09fd57195d71884674ac0470f137ca30c56e13c
2019-11-21 16:33:04 +01:00
Daimona Eaytoy b3e58067ac Set the utf-8 flag for var dumps in the text table
This is not retroactive; that will be handled as part of T213006.

Bug: T34478
Change-Id: I2c532da71719a9ace1279bbf67d6e6e30e9a986c
2019-11-16 16:00:45 +00:00
Daimona Eaytoy c03f0a3b08 Convert static arrays to constants
Beloved PHP7!

Change-Id: Id5170662f7c5ceacfc0ac8d90787f2c92fd93464
2019-11-16 16:32:36 +01:00
Daimona Eaytoy c73381b6db Tokenizer: don't strip backslashes from \x
Bug: T238475
Change-Id: I8c2ea6ad369946df93440eece60d456dc1a3fd7a
2019-11-16 16:21:39 +01:00
Martin Urbanec 5fd861365f SECURITY: Make sure provided filter id match provided history ID in history view
AbuseFilterViewEdit does privilege checks based on filter ID,
and displays what is hidden under given history ID, but doesn't
make sure those two IDs actually belong to one filter.

That means user can easily change filter ID to a public
filter and view old versions of nowadays private filters.

Bug: T237887
Change-Id: Ic12790bd33982473f77551bde9599ed083a3e1f1
2019-11-14 15:53:14 -06:00
jenkins-bot 80f4742416 Merge "When viewing old filter revisions, show abusefilter-view-oldwarning to users who cannot edit the filter" 2019-11-12 18:59:28 +00:00
Daimona Eaytoy 98bcad25c3 Also parse numbers with the new syntax and hard-deprecate the old one
This will allow people to switch their filters to the new syntax. The
deprecation warning is now more exhaustive, and the info() warning is
kept to ensure that everything proceeds smoothly.
The regex v2 has also been fixed to:
 - Consume all the digits/letters on the right (*)
 - Have named groups
 - Be created dynamically with other constants

(*) The previous version of v2 could complete the match and leave
digits/letters on the right when encountering numbers with the old
syntax, hence dropping support too early. We also cannot use a word
boundary (\b) because that would prevent matching numbers with trailing
dots (e.g. "5.").

Bug: T212730
Change-Id: Ibf6ac571f6b5c09149d69a19c38240ce6b024dff
2019-11-12 11:52:38 +00:00
Daimona Eaytoy a77a59b962 Hard-deprecate empty operands
This bumps the level to WARN, and makes it very clear that people should
fix the affected filters. It also removes the calling method, which was
mostly meant for debugging purposes, and changes the type to 'op_type'
to avoid conflicting with type:mediawiki in logstash.

Bug: T156096
Change-Id: Ie73f1604e8ed82bc2e1be9fc90fa065be37889a3
2019-11-12 11:39:25 +00:00
DannyS712 338341d097 When viewing old filter revisions, show abusefilter-view-oldwarning to users who cannot edit the filter
Currently, `abusefilter-edit-oldwarning` is shown to all users, but not all users are able to edit the filters, and thus the warning about editing isn't applicable to them.

Bug: T235590
Change-Id: I3717d06d4a757684fe6622961391ae06b5bd3c38
2019-11-12 11:36:44 +00:00
Daimona Eaytoy f7ac35d5c6 Hard-deprecate too many params
Bug: T230803
Change-Id: Icec8bcb8ab23956654857acc8b3d235889f587a9
2019-11-10 12:59:33 +00:00
jenkins-bot 91bc961712 Merge "Check for 0-like floats passed to the modulo operator" 2019-11-10 11:51:28 +00:00
Daimona Eaytoy c0f8374624 Check for 0-like floats passed to the modulo operator
That throws an error in PHP.

Bug: T237459
Change-Id: Ia0b29d6a8b9f4aac6b5b72ce8f2f45afb03f4c99
2019-11-10 11:22:04 +00:00
jenkins-bot 7ff4b95aec Merge "Expand the list of types that can be cast to int" 2019-11-10 11:00:36 +00:00
jenkins-bot 398500121a Merge "Fix conditionals examples in i18n messages" 2019-11-10 10:41:39 +00:00
Daimona Eaytoy 585d6cdb24 Make to sure to report division by zero when the LHS is undefined
Bug: T234339
Change-Id: I1575ec013c1e7e321a8f13f40804ebc5ab076268
2019-11-08 14:08:52 +00:00
Daimona Eaytoy 1abaff1aac Better handling of keywords and functions
Always run the keyword/function handler, even if there are DUNDEFINED
arguments, so that the handler can perform further validation on the
input and report any error to the user. However, replace DUNDEFINED with
DNULL before running the handler, to avoid special-casing DUNDEFINED in
every handler. If any argument was a DUNDEFINED, we will return
DUNDEFINED anyway.

Also centralize the keyword handling logic to a new method, like it
happens for functions.

Bug: T234339
Change-Id: I875cb77418a39790e91fe5867c49917bfe406ed4
2019-11-08 15:07:20 +01:00
Daimona Eaytoy e98799a00a Centralize the code for calling keywords
This allows sharing the code between cachingparser and the old parser
(for DRY-ness), and even when the old parser will be killed, having the
logic outside of the generic parse method seems saner.

This copies what I446a307e5395ea8cc8ec5ca5d5390b074bea2f24 did for
functions.

Change-Id: Ie6290243a6c78661510a9b4cb713d6e7b2778248
2019-11-08 15:02:17 +01:00
Daimona Eaytoy b7c7ae168d Explicitly forbid negative indexes in arrays
This emits its own error because:
1- It's clearer to understand
2- It's easier to find where we're dealing with negative offsets, if
we'll ever want to allow that.

Note that trying to use a negative index already results in a hard PHP
error being thrown.

Bug: T237219
Change-Id: Ib11eaaca5e21f740269141c75e62bac48093e8d0
2019-11-08 05:55:56 +00:00
Daimona Eaytoy a7b28369ea Expand the list of types that can be cast to int
Bug: T237624
Change-Id: I2220cb8a8ec998a433a4469d7e0591ec0b4f2b12
2019-11-07 15:14:17 +01:00
Daimona Eaytoy cb15400f97 Fix conditionals examples in i18n messages
Bug: T237131
Change-Id: I68ca3906c64f3da43c7a4985c16f1ab031caebb5
2019-11-02 11:32:05 +01:00
jenkins-bot 5562aade87 Merge "Use PHP regexps instead of SQL to filter on Special:AbuseFilter" 2019-11-01 00:52:28 +00:00
Daimona Eaytoy 7bc70d116e Use PHP regexps instead of SQL to filter on Special:AbuseFilter
As the code comment says, and as it was suggested in
Iafe54285384bc28b3e8812b495166f2682d4571c, we were validating the
provided regexp as PCRE, but using it in SQL, which only supports POSIX.
Furthermore, we won't have to worry about cross-DBMS compat anymore.

Bug: T193068
Change-Id: If6d8717795b6c1dcf619a23363eb6144902cfaed
2019-11-01 11:26:17 +11:00
Petr Pchelko 915b9a1538 Remove usages of deprecated User methods
Bug: T220191
Change-Id: I54e20870a32ff98b41a98495694ff563c4c4c5ca
2019-10-30 12:51:01 +00:00
Daimona Eaytoy 03b3a555ba SECURITY: Check visibility for each version in ViewDiff
Instead of checking if the filter is currently hidden, check the
visibility for each version and, if the user cannot see private filters,
only show the diff if none of the revision is hidden.
Also avoid showing a "diff" link if the user cannot see it.

Bug: T104807
Change-Id: Ie23e8234ae550273bf3f6f9c5ac45b7fc54eec2a
2019-10-28 15:32:00 -05:00
Daimona Eaytoy 3a9eac9ad5 Unbreak filter edit form
In Ib7427e15f673a575738489476e604c387f449ddd, I thought that $parameters could've only been null if $action wasn't
enabled, but actually, they're null even if the action is just not set.
Which is true for all actions when creating a new filter, and all
non-set actions when editing an existing one.

Hence, revert the part that touched ViewEdit.

Also add a selenium test to ensure that warn parameters are visible.

Bug: T236286
Change-Id: I8150baa077208eb1fc54ebc1d8415a243d0f3bd3
2019-10-23 18:50:44 +02:00
Thalia 63eb7eafb7 Use AbstractBlock setters and getters instead of deprecated properties
Change-Id: I01728f919254a9435f051af3fc390eb80ca8d17e
2019-10-20 00:35:00 +01:00
Daimona Eaytoy b9e4475985 build: Upgrade mediawiki-phan-config to 0.8.0
This is to verify that our CI is able to handle the new version.

Bug: T235049
Change-Id: Ib7427e15f673a575738489476e604c387f449ddd
2019-10-09 19:12:51 +02:00
jenkins-bot feae26116a Merge "Remove disabled variables deprecation" 2019-10-04 20:07:10 +00:00
jenkins-bot c6ee722273 Merge "Remove AFPData::dup" 2019-10-04 19:42:52 +00:00
jenkins-bot 9ab13cf24b Merge "Replace array_map with foreach" 2019-10-04 19:42:49 +00:00
Daimona Eaytoy c7fa503e9b Remove AFPData::dup
The method, which simply duplicates an AFPData instance, is only used
when casting types, to return a different instance when the object
already has the desired type.
However, nothing is assuming that, so we can just return the original
instance and save some time.

Bug: T234427
Change-Id: Id8067b418a00260ceead35f234e55268390699ab
2019-10-04 19:15:08 +00:00
Daimona Eaytoy 328dbc99c7 Remove disabled variables deprecation
I just realized that the parser is already throwing if it finds a
disabled variable. Hence, all calls to getVar with a disabled var are
from old entries and the like, and we don't care.

Bug: T234048
Change-Id: I39429d286575df91108a4119177a0d3aef181d0b
2019-10-04 15:03:08 +02:00
Daimona Eaytoy 703835e835 Drop HHVM support
Change-Id: Ib7ccb4f68278ba8ca009e9d18e9d8b127f799cde
2019-10-03 12:27:18 +00:00
Daimona Eaytoy 337771f83b Replace array_map with foreach
This is a micro-optimization, but IMHO it's necessary. The AF parser
code is executed for every active filter, for every
edit/move/deletion/accountcreation. In PHP, foreach is usually faster
than array_map. Especially in the case of variadic functions potentially
taking hundreds of strings, foreach will consume less time.

Bug: T234427
Change-Id: I1beedf419a6637a9a3dd668635645df950ceda21
2019-10-02 11:29:19 +00:00
Daimona Eaytoy 142ad5faf8 Actually record all filters in total_filters
Change-Id: If6d15423e0a96c31666690e4fe8c7aeb439f82e8
2019-09-29 11:02:29 +02:00
Krinkle a532874ee2 Update StringUtils::isValidRegex() call to isValidPCRERegex()
This follows-up 8587576655 (AF) and efbfa0a727 (core). The
method was recently introduced within the 1.34 cycle but
renamed following late CR feedback.

Change-Id: I9986deb080791c6266c6c60cc91022266ad9b5e5
2019-09-28 19:12:11 +00:00
jenkins-bot 952dfa0bb4 Merge "Hard-deprecate requesting disabled variables" 2019-09-28 18:25:24 +00:00
Daimona Eaytoy 0ae24d5489 Hard-deprecate requesting disabled variables
This also includes the filter ID. If the filter ID is not available, it
means that the user is using stuff like /tools, and they'll immediately
see the error.

Bug: T234048
Change-Id: I44a37d98c80df910b0c466fbd464e69042770c0c
2019-09-28 17:57:02 +00:00
Daimona Eaytoy 2385b3a537 Simplify a query in AFComputedVariable
Change-Id: I18596fc500bc2dcc7fdfa60bc21e85a6bd875589
2019-09-27 18:55:10 +02:00
jenkins-bot 0e30c1c34e Merge "Add new schemas for splitting afl_filter" 2019-09-27 15:41:06 +00:00
Daimona Eaytoy 0119108ee7 Fix params to ParserOutputStashForEdit
$summary and $user are always guaranteed to be passed, and $user is
guaranteed to be a User object. Hence, update the hook handler to
reflect that.

Change-Id: I3a7fcb074b460b77210de5a6bad43f500aff3249
2019-09-23 23:33:51 +02:00
Daimona Eaytoy 9a6dd1307c Add new schemas for splitting afl_filter
It'd be great if we could get this included in 1.34.

Bug: T220791
Change-Id: I62d429d0eb6a7adc51cc37fe18f878077f85a006
2019-09-22 16:04:45 +00:00
Daimona Eaytoy e2570a4c2b Actually provide a StatsdDataFactory to the parser
Follows-up Ib934be34a953166fe1b94cfe8ed216afe3b906ca

Bug: T156095
Change-Id: Ia8df84cf7c43071f304ce729b811dfd5aa96b951
2019-09-19 19:06:14 +02:00
Daimona Eaytoy e7926114ff SECURITY: Avoid info leak in SpecialAbuseLog
Deleted/suppressed usernames and summaries leak through AbuseLog.
Temporarily hide all non-public revision from AbuseLog, until we can
properly fix the issue.

Bug: T224203
Change-Id: If3d3256404d0f3dbde171831937d1a816b3e2734
2019-09-19 17:46:12 +02:00
jenkins-bot 9c786ca776 Merge "Use StringUtils::isValidRegex" 2019-09-19 08:03:39 +00:00
Daimona Eaytoy 4c8be4d374 Add profiling points throughout the code for the CachingParser switch
Bug: T156095
Change-Id: Ib934be34a953166fe1b94cfe8ed216afe3b906ca
2019-09-18 10:02:55 +00:00
DannyS712 6699237b86 Show link to test filter to all users who can use it
Bug: T232962
Change-Id: I67357975a7064991e47c60b70c487d12bdf6b7b4
2019-09-15 22:03:56 +00:00
jenkins-bot 8f4711c8ca Merge "Prevent blocked users from using /revert" 2019-09-15 12:07:43 +00:00
jenkins-bot 7add89b252 Merge "Don't show the form for restoring autopromotion to unprivileged users" 2019-09-15 11:26:19 +00:00
Daimona Eaytoy 127fd4ac3c Prevent blocked users from using /revert
Bug: T232916
Change-Id: I67e464f3182e74129186f7e803d05105a0f2ec23
2019-09-15 11:21:18 +00:00
jenkins-bot 48713c824b Merge "Throw AFPUserVisibleExceptions for empty operands in CachingParser" 2019-09-15 08:36:39 +00:00
Daimona Eaytoy a4e25c1ac9 Throw AFPUserVisibleExceptions for empty operands in CachingParser
Instead of TypeErrors. Basically, only empty parenthesis had to be
fixed.

Bug: T156096
Change-Id: I019615c7bfaa179c2184b5d3ea2c6b5da91366e3
2019-09-14 18:35:40 +00:00
Daimona Eaytoy 5267082c85 Better logging for unset variables
We have many log entries, so we need some more debug data.

Bug: T230256
Change-Id: I0e9638c1ffe537ea6cfd6886ff32ef447fdacc28
2019-09-14 16:49:55 +00:00
Daimona Eaytoy fe395bd96b Use dieBlocked instead of directly using apierror-blocked
This allows us to:
 - Defer handling of the block to the main module
 - Choose the right message depending on the block type
 - Avoid directly using the apierror-blocked message, which could change
 in the future.

Change-Id: If2e32bd2ccf5e314aa51203afd1522b8481377e0
Follows-up: I35f2c6e701a24dccb6e26e3f3c578fd44f68127d
2019-09-14 10:18:01 +02:00
jenkins-bot f8ee9fb959 Merge "Prohibit sitewide blocked users from restoring autopromotion" 2019-09-14 02:59:41 +00:00
jenkins-bot 45d7bd5971 Merge "CachingParser: ensure to catch errors inside short-circuited blocks" 2019-09-14 01:56:35 +00:00
jenkins-bot b8ad85cac7 Merge "Annotate the AST with var names before caching the AST" 2019-09-14 01:03:53 +00:00
Daimona Eaytoy 6e9a9a3bc2 CachingParser: ensure to catch errors inside short-circuited blocks
This is similar to the old parser: when discarding a node, actually
evaluate it if short-circuit is not allowed.
Add a whole lot of tests for all possible exceptions.
Move the logic to extract a message from an AFPUserVisibleException away
from the parser, to keep unit tests working.

Bug: T232498
Change-Id: I31ee4e255c6a87dd693b9bcd582539fdf57acd45
2019-09-13 21:13:15 +00:00
Daimona Eaytoy 004ccfdb5c Annotate the AST with var names before caching the AST
This implements T230982#5475400, and it should speed up the CachingParser by roughly 40%.

Bug: T230982
Change-Id: I803cc58637d50eb90e57decf243f5ca78075d63d
2019-09-13 19:43:50 +00:00
DannyS712 467fba75a0 Prohibit sitewide blocked users from restoring autopromotion
Bug: T232884
Change-Id: I35f2c6e701a24dccb6e26e3f3c578fd44f68127d
2019-09-13 18:32:55 +00:00
Daimona Eaytoy ed2bc7badf Don't show the form for restoring autopromotion to unprivileged users
Bug: T232881
Change-Id: I80c34c823f505c81e20f83ccf5c5a99e8e69b626
2019-09-13 20:31:17 +02:00
jenkins-bot cfad7d6f14 Merge "Actually return errors for action=edit API" 2019-09-10 19:59:03 +00:00
Bartosz Dziewoński 82b6f191d4 Actually return errors for action=edit API
Setting 'apiHookResult' results in a "successful" response; if we want
to report an error, we need to use ApiMessage. We already were doing
this for action=upload. Now our action=edit API responses will be
consistent with MediaWiki and other extensions, and will be able to
take advantage of errorformat=html.

Since this breaks compatibility anyway, also remove some redundant
backwards-compatibility values from the output.

To avoid user interface regressions in VisualEditor, the changes
I3b9c4fef (in VE) and I106dbd3c (in MediaWiki) should be merged first.

Before:
    {
        "edit": {
            "code": "abusefilter-disallowed",
            "message": {
                "key": "abusefilter-disallowed",
                "params": [ ... ]
            },
            "abusefilter": { ... },
            "info": "Hit AbuseFilter: Test filter disallow",
            "warning": "This action has been automatically identified ...",
            "result": "Failure"
        }
    }

After:
    {
        "errors": [
            {
                "code": "abusefilter-disallowed",
                "data": {
                    "abusefilter": { ... },
                },
                "module": "edit",
                "*": "This action has been automatically identified ..."
            }
        ],
        "*": "See http://localhost:3080/w/api.php for API usage. ..."
    }

For comparison, a 'readonly' error:
    {
        "errors": [
            {
                "code": "readonly",
                "data": {
                    "readonlyreason": "foo bar"
                },
                "module": "main",
                "*": "The wiki is currently in read-only mode."
            }
        ],
        "*": "See http://localhost:3080/w/api.php for API usage. ..."
    }

Bug: T229539
Depends-On: I106dbd3cbdbf7082b1d1f1c1106ece6b19c22a86
Depends-On: I3b9c4fefc0869ef7999c21cef754434febd852ec
Change-Id: I5424de387cbbcc9c85026b8cfeaf01635eee34a0
2019-09-09 20:15:19 +02:00
Daimona Eaytoy 173bd089b3 Remove script for blockautopromote entries
It was executed on WMF wikis, and since they were the only affected
wikis we can remove the script.
Also remove a temporary back-compat check in the log formatter.

Bug: T231131
Change-Id: I534acd9c86894eb1bdd96331e9fa85afc7502f88
2019-09-09 13:56:56 +02:00
Daimona Eaytoy 7917354716 Remove redundant logic from special pages
SpecialPage::setHeaders already handles page title, robot policy and
articleRelated. Moreover, avoid having different messages for the H1
title on the special page and the description shown elsewhere, just like
the base SpecialPage class suggests doing. The deleted messages have
been moved to the default message used by SpecialPage::getDescription.

Change-Id: Iab6beaf64b142e30469afd798c569ef40182153e
2019-09-08 12:30:01 +02:00
Daimona Eaytoy 8587576655 Use StringUtils::isValidRegex
Depends-On: I257a096319f1ec13441e9f745dcd22545fdd5cc6
Change-Id: Iafe54285384bc28b3e8812b495166f2682d4571c
2019-09-07 18:13:27 +00:00
Daimona Eaytoy 7b06be0204 Allow dangling commas in variargs
This is because there are many filters using this feature. Moreover, it
could make it a little easier to add new arguments, just like dangling
commas in PHP arrays do.
Also re-align the CachingParser code of doLevelFunctions to the one in
the old Parser.

Bug: T153251
Change-Id: Ie4325159f47310788da57415a5e36e62aa4efad0
2019-09-07 11:19:14 +02:00
jenkins-bot 5be19f6f65 Merge "Add a 'strict' option to VariableHolder::getVar" 2019-09-05 19:23:23 +00:00
Daimona Eaytoy 489da0d229 Add a 'strict' option to VariableHolder::getVar
This will help mitigating problems like T230256 by enforcing that the
requested variables must exist. For now, it will only log bad usages,
thus providing a way to identify affected filters and fix them.

Bug: T230256
Change-Id: I7a61916576e444a56f0e07da7b6e5033346226bd
2019-09-04 18:19:23 +00:00
Daimona Eaytoy 13b1e880f2 Hotfix other DUNDEFINED casts to bool
These were spotted on testwiki with wmf.21.

Change-Id: Ic4d67a2b83aedfeb574fa1363a9fc618b2862f95
2019-09-04 18:06:22 +00:00
jenkins-bot f2ae634831 Merge "Fix filter validation in ViewEdit" 2019-09-04 13:34:33 +00:00
Daimona Eaytoy 15e9f34115 Fix filter validation in ViewEdit
Currently it's impossible to create new filters!

Bug: T231985
Change-Id: I92a7739fe9defae6b3d74381792340c7125d9086
2019-09-04 14:04:45 +02:00
Daimona Eaytoy ce8539e2a5 Move parser tests back to /unit
Using `new LanguageEn()` involved a global, so use a MockObject instead.
Also fix LoggerFactory usage in Tokenizer to use DI instead.

Change-Id: I94d03f9459ab6444e239386eb96a0c2434bfe3dc
2019-09-03 13:23:11 +00:00
jenkins-bot 3d319edba9 Merge "Upgrade phan-config to 0.7.1" 2019-09-02 12:46:29 +00:00
jenkins-bot 6441e71ebe Merge "Also catch Error in the hacky workaround for bad rows" 2019-09-02 12:46:27 +00:00
jenkins-bot 2ed5be29e1 Merge "Use permissions accessors" 2019-09-02 10:55:46 +00:00
Daimona Eaytoy 393e47c5a7 Upgrade phan-config to 0.7.1
Change-Id: I859d81eda8601da91602b27a223b6d6d59ecf563
2019-09-01 09:42:26 +00:00
Daimona Eaytoy 2a956bc81a Also catch Error in the hacky workaround for bad rows
PHP7 throws an Error, not a BadMethodCallException. We don't want to
clog the logs with fatals, now that PHP7 is closer.

Bug: T187153
Change-Id: I5a9e581ee0418ae41dd911de02a64d18e4670cd4
2019-08-31 20:42:41 +02:00
jenkins-bot 25d63aa639 Merge "Add new number syntax as experimental" 2019-08-31 17:12:10 +00:00
jenkins-bot 134c75dd5e Merge "Remove AbuseFilter::saveFilter dependency on AbuseFilterViewEdit" 2019-08-31 17:06:00 +00:00
jenkins-bot fc3349df1f Merge "Fix param validation in ViewEdit" 2019-08-30 13:37:21 +00:00
Daimona Eaytoy 933b791ef3 Fix param validation in ViewEdit
We didn't check if the provided ID was valid. While editing an existing
filter (or creating a new one), we check the ID in SpecialAbuseFilter,
so it's guaranteed to get an integer in ViewEdit, and the case of a
non-existing filter is handled later, in buildFilterEditor.
But for links like Special:AbuseFilter/history/foobarbaz/item/1 (where
"foobarbaz" should be the filter ID), no validation was performed. This
caused a useless query to be carried out on the abuse_filter_history table (which would likely return false), then accessing properties of a non-object ('$row->afh_id'), and we ended up showing filter 1. This was spotted because we actually got notices in production.

Bug: T231632
Change-Id: I6436c7d2df8c1f0fc971f4a4079dac9118aa8209
2019-08-30 08:59:49 +00:00
Daimona Eaytoy fdb71b5868 Make AbuseFilterVariableHolder::$mVars public again
+fixme comment per T231542#5451567.

Bug: T231542
Change-Id: If8b7b0568568df93548f12ccdc85fa174ec3558e
2019-08-29 18:51:43 +02:00
Daimona Eaytoy eb91595d8a Use row->afl_action instead of $vars
There's not need to use the variableholder in this hacky (albeit common)
whay, since the row already holds the action.
Note, this doesn't guarantee that the next two lines won't fail - I'd
need to see the actual var dump (T231542#5450720) to determine exactly
why this is failing.

Bug: T231542
Change-Id: I2112b046d00e06b575d15ab3d7da57484fd9cbbd
2019-08-29 13:48:31 +02:00
Daimona Eaytoy d51ca862c6 Move parser tests to /unit
IMHO these can be considered unit tests; they were already fast, but now
they're executed in an instant.
This requires several changes: 1 - delay retrieving messages in
AFPUserVisibleException, to avoid having to deal with i18n whenever we
want to test exceptions; 2 - Use some DI for Parser and Tokenizer.
Equivset-dependend tests are also moved to a new class, thus helping to
fix the AF part of T189560.

Change-Id: If4585bf9bb696857005cf40a0d6985c36ac7e7a8
2019-08-28 16:36:37 +00:00
Daimona Eaytoy 540edc5174 Remove AbuseFilter::saveFilter dependency on AbuseFilterViewEdit
This dependency is wrong, and removing it will also allow creating an
edit API.

Bug: T213037
Depends-On: Id8412e2b8a4e873fd4821ecc1a3c95710be9a870
Change-Id: If8e745a3227cea5093ea3fd8f5b201adedaba3ae
2019-08-27 16:26:18 +00:00
Daimona Eaytoy 8e166f10d6 Refactor and speed up non-parser tests
Some of these are transformed into real unit tests, while the
AbuseFilterSaveTest class is refactored to avoid using the DB and to use
a lot more of mocks and DI.

