This settles almost everything, leaving the tags part ready to be
further improved in the follow-ups.
Also, replaced some fields with totally different ones, improved the
warn preview area and improved a bit nojs experience by hiding unusable
buttons.
Bug: T132284
Bug: T154749
Change-Id: I7a5caa862a32f9792140c6a4d9708a2d20472672
This line first used to be just an "strlen". Then we merged
Iaeae672dca66ffc745054daabd6f0eae7dfbc648 to clean input and this caused
some "undefined index" notices. These were in turn fixed in Ibebedb566da705e77ffb831ebda6476adba07c93 by adding an "empty". However, this slightly changed the range of accepted parameters, for instance refusing 0 and '0'. Those should never be used, so this is just a theoretical problem, but we'd better be consistent and simplify this line.
Change-Id: I4643d0632acf5926ac8de5da9bcb3e5dc715fdc1
Otherwise, if the user is warned for e.g. trying to move a page, and
after the warning he tries to delete it, he won't be warned again. Since
filtered action (edit, move, delete...) can be really different, we
should repeat the warning if the action changed.
Bug: T199621
Change-Id: Ia481b2bf552e16de8485c246aa5612d5bb2cd6ca
The function used to determine if a row is hidden has three possible
return values: true, false and "implicit". While the first and the
second one refer to AF own suppressing system, 'implicit' means that the
revision associated with the log entry is deleted. However, we checked
for such return value with a boolean cast, which caused true and
'implicit' to be equally treated, thus hiding revdel'ed revisions to
sysops. Bonus: fixed a comment typo.
Bug: T191699
Change-Id: I87d3a6437bb966198175e4bfd063e30ed79c345f
We still had three entries of "LogPage", which is legacy and has some
problems (I7bb0e92b2906a2511fc4290bdc76fc39ec4617fe). This patch updates
two of them to ManualLogEntry. The last one is handled separately in
Ic23e724997e4748c8d0da8138aa73d31b17b7064.
Change-Id: I2a4f18ea6baebdc114078c57d8937ce4ca2aace5
This is something that hasn't been working since January 2009, when AF
didn't have arrays and all variables were computed non-lazily. In fact,
when reverting "degroup", we used to take old groups from edit vars, but
the variable may not have been computed for such edit. Plus, we treated
the var collection as an array instead of an AbuseFilterVariableHolder
object, and exploded user_groups since it was a string. With this patch
everything should start working as intended.
Change-Id: I76917b2e331291bd42daeef8d048507dc38048cb
Introduced in I75ce47d247cf6949117370c8c78ab7c6980538f3, the message name
was misspelled in the code and thus the message doesn't show.
Change-Id: Iad515c48035259340c4824d456a14010c977e7a8
This fixes the following minor issues:
* In HistoryPager's getQueryInfo, afh_id was listed twice
* In AbuseFilter::translateFromHistory a field named "af_" was produced
if no actions were in use
* The topnav link "Recent filter changes" wasn't STRONGed on pages like
"Special:AbuseFilter/history/123"
* In checkAllFilters and AbuseFilter::getFilter, select from DB only the
fields that will be used.
* Simplify some inline comments and remove superfluous ones
Change-Id: If72b18bedac5e580487406e696aea1fd172ae45b
Right now it can