Depends-On: I22743557e162fd23b3b4e52951a649d8c21109c8
Change-Id: Id8412e2b8a4e873fd4821ecc1a3c95710be9a870
2019-08-27 16:24:27 +00:00
Daimona Eaytoy 87713008d5 Use permissions accessors
There are lots of calls to $user->isAllowed which could be simplified
using available accessors like canEdit(). So simplify those calls and
avoid duplication.

Note that using canEdit also fixes a bug which affected blocked users:
we used to show e.g. the import link, and not to display as disabled
several text fields, while blocked users cannot actually edit filters.

Depends-On: I22743557e162fd23b3b4e52951a649d8c21109c8
Change-Id: I62779e940949ef49018a9c6d901bb6e10aa81da8
2019-08-27 13:21:55 +02:00
Daimona Eaytoy c469fb4b76 Mostly remove $wgUser
There are lots of cases where we can inject a User object without
additional efforts. Now $wgUser is only used inside AFComputedVariable,
which is a little bit harder to handle because some instances of that
class are serialized in the DB, and thus we cannot easily change the
constructor until T213006 is resolved.

This partly copies what Ia474f02dfeee8c7d067ee7e555c08cbfef08f6a6 tried
to do, but adopting a different approach for various can*() methods:
they're now static methods in the AbuseFilter class, so future callers
don't need to instantiate an AbuseFilterView class. This also allows to
re-use those methods in an API module for editing filters (T213037).

Bug: T213037
Bug: T159299
Change-Id: I22743557e162fd23b3b4e52951a649d8c21109c8
2019-08-27 13:20:37 +02:00
Daimona Eaytoy 71730f7d44 Warn if a function has been given too many parameters
While this is not as important as throwing for too few parameters, IMHO
it's still important to fail in this case. Mostly because if a function
receives too many parameters, chances are that who wrote the filter
didn't do that intendedly, and thus there may be a hidden bug.
Bonus: fix a few docblocks.

Bug: T230803
Change-Id: Iac2931f17b50ace8c8f4c2faa44b3f54ca134c54
2019-08-26 20:29:49 +02:00
Daimona Eaytoy 4d86758a49 Add new number syntax as experimental
For now it will only report successful parse. Next step is formally
deprecating the old one (escalated to warning), then removing it in
favour of the new one (in another MW version).

Bug: T212730
Change-Id: I5dd11fd67d8e57d1d0c52ddfa026920ebfc5ee13
2019-08-26 08:15:55 +00:00
jenkins-bot 89524790d5 Merge "Add a hook to determine whether the current action should be filtered" 2019-08-25 18:45:07 +00:00
jenkins-bot ff2f6ee26f Merge "Add a new class for the CachingParser's AST" 2019-08-25 18:00:24 +00:00
Daimona Eaytoy d515af0ae6 Add a new class for the CachingParser's AST
This allows a little bit more of abstraction: we can store other data in the
tree, without having to store it in a specific node (e.g. the variables map,
which is still unused). It also adds a few typehints, and specializes
the return value of eval'ing the AST: previously, it was the one of
evalNode, which wasn't guaranteed to be an AFPData. Now we have this
guarantee. Last but not least, we can now measure runtime metrics for
evalTree, which doesn't recurse.
Bonus: fix a check in the old parser, which used the wrong variable when
reporting outofbounds errors.

Change-Id: Iff806793b1d968e9bb6220f1459f3d0ac587c7da
2019-08-25 17:29:16 +00:00
jenkins-bot 6196801178 Merge "Log more empty operands" 2019-08-24 20:53:01 +00:00
Daimona Eaytoy 2d031d0bee Log more empty operands
And fix a couple of minor bugs.

Bug: T156096
Depends-On: I3b85087677607573f4fa68681735dc35348dcd87
Change-Id: Ia4c713a1d45827f6a8bc5566a8d8835c49f8108a
2019-08-24 19:59:53 +00:00
Daimona Eaytoy 7f554734e6 Don't hardcode blockautopromote duration
As explained on phab, and add a script to fix broken entries.

Bug: T231131
Change-Id: I95d70acb936b5ca987af8f237d236fe47b663919
2019-08-24 11:40:11 +02:00
Huji Lee 1ddb65021b Add links to AbuseFilter logs on Special:Undelete
Depends-On: I671a0479e877e6c37606b688064cb9c893717709
Bug: T231055
Change-Id: Iebf832c513c6a4e954db0ba2633dd8ba6f27b412
2019-08-23 14:56:43 +00:00
Daimona Eaytoy bf61414f88 Don't show empty "Tools:" section in ViewEdit
After having removed the export link in
I72f46247f4323fb5bfe7fa74f332076dbd346187, we don't have any tool to
show for new filters. So avoid outputting an empty section.

Change-Id: Ia07bccdbadb7b874397135bc3f7468d6e0b9eb13
2019-08-21 17:32:43 +02:00
jenkins-bot 47838715fa Merge "Allow if without else" 2019-08-20 20:12:19 +00:00
jenkins-bot 5e605aaa62 Merge "Even better handling of DUNDEFINED" 2019-08-20 20:00:52 +00:00
jenkins-bot bf8ccccade Merge "Fix a bug in the return value of the CachingParser" 2019-08-20 19:58:38 +00:00
Daimona Eaytoy af7744781f Allow if without else
Bug: T230727
Depends-On: I8e7f7710b8cb37ada8531b631456a3ce7b27ee45
Change-Id: I3b85087677607573f4fa68681735dc35348dcd87
2019-08-20 19:36:14 +00:00
Daimona Eaytoy 963221ad6d Even better handling of DUNDEFINED
Ensure that the variable isn't set before marking it as DUNDEFINED:
that's only for when we cannot use a default, but if the variable is set
we already have one. Most notably, this fixes conditionals handling: right
now, if you have a conditional with an assignment in both
branches, the variable will be undefined. That's obviously wrong, so
it's fixed in this patch.
Plus: catch only AFPExceptions in a test to avoid unintentionally
catching the assert exception; simplify some assignments using wfSetVar.

Depends-On: I446a307e5395ea8cc8ec5ca5d5390b074bea2f24
Change-Id: I8e7f7710b8cb37ada8531b631456a3ce7b27ee45
2019-08-20 19:17:30 +00:00
Daimona Eaytoy fa76405ea7 Fix a bug in the return value of the CachingParser
This has always been wrong, and remained unnoticed. Also added a
typehint for added safety.

Change-Id: I8a3c31e7385283d95b4712d457784016239a0b3b
2019-08-20 20:54:19 +02:00
jenkins-bot a8e2071351 Merge "Better handling of function params in CachingParser" 2019-08-20 18:46:01 +00:00
jenkins-bot 8527a10774 Merge "Restyle edit box dimensions" 2019-08-20 16:33:16 +00:00
Daimona Eaytoy aa867bd370 Better handling of function params in CachingParser
This patch includes various fixes to how func arguments are handled in
CachingParser:
- Add a comment about a future improvement of checkSyntax, which we
  could limit to try building the AST.
- Having enough args for each function is now also checked when
  building the AST. This allows implementing the previous point without
  stopping to report notenoughargs at syntaxcheck-time (otherwise it'd be
  a runtime error). And it also ensure that we check for the params count
  inside skipped branches, e.g. inside if/else: these were already only
  discovered at runtime in CachingParser. The old parser is not affected
  by this change, because when checking syntax it will always execute
  all branches, and at runtime it will skip braces altogether.
- Fix arg count for CachingParser, which previously added a bogus param
  in case of a function called without parameters. This was fixed for
  the other parser in I484fe2994292970276150d2e417801453339e540, and I
  just ported the updated fix. Also note that the CachingParser was
  already failing for e.g. `count()`, but instead of complaining about
  missing arguments, it failed hard when trying to pass NULL to
  evalNode.
- Fixed some tests not to use setExpectedException, which caused the
  previous point to remain unnoticed: calling that method prevents the
  loop from continuing, and thus only the AbuseFilterParser part was
  being executed. The new implementation checks the exception ID and is
  thus more future-proof if the i18n message changes.
- Fixed some function names in error reporting for the old parser.
- The arg count is now checked outside of the function handlers, thus
  it's no more necessary to call checkEnoughArguments at the beginning
  of each handler. This also produces clearer error messages in case of
  aliases (e.g. set/set_var).
- Check the args count even if some of the args are DUNDEFINED. This is
  much easier now that the check is outside of the handler. This will
  make syntax check fail for e.g. `contains_any(added_lines)`.

Bug: T156095
Change-Id: I446a307e5395ea8cc8ec5ca5d5390b074bea2f24
2019-08-20 15:32:02 +00:00
jenkins-bot 7addec7b4a Merge "Make some other AFPData methods non-static" 2019-08-20 14:16:16 +00:00
jenkins-bot 1f45336157 Merge "Move keywords handlers to the Parser" 2019-08-20 14:16:10 +00:00
jenkins-bot f18d0814e2 Merge "Make several AFPData functions non-static" 2019-08-20 14:06:02 +00:00
jenkins-bot f1ab591d27 Merge "Avoid implicit casts from DUNDEFINED to something else" 2019-08-20 13:04:48 +00:00
jenkins-bot ea01809f5e Merge "Add the filter ID to empty operand logging" 2019-08-20 13:01:14 +00:00
jenkins-bot d32b03ca10 Merge "Increase cache hits for CachingParser" 2019-08-20 12:50:31 +00:00
jenkins-bot d0b30c2534 Merge "Make parser aware of the filter it is parsing" 2019-08-20 12:50:26 +00:00
jenkins-bot 1bfd182a2e Merge "Fix object to array cast, typehint array params" 2019-08-20 12:49:09 +00:00
jenkins-bot 4bebd22e3f Merge "Add test for multiple conditions inside conditionals" 2019-08-19 14:18:10 +00:00
Daimona Eaytoy e4b1df1521 Fix object to array cast, typehint array params
This was broken in I34c040dbeb3ab01158fb3db22496def6ccaf72d9. I thought
the members of that object were always arrays, but I was wrong.
Plus typehint a few array parameters and make a couple of methods
private since they're only used in this class.

Bug: T230639
Change-Id: I0c51359769c4b3054f95755a96e7e0a2d8e5bf15
2019-08-17 17:04:34 +00:00
Daimona Eaytoy b235e1040a Restyle edit box dimensions
Now it's always wider, and so is the "notes" field. Moreover, the
fallback textarea has the exact same size. Plus removed a parameter
which only made it hard to write a CSS rule for the textarea. Since the
textarea is generated by the same code, and we're always using it for
the same thing (filter syntax, regardless of the final goal), make it
always use the same name.

Bug: T230591
Change-Id: Ibb308e80d954c0e81aa09249c38c39572f157948
2019-08-17 18:53:13 +02:00
jenkins-bot 61bb3ff3e8 Merge "Various changes for blockautopromote" 2019-08-14 23:59:08 +00:00
Daimona Eaytoy 27578d7ba0 Various changes for blockautopromote
Problems fixed:
 - Don't hardcode duration in the message
 - Move duration to a constant
 - Fix wrong parameter order for AbuseFilter::blockAutopromote
 - Log a warning if we cannot block autopromotion
 - Remove the $performer parameter, as it should only and always be the
 filter user.

Bug: T230296
Change-Id: Ice9e4b21033c430cf1fd34182c63ca64ad2f5d3e
2019-08-14 18:50:43 +02:00
Daimona Eaytoy d715f6d2c0 Increase cache hits for CachingParser
If $parser->parse returns a falsey value (=null), that's because the
filter doesn't have any statement. But that's not a valid reason not to
cache the filter. Hence, return whatever parse() is returning inside the
callback, so that the result is always cached.

Change-Id: Ib6b0e72d882dc484456a3be6bbc74da36ef48bf7
2019-08-13 18:03:13 +02:00
Daimona Eaytoy d58b5930f8 Add the filter ID to empty operand logging
To make debugging a lot easier.

Bug: T156096
Bug: T153251
Change-Id: I1f905c6e1a524a745240b05709ef9d1dfc3c23a1
2019-08-13 15:22:55 +00:00
Daimona Eaytoy 1197eb6b41 Make parser aware of the filter it is parsing
This information will mostly be used for debugging purposes.

Change-Id: Ia1bcc2acc22aba97d855382b5b173ac3d5f2c54b
2019-08-13 15:22:38 +00:00
Santhosh Thottingal 1176e3a465
Fix the warning about permission name changes
Change-Id: I16463550328eb19d33270d8677404e012e5c80df
2019-08-13 14:40:17 +05:30
Daimona Eaytoy 7edf12dbc6 Add a hook to determine whether the current action should be filtered
Bug: T229252
Change-Id: I126013b6c516eebe7273fb85f2c5681844e757be
2019-08-13 10:31:29 +02:00
Daimona Eaytoy 430ba818d0 Add test for multiple conditions inside conditionals
The regression itself was fixed in
I980aec3481a52ecc35f1811a366014a5581a7cdb, so this patch only adds a
test for it.
Also remove a comment about CachingParser failures: we don't want to
encourage people to remove it from tests anymore.

Bug: T152281
Change-Id: I3ad49050ea49bf45d3226878e091da3c8dbefdb1
2019-08-12 18:18:05 +02:00
Daimona Eaytoy 4b0911ee01 Make some other AFPData methods non-static
Change-Id: I22ea337a36f911c57d3dadb9a3c45fc2c8b7c628
2019-08-12 14:40:51 +02:00
Daimona Eaytoy 3f171dc0a5 Move keywords handlers to the Parser
Just like we do for functions, it doesn't really make sense to have
keywords separately, in AFPData.

Change-Id: I208a9b1ce2bd12038e9fbcc515c48d604ec80eb8
2019-08-12 14:29:56 +02:00
Daimona Eaytoy 2fdf091eb9 Make several AFPData functions non-static
The keywords-related ones will be handled in a subsequent patch.

Change-Id: Ifcfad438023ef136dc6f2cd5529e867df9b23789
2019-08-12 14:12:16 +02:00
Daimona Eaytoy 1fe3647268 Avoid implicit casts from DUNDEFINED to something else
This patch keeps the current behaviour for everything (since DUNDEFINED
was always casted to boolean false), but handles the cast at a higher
level instead of relying on what AFPData::castTypes will do. This way
it's easier to spot places where we may get DUNDEFINED, and decide how
to handle them one by one.

Change-Id: I1070e15ea03c7dd4a4231b87afbc42240a558581
2019-08-12 11:18:15 +02:00
jenkins-bot 3748c41e79 Merge "Remove outdated comment, add a new one" 2019-08-12 08:26:30 +00:00
jenkins-bot eff4e208ca Merge "Don't show export link for new filters" 2019-08-11 17:02:56 +00:00
Daimona Eaytoy 200905f1cf Remove outdated comment, add a new one
As explained in T230093#5408119.

Bug: T230295
Change-Id: Ic0beaf9d126d14fbb7efbd2d0ec55e10c0fbcc99
2019-08-11 14:35:38 +00:00
Daimona Eaytoy c8b5b9321c Don't show export link for new filters
Bug: T230163
Change-Id: I72f46247f4323fb5bfe7fa74f332076dbd346187
2019-08-11 12:21:36 +02:00
Daimona Eaytoy 69ad23da98 Ban variable variables
As explained on phab, it's not worth the effort of keeping this feature.

Bug: T229947
Change-Id: Ic6067cab8e1ede98545e704888c99e2ed9a004e4
2019-08-11 01:47:35 +00:00
Daimona Eaytoy ff40204ef1 Gracefully handle blockautopromote failures
Instead of returning a successful message, return null and log a
warning. Also, make autopromoteBlockKey public + internal and use it
from Hooks instead of duplicating the logic.
Follow-up: I03feb05218789a3b73a31c9a94216daafcb7c145

Change-Id: I8ce96d1bd0239003f8ee6a45f412b9502d542a18
2019-08-10 15:18:30 +02:00
Daimona Eaytoy c34181e548 Add a new API module to retrieve private details from AbuseLog
Follow-up of Iaca492371f48fecf543268c179a651841ed12c3f. This patch adds
the new module, plus some technical changes to private details-related
methods and globals.

Bug: T210329
Depends-On: I613dbadb8f75c8c4116a362607563a436a73d321
Change-Id: I3c45b74c36c191083df184ed57416067a75f6591
2019-08-09 21:10:28 +00:00
Daimona Eaytoy c7ccb68058 Use "privatedetails" instead of "private" where needed
To keep a clear distinction between "private details" (i.e. user's ip)
and "private filters" (i.e. not publicly viewable). This patch renames
rights, i18n keys and methods names.
The patch for renaming globals and rights in WMF config is
I7e6b3d4453403edb6aa602587374b4ff5b6d625f.

Bug: T211004
Change-Id: I613dbadb8f75c8c4116a362607563a436a73d321
2019-08-09 21:10:22 +00:00
jenkins-bot 8ee442234f Merge "Move "block-autopromote" key from $wgMainStash to 'db-replicated'" 2019-08-07 23:07:45 +00:00
jenkins-bot 1fa5eef94c Merge "Overhaul Blockautopromote action" 2019-08-07 23:03:08 +00:00
Aaron Schulz 9e44f1a9e9 Move "block-autopromote" key from $wgMainStash to 'db-replicated'
Keep the key mutation methods in the AbuseFilter class

Bug: T227376
Change-Id: I03feb05218789a3b73a31c9a94216daafcb7c145
2019-08-07 01:09:13 +00:00
jenkins-bot 097b2da0ed Merge "Add a parent class for special pages" 2019-08-06 18:32:29 +00:00
Daimona Eaytoy 483dab1732 Add a parent class for special pages
This allows us to extract yet another static method from the AbuseFilter
class. This class should be expanded in the future, and an example use
case could be Ia5fd4f0b35fcabf045a7b49fa40fa85b72c92544.

Depends-On: I7c0170167b508132cd16e566c654a6c98dd683e9
Change-Id: I1bb45e47c3b42c01388b99778ce833e4e44419e1
2019-08-06 14:17:38 +00:00
Daimona Eaytoy 2ed6272bb2 Partly handle set and set_var in shortcircuit
This is more complicated than the := operator, because the var name
could be a complicated expression, and we have to handle a function
call. This patch only covers the case where the variable name is a
literal, which is enough for WMF production.

Bug: T214674
Change-Id: I6c0f8e95663919a0235b5ccf0c88ad0a539315a7
2019-08-06 16:14:34 +02:00
Daimona Eaytoy 2bdb44d58b Overhaul Blockautopromote action
As for all mostly unused consequences, blockautopromote has a couple of
major problems: first, it blocked the status for a random time between 3
and 7 days, which to me makes no sense at all (is it some sort of
casino?), and this patch fixes it to 5 days. Second, nothing was logged,
not the blocking nor the unblocking. Here I'm adding a LogHandler for
two new sub-actions of 'rights' to keep track of both action.

Bug: T49412
Change-Id: If48a48f5b8baaf9e77c0826466f5d03bb7f691d0
2019-08-05 22:27:49 -04:00
Daimona Eaytoy afeff7c222 Really avoid DEMPTY leak
Follow-up I7831f3ed9f7c0656e0e8f77ded049c20eca682ba, really avoid the leak. My addition was pointless because we need DUNDEFINED, not DEMPTY, and I spent way too much time trying to understand what was still wrong.
Still have to get used to these new names...

Change-Id: I332967f6fb00b67fd355547b19638c95ffa5bba7
2019-08-04 22:02:13 +00:00
jenkins-bot 44e427601f Merge "Avoid DEMPTY leak" 2019-08-04 21:16:22 +00:00
Daimona Eaytoy 6ef2cf523b Profiling: don't count time for operations shared with the edit
Parsing wikitext and retrieving its links are operations which we share
with the edit, so that if a filter does that, it won't be done later
upon saving.
Thus, add a static variable to subtract such time and avoid to erroneously log as slow any filter using those variables.

Bug: T219092
Depends-On: I24fbd41ac188a9cf6a7d3ca33dce349aedc9faa6
Change-Id: I7c0170167b508132cd16e566c654a6c98dd683e9
2019-08-04 20:12:10 +00:00
jenkins-bot 4347331692 Merge "Reset all filter profiling data at once" 2019-08-04 18:53:57 +00:00
jenkins-bot 19182606c1 Merge "Merge global profiling keys" 2019-08-04 18:40:14 +00:00
Daimona Eaytoy f977e858ab Avoid DEMPTY leak
As shown in the coverage reports [0], some empty operand logging lines are covered, but no test should have empty operands. I see one of the cause is skipOverBraces keeping $result as is, even if DEMPTY, so turn it into a DUNDEFINED.

[0] - https://doc.wikimedia.org/cover-extensions/AbuseFilter/includes/parser/AbuseFilterParser.php.html

Change-Id: I7831f3ed9f7c0656e0e8f77ded049c20eca682ba
2019-08-04 18:25:04 +00:00
Daimona Eaytoy 2742f24bca Reset all filter profiling data at once
Instead of scattering the process all over the code (and doing it
together with checking if the key already exists).
Wrap the logic in new methods for better readability.

Depends-On: Ib12e072a245fcad93c6c6bd452041f3441f68bb7
Change-Id: I24fbd41ac188a9cf6a7d3ca33dce349aedc9faa6
2019-08-04 18:03:14 +00:00
rarohde d022377578 Merge global profiling keys
The last step of the profiling overhaul. See T53294 for the original description by Dragons flight.

Note: Here I'm adding a FixMe for a problem which already exists in the code
and the child patch will fix it.

Bug: T53294
Depends-On: I2d8c8f8278073a9420e3eb373fb89a655925618a
Change-Id: Ib12e072a245fcad93c6c6bd452041f3441f68bb7
2019-08-04 17:59:58 +00:00
jenkins-bot 879ff59fe2 Merge "Split hook handlers related to filtering" 2019-08-04 17:55:51 +00:00
jenkins-bot be4b1c5bc1 Merge "Fix @deprecated since version" 2019-08-04 17:50:47 +00:00
jenkins-bot e733872e13 Merge "Allow accessing offsets of built-in variables" 2019-08-04 17:48:46 +00:00
jenkins-bot 790cd38fb0 Merge "Further deprecation for empty conditions" 2019-08-04 17:26:40 +00:00
Daimona Eaytoy 7d192cb1f2 Split hook handlers related to filtering
This adds a new get(Type)Vars method for every action type. The goal is
to 1-have shorter methods, which is always good; 2-try to make this code
a bit more testable.
I left as a todo moving all these methods to a separate class, the idea
being to make them non-static and thus easier to be tested.

Depends-On: I2eab2e50356eeb5224446ee2d0df9c787ae95b80
Change-Id: I6de2dd27a8f972b3f74c730a1516639f8c622166
2019-08-04 17:21:29 +00:00
Daimona Eaytoy 517919fca8 Allow accessing offsets of built-in variables
I5ec4ab44c4e88aaf18c0d7b73355d27050beeda7 almost fixed this bug, but we
also have to make it possible to access builtin variables as arrays.
This will only make sense for a few variables (e.g. added_lines and
removed_lines), but I don't think we should validate it when checking
syntax.

Bug: T198531
Change-Id: I417e1b8d4802bbfccd091ce5c7617659cfd1e4ea
2019-08-04 17:14:44 +00:00
jenkins-bot 534a282f7d Merge "Clarify "filter" field in SpecialAbuseLog and ApiQueryAbuseLog" 2019-08-04 17:13:47 +00:00
jenkins-bot 5fccb5a67b Merge "Change parameter order for newVariableHolderForEdit" 2019-08-04 17:07:27 +00:00
Daimona Eaytoy 71e3719e12 Clarify "filter" field in SpecialAbuseLog and ApiQueryAbuseLog
The "filter" fields can also accept a list of filters, and also global filters, so make it clear in the UI and in messages.

Change-Id: Ib258716d8e6792fd496938ebb4e8a2565d6370b7
2019-08-04 16:55:05 +00:00
Daimona Eaytoy c635f41697 Change parameter order for newVariableHolderForEdit
Make the old text non-optional, and typehint the old content.

Change-Id: I91be3c028e891d32fa8a61ed541336c85f8a9dfb
2019-08-04 16:48:21 +00:00
Daimona Eaytoy 4f8811bc3b Update cache key version for data in stashed edits
In I1dc3be6da1cc9e03bc47e8f8c867089ad0100f6f we added fields to the array.
Update the version to avoid PHP errors while upgrading the wikis, for edits
stashed before the upgrade, and saved afterwards.

Change-Id: I5489b556b1b0e9cb2af862dbfa0621909a5e355d
2019-08-04 16:36:23 +00:00
jenkins-bot c0b6267022 Merge "Use milliseconds for time profiling" 2019-08-04 16:12:59 +00:00
jenkins-bot fea7686724 Merge "Hide profiling for disabled filters" 2019-08-04 16:12:56 +00:00
jenkins-bot f7fd6a6daf Merge "Move per-filter matches profiling to per-filter data" 2019-08-04 16:07:58 +00:00
jenkins-bot d940ef63cd Merge "Specialize empty AFPData types" 2019-08-04 15:52:34 +00:00
Daimona Eaytoy e8866fee88 Fix @deprecated since version
The Runner was introduced in 1.34.

Change-Id: I9239705ef5628821b3ce6dbc27ac282cfc93e1e6
2019-08-04 15:39:54 +00:00
Daimona Eaytoy 5f4491f9aa Further deprecation for empty conditions
Start deprecating "empty" logic operators, and now that we have DEMPTY, simplify handling of empty function arguments introduced in Ica3e49f5b00595a95513d9683732e490aa7aae17.

Bug: T156096
Change-Id: Ied6b385e8690b6cc6e69afcf614389f737ab95bd
2019-08-04 15:33:49 +00:00
Daimona Eaytoy 9049be3609 Specialize empty AFPData types
As described in T156096#5389655.

Change-Id: Ifbf95a6b72a280cd77db6affbd8d642499bbfedc
2019-08-04 15:26:57 +00:00
Daimona Eaytoy c8ebb4956c Hide profiling for disabled filters
As data could be "old" and it may have no meaning.
Also remove a superfluous isset(), as $row->af_hidden is always set.

Depends-On: I2d8c8f8278073a9420e3eb373fb89a655925618a
Change-Id: I072363706c61f272c4c3691de4078e2a19148424
2019-08-03 23:28:42 +00:00
Daimona Eaytoy c3db63714e Use milliseconds for time profiling
Instead of seconds, and round the average condition at 1dp instead of 0.
Split from child patch by Dragons flight.

Depends-On: I2d8c8f8278073a9420e3eb373fb89a655925618a
Change-Id: I339aed5f8c1d49714e7927ce49286f9ce6c839f5
2019-08-03 23:24:46 +00:00
Daimona Eaytoy 0b7902fe6e Move per-filter matches profiling to per-filter data
They're currently stored separately, so move matches count together with
other per-filter data to keep it consistent. This also removes a
parameter from filterMatchesKey, as it's not needed anymore.
Split from child patch by Dragons flight.

Bug: T53294
Depends-On: I8f47beb73cfc1b63c4b3c809fc6d65a1e66ee334
Change-Id: I2d8c8f8278073a9420e3eb373fb89a655925618a
2019-08-03 23:22:20 +00:00
jenkins-bot 3b2b85b60d Merge "Store per-filter profiling in a single key" 2019-08-03 22:43:32 +00:00
Daimona Eaytoy 33bfe97d8c Move non-decimal numbers deprecation logging
Bug: T212730
Change-Id: Idb833c60541873bfe9c2b225009bd32e4a48cd60
2019-08-03 16:57:24 +00:00
Daimona Eaytoy d04a0d3afc Store per-filter profiling in a single key
Instead of having three keys, one for total actions, one for time and
one for conditions. This has several benefits: first, it avoids race
conditions which could happen having different keys. Second, it's much
more performant. Third, the code is also clearer to understand,
and more uniform with the one for global stats.
Split from child patch by Dragons flight.

Bug: T53294
Depends-On: I1dc3be6da1cc9e03bc47e8f8c867089ad0100f6f
Change-Id: I8f47beb73cfc1b63c4b3c809fc6d65a1e66ee334
2019-08-03 11:39:27 +00:00
Daimona Eaytoy a85e1ccc59 Make AbuseFilterParser::$funcCache non-static
Change-Id: I312efe3ce4d1f06e697aa4564aeec1bacbaf97d3
2019-08-03 09:19:49 +00:00
jenkins-bot 0e00654b7d Merge "Save profiling data and vars in cache when running filters" 2019-08-02 23:28:03 +00:00
Daimona Eaytoy 4acb266e90 Save profiling data and vars in cache when running filters
This is the proper solution to replace
Ia8e38ba25d1989fe71714d2b76891c4587921466, using a class member and an
additional method. Plus, change checkFilter not to accept a prefix, but a boolean indicating if the filter is global (as that's how it's used currently).

This change also fixes an issue which caused profiling data for local
filters to be mixed with profiling data for global filters with the same
ID.

Depends-On: Iafc142d2e5ba7aa0fb0d3265fa05cace27679738
Change-Id: I1dc3be6da1cc9e03bc47e8f8c867089ad0100f6f
2019-08-02 22:54:30 +00:00
Daimona Eaytoy 09d0254172 Better handling of DNONE
This patch includes:
 * Making it possible to access offsets of a DNONE (returning a DNONE)
 * Initializing user-defined variables as DNONE inside short-circuited branches
 * Make DNONE propagate with other operators
 * Make DNONE count as false for logic operators
 * Remove a now-outaded bit in doLevelAtom. In case of shortcircuit,
   $result is now DNONE instead of DNULL, and thus it's possible to
   access offsets of it. Performance++!
 * Don't allow modifying or adding an element of a DNONE as if it were an
    array (to avoid inconsistencies)

This re-applies Id85c673337fa90a3782fd22eb9690cd996967111 with several fixes.

NOTE: Haven't tested locally, although I'm pretty confident thanks to
the amount of tests added.

Bug: T214674
Bug: T228677
Change-Id: I5ec4ab44c4e88aaf18c0d7b73355d27050beeda7
2019-08-02 21:05:08 +00:00
jenkins-bot e3e157361d Merge "Revert "Initialize user-defined variables during shortcircuit"" 2019-07-29 23:30:50 +00:00
Daimona Eaytoy 13cdb86dd2 Revert "Initialize user-defined variables during shortcircuit"
Reason for revert: T214674#5374806

This reverts commit 56e6117afd.

Bug: T214674
Change-Id: Iccce248d2693cd9877a740b74e72a577e730435e
2019-07-29 23:06:23 +00:00
jenkins-bot dfa0109ba8 Merge "Rename old/new-(wiki)?text i18n keys" 2019-07-25 08:35:26 +00:00
Daimona Eaytoy eff4580a6f Add new method: AbuseFilterVariableHolder::newFromArray
Instead of duplicating code in several files.

Depends-On: I2eab2e50356eeb5224446ee2d0df9c787ae95b80
Change-Id: Iafc142d2e5ba7aa0fb0d3265fa05cace27679738
2019-07-24 18:41:32 +00:00
Daimona Eaytoy 4720c97530 Add a new class for methods related to running filters
Currently we strongly abuse (pardon the pun) the AbuseFilter class: its
purpose should be to hold static functions intended as generic utility
functions (e.g. to format messages, determine whether a filter is global
etc.), but we actually use it for all methods related to running filters.
This patch creates a new class, AbuseFilterRunner, containing all such
methods, which have been made non-static. This leads to several
improvements (also for related methods and the parser), and opens the
way to further improve the code.
Aside from making the code prettier, less global and easier to test,
this patch could also produce a performance improvement, although I
don't have tools to measure that.
Also note that many public methods have been removed, and almost any of
them has been made protected; a couple of them (the ones used from outside)
are left for back-compat, and will be removed in the future.

Change-Id: I2eab2e50356eeb5224446ee2d0df9c787ae95b80
2019-07-23 19:06:27 +00:00
Daimona Eaytoy 56e6117afd Initialize user-defined variables during shortcircuit
Bug: T214674
Depends-On: I5a14d4b2bc3ffd9caaaa095f16f36b9b6009db05
Change-Id: Id85c673337fa90a3782fd22eb9690cd996967111
2019-07-23 12:20:53 +00:00
Daimona Eaytoy 3258eeed69 Add normalizeThrottleParameters script to update.php
Bug: T203587
Bug: T203336
Bug: T203584
Bug: T203585
Depends-On: I7831dbb0bab55807392ac1f7915d6cb0cb713593
Change-Id: Ideaae7b58e0ffa606095aac4a9e5d21c6bdf11d2
2019-07-17 12:36:08 +00:00
Daimona Eaytoy 18d7d2ed62 Start using AFPData::DNONE
This should allow more flexibility when checking syntax, and a saner
behaviour overall.
Aside from not throwing exception in certain cases, the results should
be almost equal to the ones you would get without this patch. However,
there are still a few things to improve (which for convenience I wrote
inside the parser test) and many to test.

Bug: T204654
Depends-On: I69bfec45c76509fb1112641393f78e8d8834adcd
Change-Id: I5a14d4b2bc3ffd9caaaa095f16f36b9b6009db05
2019-07-14 08:48:47 +00:00
jenkins-bot d36dfaa951 Merge "build: Upgrade phan-taint-check-plugin from 1.5.x to 2.0.1" 2019-07-10 16:41:46 +00:00
James D. Forrester 70a03755e8 build: Upgrade phan-taint-check-plugin from 1.5.x to 2.0.1
Change-Id: Ica0439db5ec729c3b298db99fd89dd999f491457
2019-07-10 15:30:52 +00:00
Daimona Eaytoy 7bc566e635 Fix the regex for numbers, start deprecation of non-decimal numbers
Aside from the 14 thingy reported in the task, this syntax is awful! The
fix to the regex should only be intended as a temporary stopgap. A
proper fix would be to introduce a new syntax, like for instance the one
used in PHP.

Bug: T212726
Change-Id: Idc37a17ce539e6c63d67fc07d47d812569debe0e
2019-07-10 13:26:36 +00:00
Aaron Schulz fce600c3ee Fix bogus DB domain parameter in AbuseFilter::getCentralDB()
Follow-up to 2cf7b58434

Bug: T227613
Change-Id: I07b2d46389e6c8346d7c5848a00a1c2f8577acd8
2019-07-09 15:27:53 -07:00
jenkins-bot 6a5d5fc447 Merge "Really drop afl_log_id from update.php" 2019-07-09 17:03:24 +00:00
Daimona Eaytoy c6a9f3517a Really drop afl_log_id from update.php
Follow-up of 0b925da36e, somehow I forgot
to add the removal code for MySQL and SQLite to the Hooks.

Bug: T214592
Change-Id: If0d1d5430573273784ff6f6e338b0c2199f6d7bb
2019-07-09 16:51:28 +00:00
jenkins-bot c3dcd95733 Merge "Start making APFData members private" 2019-07-09 09:23:17 +00:00
jenkins-bot 9650f11d16 Merge "Fix error display on ViewEdit" 2019-07-09 09:02:12 +00:00
jenkins-bot 35ab35978b Merge "Add a new data type for non-initialized stuff" 2019-07-09 08:58:48 +00:00
Daimona Eaytoy 3aaeb20063 Start making APFData members private
$data and $type are meant to be read-only and should have getter
functions, but as usual they're just public. Add getter methods, a
comment with a @private annotation and remove usages in our codebase.

Change-Id: I5e51efc9f982a4e340b48d20cb1b38a75bb10021
2019-07-09 10:57:00 +02:00
jenkins-bot 6f0905541a Merge "Make AbuseFilterVariableHolder::mVars private" 2019-07-09 08:42:16 +00:00
jenkins-bot 69bebbb4ff Merge "Simplify action arrays" 2019-07-08 23:07:26 +00:00
Daimona Eaytoy 304b58d46a Make AbuseFilterVariableHolder::mVars private
This property is meant to be private, since it has all kinds of
getters/setters, aside from one which is introduced in this patch.

Change-Id: I217b1e22cabd3c0468c84b1d6a69a6ed3c6fa8e6
2019-07-08 16:25:10 +02:00
Daimona Eaytoy 5eff8f73b0 Fix error display on ViewEdit
This changes the buildFilterEditor function to be protected and to
behave consistently: so, instead of adding stuff to OutputPage inside it
and also returning other stuff to be added by the caller, the function
now adds everything itself.
Also, the message "you're editing an old version of the filter" is now
shown only if the user can see the filter.

Change-Id: I1f40af41c5de0f63aa6210a261928892da0b3f69
2019-07-08 16:11:33 +02:00
Daimona Eaytoy db193dad12 Rename old/new-(wiki)?text i18n keys
Now we have the key old-text for the old_wikitext variable, and the key
old-text-stripped for old_text. This can be confusing (see I61b2d252333ca634eae560d824f740f0f947b3d3), so use i18n keys more similar to the variable name.
NOTE: the keys will have to be changed on translatewiki if we want to avoid
confusing people.

Change-Id: Ie612350642ac4afc76f18639d988e72b4016b1e2
2019-07-08 15:55:02 +02:00
Daimona Eaytoy bc79962803 Add a new data type for non-initialized stuff
Split from I5a14d4b2bc3ffd9caaaa095f16f36b9b6009db05.
This adds a new data type to use for empty AFPDatas. Using NULL for that
makes it impossible to distinguish cases where we really got a null
value, and cases where there was nothing to parse.
For now, DNONE is the same as DNULL, but I've explicited DNULL where
necessary. A subsequent patch will make proper use of DNONE.

Bug: T156096
Change-Id: I69bfec45c76509fb1112641393f78e8d8834adcd
2019-07-08 15:35:02 +02:00
Daimona Eaytoy d8d4750e6a Simplify action arrays
The current form is awkward. They're all like
[ actionname => [ 'action' => actionname, 'parameters' => params ] ]
This is greatly confusing since adds a nesting level, and just
duplicates the actionname information (also, we actually never retrieve
it from the internal array). Instead, change all of them to be
[ actionname => params ]
which is a lot shorter and clearer (and easier to handle).
A similar case is handled in I8134ecc41fbecdbed99faf406e9e3ca91b6123b9
(see PS 8..10).

Change-Id: I34c040dbeb3ab01158fb3db22496def6ccaf72d9
2019-07-05 10:00:48 +02:00
Daimona Eaytoy b2af2f0bf5 Fix global caching
Use a more explicit TTL_WEEK, and add the version to avoid breaking the
world if we change the format.

Bug: T227299
Change-Id: I22705496ed8541c3dd9b643d78dff8886f4ff070
2019-07-05 09:17:57 +02:00
Aaron Schulz 2cf7b58434 Convert wfGetDB() calls to using getConnectionRef()
This handles the logic of calling reuseConnection() automatically

Change-Id: I9328e709fe5d81099338a31deef24d34db22d784
2019-07-04 15:09:32 -07:00
jenkins-bot 0d001e3d6f Merge "Disallow consecutive comparisons" 2019-07-04 20:43:57 +00:00
Daimona Eaytoy 85b46268f2 Rename the filterAction hook and add a parameter
The 'AbuseFilter-filterAction' hook is deprecated in favour of a new
'AbuseFilterAlterVariables' hook, which provides a User object and has a better name, since it reflects what it should be used for, and doesn't include the name of a function which will be removed. The hook will be hard deprecated in a subsequent patch, to avoid test failures.

Depends-On: Ic0ecc8746e2883c746bef815a0fee4131f1a0646
Change-Id: I212b1e09e9c05d487d96b2f4c28f2a613e6ff3cf
2019-07-04 18:10:47 +00:00
Daimona Eaytoy b7f1a7d459 Enforce saving of full abuse_filter row in cache
This is somehow a follow-up of
Ieb04f019453033c275e211cfc9fd68d5d7c392ef. A new method is introduced to
cache a filter, which checks that all fields are there.

Depends-On: I7c1ea17adf7f42cf9260d416906bfbf3b8a20688
Change-Id: Ic0ecc8746e2883c746bef815a0fee4131f1a0646
2019-07-04 18:10:33 +00:00
Daimona Eaytoy 7398730563 Disallow consecutive comparisons
As explained on phabricator, they don't work with shortcircuit, so they
already fail for all filters using them. Plus IMHO it's an unnecessary
deviation from PHP's behaviour, given that this syntax doesn't do what
users may expect.

Bug: T218906
Change-Id: If9e7545e14044c8dc3b4163bb6fca8ab0683b9fa
2019-07-04 19:15:07 +02:00
DannyS712 eb278479d5 Add help links to special pages
Bug: T226938
Change-Id: I50a76733b3b8d4ee72ccc6816b58a67a66b2f603
2019-07-03 16:06:16 +00:00
Daimona Eaytoy 6ea767f171 Tweak methods related to global filters
To make the switch to afl_filter_id and afl_global easier.

Bug: T227095
Depends-On: Ie550889495232b534c0f9aec31039cf21b2135b1
Change-Id: If557bad8f5c1a6d15e3556e4bfbd0330d7d49c59
2019-07-02 17:02:50 +02:00
Daimona Eaytoy 0b925da36e Drop afl_log_id
Field unused since its introduction.

Bug: T214592
Change-Id: I1f4f775e9678de5184672251631a490e4eb81764
2019-06-28 17:55:55 +00:00
Daimona Eaytoy 6100955242 Use more verbose names for filter IDs
Follow-up of Ie550889495232b534c0f9aec31039cf21b2135b1, suggested by
Krinkle.

Change-Id: Ia8f40644c7f4a6ed53186a5edab5df1bd313166a
2019-06-25 18:20:32 +00:00
Daimona Eaytoy 382751a707 Move conditions-related stuff inside AbuseFilterParser
Instead of relying on static methods and members in the AbuseFilter
class, move everything related to conditions inside the Parser, as the
amount of used conditions is something pertaining a single
AbuseFilter(Caching)Parser instance.
This change requires changing some signatures and adding parameters,
but will make introducing the new AbuseFilterRunner class easier (and
that will clean signatures, too).

Depends-On: I5b29ff556eca45fe59d15e2e3df4d06f1f6b3934
Change-Id: I7c1ea17adf7f42cf9260d416906bfbf3b8a20688
2019-06-19 15:14:17 +00:00
Daimona Eaytoy a8e8611509 Remove log_ids meta-variables
This is the second part of removing meta-variables. To achieve this, a
static property is added and another one removed.

Depends-On: I7f60df24dc8e706af289ebbbde7536c0baf8d5c3
Change-Id: I5b29ff556eca45fe59d15e2e3df4d06f1f6b3934
2019-06-19 14:44:56 +00:00
Daimona Eaytoy 246d8e78aa Improve getFirstFilterChange function
Fix the typehint, and use selectField instead of selectRow.
Follow-up of Ie550889495232b534c0f9aec31039cf21b2135b1 suggested by
Krinkle.

Change-Id: I7e74b7b484dfa487db96598ef7aef4895d7bf275
2019-06-17 13:01:56 +02:00
Daimona Eaytoy e7cd4b2a98 Rewrite AbuseFilter::decodeGlobalName
Now it returns an array with a bit more info, and has a different name
to reflect the fact that its input is now split in two parts. Plus, make
it throw whenever it gets an unexpected input, and add a bunch of test
cases for it.

Depends-On: Ib5fdeb75c1324f672b4ded39681f006fde34b4d1
Change-Id: Ie550889495232b534c0f9aec31039cf21b2135b1
2019-06-12 23:56:25 +00:00
Thalia 22ceae7e23 Use MediaWiki\Block\DatabaseBlock instead of Block
This follows the rename of the Block class in I6d96b63ca0.

Change-Id: I44cf9eb68c23a8299316effa4dee7f732486dd84
2019-05-31 16:08:19 +01:00
Daimona Eaytoy 53f03e5301 Tokenizer caching back to APC
Partial revert of I4dd81a723e2bdb828b90594ad66a3918d8ec5b6c.
Thinking again of it, I think it's not worth it to have this data over
the network. Plus, given that it's not-that-slow to be computed, I think
there can only be a performance gain in using APC (as opposed to e.g.
memcached/redis) for 99.9% of the filters.

Change-Id: I8c6a4a95ec12c18ede8e6419540f7a2ac943457c
2019-05-28 19:48:26 +02:00
Daimona Eaytoy c3ee5e7251 Simplify static properties in AbuseFilterHooks
Avoid all those data types (i.e. use null instead of false), use camelcase, make them private. Also, remove some logic to handle $lastEditPage being Article, as it can only be WikiPage.

Depends-On: I5a9db6e7c4356c9662a0b0a51e66252555b3d998
Depends-On: I359a618ffc4e45ce1fb70f2d1aa99a6668609e36
Change-Id: I7f60df24dc8e706af289ebbbde7536c0baf8d5c3
2019-05-25 16:27:21 +00:00
Daimona Eaytoy 864d2b7e03 Don't run filters with null title
As all title variables would be null, and the result pretty meaningless.

NOTE: Please vote V+2 and submit manually. I359a618ffc4e45ce1fb70f2d
should then be +2ed right after that. This way, there is no need to create
two more patches just for a handful of tests being broken for a minute.

Bug: T144265
Bug: T219030
Depends-On: If6b91711534c0d60e1aa27bd5748c3023e29f376
Change-Id: I5a9db6e7c4356c9662a0b0a51e66252555b3d998
2019-05-25 16:27:08 +00:00
jenkins-bot e5a15ab968 Merge "Add a parameter to generate(User|Title)Vars hooks to specify context" 2019-05-25 11:37:04 +00:00
jenkins-bot 2b1c62ecdd Merge "Restore unit tests for CachingParser and fix it" 2019-05-25 11:24:51 +00:00
Daimona Eaytoy 2b4ddd1096 Change a long if/elseif to switch
This is done for 3 reasons: 1-the code should hopefully be clearer;
2-FWIW, switch's are a little bit faster than elseifs (roughly 15%); 3-to
fix a bug with coverage driver which says those lines are not covered.
3 is a follow-up of I997576141943959d4602a9f839311108928ec766.

Change-Id: I2d69e421e384cb74a799c5c5f77d041a7e02d4c8
2019-05-25 10:59:37 +02:00
Daimona Eaytoy 39fc7c12af Restore unit tests for CachingParser and fix it
Added cachingParser back to *all* the parser tests, fixed a couple of
differences with the normal parser, and added a couple of tests so that
any cachingParser-related file has 100% coverage. Also move the remaining
get_matches tests inside parserTests, and specify the parser used in case of failure.
This also adds a new base class for parser-related tests with a couple
of util methods.

Bug: T201193
Change-Id: I980aec3481a52ecc35f1811a366014a5581a7cdb
2019-05-25 10:55:24 +02:00
jenkins-bot 1cb80be0ad Merge "Add tests for various data type casts" 2019-05-24 19:19:20 +00:00
jenkins-bot 058e215882 Merge "Refactor tokenizer caching" 2019-05-24 19:09:03 +00:00
Daimona Eaytoy f56562f583 Add tests for global filters
Another crucial part to have covered. Also clarify that
AbuseFilterCentralDB can be of the form "dbname-prefix".

Remove a filter used for profiling and replace it with a global one:
we're still fine, and the list is kept shorter.

Bug: T201193
Depends-On: I5ee7ba44a6cd82a5ddb24fb4127af04d96e647f4
Change-Id: If6b91711534c0d60e1aa27bd5748c3023e29f376
2019-05-24 16:58:23 +02:00
Daimona Eaytoy a766e39ade Add unit tests for profiling
Yet another important part to have covered. While for normal edits it
already works, for stashed ones it doesn't. That's why we need the patch
for checkAllFilters. Since for stashed edits profiling stats are all
zeros, this may explain T201334.
Changed the timestamp variable to use wfTimestamp instead of time() so
that we can fake it inside unit tests.
In a subsequent patch we should add average runtime conditions to tests
(really tricky).

Bug: T201193
Depends-On: Ib17821240b25c972a187e6b5eae42c5ada6c65e7
Change-Id: I5ee7ba44a6cd82a5ddb24fb4127af04d96e647f4
2019-05-23 08:47:40 +00:00
Daimona Eaytoy 33fca4e096 Ignore trailing commas in function calls
First step before removing this weird syntax. I'd love to add a unit
test for params count, but I couldn't find a way, since doLevelFunction
is protected, relies on class members, and the args count is local.

Bug: T153251
Change-Id: Ica3e49f5b00595a95513d9683732e490aa7aae17
2019-05-21 23:13:31 +00:00
jenkins-bot a9afdc1f80 Merge "Slightly improve degroup action, remove Phan suppressions" 2019-05-19 17:20:23 +00:00
jenkins-bot 48ac8c492b Merge "Temporarily catch another BadMethodCallException" 2019-05-19 17:13:10 +00:00
jenkins-bot e66d30d37c Merge "Don't send empty array to Database::makeList" 2019-05-18 12:27:50 +00:00
jenkins-bot 75e5c907fc Merge "Remove problematic array type hint from hook handler" 2019-05-18 09:01:48 +00:00
Daimona Eaytoy 291c35cea0 Don't send empty array to Database::makeList
Check that the provided param is not empty, as otherwise
Database::makeList will throw and the exception will bubble up to the
user.

Bug: T222531
Change-Id: Icf5db25037a0d0a7b4076f21e7f1c9a6ee1d5a87
2019-05-18 10:55:26 +02:00
Thiemo Kreuz 1c5accd90a Remove problematic array type hint from hook handler
It's possible this parameter is null, as demonstrated in Id2caa44.

Change-Id: I69bf0d70552fb049aa1c93bb12bcb5cc9e457c53
2019-05-18 08:50:22 +02:00
jenkins-bot 6250eaea39 Merge "Add missing type hint to SpecialPage::execute()" 2019-05-16 15:19:22 +00:00
Thiemo Kreuz aba489a1f4 Add missing type hint to SpecialPage::execute()
[Also make use of the list() feature in one case I forgot before in
If2b6c95.]
 -> Changed to use direct array access by Daimona per inline comment.

Change-Id: I708dff30b6e00ccab3257b2e6fa5995eb9e30e0f
2019-05-16 14:31:54 +00:00
Daimona Eaytoy 44632f21a4 Temporarily catch another BadMethodCallException
This is the same as line 224, and I forgot to include this code path in
the same patch.

Bug: T187153
Change-Id: I28074680760a7070eb423b5eada1e35f829ed10a
2019-05-16 15:49:17 +02:00
jenkins-bot 99e821b125 Merge "Upgrade PHPCS and phan" 2019-05-15 19:42:42 +00:00
Daimona Eaytoy 311f68f6e8 Upgrade PHPCS and phan
Change-Id: Ibfb737e4552133d1ddd388e7410c6e1bc3a72e12
2019-05-15 19:06:04 +02:00
jenkins-bot 915bea466e Merge "Make use of PHP's list() feature where possible" 2019-05-15 15:06:20 +00:00
jenkins-bot c52850aae7 Merge "Add missing limits to explode() calls" 2019-05-15 15:06:18 +00:00
Thiemo Kreuz c6f20a64dd Add missing limits to explode() calls
This is fixing potential bugs where invalid strings with more than one
comma have silently been accepted.

Change-Id: Ib1e7d0c99973f243ef6faad6389bab688187c1cf
2019-05-15 16:14:12 +02:00
Thiemo Kreuz 3dece9ef8c Make use of PHP's list() feature where possible
Change-Id: If2b6c95a319800dd4944ecc0d7a8d3a819c846c1
2019-05-15 16:12:51 +02:00
Thiemo Kreuz fa3ce90851 Remove comments literally repeating what the code says
I find it obvious that a file called "AbuseFilterTokenizerTest" is a
"test for the AbuseFilterTokenizer class". A comment that is just
repeating this information is typicalls not helpful, but distracting
and a potential source of mistakes, e.g. when stuff is copy-pasted,
but the comment not adjusted.

Change-Id: I1d4cc06e9e5631955ff73bf675090cf9c33c9390
2019-05-15 16:04:32 +02:00
Thalia f23905c402 Remove call to deprecated User::isBlocked
Change-Id: Ibb7412f8aa08a745a211b9b0581ccb6b0ca9eff5
2019-05-14 13:14:57 +01:00
jenkins-bot 06cac3682e Merge "Replace deprecated cache-related functions" 2019-05-01 16:27:56 +00:00
Daimona Eaytoy 2276d8ed2a Refactor tokenizer caching
Split a method, use WAN cache so that we're enabled to use
getWithSetCallback, pass the "version" option there and adapt the test
to it.
Follow-up of I9b3bc36b552901bc6ca7609ee51e80be2979a9c4

Change-Id: I4dd81a723e2bdb828b90594ad66a3918d8ec5b6c
2019-04-23 19:38:10 +02:00
Aaron Schulz bc04dd93fe Avoid sending stashing statsd data for bots in AbuseFilter::filterAction
Change-Id: Ic06f64c22fc94665e58620a98e17264d48c97deb
2019-04-22 17:45:51 -07:00
jenkins-bot cdad0e1a14 Merge "Revert "Use string cast for Postgres compatibility"" 2019-04-18 15:31:51 +00:00
Daimona Eaytoy 9a315f2a6e Revert "Use string cast for Postgres compatibility"
This reverts commit 4ab12305f1.

Bug: T221357
Change-Id: Id0f26f48ad9904e73a8b65d76586957c2be93e82
2019-04-18 11:51:16 +00:00
jenkins-bot 968bd9b817 Merge "Add tests for tokenizer caching" 2019-04-17 23:27:19 +00:00
Daimona Eaytoy 4b10a544ab Add tests for tokenizer caching
Caching the result of the tokenization is pretty important
performance-wise, so this test ensures that caching works as expected.
I have also extracted the method used to generate the cache key for
easier testing, and moved the cache instance to a class member because
otherwise that piece of code can't be tested...

Bug: T201193
Change-Id: I9b3bc36b552901bc6ca7609ee51e80be2979a9c4
2019-04-15 16:59:55 +02:00
Daimona Eaytoy ec110c657b Add tests for various data type casts
These are the ones which other tests don't cover, mostly because no
filter syntax can trigger those cases. This patch should bring coverage
for AFPData to 100%.

Bug: T201193
Change-Id: I997576141943959d4602a9f839311108928ec766
2019-04-14 14:08:57 +02:00
Daimona Eaytoy 23fe973544 Remove pointless number cast
If the number is int there's not need to intval it, and if it's float
there's no need to floatval... Just use it to determine the internal
data type, like it happens for sum and sub.

Change-Id: Ie00c4bb4e67ad1eface0cea3eb42d04aa5fb39cc
2019-04-14 10:49:09 +02:00
Daimona Eaytoy 909eec6716 Tweak coverage part 2
Follow-up of Ic30883f7d261d974a2be46308d023e2714119e95, with two files
that I forgot to git-add and a repositioning of comments to avoid the
last bracket to be reported as uncovered.

Bug: T201193
Change-Id: I6bf7e5892a0f49f6a138792f0aedf230a70c18a8
2019-04-13 19:26:01 +02:00
Daimona Eaytoy 4bcb64b01a Increase code coverage a bit
This patch mostly adds coverageIgnore comments for intendedly
unreachable code etc. Some of them could be made testable by adding a new
filter function (e.g. array cast), but this patch is meant to be
comment-only (aside from the parser test).
Ignoring coverage for these lines makes some methods reach 100%
coverage, which in turn makes it easier to look at the coverage chart
and identify at a glance which parts of the code *really* need to be
covered.

Bug: T201193
Change-Id: Ic30883f7d261d974a2be46308d023e2714119e95
2019-04-13 18:30:14 +02:00
jenkins-bot caeaac9e7d Merge "Add tests for storing and loading the variables dump" 2019-04-12 14:09:57 +00:00
jenkins-bot ed1c996f65 Merge "Temporarily catch BadMethodCallException when computing _links vars" 2019-04-12 08:27:19 +00:00
Daimona Eaytoy 8293ec176f Add tests for storing and loading the variables dump
These are specific tests for storeVarDump and loadVarDump, both alone
and in the context of running filters.
Also, include disabled variables in the VariableHolder object if they're
saved in the DB.

Bug: T201193
Depends-On: Ia5c477edc8733bb1994cb6d01e1371ed496c8bcb
Change-Id: I5e35d773904a62105767ce6d7d962ab5525c2d12
2019-04-12 08:03:33 +00:00
jenkins-bot ca6ef32a69 Merge "Use string cast for Postgres compatibility" 2019-04-11 21:50:06 +00:00
Daimona Eaytoy e5ab8483fc Temporarily catch BadMethodCallException when computing _links vars
The root cause is database rows holding a serialized revision object
(awful, right?), and to properly fix it we need a maintenance script,
still WIP (T213006).
This temp fix is to avoid flooding the exception channel.

Bug: T187153
Change-Id: I062934091fbd6213cf9bc10e8ad6864ce6a58254
2019-04-11 09:33:16 +02:00
jenkins-bot 903f3db8fe Merge "Beautify old, broken abuse_filter_history rows" 2019-04-10 05:11:38 +00:00
Daimona Eaytoy 25ed009518 Beautify old, broken abuse_filter_history rows
And right when the throttle script seemed complete... Here is another
function! So, this change splits the logic in new functions called
sequentially, and the only actual change is adding the beautifyHistory
function. Its purpose is to search ANY row in abuse_filter_history with
empty/missing parameters and normalize it. More specifically, missing
period and count are inserted as 0, and for missing groups we add
"none", used by a newly introduced message. This way, messages shown on
Special:AbuseFilter/history will be clearer and won't have gaps.

Bug:T209565
Bug:T215787
Change-Id: I38395f4df9d83badfd26cdf584ffba743b6417a9
2019-04-10 04:51:58 +00:00
jenkins-bot efe32b7c93 Merge "Add doc for every class member" 2019-04-06 14:37:19 +00:00
jenkins-bot d53c84da36 Merge "Restore check for dividebyzero" 2019-04-06 12:35:23 +00:00
jenkins-bot e03488b66a Merge "Overhaul tag selector" 2019-04-06 12:35:20 +00:00
jenkins-bot cf5df265b0 Merge "Allow filtering AbuseLog for filter group" 2019-04-06 12:24:10 +00:00
jenkins-bot 8ac0dda62d Merge "Don't publish LogEntries without ID" 2019-04-06 12:24:07 +00:00
Daimona Eaytoy a777b681e2 Don't publish LogEntries without ID
Mimic what publish() does, for the part that we need.

Bug: T219951
Bug: T218940
Change-Id: I16dd7071837a6965934d08b770f455f45cd02a6b
2019-04-06 09:46:09 +02:00
Daimona Eaytoy 451666272e Slightly improve degroup action, remove Phan suppressions
Try to get the groups from the var first, and compute them if they don't
exist. Use getEffectiveGroups instead of getGroups as it's done when
setting the lazy var loader. Avoid a pointless array_intersect within an
array_diff. Remove Phan @suppress and add docblock to make it pass.

Change-Id: I49ec6a1264b767cefea55df66ef3b02d4f443b57
2019-03-30 09:53:51 +00:00
Daimona Eaytoy 7fb3ea9002 Reduce the amount of returns
Having a single return statement inside a function isn't always the
best, but having 5 is probably worse. This patch changes three long
if-return/if-return/... to a single if/elseif + return.

Change-Id: I5f4603627c61cf1b93859fe6bcd952eac8e82359
2019-03-30 09:52:56 +00:00
Daimona Eaytoy 5b4ea18045 Don't escape abusefilter-edit-status
This was sort of missed in Ia5c477edc8733bb1994cb6d01e1371ed496c8bcb.

Bug: T157235
Change-Id: Id952119a89df05a20c964eea8d4fe332c67f9086
2019-03-29 09:54:30 +01:00
Daimona Eaytoy 4ab12305f1 Use string cast for Postgres compatibility
We JOIN integer and text, so Postgres would always fail on these. As
mentioned in the task description, this is only a temporary solution
(although a clean and durable one), while the long-term one is
I7460a2d63f60c2933b36f8383a8abdbba8649e12.

Bug: T42757
Change-Id: Ifddd0bca1e8eaa7c70511fb0d0588457b4fd0669
2019-03-23 12:44:02 +01:00
Daimona Eaytoy 72c2be7a18 Remove $wgAbuseFilterRuntimeProfiling
The reasoning is similar to the one of the parent patch (Ia5c477edc8733bb1994cb6d01e1371ed496c8bcb). Plus, it records runtime metrics on action different than edits, as there's no reason not to do it.
No performance issues in production.

Bug: T191039
Depends-On: Ia5c477edc8733bb1994cb6d01e1371ed496c8bcb
Change-Id: Ib1112e2fefd0631550d386ba87e5f87db84c3036
2019-03-23 11:31:18 +00:00
Daimona Eaytoy 89520e2353 Remove $wgAbuseFilterProfiling
This variable was introduced to selectively enable profiling because
stats recording was bad for performance. Nowadays, stats are recorded in
a deferredupdate and don't harm performance anymore. Thus, this variable
can be removed and profiling be enabled by default.

Bug: T191039
Depends-On: Ib5fdeb75c1324f672b4ded39681f006fde34b4d1
Change-Id: Ia5c477edc8733bb1994cb6d01e1371ed496c8bcb
2019-03-23 11:31:11 +00:00
jenkins-bot 7a6468fa29 Merge "Add a function to the parser to retrieve the next token" 2019-03-23 11:10:44 +00:00
jenkins-bot 24aef03785 Merge "Log throttled actions" 2019-03-23 11:08:06 +00:00
Daimona Eaytoy 27545422b4 Add a function to the parser to retrieve the next token
It provides some sort of look ahead capability, avoiding to move and
then roll back.

Change-Id: I6293cbd355572c9de3a8591dd8286b14a239ffb2
2019-03-23 11:55:08 +01:00
Daimona Eaytoy c095069918 Log throttled actions
So that we have some numbers and debugging info.

Change-Id: I490504bfac09d537be5bca36ef52992b6aa4f0cb
2019-03-23 11:52:48 +01:00
Daimona Eaytoy 01f699ff07 Remove useless SpecialAbuseLog::getNotDeletedCond
The method is used to make afl_deleted = null treated as afl_deleted =
0. Digging into code history, I found that it's in place because:

*In rEABF14b850f891de27ea09a1439e3835f66c49ad773f the afl_deleted field
was introduced as NULL, and wasn't used.
*In rEABFfe39e38282fc4c7903eb3f8080dbf0bab0f697f4 it was ALTERed to be
"NOT NULL DEFAULT 0"
*And in rEABFa2ead8bfb5166e0b354f3bb3e09f39795cb5b1c0 this function was
introduced to "negate the need for a schema change".

However, when ALTERing afl_deleted to be NOT NULL DEFAULT 0, all NULL
values have been automatically converted to 0 thanks to the DEFAULT
clause, and being the column NOT NULL, of course no NULL are still
there... The ALTER was applied to all wikis (in 2010), so afl_deleted is
NOT NULL everywhere and we can safely treat it as such.

Change-Id: Iebd843629d26e392d2e24efc2795c767e854897a
2019-03-23 11:49:30 +01:00
Daimona Eaytoy 9144f20245 Restore check for dividebyzero
Follow-up of I1721a3ba532d481e3ecf35f51099c1438b6b73b2. This is the only
wrong replacement: strict checking will let 5 / 0.0 pass, with
unexpected results. Adding a regression test for it, too.

Change-Id: I25dbe9fafa92fd9a11bd8bc6ab8e66f305b8d48e
2019-03-23 11:38:39 +01:00
jenkins-bot 77a0fd6c0d Merge "Replace double-equals with triple-equals" 2019-03-23 07:56:37 +00:00
jenkins-bot 6a8f45300e Merge "Rely on parent::getTableClass in TablePager" 2019-03-23 07:56:34 +00:00
Holger Knust 324d0e6aa3 AbuseFilter: Swapped getNative for getText
Use getText method in AbuseFilter.php instead of deprecated getNativeData method.

Bug:  T155582
Change-Id: Ia1af3abea8331e2292d608215946834b282ed753
2019-03-22 17:48:19 -04:00
Daimona Eaytoy f2c1beec44 Replace double-equals with triple-equals
Since double-equals are evil. I left some of them in place where I
wasn't sure, but I may be changed some which were intended to be
doubles. It could be a good idea to delay merging this patch until we'll
have more code coverage.

Change-Id: I1721a3ba532d481e3ecf35f51099c1438b6b73b2
2019-03-22 16:12:13 +01:00
Daimona Eaytoy d1728d62f8 Add a parameter to generate(User|Title)Vars hooks to specify context
These hooks can be called either when filtering the current action, or
to check an action from recentchanges. While AbuseFilter already handles
well these two cases, other extensions don't and need some context.
Depends on the patch below because we're changing generateTitleVars,
which already has a temporary extra parameter that I don't want to mess
up with.
Also follow-up I72933fcc9952fc1aabf6464b2fc0b04ec39c024b for a few
remaining uppercase vars.

Bug: T203166
Depends-On: If5f238cddb41ef92b141e36b4f2f15fd4cc86476
Change-Id: I1983b93bbadabd24d8bf94fa7bb14594d10e731e
2019-03-22 16:06:17 +01:00
Daimona Eaytoy 037b0c375d Rely on parent::getTableClass in TablePager
Or it will fail if the parent class changes (like it did).

Bug: T218996
Change-Id: I601bac181790e6466fe0b9d8c5d8572dab5a3177
2019-03-22 15:52:21 +01:00
jenkins-bot 44d602b9a9 Merge "Use lowercase for built-in variables" 2019-03-22 10:44:24 +00:00
jenkins-bot c8021a520a Merge "Move the throttle help tooltip to a message" 2019-03-22 10:35:02 +00:00
jenkins-bot 85b16f1ecd Merge "Change method used for file_bits_per_channel in /test" 2019-03-22 10:34:11 +00:00
Daimona Eaytoy 45e84bad0e Change method used for file_bits_per_channel in /test
Using MWProps will not raise an 'undefined index' notice and, if the
bitsdepth cannot be established, will return 0. This is way better than
returning the empty string or null, which cannot be treated as integers.

Bug: T218874
Change-Id: I2b585f3a2f257783c15f0fcdd2851f1e1ce4256b
2019-03-21 14:05:54 +01:00
Daimona Eaytoy 4103ff56af Use 'page' prefix for upload vars
Rationale on phabricator.

Bug: T218873
Change-Id: I33128098c186ab716951c72e0d917663721b4740
2019-03-21 13:29:43 +01:00
Daimona Eaytoy 553facee1e Move the throttle help tooltip to a message
Follow-up of I982d67aa62a899916a26452aceb9646df8c31232. The help text
was meant to be localized, and I probably forgot to do so in the
mentioned patch.

Change-Id: If394b02819911f9c97519b5c972977c38e6d83fa
2019-03-18 17:38:45 +01:00
Daimona Eaytoy c79ec2f65e Don't fill the "Filter ID" field with 0
Follow-up of If4fd015dff64237375a0c4d3b9fbcefbd54dba3e.

Change-Id: I4a68d413dd4897fb12ab92ed0407773a5df23c7d
2019-03-17 15:49:45 +01:00
Daimona Eaytoy d6c649bb0d Overhaul tag selector
If "tag" option is selected and the form is submitted without adding any
tag, just show it blank instead of adding an empty tag to the topbar.
Separately validate the empty tag case (and added a test for it).

Bug: T203353
Depends-On: I3b2e763bd8835207dc5df1db43d3e1881e6961c3
Change-Id: I8884b739fd17fa2eace5aac8775d3524aa606f1f
2019-03-17 14:04:50 +00:00
Daimona Eaytoy bae9c5bb8f Use lowercase for built-in variables
The uppercase is just a leftover from a long time ago. Currently,
variables are case-insensitive, and we already perform a strtolower when
saving them. Since most parts of the code already use lowercase, the
uppercase leftovers only make it harder to grep the code to find
variables. As a bonus, make Ace recognize variables in a
case-insensitive fashion.

Change-Id: I72933fcc9952fc1aabf6464b2fc0b04ec39c024b
2019-03-17 14:23:11 +01:00
jenkins-bot ef8c8e6006 Merge "Make the filter field on ViewHistory of "int" type" 2019-03-17 12:00:47 +00:00
jenkins-bot dc0c5cc5ac Merge "Make uploads testable" 2019-03-17 11:06:43 +00:00
jenkins-bot 8588c35142 Merge "Simplify AbuseFilterVariableHolder::dumpAllVars" 2019-03-17 11:04:53 +00:00
Daimona Eaytoy bedbe36744 Add doc for every class member
Adding PHPdocs to every class members, in every file. This patch only
touches comments, and moved properties on their own lines. Note that
some of these properties would need to be moved, somehow changed, or
just removed (either because they're old, unused leftovers, or just
because we can move them to local scope), but I wanted to keep this
patch doc-only.

Change-Id: I9fe701445bea8f09d82783789ff1ec537ac6704b
2019-03-17 11:40:24 +01:00
jenkins-bot f63b7e8039 Merge "Remove the hacky 'context' variable" 2019-03-17 10:35:31 +00:00
Daimona Eaytoy 3211c71739 Make uploads testable
This patch adds missing methods for testing a filter against uploads in
RC. Please note that (as discussed below) using wfFindFile could be
relatively expensive (as it will be executed for 0-100 RC rows).
If this is true, then we should either use another method (but I
couldn't find a suitable one), or simply reduce the amount of testable
uploads to a reasonable limit.

Bug: T170249
Change-Id: Id406d4e1571873f49bb11e69029311b24ececf49
2019-03-17 11:32:56 +01:00
jenkins-bot de4e971c72 Merge "Remove usage of MakeGlobalVariablesScript hook" 2019-03-17 10:32:30 +00:00
jenkins-bot 4c63c9190c Merge "Remove deprecated DB method" 2019-03-17 10:08:50 +00:00
jenkins-bot 3f3e98fbc5 Merge "Fix shortcircuit for consecutive operations" 2019-03-17 10:04:14 +00:00
jenkins-bot 001a83272d Merge "Add help links for throttle groups" 2019-03-17 09:59:25 +00:00
jenkins-bot e2f1880922 Merge "Don't use wgLang and wgContLang" 2019-03-17 09:53:16 +00:00
jenkins-bot d11f30f7ec Merge "Make text fields use readonly instead of disabled" 2019-03-17 09:49:40 +00:00
jenkins-bot 92fdb2ce90 Merge "Make Special:AbuseFilter sortable by filter name" 2019-03-17 09:48:29 +00:00
Daimona Eaytoy 7449b43c2f Remove deprecated DB method
Database::nextSequenceValue is deprecated and just returns null.

Change-Id: I8109e90ab836b5915873da26da87ea9225e2ff03
2019-03-17 09:38:46 +00:00
Kunal Mehta 577f4dab93 Migrate to new phan
Bug: T216904
Change-Id: I30864bd3d7f9b9ab674bf6589cd9e5e3aed5bb8d
2019-03-16 09:41:23 +00:00
Daimona Eaytoy 53ab2b5067 Fix documentation errors reported by Phan
Change-Id: I5788147ba1998235ded9eedbf64ebad37fce236f
2019-03-16 09:27:05 +00:00
Daimona Eaytoy 6158d96c41 Don't escape externalLink text
As escaping is handled by makeExternalLink itself. This currently makes
seccheck fail for any patch and is a merge blocker.

Change-Id: I2d21632bbc59abd4ea48aebdb6572d53f8fc89cd
2019-03-11 13:23:49 +01:00
Daimona Eaytoy ef025c0ce2 Make Special:AbuseFilter sortable by filter name
Only if the user is privileged, though, otherwise ID and name may be
associated.

Bug: T217520
Change-Id: Ida8886308be97de70078664f5f4641b93deab95f
2019-03-03 19:07:38 +01:00
Matěj Suchánek 99c2749511 Fix issues with SQLite
Bug: T199507
Change-Id: I273de5ebafeee76458a5b873e893044b683c34ca
2019-03-01 10:44:58 +01:00
Daimona Eaytoy c49707e463 Make text fields use readonly instead of disabled
So that they're easier to read, and because readonly is semantically
more appropriate.

Bug: T217143
Change-Id: I76be8e7fb1cf46efd0c03cde74344be6cb2a0902
2019-02-27 11:52:59 +01:00
Kunal Mehta 85cb0531f0 Add missing use statement
Spotted by phan 1.2.4.

Change-Id: I1d2c417881a88c41dc382f583e4a0b6cddc0048f
2019-02-23 21:29:43 -08:00
Kunal Mehta cb1458f91e Fix parameter order in doc comment
Spotted by phan 1.2.4.

Change-Id: I63aff03d48f1749e03d3398016ead01bc37fe73d
2019-02-23 21:29:39 -08:00
Kunal Mehta 5d1ab854f9 Fix caching in AFComputedVariable
Spotted by phan 1.2.4.

Change-Id: I6ff924e08cc7d8d837b44228dfb26c8d15c810c4
2019-02-23 21:28:47 -08:00
Thalia 540a557a59 Replace calls to deprecated Block::prevents
Where prevents is used as a setter, use the new setter methods;
where it is used to determine whether a block blocks the target
from editing their talk page, use appliesToUsertalk.

Block::prevents was deprecated and replaced by several other
methods in I0e131696419211.

Bug: T211578
Change-Id: I166cc6f64c0f895ff8c631d2655c1c3208131371
2019-02-22 19:29:02 +00:00
Daimona Eaytoy 27f8b9ab34 Make the filter field on ViewHistory of "int" type
Following up I636b4e56f39282593c737ace1d6ff2d90900d997, enforce a basic
clientside validation and don't fill the field with the URL parameter if
it's not valid.

Change-Id: If4fd015dff64237375a0c4d3b9fbcefbd54dba3e
2019-02-10 12:11:52 +01:00
Daimona Eaytoy 90df3560b1 Replace deprecated cache-related functions
Some ObjectCache:: methods are soft deprecated since 1.28. Remove them
now, since the replacement is easy.

Change-Id: I713781d5e98238a1c194e97b5faae488a8ac190d
2019-02-09 16:01:57 +00:00
Daimona Eaytoy 6f4bfc9597 Fix shortcircuit for consecutive operations
Using break could halt parsing between operations, instead use continue
to parse all operations.

Bug: T214642
Change-Id: If67ddaffef280c2448c55ae536013758617bba68
2019-02-08 17:55:59 +00:00
Daimona Eaytoy e0b2b9ffd5 Allow filtering AbuseLog for filter group
This adds the capability to filter AbuseLog using filter groups, if
there's at list an extra group (like flow). Since abuse_filter_log
doesn't store info about filter groups, this needs query on
abuse_filter, and its result must then be intersected with explicitly
searched filters, if any.
The way I wrote it takes several lines and IFs, but is meant to be less
subject to regression in case something gets moved.

Change-Id: I747ba491d2b390562ce5f71396eed095116d8eaf
2019-02-08 10:51:11 +01:00
jenkins-bot 981a447aaf Merge "Remove ancient permission checks" 2019-02-07 21:13:16 +00:00
Daimona Eaytoy 85ba973747 Move the "global-" prefix to a const
And add an utility function to use it to build full names.

Change-Id: Ib5fdeb75c1324f672b4ded39681f006fde34b4d1
2019-02-06 14:42:05 +01:00
Daimona Eaytoy 51120e51c5 Don't use wgLang and wgContLang
For wgLang, there's a Language object available in the proximity, so just pass it.
For wgContLang, use MediaWikiServices.

Change-Id: Ic492007f2d5eeb8048d0919a4b9b7dd98c15c350
2019-02-06 12:00:44 +01:00
libraryupgrader b744d18526 build: Updating mediawiki/mediawiki-codesniffer to 24.0.0
The following sniffs are failing and were disabled:
* MediaWiki.Usage.DeprecatedGlobalVariables.Deprecated$wgContLang

Change-Id: Ic167fc5e836c5437edc6b330e5d73f9913bc2859
2019-02-06 09:28:26 +00:00
jenkins-bot 775368a6fb Merge "Ensure the specified filter is valid in ViewHistory" 2019-01-31 21:52:00 +00:00
jenkins-bot 2ea783a385 Merge "Strike suppressed AbuseLog entries" 2019-01-31 21:51:58 +00:00
jenkins-bot 8d7361b590 Merge "Avoid PHP 7.3 Undeclared variable notice" 2019-01-31 21:51:56 +00:00
jenkins-bot 15a8340ee1 Merge "Reject empty warning and disallow messages when validating a filter" 2019-01-31 21:28:17 +00:00
Daimona Eaytoy 2a0246ddb5 Remove ancient permission checks
In both SpecialAbuseLog and ApiQueryAbuseLog, we use
Title::getUserPermissionsErrors to check if the user is allowed to
perform 'abusefilter-log' on the API page... However, this is a
completely redundant check (which is also pretty expensive and queries
the master): for the SpecialPage, we can specify the required right in
the constructor and use checkPermissions, and for the API we can simply use checkUserRightsAny.
If I'm not mistaken, there's no benefit in using
getUserPermissionsErrors.

Change-Id: I4c4dbace67b24cc1f45e50ab1c0d251522935513
2019-01-31 21:16:18 +00:00
Daimona Eaytoy 196a3ba7d5 Ensure the specified filter is valid in ViewHistory
We do not validate the param, and instead only check if it was
specified. In the specific case of ViewHistory, specifying as "filter"
something invalid for a title (e.g. with a + inside) will throw an
exception, seen in production.

Change-Id: I636b4e56f39282593c737ace1d6ff2d90900d997
2019-01-29 19:58:59 +01:00
Daimona Eaytoy 8f9b27d856 Fix MWException from AbuseFilterView
The case default was recently added, but didn't take into account that
"false" is valid too. Noticed by chance just before the train rolled
out.

Change-Id: I67ca475fa16ea449820f8c735531c2cc1b0ec975
2019-01-24 21:48:50 +01:00
Daimona Eaytoy fe03de6e4f Add help links for throttle groups
Several people have reported throttle groups being hard to use, mostly
because the field doesn't have options with the usable groups. This is
because users can combine valid groups in many ways, and thus we don't
provide options. However, let's add an help link pointing to mw.org.

Change-Id: I982d67aa62a899916a26452aceb9646df8c31232
2019-01-24 12:58:41 +01:00
Daimona Eaytoy ba1b27d7f6 Optionally pass the filter ID to checkConditions for error reporting
Now that Parser errors are on logstash, I noticed a huge spike of errors
on Wikimedia Commons, about 35000 per hour. They seem to be due to 2
broken filters, but id doesn't say which ones.

Change-Id: I8510319c075520f9a893cd7d56f2e30679e249ba
2019-01-24 10:03:52 +01:00
Daimona Eaytoy a207cf22f7 Unbreak tagging for createaccount actions
Tagging doesn't work for account creations, and probably never did. This
is because we used a wrong identifier for such actions. This patch fixes
the problem, although in the long term we should find a smarter way to
apply tags.
Also, clean AbuseFilter::$tagsToSet if the action will be prevented.

Depends-On: Ia8e38ba25d1989fe71714d2b76891c4587921466
Change-Id: I8edcca17ecdcf71397cc9b0d101e8b13ac112047
2019-01-23 21:25:47 +00:00
Daimona Eaytoy f3f8bd11b9 Re-execute checkAllFilters if the edit was stashed
This may solve several issues, see T176291#4105438 for further details.

Bug: T191430
Bug: T176291
Depends-On: Iebbdeac7898b35beea79aa3d0cdf9d0fb265d726
Change-Id: Ia8e38ba25d1989fe71714d2b76891c4587921466
2019-01-23 18:16:01 +00:00
Daimona Eaytoy bc875d8002 Fix SQL key
When updating the abuse_filter_history table, the sequence to use is the
one on afh_id... And we were using the af_id one since 2009.

Change-Id: I3e291c780119d74be5f47e745a8de13bda85486b
2019-01-23 16:24:02 +01:00
Daimona Eaytoy 4b33b2b5a7 Strike suppressed AbuseLog entries
Instead of adding a message, do like core does by striking and greying
out the row. Plus, don't show the AbuseLog page description when hiding
entries, as it doesn't fit.

Change-Id: I645a89dd8df79d45ca440e0ba62adcdee921b8e9
2019-01-23 11:34:43 +01:00
Daimona Eaytoy be08bd6d59 Avoid PHP 7.3 Undeclared variable notice
Starting from PHP 7.3, passing the name of an undefined variable to compact() raises a notice. Always define $querypattern and $searchmode, so that this won't happen, and makes showList behave more uniformly.

Bug: T214269
Change-Id: Ib179a7e0e4fdd7b9d81b6930000203478e7a1e38
2019-01-21 15:35:44 +01:00
Daimona Eaytoy fca80fa976 Remove usage of MakeGlobalVariablesScript hook
This is an old leftover, used to add global JS variables in a convoluted
way: using a hook and a total of 3 static properties. We can safely
remove all of this and just call OutputPage::addJsConfigVars, which BTW
is already called where we need it.

Change-Id: Ifad0618fa93b0c7a7e8b23f596234e622aa8846a
2019-01-21 14:27:57 +01:00
Daimona Eaytoy 0e6b783ed4 Reject empty warning and disallow messages when validating a filter
Right now, we allow empty messages, and when the "warn" action is
executed we use "abusefilter-warning" if no message is specified.
However, this also produces a PHP notice while editing a filter with
empty message (see Phab). With this patch, empty messages will be
rejected, and a follow-up will be discussed on Phab.

Update: added disallow message as follow-up of
Ic1de03a6944c43a346fa317ee0a217551f0d284a.

Bug: T203353
Depends-On: I8df247f61d9f3769e9580544f324dd174811e939
Change-Id: I71b1f81d10c02de4de141b1ab9b630d05cf4619c
2019-01-21 14:06:54 +01:00
jenkins-bot b9c697ef7c Merge "Don't send long patterns with GET" 2019-01-20 14:20:31 +00:00
jenkins-bot 1ed8fd0a5a Merge "Simplify filter editor generation and restore ltr attribute" 2019-01-19 13:28:50 +00:00
jenkins-bot 41f6a85a42 Merge "Rewrite the method for getting a global emergency value" 2019-01-19 13:25:41 +00:00
jenkins-bot 196272fbc1 Merge "Move changed field styles to TD for history pager" 2019-01-19 13:18:32 +00:00
jenkins-bot f8b5965ff9 Merge "Expand AbuseFilter::getFilter to select all fields and fix caching" 2019-01-19 13:17:16 +00:00
jenkins-bot b35ba5af45 Merge "Warn the user if they try to leave the page with unsaved changes" 2019-01-19 12:57:50 +00:00
jenkins-bot a7955a5142 Merge "Move a method out of AbuseFilter.php" 2019-01-19 12:22:39 +00:00
jenkins-bot b44984c50a Merge "Remove unused stuff" 2019-01-19 12:18:22 +00:00
jenkins-bot 91e1833bc0 Merge "Fix topnav links" 2019-01-19 12:11:07 +00:00
jenkins-bot 575646393b Merge "Improve code readability" 2019-01-19 12:11:06 +00:00
jenkins-bot a2bee3bcf3 Merge "Simplify parser methods" 2019-01-19 12:11:04 +00:00
jenkins-bot 7f62874658 Merge "Change method visibility for AbuseFilter class" 2019-01-19 12:02:51 +00:00
jenkins-bot 0d4e982069 Merge "Reduce code duplication" 2019-01-19 12:00:47 +00:00
Daimona Eaytoy 6217ffb928 Remove unused stuff
Variables declared but never used, redundant code, and old leftovers.

Change-Id: Ic51044a45a1b49ad6c7af06c646b11893411a7cd
2019-01-18 17:04:19 +01:00
Daimona Eaytoy 34d3f9acb2 Fix topnav links
*Don't reuse a message (which is bad), instead add a note for
translators. We can also move it on translatewiki.
*Don't show the AbuseLog link if the user cannot see the AbuseLog.

Change-Id: I4ce73b2160275fdc4b0b7bec722471696d8c6a4d
2019-01-17 15:09:29 +01:00
Daimona Eaytoy 93e8cb5ac5 Tune logging channel
As follow-up of I10b1fd2d9bdfe518089c053d77fef568170ecb65, use
'AbuseFilter' instead of 'AbuseFilterDeprecatedVars' as channel name.
Raise level for null-title filtering. Since with a null title
several things are likely to break, a warning is more appropriate here.
Tweaked the message as well, to include the bug number and to avoid
pointlessly including the title (which is null).
Lower the level for stashedit hit/miss (as it's really spammy and not
that useful right now).
Use 'abusefilter' instead of 'AbuseFilter' for statsd so that everything
has the same prefix.
Also raise the level for parser exceptions and unrecognized
consequences.

Change-Id: I1f9988155e924232b201281795cd322636da8082
2019-01-16 08:56:22 +00:00
jenkins-bot b1e8f38c64 Merge "Replace RecentChange::$mAttribs with getter functions" 2019-01-11 20:01:12 +00:00
addshore a6a93be530 Pass MCR AF text into newVariableHolderForEdit
Follow up to Idbb3a70d08a195dfa21422e07f593d1eeba4521d

This also fixes the fetching of text for the stash edit code path
which was missed by the previous patch.

This now also uses the full old text in the variable holder.

Bug: T213453
Change-Id: Ib80bc6385ebb5dd82bb1a384dd0e162608bfcbfa
2019-01-10 23:42:58 +00:00
addshore 3e93c06223 Use slot in onEditFilterMergedContent
Related to If3c4592eb6dade6960463abfda017af35d04f563
in Wikibase, needed for SDoC.

Bug: T213453
Change-Id: Idbb3a70d08a195dfa21422e07f593d1eeba4521d
2019-01-10 20:57:30 +00:00
Daimona Eaytoy f700139215 Remove the hacky 'context' variable
First step for removing meta-variables, the second one being removing
global_log_ids and local_log_ids.

Change-Id: I01cd79771c0ee0865abaef6757a930aacd8138d2
2019-01-05 18:30:37 +01:00
Daimona Eaytoy fda8f01431 Replace RecentChange::$mAttribs with getter functions
The RecentChange class has several getters and setters for the $mAttribs
property. Although the property is public, it's saner to use such
methods.

Change-Id: Ie8e37e80fdcf2917ee0e87b2a409f0afb91a4f92
2019-01-02 11:36:57 +01:00
jenkins-bot e6ca0f288d Merge "Really disable the minor_edit variable" 2018-12-31 02:21:56 +00:00
jenkins-bot 2539f6883e Merge "Remove workaround to complete phase 1 of variables migration" 2018-12-30 23:19:20 +00:00
jenkins-bot 90796123a8 Merge "Add a new method and hook for static variables" 2018-12-30 22:50:35 +00:00
Daimona Eaytoy 217b4b57ff Remove workaround to complete phase 1 of variables migration
When all the other patches will be merged, this workaround won't be
necessary, and by removing it we're finishing the first phase of
variables migration. Which could also be the only one if we decide not
to go on and remove the old ones.

Bug: T173889
Depends-On: I5c370b54e6516889624088e27928ad3a1f48a821
Depends-On: I6576497feaf6d2c475ee33a91feb6a640e2c20fe
Depends-On: I87a48fdc8b392b25eb02807e8d0f712d0a399ece
Depends-On: Ib29eb15c1a51c037d036be8dc1541d96ea4b174b
Depends-On: I909a99e80a895a9b009c33ea72e8e0a4ea0a1375
Change-Id: If5f238cddb41ef92b141e36b4f2f15fd4cc86476
2018-12-30 22:43:14 +00:00
Daimona Eaytoy b0c5b97b28 Add a new method and hook for static variables
This is for adding variables which can be computed even without an
ongoing action. Currently, we don't have any, except for timestamp (but
that's a bit special). Other extensions could. For instance, we'll be
able to expose the content of the spam blacklist.

Bug: T211680
Change-Id: Iba59fe8d190dd338ecc8cfd682205bce33c9738b
2018-12-30 18:15:33 +01:00
Daimona Eaytoy 7b3526e3b7 Simplify AbuseFilterVariableHolder::dumpAllVars
It's totally pointless to recreate all variable names, since we already
have them in builderValues. The only exception is for _restrictions
variables, although they should be handled in builderValues too.

Change-Id: I156ebb1e6e590d09ded093a23d19c0d635a503bf
2018-12-29 18:33:49 +01:00
Daimona Eaytoy 2fc56ce014 Use array_unique on the array of tags to add
Otherwise calling bufferTagsToSetByAction multiple times makes the list
grow, and IIRC the core doesn't call array_unique on the tags to apply.
Also clean the list after applying tags.

Change-Id: Iebbdeac7898b35beea79aa3d0cdf9d0fb265d726
2018-12-29 15:19:02 +01:00
Daimona Eaytoy 921db0397e Really disable the minor_edit variable
The variable was disabled with I7f13773766e12f3d4b86451fdf3ae23e067ac373
in 2016, but not in the same way as old_text and old_html were disabled
in 2009. This patch uses the methods introduced with
Ife168522e6b1d8eb94ebbb8a16ae8831ec1dc497 to disable minor_edit in a
standard way, so that it won't be showed in new AbuseLog entries, and
won't be usable when writing filter syntax.
A warning will be emitted if a pre-existing filter is using it, so that
we'll be able to completely disable it in the future.

Change-Id: I5ad5219ee19a5e6ba2bfdffb4e0aad63c8951491
2018-12-29 14:14:27 +01:00
Daimona Eaytoy 4950bf6664 Validate the abusefilter-blocker name
In T209565#4826952 I discovered that if the "abusefilter-blocker"
message is an invalid username, we silently end up without a system
user, thus risking to break something. Instead of silently failing, emit
a warning and use the default name. As I wrote in the code comment, we'd
better avoid throwing, because the message can be modified by anyone,
who could then break the site.

Change-Id: Ifa866bd9676945bf94e7e481adf6ad0d6cf4370c
2018-12-17 16:02:24 +01:00
jenkins-bot 102f6f7497 Merge "Fix big problems with normalizeThrottleParameters" 2018-12-17 03:34:34 +00:00
Daimona Eaytoy 3fa6e2d31c Expand AbuseFilter::getFilter to select all fields and fix caching
This partly reverts If72b18bedac5e580487406e696aea1fd172ae45b. While
it's true that we don't need every filter, that method is public and
other code may need fields that we don't need. This way we can encourage the
use of this function (which caches the result) instead of direct DB
access.
Also, the method can currently accept global filters passed as
"global-<integer>", but saves them to cache with the same key as local
filters (i.e. local filter 15 and external global filter "global-15" are
both saved in AbuseFilter::$filterCache[15], which could lead to subtle
bug).

Change-Id: Ieb04f019453033c275e211cfc9fd68d5d7c392ef
2018-12-16 14:23:45 +01:00
Daimona Eaytoy aa280998c0 Fix big problems with normalizeThrottleParameters
My final testing unveiled 4 problems, see T209565#4780868. Testing again
after this patch yields the expected outcome.

Update: A fifth problem is that we cannot disable throttling if throttle
groups are empty or fully invalid: that case is similar to the one with
invalid rate, the throttle limit is never reached and thus throttle just
doesn't work. Instead, ask users to fix it by hand.

Bug: T203336
Bug: T209565
Change-Id: Id03c9880f60764efc596ac40b8662087fdb30550
2018-12-15 18:36:16 +01:00
Daimona Eaytoy f49d4e5caa Emit debug logs when filtering without title
We have two situations where we try to execute filters without a title.
However, the code doesn't handle it correctly: some points expect $title
to actually be a Title object, and we also pass it around using a hook
which explicitly says it always pass a Title. This patch adds two debug
points to help understand why we end up with null titles, so that we can
fix it upstream.

Bug: T144265
Change-Id: I35bfc483a0c69a5cbd38eae8ba299189955fa1ec
2018-12-13 20:34:21 +00:00
Daimona Eaytoy db31c6dfea Rewrite the method for getting a global emergency value
Currently it barely has any reason to exist, as it's a single-line
method. This patch moves there the global state, and also changes the
signature to allow shorter calls.

Change-Id: I7851fa41cbd96912b3859319ba97a501b1cbaa57
2018-12-10 18:28:32 +01:00
Daimona Eaytoy 1dcf3fc98c Move a method out of AbuseFilter.php
AbuseFilter::buildFilterLoader is only used in ViewExamine and
ViewTestBatch, so this patch moves it to AbuseFilterView and makes it
non-static.

Change-Id: I7f11cfd7ac81e536492eb59c40da7c14771cee2b
2018-12-09 14:33:30 +01:00
daniel 688eccea47 Expose text from all slots to AbuseFilter
This is a first step towards MCR support in AbuseFilter. The textual
representation of all slots is concatenated. Since AbuseFilter uses
getTextForSearchIndex to determine the textual representation of
content, blind concatenation should not break any assumptions
made by AbsueFilter rules: this naive approach is no worse than
AbuseFilters handling of non-textual content in general, and should
work fine for textual content.

Bug: T209291
Change-Id: Ic141085cad2e11bfe106fe83dafcb35ac31206ba
2018-12-05 09:24:08 -08:00
jenkins-bot 1dd8f41d0d Merge "Use the updated TitleMove hook to filter move actions" 2018-12-04 19:32:04 +00:00
Daimona Eaytoy 206bdc1f6a Use the updated TitleMove hook to filter move actions
For several reasons:
*We're not really checking permissions (and the hook previously used is
meant to be used in such case)
*We'll show a cleaner error message (i.e. without the "You do not have
permission..." part)
*Filtering will happen closer to the actual move

Bug: T208907
Depends-On: I4733724075b7514e9db59e7be772d9409aa9da87
Change-Id: If88f736a446247f8b4b13c055c641d56f544d1ea
2018-12-04 18:58:04 +01:00
jenkins-bot 23a7aa69a5 Merge "Fix regex group counting for get_matches" 2018-12-04 13:58:06 +00:00
Daimona Eaytoy 38749b46bb Warn the user if they try to leave the page with unsaved changes
While editing filters, sometimes it happen that you make some change,
forget about it and then reload/close the page, and no warnings will be
issued. This patch makes use of the core module used for normal page
editing to display a warning if trying to leave a filter editing page
with any unsaved change (both to the filter pattern or other form
elements).

Change-Id: I78d79215565d5c82028b1a2a4276497ccbffdea2
2018-12-04 13:06:46 +01:00
jenkins-bot bb289862ff Merge "Remove code for old global variables" 2018-12-04 06:27:32 +00:00
Huji Lee b523194032 SECURITY: Remove private information from the API results
Later, we will add a new POST request which will allow retrieving
the private details; it will have a mandatory "reason" parameter,
and will result in a log entry in the private details access log,
just like the web interface.

Bug: T210329
Change-Id: Iaca492371f48fecf543268c179a651841ed12c3f
Signed-off-by: sbassett <sbassett@wikimedia.org>
2018-12-03 23:11:32 +00:00
Daimona Eaytoy 7ca0941d1f Remove code for old global variables
Those two global config variables were removed more than 2 years ago, in
I790d39c2849922d7daf7479f298cd90cf30af129. Nothing else in the code
references them, so we can just remove the warning.

Change-Id: I427d06a80131447ea64064f45e84349f93e72cca
2018-12-02 16:24:09 +01:00
Daimona Eaytoy 6aff37fb52 Further clarify docs for emergency disable
This is a follow-up to Ic3bc6e36506973b19a9b1bcecbc1a5080faed2ec. I
believe it's important to specify how many recent actions we're looking
at, and I also think it's not nice to rely on a variable amount of
actions to determine whether a filter should be throttled. Also, require
a $group parameter in filterUsedKey (we always pass one, and there's no
reason not to).

Change-Id: I0384d3f1913ead593f605248950606c81c8f8542
2018-11-28 19:29:15 +01:00
Daimona Eaytoy 235162e302 Change method visibility for AbuseFilter class
Some public/protected methods are actually meant to be private.
This patch is only a first step: other methods need to be made
protected/private.

Change-Id: I432c65d333b4dc497532679750f44b2c7e078bf0
2018-11-26 17:35:08 +01:00
Daimona Eaytoy 1f2b7474ed Clarify code and docs for automatic throttling
For the docs part: make it clear how things work there. For the code
part, these are mostly style changes: shorter variable names, no
unnecessary parameters, make the method private, use clearer variable
names.

Change-Id: Ic3bc6e36506973b19a9b1bcecbc1a5080faed2ec
2018-11-26 16:51:10 +01:00
Daimona Eaytoy 7427333ed5 Improve code readability
Simplify some logic constructs, reduce the amount of return statements
inside methods, explicitly declare variables before using them, reduce
code duplication, add names to JS anonymous function to produce clearer
stack traces.

Change-Id: Ife4546a91c30d4c519d09a712ba56a2f33abe579
2018-11-19 16:01:37 +01:00
Daimona Eaytoy e055ecc7c6 Reduce code duplication
Change-Id: I03bd56e4bf455865b27338ac39b3dcef20a88447
2018-11-19 15:50:36 +01:00
Daimona Eaytoy 4480c9493a Remove wgParser and wgRequest
As part of the deprecation process of non-config globals.

Change-Id: Ia84ddc20adbfda72347cf256601050b055b87ecf
2018-11-19 13:40:58 +01:00
jenkins-bot 0d58f78030 Merge "Revert "Revert "Add typehinting for every object-only parameter""" 2018-11-18 16:27:27 +00:00
jenkins-bot 6541d7c5cc Merge "Check that the user block is sitewide when determining permissions" 2018-11-15 17:26:21 +00:00
Daimona Eaytoy 346063eec0 Check that the user block is sitewide when determining permissions
And bump MediaWiki version.

Bug: T208621
Change-Id: Icfcf09c5d7c7498711cb000c3bb16480270efb9c
2018-11-15 17:59:22 +01:00
Daimona Eaytoy badde6ba75 Revert "Revert "Add typehinting for every object-only parameter""
This reverts commit 1ed75b4ae0.
Fixed the one which caused errors, by making articleFromTitle
only use WikiPage, instead of silently mixing WikiPage and Article.

Note for reviewers: this patch is identical to the one which was
previously +2ed, which was mostly correct. To see the actual change,
diff AFComputedVariable with 1..current.

Change-Id: I6747eaed861af6c40a3b1610aebcc1174296e9ed
2018-11-15 10:09:16 +01:00
jenkins-bot 213c2aa011 Merge "Change throttle selector to restore old functionality, overall improvement" 2018-11-15 00:58:11 +00:00
Daimona Eaytoy d3a8491c3f Change throttle selector to restore old functionality, overall improvement
Long (sigh) explanation in T203587#4569698. Also, simplified the way
TagMultiselect are generated, this one and the one for change tags.
This new selector is back-compat both with the old textarea and the OOUI
checkboxMultiselect; actually, this one is //fully// compatible with the
old textarea.
Add validation for throttle parameters and unit tests for validation
(split from I976c95658cddb2585910b6f8a5f047aadc4e4d47).
Added a trim when retrieving throttle identifier to allow syntax like
'ip, user'.
Improved the message shown on history.
Re-added the maintenance script to clean DB.

As I wrote in the task, a review by two other people would be great, at
least for the maintenance script (it could potentially break the DB).

Bug: T203587
Bug: T203336
Bug: T203584
Bug: T203585
Depends-On: I3b2e763bd8835207dc5df1db43d3e1881e6961c3
Change-Id: I7831dbb0bab55807392ac1f7915d6cb0cb713593
2018-11-14 12:51:36 +01:00
Brad Jorsch f6349e7a32 Update tests that fail with comment/actor migration
* AbuseFilterConsequencesTest is somehow leaving blocks behind. Mark
  ipblocks as being used to avoid that.
* AFComputedVariable::getLastPageAuthors() uses indeterminate order for
  multiple revisions with the same timestamp. Fall back to rev_id
  ordering like MySQL accidentally did before.
* AbuseFilterTest tries to create revisions attributed to users that
  don't exist. Switch to interwiki usernames.

Change-Id: I30f7cdcc3875f3f7af116c1e41e88f62ab9e91d0
2018-11-09 17:03:36 -05:00
jenkins-bot 58018ac7cc Merge "Use log channel 'AbuseFilter' instead of 'AbuseFilter<Suffix>'" 2018-11-08 14:32:58 +00:00
Timo Tijhof e7c0d5f238 Use log channel 'AbuseFilter' instead of 'AbuseFilter<Suffix>'
The channels are a fairly low-level primitive. Having multiple
in production for the same extension I think makes the logs
difficult to navigate and easy to miss things.

For the purpose of grouping, we have normalized_message instead,
which works by using the Monolog template string capabilities,
this is enabled in WMF Logstash (and in Beta).

Change-Id: I10b1fd2d9bdfe518089c053d77fef568170ecb65
2018-11-07 20:21:10 +00:00
Daimona Eaytoy 6658a24554 Remove typehint to avoid fatal error
Temporarily remove the typehint, as it causes some fatals. This doesn't
solve the underlying problem, for which we should first investigate with
I35bfc483a0c69a5cbd38eae8ba299189955fa1ec.

Bug: T208144
Change-Id: I0fdda51010243690ff3806c16d4e203c9ccd8e0a
2018-11-07 11:23:50 +01:00
Daimona Eaytoy 16475c0266 Fix regex group counting for get_matches
Adding the * as character to match after parentheses, since it may be
used with backtrack verbs (e.g. (*FAIL), (*SKIP)). I guess this is a
very, very rare use case, but since the fix is easy, let's include it.
Also, added a ToDo since we should probably find a better way to count
capturing groups, although I cannot figure out any.

Change-Id: Idcb303b4740530af9d3f009414d35d68f59effd0
2018-11-01 11:52:33 +01:00
C. Scott Ananian b73786df5c Replace deprecated OutputPage::parse/parseInline()
The OutputPage::parse/parseInline() methods emit untidy output and
are often used with the wrong user interface/content language
selection.  Replace with new methods added in 1.33 which are
tidy and consistent.

Bug: T198214
Depends-On: Ica79c2acbc542ef37f971c0be2582ae771a23bd0
Change-Id: Iec8071f4e50f169356e4f68ccb746c55f1606ea6
2018-10-26 13:33:20 -04:00
jenkins-bot c8d85e27b8 Merge "Use proper cache key construction for throttle, rules, and autoblock keys" 2018-10-24 10:10:51 +00:00
Daimona Eaytoy 103dfa3b66 Remove info leak
Oversighted/deleted edits and log actions were entirely accessible to
non-oversighters via AbuseFilter/examine for RC, and via AbuseFilter/test.
Now, we take into account the revision/log visibility and user permissions to
determine what to show.
Other changes in this patch:
*Show the examine link if and only if the user can examine the given row
*If a revision is hidden but the user can see it, don't hide its elements in
 ChangesList (only leave them striked/greyed)
*Make APIs better understand revision visibility.
*Make a clear distinction between deleted and suppressed edits/log
entries.

Co-authored with rxy <git@rxy.jp>

Bug: T207085
Change-Id: Icfa48e366a7e5e3abd5d2155ecfddfc09b378088
2018-10-23 10:53:39 +00:00
Daimona Eaytoy 4f7c9b6a45 Simplify filter editor generation and restore ltr attribute
Reduced code duplication, and restored the ltr attribute which got lost
for the case "CodeEditor installed + no JavaScript".

Change-Id: I69ac57b3c1c105f4e9bfe00cb654c63c2e351dc5
2018-10-21 13:02:13 +02:00
Aaron Schulz 5071c6574a Use proper cache key construction for throttle, rules, and autoblock keys
Change-Id: I72ab39048f955d4262fae81141cf97243e5cd184
2018-10-21 00:42:08 -07:00
jenkins-bot 97602b8a68 Merge "Remove useless array_filter" 2018-10-19 10:14:56 +00:00
jenkins-bot 7e151f5edc Merge "Unbreak short circuit for arrays" 2018-10-18 04:04:31 +00:00
jenkins-bot eb1303c8cd Merge "Revert "Add typehinting for every object-only parameter"" 2018-10-17 03:09:55 +00:00
Jforrester 1ed75b4ae0 Revert "Add typehinting for every object-only parameter"
This reverts commit 69d7669069.

Reason for revert: Causing UBN train blocker

Bug: T207220
Change-Id: I3445d9b3065149e2beb149e10fbbf5502b480f57
2018-10-17 01:22:23 +00:00
jenkins-bot 7a8a2fa3e1 Merge "Add typehinting for every object-only parameter" 2018-10-16 02:48:39 +00:00
Daimona Eaytoy 69d7669069 Add typehinting for every object-only parameter
This patch covers every object-only parameter, adding a typehint for it
to avoid errors.

Change-Id: Iebf700621b9dbff78c3bd8f3c136ed15ef4b8d4b
2018-10-15 09:56:09 +02:00
jenkins-bot fea08f45b8 Merge "Avoid useless error message for regexfailure exception" 2018-10-14 13:47:37 +00:00
Matěj Suchánek a3cc3dff75 Remove some $wgUser usage
Bug: T159299
Change-Id: I1613e2bb0c551cbadc0c57351fc40bd9e21abf52
Depends-On: I35adef06dfc799cddeddfa6c5eed53b8b1bb7282
Depends-On: Id19a6d883ac6e0cc9c26c923486bca0e414ecaa7
2018-10-14 11:24:52 +02:00
se4598 9d12e1b353 Allow selecting custom disallow message
You can now select a custom message to be displayed for disallowing a edit
the same way as for warn mode. This can be the same or a totally different
message.

This also solves the usecase, when a edit filter is set to warn AND disallow,
to be able to show the user a custom message, but the generic is shown
on the second try (disallow). Now it can be only set to disallow.

Bug: T27086
Change-Id: Ic1de03a6944c43a346fa317ee0a217551f0d284a
2018-10-11 10:35:01 +02:00
Daimona Eaytoy eafb4f56c7 Avoid useless error message for regexfailure exception
Users writing filters probably don't care about preg_match or whatever
happens in PHP. Also, it's not that useful to see "unspecified error".

Change-Id: I014742fa6f678126f55ac5ccff38e44b2c5a7d15
2018-10-08 19:19:01 +02:00
Daimona Eaytoy 6d54b83f2c Simplify parser methods
Use a single function to check parameters amount, avoid duplication
between keywordIn and keywordContains, use if...elseif instead of
if-else when statements have a return inside, simplify some other logic,
add typehinting, and change method visibility according to use of such
methods.

Change-Id: I22225a5cbbb93679a0e78bf6e15866829167fbf4
2018-10-03 17:19:40 +02:00
Daimona Eaytoy e60dacbbea Fix code comments
Fixed some comments adding explanations, fixing syntax, and parameter types
for docblocks. Also fixed some whitespace mess, and added a missing use
statement.

Change-Id: I3547c90bdaa2cab5443e8bf0c63b217fe6ba663f
2018-10-03 16:45:03 +02:00
Daimona Eaytoy d9d5af3890 Unbreak short circuit for arrays
This problem have been making filters potentially fail silently since
2009. Also add tests for arrays to make sure that no problems arise
when short circuit is used.

Bug: T204841
Change-Id: Ie4e2e06498c1202ba73afcc5d164a72427abbca5
2018-10-03 16:44:10 +02:00
jenkins-bot 3efc69960c Merge "Fix database schema for PostgreSQL" 2018-10-01 15:43:29 +00:00
Umherirrender 45e6fa932d Fix caller name in AbuseFilterHooks::fetchAllTags
Seeing {closure} in the logs as caller is not helpful

Change-Id: Id3bf5c7fd810d48dc04a167692b336b3ccba2eb4
2018-09-30 14:08:06 +02:00
Umherirrender 4fdd1bbf20 Fix caller name in AFComputedVariable::getLastPageAuthors
Seeing {closure} in the logs as caller is not helpful

Change-Id: I23ee52609510f8efefba8c1ee466d491f468f494
2018-09-30 14:06:04 +02:00
Matěj Suchánek db50bef21e Fix database schema for PostgreSQL
Bug: T62639
Change-Id: I5ddb781a2971677410f4cb96e5fc5964e53c862a
2018-09-29 12:12:52 +02:00
Daimona Eaytoy 50d5137880 Remove useless array_filter
Not only it's useless, but also removes the namespace if it's 0, thus
causing the query to only add a WHERE on rc_title, but the index is on
rc_title AND rc_namespace, so the query has bad performance.

Bug: T204228
Change-Id: I33694cfeddbc4eaf39e3e840b207dba433188834
2018-09-24 14:34:53 +02:00
Daimona Eaytoy 3ab1896dfb Don't send long patterns with GET
The testfilter parameter is useful, but don't use it for long patterns,
to avoid generating broken URLs.

Bug: T204128
Change-Id: If66d3e1704a9a8cc65a750153fc35ac27d24d8cf
2018-09-21 16:29:59 +02:00
Daimona Eaytoy 1634bd1b35 Move changed field styles to TD for history pager
This produces the following results:
*Fields are coloured with red even when empty, to make clear that the
field has been changed and emptied.
*The background color is applied to the whole cell, with no padding.
This is clearer to see, although I don't know if the visual effect is
acceptable (to me, it is).
The weight of CSS rule has to be increased too, since core classes are
loaded first.

Plus, improve a little bit the way changed fields are detected.

Bug: T204650
Change-Id: I1b107e47b3b8b2e23c6f135e0d6f26768c5f39b2
2018-09-21 16:17:36 +02:00
jenkins-bot eae59db542 Merge "Fix the block options on ViewEdit" 2018-09-20 11:25:00 +00:00
Daimona Eaytoy 9144dbf4a1 Remove unused parameter
Nothing uses it, plus it wouldn't work anyway: AbuseFilterParser
constructor only uses $vars if it's instanceof
AbuseFilterVariableHolder.

Change-Id: Idbf53f6058148e9f0e73beb949e1c028a81663ce
2018-09-19 19:58:30 +02:00
jenkins-bot a813140e44 Merge "Unbreak /examine for old log entries" 2018-09-16 12:00:34 +00:00
Daimona Eaytoy fc867a1c5c Allow testing account autocreation
Bug: T204231
Change-Id: If566cfdeb4cdbb78833077da09aeef33754f88d3
2018-09-14 13:09:07 +02:00
Daimona Eaytoy 31729b044e Unbreak /examine for old log entries
For the moment, this is a simple workaround to get them back working.
Ideally we'd also need a maintenance script to update var dumps as I
wrote in the task, but it needs more thinking (see Phab).

Bug: T204236
Change-Id: Ia20a2eb495557f46f789467a96e654ec6cd3f355
2018-09-13 18:42:47 +02:00
Matěj Suchánek 6eb5d9766b Use correct variable in AbuseFilter::addLogEntries
The data was inserted to the foreign database, so the id needs
to be fetch from that one.

Change-Id: I8eef8d74fc924829447e31f4445154b01b92aa7a
2018-09-13 11:57:55 +02:00
jenkins-bot a0a4755c59 Merge "Remove unused method from parser" 2018-09-09 12:32:56 +00:00
jenkins-bot 121df619da Merge "Improve coverage for AbuseFilterTokenizer" 2018-09-09 12:30:49 +00:00
jenkins-bot 151b1f6779 Merge "Make searched filters highlighting multibyte safe" 2018-09-09 12:25:17 +00:00
jenkins-bot dee934cd5a Merge "Partly unbreak throttle action" 2018-09-09 12:03:40 +00:00
jenkins-bot e4f986a661 Merge "Add full tests for deprecated variables" 2018-09-09 11:55:03 +00:00
jenkins-bot fb864408e3 Merge "Replace wfDebug and wfDebugLog with logger" 2018-09-09 11:55:02 +00:00
Daimona Eaytoy 8885a5983e Partly unbreak throttle action
This action have ALWAYS had this problem: when creating a new filter,
the temporary ID is 'new', and the throttle ID is then 'new'.
This is used when creating/checking throttle keys to determine if the
user should be throttled. However, the 'new' key is not unique and
(although it's not the only part of the key), it may lead to
unpredictable behaviours. I'm not sure if this solves the task below,
but can probably help.
Also added a FIXME that we should handle shortly.

Bug: T195699
Change-Id: Id3b0ff524c52fb57fdd72f9608f758f8383e4320
2018-09-09 07:09:14 +00:00
jenkins-bot a3882d8c4a Merge "Only select needed columns in queries" 2018-09-05 17:11:42 +00:00
jenkins-bot a9f9742b28 Merge "Remove the last PHPCS exclusion" 2018-09-05 17:07:51 +00:00
Daimona Eaytoy e65a69b6fe Only select needed columns in queries
Using '*' is handy, but we often end up selecting too much stuff.

Change-Id: I16d791ff8de6596de4fb65b1032b225f0bd65bf3
2018-09-03 14:12:41 +02:00
jenkins-bot 7cce6d1864 Merge "Remove _age variables from cache keys" 2018-09-03 12:08:29 +00:00
Daimona Eaytoy 63803568d6 Remove the last PHPCS exclusion
Bug: T178007
Change-Id: I5ddb811c2cb15040a859a63b64873f0fa53508ee
2018-09-03 10:42:30 +02:00
Daimona Eaytoy 48989ffcda Remove PHPCS exclusion and fix it
Again, we're left with only one exclusion that I don't know how to fix.
See phab for a longer explanation.

Bug: T178007
Change-Id: I017097abef755bc65c77a5658ad92320bc42d78b
2018-09-03 09:33:29 +02:00
libraryupgrader 5cdab14eb8 build: Updating mediawiki/mediawiki-codesniffer to 22.0.0
The following sniffs are failing and were disabled:
* Squiz.PHP.NonExecutableCode.Unreachable

Change-Id: Ic3f031974008776f272d1ee77093c6d170f27ae9
2018-09-02 22:05:58 +00:00
Daimona Eaytoy bffba28713 Add full tests for deprecated variables
This test checks every deprecated variable to be identical to the
newly-named one, and to emit a debug notice. It also changes such debug
to be emitted via logger instead of wfDebug.

Bug: T201193
Bug: T173889
Change-Id: Ie55746bb7731062ae2d46d84857af2a05d78cf4c
2018-08-29 11:00:28 +02:00
Daimona Eaytoy 2f0a0a0893 Replace wfDebug and wfDebugLog with logger
Per standard on
https://www.mediawiki.org/wiki/Manual:Structured_logging. The use inside
AbuseFilterParser is removed in
Ie55746bb7731062ae2d46d84857af2a05d78cf4c.

Change-Id: Ia62287c4ff5f904557cd6d43d47a9f4d9696b94b
2018-08-29 10:57:56 +02:00
Daimona Eaytoy 39f42caffc Make searched filters highlighting multibyte safe
Avoid using preg_match's offset since it is MB-unsafe. Also, remove 'UTF-8'
from mb_ functions (it's the default), reduce code duplication, and show
the right snippet for long search patterns.

Bug: T202310
Change-Id: Ieb06bdd80b0f915609afed7c7ad95e6318058ee9
2018-08-27 07:22:22 +00:00
Daimona Eaytoy 934399de45 Remove _age variables from cache keys
As we do for user_age, since these will always change. Also, rework the
method to avoid repetition of unset().

Change-Id: Ie5ceedd89cae3813bacf6680d588bc925362c2c2
2018-08-26 16:02:32 +02:00
jenkins-bot 10c147cb92 Merge "Use === operator with strpos" 2018-08-25 21:28:28 +00:00
Daimona Eaytoy 8094a49dcf Generate upload variables using new prefixes
This wasn't changed in I5c370b54e6516889624088e27928ad3a1f48a821 but
really needs to be merged, to avoid setting wrong variables. At the
moment this is still fine due to temporary overrides in
AbuseFilter::generateTitleVars, but this should be merged ASAP anyway.

Bug: T173889
Change-Id: I2e6058a6fa122470a30cd4a96c68eccc66e18ae4
2018-08-25 19:06:35 +02:00
Daimona Eaytoy ef51e7c253 Fix the block options on ViewEdit
Align the checkbox label on the left to conform with dropdowns, avoid
two if with the same conditions, and give variables a better name. Also,
remove an unused message: with OOUI, the old design can't be reproduced.
We could add a fieldset, but then it would be greatly different from
options for other actions.

Change-Id: Ibdc993c1457636215601eb22f5202d2f6ad57bd9
2018-08-25 18:56:44 +02:00
Daimona Eaytoy 66318915db Use === operator with strpos
The condition always evaluated to true: for global filters strpos
returned 0, otherwise it returned false, which is == 0. Fortunately, in
the second case the function returned false as it should. Anyway, be
safe and use === operator as it should always be for strpos.

Change-Id: I7ffc990b2b8b9c47ebfb64d5234f561faaff5e88
2018-08-25 17:35:15 +02:00
Daimona Eaytoy 775c736512 Improve coverage for AbuseFilterTokenizer
This will make tokenizer almost fully covered. The only uncovered parts
are the one with cache and an else condition which I think won't ever be
executed, and thus added a comment for that. Also, remove an obsolete
xxx comment from ComputedVariable (fixed in
I8e420f0259ef6c9e579f7a00beb58f28af9da37d)

Bug: T201193
Change-Id: I6e9a73aa9e437f096f6a1e20d53a7cb50e5ed85d
2018-08-25 10:25:16 +02:00
Daimona Eaytoy a8b62dc828 Remove unused method from parser
AbuseFilterParser::setVarsimply calls the setVar method in
VariableHolder and is currently unused. Its only call was removed in
I80cbc4033ff96f2fe8c1da263b1877bfb4c7c0c4. After this patch we'll only
have an uncovered line in the parser, which is likely due to a bug in
the coverage check.

Change-Id: Ic860b03b2d23fec073a9294e356e074ae1b14ae5
2018-08-24 12:30:47 +02:00
jenkins-bot 055cc7b5ff Merge "Filter AbuseLog by triggering action" 2018-08-23 14:48:57 +00:00
jenkins-bot ad69ea648e Merge "Remove unused function and improve unit test" 2018-08-23 13:46:41 +00:00
jenkins-bot 81a4fdc964 Merge "Improve Ace syntax highlight" 2018-08-23 10:14:57 +00:00
Matěj Suchánek 853936316f Filter AbuseLog by triggering action
For now, there is an "Other" field which will show all but hard-coded actions.

Bug: T187971
Change-Id: If564aced2e9cd933d8cfcf7cb96166aa279f2823
2018-08-23 11:40:15 +02:00
Daimona Eaytoy 03b52c2b37 Remove unused function and improve unit test
AbuseFilterParser::setVars is only used in a parser test. In the past it
was also used in the actual code (see for instance
https://phabricator.wikimedia.org/diffusion/EABF/browse/master/;5cc8dac63ca585c288ca4c8605db810774e39666?grep=setVars), but at the moment it's pretty unuseful.
This patch removes such function and makes the unit test use literals
instead of variables to avoid calling it.

Change-Id: I80cbc4033ff96f2fe8c1da263b1877bfb4c7c0c4
2018-08-23 11:00:16 +02:00
jenkins-bot 46d78623f4 Merge "Add page_age variable to AbuseFilter" 2018-08-22 16:17:36 +00:00
Daimona Eaytoy e8a4517d6b Improve Ace syntax highlight
Several improvements, this is the list:
*Added highlighting for disabled and deprecated variables
*Simplified a bit Ace's keyword mapper
*Added highlighting for ternary operator
*Added logic to retrieve operators from AF tokenizer
*Removed $ symbol since it's not usable in declaring stuff
*Customized highlighting via CSS

Depends-On: I5c370b54e6516889624088e27928ad3a1f48a821
Change-Id: If95e34fc7260413c4fb39c18a1ef44f5a93e1a68
2018-08-22 15:23:35 +00:00
rarohde e1865fca74 Add page_age variable to AbuseFilter
Adds page_age variable that reports the number of seconds since the
first edit to the current article (or 0 for new articles).

Bug: T30844
Change-Id: I0993cecc322806382a1b567b60c0a4af69054841
2018-08-22 17:10:39 +02:00
Daimona Eaytoy 4399be933d Use OOUI infusion for the change tags field in ViewEdit
Since this is what it's meant to be for. Better, cleaner, safer.

Change-Id: Ib5f632ac708aeff62b50c91ef60c547036481834
2018-08-22 15:27:06 +02:00
jenkins-bot a762c82fe7 Merge "Add aliases for "_text" and "article_" variables" 2018-08-22 12:44:20 +00:00
jenkins-bot 5561abe296 Merge "Add a placeholder for the no-js changetags input field" 2018-08-22 12:44:19 +00:00
jenkins-bot 777a86314e Merge "Improve code coverage for AbuseFilterParser" 2018-08-22 11:15:00 +00:00
Daimona Eaytoy e526295123 Add a placeholder for the no-js changetags input field
There is already one for the js field, but we can't reuse it since "one
by one" doesn't make any sense here.

Change-Id: Iaf01e19f4006b3d578bb2201cf9108fe46d56085
2018-08-22 11:02:51 +02:00
Daimona Eaytoy 66774b8d7a Show an extract of suppression log for Special:AbuseLog
Like we do in core for similar special pages. This is really helpful
when (un)hiding an entry.

Bug: T200645
Change-Id: I16450a2573e8987e31a83ec34f3dbb16fac94f81
2018-08-21 19:19:10 +02:00
Matěj Suchánek 10ad58a6f3 Migrate AbuseFilter suppress log
Also make entries in Special:Log/suppress filterable.

Change-Id: Ic23e724997e4748c8d0da8138aa73d31b17b7064
2018-08-21 16:05:54 +00:00
Daimona Eaytoy 6bc630cfef Add aliases for "_text" and "article_" variables
Variables regarding title (full list in task description) are quite
deceiving, since they use "text" instead of "title". As proposed in the
task, this is the first patch to add aliases for those variables and
slightly deprecate the old ones. In the future we may be able to replace
every occurrence (either with a search function or directly on the
database), but even a coexistence would be enough to avoid
confusion. A wfDebug log is generated whenever a deprecated variable is
parsed. The "article_" prefix is also changed to "title_", in the same
way as above.
Also, added a hook which other extension may use to specify their
deprecated variables, which will be handled the same as core ones.

Bug: T173889
Change-Id: I5c370b54e6516889624088e27928ad3a1f48a821
2018-08-21 16:59:56 +02:00
Umherirrender 2b615cfa29 Avoid variable reuse to pass taint-check
Also set param-taint for value of WebRequest::getText

Bug: T197002
Change-Id: I9e52d24f88789c99c726e32df20840707d1b47ae
2018-08-20 19:54:20 +02:00
Daimona Eaytoy 4f3b020f5d Improve code coverage for AbuseFilterParser
Add some tests and improve others to raise coverage percentage. This
should lead to almost 100% for the AbuseFilterParser class. Aside from
this, a couple of changes:
* Remove an unused function
* Let equals_to_any return a genuine result with empty strings
* Remove an if which will never be true in skipOverBraces, since the
function is called after checking the same conditions.

Bug: T201193
Change-Id: I7020b2ed996236c38c5784d161ad98ec44163406
2018-08-20 14:38:40 +02:00
jenkins-bot 50a295a6e7 Merge "Include CheckUser in phan config" 2018-08-20 01:52:54 +00:00
jenkins-bot 55f0cd2580 Merge "Change priority order for messages in hidden abuselog entries" 2018-08-19 19:21:41 +00:00
Daimona Eaytoy b8645753ca Remove deprecated method in AbuseFilterVariableHolder
It was soft-deprecated in 2013 and nothing is using it in MW code.

Change-Id: I1300bb18c518b61a2dbce9ad43beeb69c1b615e5
2018-08-19 19:02:45 +02:00
Daimona Eaytoy 9d21c7d03d Change priority order for messages in hidden abuselog entries
Check if the entry is deleted first, since it's the strongest deletion
here (oversight level). Bonus: don't use implicit conversion when
checking the return value of SpecialAbuseLog::isHidden.

Bug: T200644
Change-Id: Ie5c4575ad29fe3dcb85a26cc74f1c59207df2852
2018-08-19 18:22:07 +02:00
Umherirrender c954b412c6 Include CheckUser in phan config
Depends-On: I51421184485c3117bbab9ce3dd42f2dbb6c6180c
Change-Id: Ida17580b301ff4a6b0d3d0020c48f65eb1e21026
2018-08-17 17:38:01 +02:00
jenkins-bot f587230fea Merge "Use noparams exception and correctly count function parameters" 2018-08-02 08:16:12 +00:00
Huji Lee df21fb2b20 Remove HitCounters from AbuseFilter and use hooks instead
Goes with Ief573fb412d332bd4ad6ad8de3052dd85d534b82

Bug: T159069
Change-Id: I38cd7cbf3e595890b53624a477010bd49c9b8552
2018-07-31 03:56:20 +00:00
Kunal Mehta 404e098c3b Fix MediaWiki.Usage.InArrayUsage.Found issues
Change-Id: I1898d95d92cda279c1b9c8a452fb7d054ff263bf
2018-07-29 15:19:09 -07:00
tinajohnson.1234 c9003fe1fa Use HistoryPageToolLinks hook to add a log link to history pages
Add an AbuseFilter log link to the subtitle of history pages.

Bug: T28934
Co-authored-by: Matěj Suchánek
Depends-On: I2e0e9e92d3fc303135b0eb9acf06b5fd120178a5
Depends-On: I58a3039b3755648bb0c8aaf87db48ace96ce9344
Change-Id: Ib89c48f2b8f3121ead184844844acee436e2fdd6
2018-07-27 11:25:12 +00:00
jenkins-bot eee65af0ac Merge "build: Updating mediawiki/mediawiki-codesniffer to 21.0.0" 2018-07-27 01:21:01 +00:00
jenkins-bot 55d825c325 Merge "Use empty arrays instead of empty strings for diffs" 2018-07-27 00:55:40 +00:00
libraryupgrader 76c6d2caeb build: Updating mediawiki/mediawiki-codesniffer to 21.0.0
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionAnnotations.UnrecognizedAnnotation
* MediaWiki.Usage.InArrayUsage.Found

Change-Id: I46e414246c6597dd78b069f753d686c0d1c1c09d
2018-07-27 00:27:11 +00:00
jenkins-bot 78bd634f58 Merge "Add link to abusefilter-edit-lastmod-text" 2018-07-26 22:56:07 +00:00
Daimona Eaytoy 7992349789 Fix block durations dropdown
A month ago SpecialBlock::getSuggestedDurations has been
modified, and now it also returns an "other" key. Since we don't need it
and it would break thing up, add a parameter to avoid dealing with that.

Depends-On: Ic2dbc961f7eebad11da53724b9cce2f804ffad39
Change-Id: Ica37ba7015a04445c2cbafebcc85726368e23cb0
2018-07-24 15:41:57 +00:00
IoannisKydonis 2fa95e55e6 Add link to abusefilter-edit-lastmod-text
This adds a link to the diff of the edited filter.

Co-authored-by: Matěj Suchánek
Bug: T53382
Change-Id: I57104f592fc3961bb43ecea8442ef6666ed4a69c
2018-07-22 16:13:35 +02:00
jenkins-bot 84252213c0 Merge "Improve the check for block durations equality" 2018-07-22 14:02:22 +00:00
jenkins-bot 0979e116b4 Merge "Show AF logs for a revdeled revision if the user can see the revision" 2018-07-18 02:04:16 +00:00
jenkins-bot 9623421366 Merge "Switch editing interface to OOUI & improve NoJS usability" 2018-07-18 00:59:12 +00:00
Daimona Eaytoy cea1b0aec3 Compact some other comments
Remove unnecessary ones, make clear what the cryptic ones mean, and
inline them when possible.

Change-Id: I384859871a66ced8cb0d81260c06c5a5b278866f
2018-07-17 17:17:44 +02:00
Daimona Eaytoy b825e396b5 Switch editing interface to OOUI & improve NoJS usability
This settles almost everything, leaving the tags part ready to be
further improved in the follow-ups.
Also, replaced some fields with totally different ones, improved the
warn preview area and improved a bit nojs experience by hiding unusable
buttons.

Bug: T132284
Bug: T154749
Change-Id: I7a5caa862a32f9792140c6a4d9708a2d20472672
2018-07-17 14:49:50 +02:00
jenkins-bot 3e28ac176e Merge "Use isset instead of empty+strlen when checking disallow parameters" 2018-07-17 02:20:32 +00:00
jenkins-bot fed9ca759d Merge "Remove and replace an argument in AbuseFilter::addLogEntries" 2018-07-16 22:40:00 +00:00
jenkins-bot dc39c3b052 Merge "Simplify AbuseFilter::addLogEntries" 2018-07-16 21:59:47 +00:00
Matěj Suchánek 3e1a963614 Simplify AbuseFilter::addLogEntries
Change-Id: I54bcef8c69892d184ae2362282ed7477df2b4faa
2018-07-16 11:02:03 +02:00
Matěj Suchánek df346b3995 Remove and replace an argument in AbuseFilter::addLogEntries
Change-Id: Ib4613577d1b5ac5a5cc796716c95b99196259438
2018-07-16 10:59:05 +02:00
Daimona Eaytoy 32718888c0 Use noparams exception and correctly count function parameters
For the counting part I used this a relatively simple approach. It might
not be the best one, but should work without changing too much code. As
for the exception, I added it to every function which takes a single
parameter. Plus a couple of minor fixes: removed an unused function and
replaced "__METHOD__" with function names.

Bug: T198300
Change-Id: I484fe2994292970276150d2e417801453339e540
2018-07-15 15:32:26 +00:00
jenkins-bot 29c7f0f818 Merge "Update LogPage to ManualLogEntry" 2018-07-15 15:08:47 +00:00
jenkins-bot 32218a1391 Merge "Add the user action to warn key" 2018-07-15 15:08:42 +00:00
jenkins-bot 5281a158a9 Merge "Add phpunit tests for all exception thrown in the parser" 2018-07-15 15:08:41 +00:00
Daimona Eaytoy adc06f409d Use isset instead of empty+strlen when checking disallow parameters
This line first used to be just an "strlen". Then we merged
Iaeae672dca66ffc745054daabd6f0eae7dfbc648 to clean input and this caused
some "undefined index" notices. These were in turn fixed in Ibebedb566da705e77ffb831ebda6476adba07c93 by adding an "empty". However, this slightly changed the range of accepted parameters, for instance refusing 0 and '0'. Those should never be used, so this is just a theoretical problem, but we'd better be consistent and simplify this line.

Change-Id: I4643d0632acf5926ac8de5da9bcb3e5dc715fdc1
2018-07-15 17:01:32 +02:00
Daimona Eaytoy 6a97133310 Add the user action to warn key
Otherwise, if the user is warned for e.g. trying to move a page, and
after the warning he tries to delete it, he won't be warned again. Since
filtered action (edit, move, delete...) can be really different, we
should repeat the warning if the action changed.

Bug: T199621
Change-Id: Ia481b2bf552e16de8485c246aa5612d5bb2cd6ca
2018-07-14 16:15:52 +02:00
Daimona Eaytoy d390144c69 Add the log ID as API param for query abuselog
The patch adds the logid parameter to the queryAbuseLog API, so that
users will be able to retrieve a single result with the given logid.

Bug: T36731
Change-Id: I9160c3690e86ea40560f6fa7721918965234c29e
2018-07-14 15:03:17 +02:00
Daimona Eaytoy 0e87c44c74 Show AF logs for a revdeled revision if the user can see the revision
The function used to determine if a row is hidden has three possible
return values: true, false and "implicit". While the first and the
second one refer to AF own suppressing system, 'implicit' means that the
revision associated with the log entry is deleted. However, we checked
for such return value with a boolean cast, which caused true and
'implicit' to be equally treated, thus hiding revdel'ed revisions to
sysops. Bonus: fixed a comment typo.

Bug: T191699
Change-Id: I87d3a6437bb966198175e4bfd063e30ed79c345f
2018-07-14 00:46:19 +02:00
jenkins-bot 0862148509 Merge "Warn the user to re-attempt save if edit token didn't match" 2018-07-13 19:50:07 +00:00
jenkins-bot 73d65876f5 Merge "Simplify how we convert builder values array for OOUI" 2018-07-13 19:49:27 +00:00
Daimona Eaytoy 0815fc6a8f Update LogPage to ManualLogEntry
We still had three entries of "LogPage", which is legacy and has some
problems (I7bb0e92b2906a2511fc4290bdc76fc39ec4617fe). This patch updates
two of them to ManualLogEntry. The last one is handled separately in
Ic23e724997e4748c8d0da8138aa73d31b17b7064.

Change-Id: I2a4f18ea6baebdc114078c57d8937ce4ca2aace5
2018-07-13 19:39:57 +00:00
Daimona Eaytoy b8a2225bb2 Warn the user to re-attempt save if edit token didn't match
I've been noticing this problem for a long time: sometimes, when the
filter editor stays open for a long time and you try to click "save filter",
the page is scrolled and the edit isn't save (while it is indeed saved
when clicking save again). I found out that this is due to edit token
not matching. If that happens and the request was posted, warn user to
re-save the edit.

Change-Id: Id0c5600bf22632f57d237a19b492cc9c297be736
2018-07-13 15:40:29 +02:00
Daimona Eaytoy 8cec6a06cf Simplify how we convert builder values array for OOUI
To generate an OOUI-friendly array with dropdown values, we need to
rearrange the array we already get from AbuseFilter::getBuilderValues().
Right now we do it in a pretty dirty way, which also causes errors if
external values (e.g. Flow variables) are in the list. With this patch,
such conversion is simplified, explained in a comment, and doesn't
output errors anymore.

Change-Id: I1063865aeff2dfb637e95d7b2ff30da39ceeab67
2018-07-13 15:36:12 +02:00
jenkins-bot 4462fd5eae Merge "Wrap error messages in Html::errorBox" 2018-07-13 09:46:00 +00:00
Daimona Eaytoy f93134a4f7 Unbreak reverting 'degroup' action
This is something that hasn't been working since January 2009, when AF
didn't have arrays and all variables were computed non-lazily. In fact,
when reverting "degroup", we used to take old groups from edit vars, but
the variable may not have been computed for such edit. Plus, we treated
the var collection as an array instead of an AbuseFilterVariableHolder
object, and exploded user_groups since it was a string. With this patch
everything should start working as intended.

Change-Id: I76917b2e331291bd42daeef8d048507dc38048cb
2018-07-13 00:25:02 +02:00
Daimona Eaytoy 9012848032 Wrap error messages in Html::errorBox
The message 'abusefilter-edit-notallowed' is used twice and outputted
as plain text. This makes it really, really hard to notice. Wrap it in a
block-level errorbox to make sure users see it.

Change-Id: I6e5579f9a5e33f05520001e10ffdde928ffdcff0
2018-07-11 15:37:20 +02:00
jenkins-bot cacc034d1a Merge "Fix minor issues around" 2018-07-11 00:28:50 +00:00
jenkins-bot a50e4d6b8c Merge "Revert "Change message transformation method"" 2018-07-11 00:24:00 +00:00
Daimona Eaytoy 255e405957 Fix message key for reserved tag
Introduced in I75ce47d247cf6949117370c8c78ab7c6980538f3, the message name
was misspelled in the code and thus the message doesn't show.

Change-Id: Iad515c48035259340c4824d456a14010c977e7a8
2018-07-10 01:00:59 +02:00
Daimona Eaytoy da2a14ad39 Revert "Change message transformation method"
Html::warningBox makes use of Html::rawElement, where as noted in docblock the given html must *not* be escaped. Plus, bold text was broken due to escaping.

This reverts commit 7dfe4bfcfd.

Change-Id: I505be036291d4c6ff33c0c4fed4dd83a5bb56c54
2018-07-08 22:17:09 +00:00
jenkins-bot 8965b2d95f Merge "Reserve abusefilter-condition-limit tag" 2018-07-07 19:07:43 +00:00
Daimona Eaytoy f016c6c95f Fix minor issues around
This fixes the following minor issues:
* In HistoryPager's getQueryInfo, afh_id was listed twice
* In AbuseFilter::translateFromHistory a field named "af_" was produced
if no actions were in use
* The topnav link "Recent filter changes" wasn't STRONGed on pages like
"Special:AbuseFilter/history/123"
* In checkAllFilters and AbuseFilter::getFilter, select from DB only the
fields that will be used.
* Simplify some inline comments and remove superfluous ones

Change-Id: If72b18bedac5e580487406e696aea1fd172ae45b
2018-07-07 12:11:39 +00:00
jenkins-bot 53eba666dc Merge "Two minor fixes to make code testable" 2018-07-06 19:56:47 +00:00
Daimona Eaytoy 33b1b12b92 Reserve abusefilter-condition-limit tag
Right now it can manually be added when creating filters. Since the
distinction is interal to AbuseFilter, we can't use hooks to achieve the
goal (the tag isn't already usable from outside AF). Also making
isAllowedTag public to make it testable.

Change-Id: I75ce47d247cf6949117370c8c78ab7c6980538f3
2018-07-06 16:43:12 +02:00
jenkins-bot 0d8e27fed7 Merge "Don't use globals for filter validation" 2018-07-06 00:36:13 +00:00
Brian Wolff 5f73034c7a Minor escaping fixes
This will also fix some (not all) of phan-taint-check's warnings

Bug: T197002
Change-Id: I7fd1798030d83292ce46543e25c0c431ec345a11
2018-07-05 18:51:30 +00:00
Daimona Eaytoy 1ae14697b5 Don't use globals for filter validation
Some of them are available from the AbuseFilterViewEdit object, the
others from its config.

Change-Id: I8495c8cc03ef86919b325798a2c08ce7c4df277f
2018-07-05 19:57:30 +02:00
Daimona Eaytoy c8c66b55bc Two minor fixes to make code testable
Trying to write unit tests, there are some things in the code that make
it not well testable. Here, two of them are corrected:
1 - Use class constants instead of static variables inside a non-static
method. Otherwise such variables won't be reset between tests. The
change is made so that there'll be less impact on blame.
2 - Set af_enabled to true even in af_deleted is true as well. For three
reasons: the first is that we already perform validation for this, so no
need to secretly change the option to whatever we think would make
sense. Second, this redundant validation makes some tests fail. Third:
this way, if the user selects both enabled and deleted, when the warning
is shown he'll indeed see that both checkboxes are selected. Before, he
would only see wpFilterEnabled as selected.

Change-Id: Ib7a0335fa7fb3b8a21765438a720205656c1ea09
2018-07-05 00:07:46 +02:00
jenkins-bot a85e8f5588 Merge "Abstract methods in ViewEdit related to filter saving" 2018-07-02 22:18:37 +00:00
Daimona Eaytoy f9687ad678 Abstract methods in ViewEdit related to filter saving
Actually, it seems like I almost got it right at the first try. I tested
every validation scenario and it worked as espected, so ready for
review.

Bug: T193596
Change-Id: I7fd1798030d83292ce46543e25c0c431ec345a28
2018-07-02 20:27:05 +02:00
Daimona Eaytoy 7a64280893 Add phpunit tests for all exception thrown in the parser
All uses of "throw" inside AbuseFilterParser are now covered.
Bonus: added a standard suppresswarning when checking regex validity.

Change-Id: Iacb8f7a361079e3e117dc6845597c7bd8473e54a
2018-07-01 18:31:11 +02:00
Daimona Eaytoy 7104c40518 Copy levels documentation on AbuseFilterParser
doLevel- functions are currently documented in AFPToken. This patch
copies such comments on docblocks in AbuseFilterParser, the place where
this docs can really be helpful.

Change-Id: I4e47e760a56800faa9b0a1146e0d79f8955dca9a
2018-06-30 20:35:49 +02:00
Daimona Eaytoy d6d3169754 Use empty arrays instead of empty strings for diffs
Otherwise, a blank page will be considered as having a newline inside,
which won't be marked as added (or removed) in the diff. This requires
introducing a new method and leaving the old one for backward
compatibility, and may cause regressions.

Bug: T74329
Change-Id: I9a2397fd849544b499cad97a383e5331471e9d73
2018-06-30 10:28:56 +00:00
jenkins-bot cda8e588be Merge "Add min and max date selectors to AbuseLog" 2018-06-29 12:41:03 +00:00
Daimona Eaytoy f6eaba0822 Add min and max date selectors to AbuseLog
Reused code from ViewExamine and ViewTestBatch where we do the same
thing.

Bug: T99650
Change-Id: Ib33071aed69626cfa4a15435b4aef71096deba8b
2018-06-29 11:52:14 +02:00
Daimona Eaytoy ce83417068 Make disabled variables not overridable
Disabled vars can currently be overwritten by assigning them custom
values (e.g. old_text := 'foo'). However, this shouldn't be allowed to
avoid confusion.

Change-Id: I49136bf19371aee1e8068a9ae621310e1ab97c86
2018-06-28 22:40:09 +02:00
jenkins-bot 8b0f289e10 Merge "Stop computing removed variables and show custom error message" 2018-06-27 00:20:38 +00:00
jenkins-bot 4fb0cff163 Merge "Use content language for the revdel dropdown" 2018-06-26 18:41:13 +00:00
Daimona Eaytoy 79ec4ebf8b Stop computing removed variables and show custom error message
Old_text and old_html were disabled a long time ago. With this patch,
the user will get a custom error message if trying to use them (instead
of the unrecognisedvar one), plus they'll stop appearing in /examine and
/details, unless they were computed for the examined edit (and in that case, their description message is now restored). Lastly, added a precisation to their messages.

Bug: T190698
Change-Id: Ife168522e6b1d8eb94ebbb8a16ae8831ec1dc497
2018-06-26 20:02:31 +02:00
Daimona Eaytoy c75bc35f7d Rename lists to arrays
Arrays were introduced with the name "lists". While it **may** look
user-friendlier and so on, it actually uses a wrong name: lists are
different from arrays. I ran a grep and I should've replaced
every occurrence, plus everything seems to work, however a double check
wouldn't be bad.

Change-Id: I6a858f02f5dd9250ba7e1abf9c6422fd98758c9e
2018-06-26 14:42:23 +02:00
Daimona Eaytoy 40d9c5b027 Use content language for the revdel dropdown
Instead of the language set in user preferences.

Bug: T198182
Change-Id: I9f105cc3c926c51686ebb65ffbfffbbc161f9868
2018-06-26 14:37:13 +02:00
jenkins-bot 240e264833 Merge "Make /test filterable by action type" 2018-06-26 01:24:16 +00:00
jenkins-bot 1481b40b5d Merge "Make buildTestConditions more flexible" 2018-06-26 01:22:35 +00:00
jenkins-bot 625f1b92cd Merge "Reduce form whitespace on Special:AbuseFilter and compact variables" 2018-06-26 01:18:04 +00:00
Daimona Eaytoy 1394da924f Make /test filterable by action type
Bug: T20288
Depends-On: I2c51b695262b132a5c7cdfab20d56e36f43c7448
Change-Id: I9887c586955c1a1b34dbe641a8f9ad34de7a2e1d
2018-06-26 00:48:09 +00:00
Daimona Eaytoy c5da9cc6df Make buildTestConditions more flexible
This way, we can specify an action and it'll return only conditions for
that specific action. This is especially thought to make results
filterable by action type.

Change-Id: I2c51b695262b132a5c7cdfab20d56e36f43c7448
2018-06-26 00:45:33 +00:00
Daimona Eaytoy 3c1dae9e14 Allow users with abusefilter-view-private to use testing interface
Now the required need will be abusefilter-modify OR
abusefilter-view-private for /tools, /test and /examine.

Bug: T193903
Change-Id: I3f1a91a2cc1df2272e5d4099cefd7c649a0683d5
2018-06-24 14:10:38 +00:00
jenkins-bot c34eda8936 Merge "Introduce sanitize() function" 2018-06-24 13:53:46 +00:00
Daimona Eaytoy fcc07db95c Reduce form whitespace on Special:AbuseFilter and compact variables
The conversion to OOUI brought some extra whitespace that creates some
problems while viewing the page, especially with specific skins. This
patch compacts four different form fields in a single one, having the
side benefit of reducing the amount of used variables.

Bug: T189425
Change-Id: I75aa83e36d12db65d8b54c76b3ea14c8c797215e
2018-06-19 12:13:29 +02:00
jenkins-bot 9eb736d63d Merge "Enable OOUI and add unused button to the output" 2018-06-10 03:13:20 +00:00
jenkins-bot a4a6511972 Merge "Don't allow invalid IP ranges to be entered in ip_in_range()" 2018-06-10 00:33:27 +00:00
jenkins-bot 8fa73341cf Merge "Remove all not needed & from hook handler signatures" 2018-06-09 09:22:29 +00:00
jenkins-bot 075ccac1a2 Merge "Show throttled filters in Special:AbuseFilter" 2018-06-08 20:21:53 +00:00
Max Semenik 5c8a8da1f2 Fix some Doxygen problems
Change-Id: I04ce5564ec73e45a6d94c51be94bd1423a86780a
2018-06-08 13:02:40 -07:00
Daimona Eaytoy cf4ac34420 Show throttled filters in Special:AbuseFilter
With this patch, filters which are both enabled and throttled have an
"actions automatically disabled" label together with "enabled" and the
row is displayed in red. Plus, some minor changes like removing unused
fields from sortable ones and added a comment to getQueryInfo about used
columns (the idea is that it'll be easy to understand if a given column
is already there, plus if we'll need the missing one we may just replace
it with '*').

Bug: T154206
Change-Id: Iab157d094cbf2d50e9db537535fd48243e74af0b
2018-06-08 21:54:58 +02:00
jenkins-bot 1981c9f8b8 Merge "Add an option to hide private filters on Special:AbuseFilter" 2018-06-08 19:46:53 +00:00
jenkins-bot 5820b21ae3 Merge "Remove all default "return true" from hook handlers" 2018-06-08 19:42:02 +00:00
jenkins-bot 617e045483 Merge "Get rid of call_user_func_array()" 2018-06-08 19:32:31 +00:00
Thiemo Kreuz 9a185042b8 Update \AbuseFilter::checkSyntax documentation
Change-Id: I5c5caefab8d46773a459809d956a91fda7471863
2018-06-08 19:18:39 +00:00
Max Semenik 4c312a2693 Get rid of call_user_func_array()
Yay PHP7!

Change-Id: I2ec13d1a51981c6922949bed0c7dd2525c48f591
2018-06-07 23:01:27 -07:00
Thiemo Kreuz 7f600d2ebe Remove all not needed & from hook handler signatures
Most of these are accidential, obsolete from a time when PHP4 required
these & to enforce passing by reference. This is the default since PHP5.
The issue with this & is that is (in theory) allows hook handlers to
replace the object with an entirely different one. Luckily this does
not work in all cases I'm aware of. But it is confusing, semantically.

Change-Id: If1e9e2723ef96308f9b4b27377398a5e497bfe70
2018-06-07 13:29:22 +02:00
Thiemo Kreuz 7ec9725c42 Remove all default "return true" from hook handlers
This is the default for many years now. Returning true is not different
from returning nothing.

I'm not touching functions that can either return true or false.

Change-Id: I6c70b8ef44f17271201a69a85301a631b32763c0
2018-06-07 13:26:13 +02:00
Daimona Eaytoy 9fe281e704 Enable OOUI and add unused button to the output
In If67035991a0835ec3edc13be4543e6b40c76c3ea I changed a couple of links
to OOUI buttons, but forgot to add one of these to the output (and to
enable OOUI as well).

Change-Id: I7dd4b554bae406bc0c8326867298302ee10b47f2
2018-06-04 11:21:41 +00:00
Daimona Eaytoy 74569e20a7 Improve the check for block durations equality
With I5e3764dbec8ac21f20c460181ae78ed73eca92f6 I introduced a function
to check that two blocks with different wordings refer to the same
duration. While that functions works good 99.9% of the time, there's a
highly unlikely but actual problem: if one of the operand is parsed at
time x and the other at time x+1 (in seconds, and this may happen even
if it gets parsed 1 ms later), the 2 durations will be considered
different and this may be annoying. With this patch I introduce another
tiny function which uses strtotime to parse a duration, but uses the
second parameter (=0) to avoid relativeness to the current time. Again,
this isn't likely to occurr, but since the fix is straightforward we'd
better do it. Also, now global durations aren't parsed at every
iteration (previously they were due to the same problem, amplified by
time distance between the first and the last iteration).

Change-Id: I11a078f298aaed9631d7f422c6b9b722d28e73cc
2018-06-04 11:21:37 +00:00
Daimona Eaytoy 43ec6cf830 Add an option to hide private filters on Special:AbuseFilter
While the change itself is simple, the only problem here is the desing,
since we're adding even more vertical space with this.

Bug: T164108
Change-Id: Ic5373dd4f0b85dc1311d90ac165d4520ac956e68
2018-06-04 11:21:18 +00:00
Huji Lee 2792fce41e Introduce sanitize() function
Normalizes HTML entities into unicode characters

Bug: T169122
Change-Id: Ic916a6f8976e486d62d65156fa2dab56a55cf22a
2018-06-03 16:37:23 -04:00
Max Semenik 94f3bc67ca Use PHP7 ?? operator
Change-Id: I757b832ac86f52d8b70ffc42fdb60796ab81e7fe
2018-05-31 11:53:03 -07:00
jenkins-bot 7682a61786 Merge "Reset condCount when entering checkAllFilters" 2018-05-27 11:03:56 +00:00
libraryupgrader 99c212226d build: Updating mediawiki/mediawiki-codesniffer to 20.0.0
Change-Id: Ib1d0dfa76babc01c30f4e905e8f6fb80e1e9a0bc
2018-05-25 23:31:49 +00:00
jenkins-bot 424e5eab70 Merge "Simplify contentToString function" 2018-05-25 12:12:22 +00:00
jenkins-bot 96a91ac9b2 Merge "Allow IP addresses in user selectors" 2018-05-24 18:15:33 +00:00
Matěj Suchánek 45b8855754 Allow IP addresses in user selectors
Also unify username normalisation in Special:AbuseLog with /examine and /test.

Change-Id: I85e10ba9262c698b8c279b5cad9fae4a0ab3d7b0
2018-05-24 18:53:23 +02:00
Daimona Eaytoy ba9df944c8 Compare with null instead of using $config->has
With I91a9c5cca55e540a6c95b750579c1c369a760b15 we replaced some globals
with Config and, in doing this, we added "$config->has()" to check if a
variable was null. However, "has" will always return true even if the
value is null (it only checks if it exists), and thus we end up showing
a global abusefilter pager even if no central DB is set.

Bug: T195022
Change-Id: I751fdefd29b6af1361021d4343ba67f16c99a037
2018-05-21 12:11:45 +02:00
Daimona Eaytoy ef489d7ab5 Simplify contentToString function
Use TextContent::normalizeLineEndings instead of manually replacing
carriage returns, plus avoid the if with a simple string cast. This also
fixes some cases where a null edit isn't counted as such due to a "\n"
in new_wikitext which isn't trimmed.

Bug: T168736
Change-Id: Idfafab3fcf7912bf0aec22700d2c0137bdd6c3c8
2018-05-16 16:52:29 +02:00
Daimona Eaytoy 91c5f6d5b9 Improve the i18n message for throttling to show in history
With the introduction of custom block durations in Ib072433d19dabae48d8514e08be9893135b5d63c, the method which generates action display was enlarged in order to provide a more readable and complete message. However, for throttling we currently have an unreadable message like "Throttle: xx, yy, zzz". This is wrong for two reasons: first, those numbers need to be deciphered; second, the first number is the filter ID which is totally unuseful here.

Change-Id: I0ec6a27ff5f37aae864dfd91161bf44f0a217ef1
2018-05-13 13:29:45 +02:00
Daimona Eaytoy 38c46216db Explicitly declare title fields as optional
They were defaulted to false with
I93ad51ffe7bee597d2d127f4c5d6b2929ffc8f7e, which broke use cases where
the page field is NOT required, nor has a 'required' => false explicitly
declared.

Bug: T194425
Change-Id: I5ab768c02a30b6d053104e590729ef22bb4e0808
2018-05-10 22:20:05 +02:00
Daimona Eaytoy 69c8929468 Add an option to hide bots in /test
Pretty self-explanatory and straightforward, since recentchanges has a
dedicated column for bot edits.

Bug: T193994
Change-Id: I76d41e082aed262640e9fff856eeb97df49633d5
2018-05-07 17:25:40 +02:00
jenkins-bot d882f18e5f Merge "Prevent the user from overriding blacklisted variables" 2018-05-07 13:55:31 +00:00
Daimona Eaytoy 096bb4872b Fix flags checkboxes broken in recent patch
With If16975dd394cfdb3c57ff263366c2fc865de362a I broke flags checkboxes,
i.e. the one for enabling/deleting/etc. a filter. In fact, I
misunderstood the way cbReadOnlyAttribute was used (a dirty way,
actually) and this caused such checkboxes not to be disabled if the user
didn't have rights to edit the filter.

Change-Id: Ibf80b54e0f620734ad7767e4769a93bbf1feccff
2018-05-05 14:35:01 +02:00
Umherirrender 42769ce676 Replace wfGetLB
@deprecated since 1.27, extension.json required 1.31

Change-Id: I0467cde378c85095673fd39fed1924c330c27d7b
2018-05-04 21:35:11 +02:00
Daimona Eaytoy 5916910e25 Prevent the user from overriding blacklisted variables
Like we do for built-in values. If a blacklisted variable is overridden,
it still works, but there's no reason to allow it.

Bug: T191715
Change-Id: Ia4d42ec56dc4805454b96c52c2eace1924f6536c
2018-05-04 19:33:12 +02:00
jenkins-bot 4557b3961e Merge "Fix an undeclared variable in block options" 2018-05-04 02:03:20 +00:00
jenkins-bot 479cce9f58 Merge "Show "blocktalk" in AbuseFilter diff and improve message generation" 2018-05-03 23:22:44 +00:00
Daimona Eaytoy 80ef9d442a Show "blocktalk" in AbuseFilter diff and improve message generation
Quite self-explanatory. If the talk page is blocked, a sentence is
added, otherwise it remains as it is. Plus, improved the way messages
are generated and reduced their reuse.

Bug: T193692
Change-Id: I01f5113ca586b94c25e1102c73d158ebb01c5a4b
2018-05-03 21:11:13 +02:00
Daimona Eaytoy 9c01724053 Remove unused code
The $deadActions array is populated but never used. At first I thought
it was about actions which aren't available, but this isn't right.
Instead, it's only used to keep track of available actions which aren't
used in the current filter. Which is some data that we don't need, nor
there's nothing we may do with that.

Bug: T188181
Change-Id: Ibdfeb92ccd790c0b1a4d79b382b053b9361459f8
2018-05-03 19:36:27 +02:00
Daimona Eaytoy 69c0fd9e7c Fix an undeclared variable in block options
We used to display the checkbox to block talk without checking if
it was defined. This caused a warning and an empty space with
wgBlockAllowsUTEdit set to false.

Change-Id: I97f82633e932de7e325615473c85245a406a55ef
2018-05-03 19:14:03 +02:00
jenkins-bot 9387a4fb88 Merge "Use OOUI buttons instead of plain links and Html::errorbox for errors" 2018-05-03 00:41:21 +00:00
jenkins-bot 0366cc7f55 Merge "Show only changed sections in diffs" 2018-05-03 00:34:36 +00:00
jenkins-bot b70b53216f Merge "Re-apply fix to show textarea when JS is disabled" 2018-05-02 23:59:56 +00:00
Daimona Eaytoy 632c8e77e2 Don't let enabled filters be marked as deleted
Adds both client-side and server-side validation.

Bug: T156619
Change-Id: If16975dd394cfdb3c57ff263366c2fc865de362a
2018-05-02 22:20:53 +00:00
Daimona Eaytoy f9be4226b8 Re-apply fix to show textarea when JS is disabled
After Id4dc1debf0240d5b336f4d9ab5b363c240f08807, the method has been
moved, and in doing that I forgot to change this line.

Change-Id: I20caf06f2c568605bd6a90c9cf2b425cd51512e7
2018-05-02 19:31:35 +02:00
Daimona Eaytoy 2d876d08bd Use OOUI buttons instead of plain links and Html::errorbox for errors
Like we did for other links in /diff and /histories, there are some
links that we'd better display as OOUI buttons. Also, use the Html
class' specific method to show errorboxes.

Bug: T132284
Change-Id: If67035991a0835ec3edc13be4543e6b40c76c3ea
2018-05-02 13:13:01 +02:00
Matěj Suchánek 45d1d71def Reduce use of globals in favor of Config
I'd like to have this reviewed by more than one user before merging, to avoid regressions of annoying typos.

Change-Id: I91a9c5cca55e540a6c95b750579c1c369a760b15
2018-05-02 02:27:26 +00:00
Daimona Eaytoy 354e75f681 Show only changed sections in diffs
In order to have a less clogged diff and spot the real changes more
easily.

Bug: T21716
Change-Id: I60ab88d47716186fd0af289081033a8e274d9d85
2018-05-01 21:05:01 +02:00
Daimona Eaytoy 9b1f1b263e Fix XSS vulnerabilities
I found these vulnerabilities while trying to setup seccheck. Although
I'm not sure whether seccheck recognised them, I'm sure that they exist
since I did manual tests, and it's possible to inject custom scripts
with these.

Change-Id: I97804be8352a1b784d483195edb29e363a0c616e
2018-05-01 16:55:46 +02:00
Roan Kattouw cbabcf1276 Follow-up 392f37d516: fix undefined index notice
'disallow' rules with a missing first parameters are perfectly fine (and
quite common), so don't throw notices when that happens.

This broke Flow's unit tests, and caused exceptions for all api.php
edits that triggered a 'disallow' rule.

Change-Id: Ibebedb566da705e77ffb831ebda6476adba07c93
2018-04-30 15:24:25 -07:00
Daimona Eaytoy 04b15a1b75 Reset condCount when entering checkAllFilters
This seems like the logical way to be sure that multiple mass actions
won't be counted as one, thus reaching the conditions limit. I tried to
test this locally, but I actually had troubles to simply replicate the
issue of the reached limit in a stable manner, so I'm not totally sure.
Anyway, this shouldn't do any harm.

Bug: T193374
Change-Id: Icdc172f76705870ee502339a53e912e15a3bd31d
2018-04-30 18:42:24 +02:00
Daimona Eaytoy 99f32a1408 Fix undeclared variable
The variable was declared in the "if" branch but also used in the "else"
one. This caused the rules textarea to not have the readonly attribute
if the user wasn't allowed and CodeEditor wasn't installed.

Change-Id: I2bf69dc0f2d24efac41d1ac6100ed7e286e3afa4
2018-04-30 15:55:10 +02:00
Daimona Eaytoy caa4b1c763 Add phan configuration
This is taken from I6a57a28f22600aafb2e529587ecce6083e9f7da4 and makes
all the needed changes to make phan pass. Seccheck will instead fail,
but since it's not clear how to fix it (and it is non-voting), for the
moment we may merge this and enable phan on IC.

Bug: T192325
Change-Id: I77648b6f8e146114fd43bb0f4dfccdb36b7ac1ac
2018-04-30 08:32:58 +00:00
jenkins-bot 2e116e5c6d Merge "Don't use an empty string for block parameters" 2018-04-26 14:20:09 +00:00
jenkins-bot 13141ebe3e Merge "Convert Special:AbuseFilter/tools to use OOUI" 2018-04-26 14:20:05 +00:00
jenkins-bot fce4b4c305 Merge "Switch plain links to OOUI buttons in /history and diffs" 2018-04-26 13:45:08 +00:00
jenkins-bot 51591b9fb8 Merge "Move AbuseFilter::buildEditBox static method to AbuseFilterView class" 2018-04-26 13:45:07 +00:00
jenkins-bot 9a696727f7 Merge "Show the search error on a new line" 2018-04-26 13:41:08 +00:00
jenkins-bot 6aa6b8fc13 Merge "Add the remaining equality checks" 2018-04-26 13:25:56 +00:00
Daimona Eaytoy 30d1eac47f Show the search error on a new line
By wrapping it in a P element. Plus, use Html class to build the error
box.

Bug: T193109
Change-Id: If753a7a7c56ea041a80b7efd6bee5a175a001221
2018-04-26 09:38:44 +02:00
Daimona Eaytoy d9fc90c281 Move AbuseFilter::buildEditBox static method to AbuseFilterView class
Make it non static, plus a couple of minor stylistic fixes to such method.

Bug: T190180
Change-Id: I54dd1f785d33908a0481aa2db997aa085776fc2d
2018-04-26 09:24:04 +02:00
Daimona Eaytoy 26ef911517 Switch plain links to OOUI buttons in /history and diffs
Like we did for the button to create a new filter on
Special:AbuseFilter.

Bug: T132284
Change-Id: Ie4e43b74893b00b88dd5e7fd627a2572d3157acc
2018-04-26 09:21:59 +02:00
Daimona Eaytoy 7008de80e6 Don't use an empty string for block parameters
Follow-up of Iaeae672dca66ffc745054daabd6f0eae7dfbc648. Some actions
were still marked with red, specifically the ones with block inside. The
reason is that we stored the 'blocktalk' parameter as an emtpy string if
false, which wasn't filtered when loading request. Changing the empty
string to something different is enough to fix the problem, hopefully
without regressions. Note that this isn't retroactive and needs an edit
to become effective.

Bug: T189681
Change-Id: I7d7f0606fc23bad5ba342076066ab0e935680b3f
2018-04-26 09:13:02 +02:00
jenkins-bot 0b35bdcae9 Merge "Add missing parameter and suppress warnings for regex errors" 2018-04-26 02:28:20 +00:00
Daimona Eaytoy 71f375f19a Add equals_to_any function
Introduce a new function which can be used to group multiple comparisons
in a single condition. In particular, equals_to_any(S, A, B) is the
equivalent of S === A || S === B. This is especially useful in checking
for multiple namespaces, as proposed in the Community health initiative.

Change-Id: I9dcfe303eb5e51e1882fe4a65fa876aa93db7686
2018-04-25 23:12:19 +00:00
Daimona Eaytoy 24c8d7d54e Add the remaining equality checks
I left as ToDo the checks between an array and something else. With this
patch, it'll work like PHP: the result will be true iff the comparison
is loose, the array is empty and the other operand is either false or
null.

Change-Id: Idc5cadb697ed4fc7f4856967274169f77495ed9f
2018-04-25 10:16:50 +02:00
Daimona Eaytoy c2302385c1 Add missing parameter and suppress warnings for regex errors
I added searchEnabled in I0771fa048d21031ed1e0f8a6909213bdb869a5ed, but
forgot to pass it as parameter when there's an error with the regex.
This means that, if you try to make a search with a wrong regex, when
the page is reloaded the fields for searching aren't shown and you get a
PHP warning. Here I also added warning suppressions as usually done when
checking regex validity to avoid unnecessary PHP warnings.

Change-Id: Ibc3110c30959c99d0825e1e3d7edb1e96dd9d536
2018-04-25 08:06:15 +00:00
jenkins-bot 913d37eba6 Merge "Filter parameters when loading/editing them" 2018-04-24 00:24:57 +00:00
Daimona Eaytoy fa413d431e Use the old textarea if JavaScript is disabled
Basically, with this we always start with a functioning textarea. If JS
is enabled (and CodeEditor installed), it gets then replaced by the Ace
editor.

Bug: T192241
Change-Id: Id4dc1debf0240d5b336f4d9ab5b363c240f08807
2018-04-23 23:43:23 +00:00
Daimona Eaytoy 392f37d516 Filter parameters when loading/editing them
Re-opening of I8eb50d38c81b4e446c0f1dc03abc27122b8fa025 by Thiemo Kreuz.

Bug: T189681
Change-Id: Iaeae672dca66ffc745054daabd6f0eae7dfbc648
2018-04-23 23:43:05 +00:00
Daimona Eaytoy f84b7f7158 Remove unused wgTitle + remove exception from PHPCS
As discussed in the task, wgTitle was used (overridden) since it was null in API
calls. However, the problem has been fixed in api.php in 2009, so we
don't need to deal with it anymore. This also means that we may remove
anything else that was added to restore the original title at the end of
the function. At last, this was the only remaining exception for PHPCS.

Bug: T178007
Change-Id: Id043c74ec8d57c5fb0ab22f54acf6a31fe6b6f06
2018-04-21 10:03:49 +02:00
Daimona Eaytoy 3c3a521fec Fix coding conventions exclusion rules
This should fix every error with excluded rules, leaving only the one
for $wgTitle. A double check would be nice in order to avoid regressions
due to stupid mistakes.

Bug: T178007
Change-Id: I22c179f3a01d652640304b59e43fcb5b5a9abac3
2018-04-20 08:40:18 +00:00
Reedy f990b07bec Update at-ease calls
Bug: T187037
Change-Id: I6448e581a14c468ac2ea8f1752ded6be550d0592
2018-04-18 14:29:37 +00:00
jenkins-bot 0c47bb5574 Merge "Fix parameter order for AbuseFilterParser::contains" 2018-04-16 23:32:50 +00:00
Glaisher 7fade990d2 Don't allow invalid IP ranges to be entered in ip_in_range()
IP::isInRange() can return true for invalid IPs so this can
cause false positives. Instead of letting this happen, don't
allow it in the first place.

See also Ibfe55c2ebac0fccfa8329436

Bug: T124117
Change-Id: Id10552e117ce2b231504e41627b44f8cfb0d4329
2018-04-13 10:59:08 +02:00
jenkins-bot c10f61f623 Merge "Properly detect unclosed comments" 2018-04-11 00:02:35 +00:00
jenkins-bot 77129eed4d Merge "Properly use integers in exponentiation" 2018-04-10 23:37:32 +00:00
jenkins-bot 078ff05bc7 Merge "Convert division/multiplication/modulo results after calculation" 2018-04-10 23:37:30 +00:00
jenkins-bot 7a015add39 Merge "Use integers in addition and subtractions" 2018-04-10 23:34:09 +00:00
jenkins-bot f241eede4c Merge "Make sure blocks from ipboptions have the same wording as globals" 2018-04-10 23:29:53 +00:00
Daimona Eaytoy 73ec0d7896 Properly detect unclosed comments
Right now we don't have a specific exception for that, plus we don't
really check if they're closed. In fact, we use the result of strpos
without checking if it evaluates to false; if so, in some particular
cases like the one reported on phab, the while loop will never end.

Bug: T134124
Change-Id: I3b6000f197502a4832a53465b6617b4217080739
2018-04-10 19:26:02 +02:00
Daimona Eaytoy aeeac22490 Fix parameter order for AbuseFilterParser::contains
Move optional parameters after required ones.

Change-Id: Ice243bc5c793ffe6323931e45f36939d4b428b30
2018-04-10 13:28:34 +02:00
Daimona Eaytoy 3e9a2dfd33 Properly use integers in exponentiation
Right now they're always float.

Bug: T191688
Depends-On: I398c9a972b7e9fcb27d055d23939be2b8bb68244
Change-Id: I0bb1ed0109af66997e238b532d342d82d4c4ae19
2018-04-09 16:17:54 +02:00
Daimona Eaytoy 2dda2e381c Convert division/multiplication/modulo results after calculation
So that type and value will be identical to PHP's ones.

Bug: T191688
Depends-On: I1140900cdda63eed292d9f20aefd721ef9247fcd
Change-Id: I398c9a972b7e9fcb27d055d23939be2b8bb68244
2018-04-09 16:16:04 +02:00
Daimona Eaytoy be076eb97e Use integers in addition and subtractions
Right now they're always returned as float values, even stuff like 1+1.
With these patch the results will have the same type as they would with
pure PHP calculation. Added a method to convert numbers to int/float
depending on their type.

Bug: T191688
Change-Id: I1140900cdda63eed292d9f20aefd721ef9247fcd
2018-04-09 16:11:16 +02:00
jenkins-bot 4c3e66324f Merge "Restore 'subtract' method for backward compatibility" 2018-04-09 02:55:37 +00:00
Daimona Eaytoy 572cd1df2b Restore 'subtract' method for backward compatibility
Otherwise old filters try to use it and return an error. I restored it
at the old version, like in PS1 of Ib23c418ded6ffdae7311809bf5fcbbfb2093e752

Bug: T191696
Change-Id: Ib23c418ded6ffdae7311809bf5fcbbfb2093e752
2018-04-07 17:32:23 +02:00
Daimona Eaytoy 1f5fc1b26e Ace: retrieve keywords directly from tokenizer
We already do it for variables and functions, so that any new feature
won't need the ace files to be edited. I originally didn't implement it
for keywords too, but it's actually much better this way.

Change-Id: I1ee81feace2ea90d5dbb2e443f01bc0f6cf74eb7
2018-04-07 17:21:45 +02:00
jenkins-bot efde52e4b6 Merge "Allow comparing two lists" 2018-04-06 21:09:53 +00:00
jenkins-bot 1df058238a Merge "Disable search for global filters" 2018-04-06 16:48:57 +00:00
Daimona Eaytoy 284ab234fd Allow comparing two lists
This feature was never implemented. I'm not sure whether we need a way to compare array and other types of variables (left as ToDo), since e.g. in PHP it's always false.

Bug: T179238
Change-Id: I5d2c33fd117e69cbc84c0b04b6cb82edbdcadf16
2018-04-06 11:44:28 +00:00
jenkins-bot ec9732aac4 Merge "Fix typo in class name AFPData" 2018-04-06 11:26:25 +00:00
Daimona Eaytoy 17c51445db Disable search for global filters
It solves a bug and other problems, especially related to permissions.
Tested as much as I could but with an imperfect global filters system,
so there may still be something wrong.

Bug: T191539
Change-Id: I0771fa048d21031ed1e0f8a6909213bdb869a5ed
2018-04-06 12:25:35 +02:00
Umherirrender 0aafdb9b2f Fix typo in class name AFPData
Change-Id: I32987ebc6b9fefab41b1bbc419140805502c6b7b
2018-04-06 10:45:15 +02:00
Daimona Eaytoy ddf707656e Make sure blocks from ipboptions have the same wording as globals
This is the long-term solution for the problem. The ToDo may be
unnecessary, but leaving it there as a caveat.

Bug: T190602
Change-Id: I5e3764dbec8ac21f20c460181ae78ed73eca92f6
2018-04-06 08:15:17 +00:00
jenkins-bot eb066b4f6f Merge "Add missing messages for existing vars decriptions" 2018-04-06 01:25:27 +00:00
Umherirrender c23d715c33 Add missing use for namespace Wikimedia\Rdbms
Change-Id: I262ff68fb923ae43f191e167d1b1de3e70c2e236
2018-04-05 22:09:15 +00:00
Daimona Eaytoy 714735ff6b Remove superfluous line
That line isn't needed anymore and totally prevents from changing page.

Bug: T191512
Change-Id: Ib29719d6eb3155318b3db0f60d9c9d55e944b4a4
2018-04-05 17:58:16 +02:00
Matěj Suchánek 60f4777c8c Add missing messages for existing vars decriptions
Change-Id: Ifd418c0efbcf7c21b4013d6b8a7454950d15def6
2018-04-05 11:24:49 +02:00
jenkins-bot d885b34574 Merge "Add reasons dropdown to hidelog form and convert it to OOUI" 2018-04-05 00:19:21 +00:00
jenkins-bot f0a8219666 Merge "Move actions limit to a global variable" 2018-04-05 00:15:24 +00:00
Daimona Eaytoy bc99694d07 Add reasons dropdown to hidelog form and convert it to OOUI
Bug: T153018
Bug: T132284
Change-Id: Idf74765d9f5c475d2e0d48d546cdf7c1aaa99104
2018-04-05 00:08:49 +00:00
Daimona Eaytoy 55cac6f1b0 Move actions limit to a global variable
This opens the door to further customization and allows every wiki to
set its own value.

Bug: T132925
Change-Id: I63985f2809c3253b07b33caef30fcd8d4c62dfd4
2018-04-05 00:06:40 +00:00
Daimona Eaytoy 5f1926534b Make $mode optional for checkAllFilters
Otherwise ContentTranslation will break. Also, that way the order was
wrong (mandatory parameter after optional ones).

Bug: T191468
Change-Id: I4558aba48782e83b73023061e8f213bf6a785a18
2018-04-04 23:35:03 +02:00
jenkins-bot 78817be019 Merge "Fix cap for pattern search" 2018-04-04 02:17:38 +00:00
Daimona Eaytoy e830f31ccc Fix param documentation
I made a little misunderstanding with I243605b26fe310488dc7419edf31f652ccda0094

Change-Id: I43888278483646eeb1e9da5d44471838c20fc18b
2018-04-03 17:34:03 +02:00
Max Semenik a4ed4db34e Fix field visibility warnings
Yes, this is a sniff bug - however, ideally every variable should
be on its own line with documentation anyway.

Change-Id: Ic8a96d9ea4dd20d8f689aac0a7dece01a4208929
2018-04-03 02:16:41 +00:00
Max Semenik 5c89246fce Rename files to match class name
Change-Id: Ia19bfec6c2289912699b6c90261afda311afb56e
2018-04-02 22:08:13 -04:00
jenkins-bot 9cf6a4b407 Merge "Add missing comparisons to builderValues" 2018-04-02 21:34:32 +00:00
jenkins-bot 3ffa6f6c81 Merge "Add requirement for title and pattern fields" 2018-04-02 18:06:26 +00:00
jenkins-bot 846e9d095c Merge "Record stats only when the action is executed" 2018-04-02 18:01:32 +00:00
Daimona Eaytoy 17e444918b Fix cap for pattern search
Currently, due to a tiny math error, the cap is variable (although
limited). This way it's really fixed and produces uniform results.

Bug: T191222
Change-Id: I8102db7894e5481a77e1a5771d9981258000731e
2018-04-02 19:49:59 +02:00
Daimona Eaytoy fc5aeeaaeb Convert Special:AbuseLog/# to OOUI
Hopefully this is really the last one: the tiny form at the bottom of
Special:AbuseLog/# to access private details.

Bug: T132284
Change-Id: I3f91beb482b3b85e12b65464914b0ac57ec983df
2018-04-02 18:58:43 +02:00
Daimona Eaytoy fbde96cac6 Add missing comparisons to builderValues
Currently, strict comparisons aren't listed. This way they don't appear
in the dropdown and users may not be aware of their existence.

Change-Id: I93185781de3b698096130c673156a67823375c6b
2018-04-02 17:12:32 +02:00
Daimona Eaytoy e53811ecb3 Add requirement for title and pattern fields
Currently users can save filters without title or pattern. This
shouldn't be allowed since it leads to lack of clarity. The check is
only performed server-side, since when implementing Ace editor we won't
be able to (easily) add a pure HTML requirement for the pattern field.

Bug: T173947
Change-Id: I1a0418b87cdb1ff423238fcdf1c743930500e605
2018-04-02 16:37:51 +02:00
Huji Lee 26c72c1cd9 Convert Special:AbuseFilter/tools to use OOUI
Bug: T132284
Change-Id: I139b30399f83d43c4da565b25726d8786d02d1ef
2018-04-02 16:31:19 +02:00
Daimona Eaytoy 6255b04eca Record stats only when the action is executed
Otherwise it will return wrong stats and waste resources. This seems to
fix the problem, while a more long-term solution isn't that clear. I
hope that this won't introduce regressions, which as far as I could see
shouldn't happen.

Bug: T191032
Change-Id: I243605b26fe310488dc7419edf31f652ccda0094
2018-04-02 16:21:43 +02:00
Daimona Eaytoy 7450fb1d62 Switch /test and /examine/# to OOUI
Standardized Special:AbuseFilter/test and /examine/# to OOUI. They need
to be updated together, since they share the same load filter button
(now centralized) which needs to be handled in a different way.

Bug: T132284
Bug: T58367
Bug: T58368
Depends-On: If3d6a994142e34686bb7fc9f09093f751b599485
Change-Id: Ib935e8c9706e987468e52ec2ad1c7219b35fb9d5
2018-03-30 13:12:36 -04:00
Daimona Eaytoy 520ebea2cb Switch footer of editor to OOUI
Conversion of the builder dropdown, the syntax checker button and also
the button for switching editor coming from ace.

Bug: T132284
Depends-On: If3d6a994142e34686bb7fc9f09093f751b599485
Change-Id: Ic7f17437f4f0dcc0ea0edbab24eb976e2f76bdbd
2018-03-30 12:58:45 -04:00
jenkins-bot c67ab4a061 Merge "Revert "Revert "Switch editor to Ace and provide syntax highlight""" 2018-03-30 15:29:01 +00:00
Daimona Eaytoy 3350183fe3 Revert "Revert "Switch editor to Ace and provide syntax highlight""
Make Ace use a fixed size in em.

This reverts commit 272775ff81.

Change-Id: I9b439b20df91eb367bcef4b6f33ff087aded0b62
2018-03-30 11:10:16 -04:00
jenkins-bot ef65bf62c9 Merge "Convert /revert to use OOUI" 2018-03-30 14:02:12 +00:00
Daimona Eaytoy 90436c9e59 Convert /revert to use OOUI
This one was left out, probably because it's not well documented.
Together with the simple conversion, I also added a cap to time
selectors (otherwise users may create huge breaking queries) and wrapped
in a class=success P the success message, like we do when saving
filters.

Bug: T132284
Change-Id: I2ba0a54e27608949cd28b9ac0447d1f2157b0ea2
2018-03-30 09:12:59 +02:00
jenkins-bot 899fd5783b Merge "Revert "Switch editor to Ace and provide syntax highlight"" 2018-03-30 02:14:15 +00:00
Huji 272775ff81 Revert "Switch editor to Ace and provide syntax highlight"
This reverts commit 89e6778793.

Change-Id: I41aee10fdd5633d56692334696fb750f41b15433
2018-03-30 02:07:00 +00:00
jenkins-bot f903aa92d4 Merge "Switch editor to Ace and provide syntax highlight" 2018-03-30 02:02:00 +00:00
jenkins-bot da3342e398 Merge "Add search for filter patterns" 2018-03-30 01:32:03 +00:00
jenkins-bot 17e56ff23a Merge "Convert Special:AbuseFilter to OOUI" 2018-03-30 01:16:16 +00:00
jenkins-bot baa0cd082a Merge "Always show abuse filter public comments as plain text" 2018-03-29 16:13:27 +00:00
jenkins-bot e268f6b3e1 Merge "Avoid calls to deprecated wfSetupSession, $_SESSION, and session_id" 2018-03-27 02:36:26 +00:00
Daimona Eaytoy 1de8740df7 Use integers when calculating edit_delta
Since it'll always be a subtraction of integer numbers. Otherwise, if
calculated as float, values won't triple-compare.

Bug: T190652
Change-Id: Ia58a4e3429a012a94a43ffadb190154fcdb9bcaa
2018-03-26 13:15:13 +02:00
Daimona Eaytoy 89e6778793 Switch editor to Ace and provide syntax highlight
Replace the conditions textarea with Ace editor for editing and testing
filter. This uses a soft dependency on CodeEditor; if the latter isn't
installed, the classic textarea is used. The user is still able to
switch between the editors on the go; the new buttons may look a bit
ugly now, but after switching to OOUI they should get much better.
Finally, added a custom syntax highlight for AbuseFilter rules.

Bug: T39192
Change-Id: If3d6a994142e34686bb7fc9f09093f751b599485
2018-03-23 12:39:22 +01:00
Daimona Eaytoy 3bc4bfc4d5 Add search for filter patterns
Adds an option for searching filters with a
specific pattern in the main page, together with already existing options.
Plain search and regex are available, only for users with the
view-private right. The search is performed directly on the database.
If the user actually searched for something, it is also added a column to
Special:AbuseFilter showing a snippet of the pattern from each filter, with the query match highlighted.

Depends on: I8144062b1f273d0d8932203ffcb7a71aca60bba9

Bug: T87455
Change-Id: Ibcd84ff84edca481328210ee857b0ab723028632
2018-03-17 14:54:48 +00:00
jenkins-bot 6d32b24d16 Merge "Update for the actor table change" 2018-03-17 09:36:59 +00:00
Matěj Suchánek e5db4b47f9 Use LIKE to filter AbuseLog by action taken
Bug: T187971
Change-Id: Id2a9feb395077c5391a4145284d667101dedfa7b
2018-03-16 15:03:38 +00:00
Matěj Suchánek 729ff73c10 Convert Special:AbuseFilter to OOUI
Bug: T132284
Change-Id: I8144062b1f273d0d8932203ffcb7a71aca60bba9
2018-03-16 14:57:52 +01:00
Daimona Eaytoy 981338ae45 Avoid double processing block actions
Otherwise it'll be logged twice, with some related malfunctioning.

Bug: T189857
Change-Id: Ie640793661d824a99fa726843245f99a2ff64f20
2018-03-16 10:01:33 +01:00
Melos 799a2fb1ed Always show abuse filter public comments as plain text
Public comments are parsed in some places and they are
shown as plain text in others. Always show them as
plain text instead of parse them.

Bug: T173249
Bug: T141670
Change-Id: I173ffab1a99c1536cca260b76be0d95a4966b139
2018-03-15 20:14:00 -04:00
Reedy 844af9b1ff Add missing global statements
Bug: T189827
Change-Id: Ib806ca14b84f8f8d2124580f80901e4ad10a67ba
2018-03-15 22:44:45 +00:00
Daimona Eaytoy 3b63127624 Fix messages displayed in history
With https://gerrit.wikimedia.org/r/#/c/412892/ I introduced an error
with action display in history: every action except for block would have
been displayed without parameters.

Change-Id: I273cd908b698c49056c176de9ead5a78d818c7be
2018-03-14 17:50:58 +01:00
Reedy 16d599c1b8 Merge "Add missing use in hooks" 2018-03-12 15:27:02 +00:00
WMDE-Fisch 9af25447a0 Add missing use in hooks
Change-Id: I8e6fa3211868b984248d9414bdbc6970392b2189
2018-03-12 15:00:58 +01:00
Matěj Suchánek 3a0f6a48ba Use OOUI datetime selectors on Special:AbuseFilter/examine
Bug: T58367
Bug: T58368
Change-Id: Ic7882e86c1cadd2501eca9a63623f0db3a0c614a
2018-03-10 10:39:43 +00:00
Daimona Eaytoy e0d7f6a388 Fix issue with custom blocks patch
I had unwillingly substed a variable with a string in the wrong case. It
needs to be fixed before .25 is deployed, otherwise in history there
might be actions != block which'll be displayed as 'block'.

Change-Id: I6d251fa011238509a8fdf264e865573140e7a20d
2018-03-10 10:02:11 +01:00
jenkins-bot 2fe3b18dea Merge "Convert Special:AbuseFilter/history and /examine to use OOUI" 2018-03-10 01:11:57 +00:00
Brad Jorsch 3014871cb5 Update for the actor table change
Core change I8d825eb0 begins the process of changing core database
tables from using xx_user and xx_user_text fields to using xx_actor.
This updates the extension to continue to function during and after the
transition.

Bug: T167246
Change-Id: I4065716022aa60c0fa1a258659db22be2b7f43de
2018-03-09 16:34:24 -05:00
Brad Jorsch 7399cd4348 Update CommentStore usage
CommentStore's calling conventions changed in I3abb62a5c.

Change-Id: I80012f82b39e5054ee40a44b5a8e92dec46c2962
2018-03-09 16:22:32 -05:00
jenkins-bot c02133ac08 Merge "Fix supposedly nullable argument" 2018-03-09 15:55:26 +00:00
Matěj Suchánek 5ae26bb5c6 Fix supposedly nullable argument
Change-Id: I81c467ce3483096c98041412a664b3a26735118a
2018-03-09 16:16:12 +01:00
jenkins-bot f86ef894b6 Merge "Fix typo in wgAbuseFilterActions" 2018-03-09 14:41:47 +00:00
Matěj Suchánek ff281fa2e3 Fix typo in wgAbuseFilterActions
Bug: T189299
Change-Id: Ie87d6f31e00408a2226547ee810cfbab27a439ed
2018-03-09 15:20:53 +01:00
jenkins-bot cd7e6541ac Merge "Fix Special:AbuseLog::getUserLinks call" 2018-03-09 14:19:25 +00:00
Matěj Suchánek 38f56d1dd2 Convert Special:AbuseFilter/history and /examine to use OOUI
Bug: T132284
Change-Id: Ib61e0ce8f3f8481cdaf9ee7f521f73f314fcded2
2018-03-09 11:35:47 +00:00
Matěj Suchánek 4637d19f69 Fix Special:AbuseLog::getUserLinks call
IP addresses have no user id, reusing af_user for them was a complete nonsense.

Change-Id: Iaebf5e57c445452896dce6b3edf0018ebbb6e3dc
2018-03-09 09:26:58 +01:00
jenkins-bot e24c025670 Merge "Allow customizing block durations for each filter" 2018-03-09 03:27:15 +00:00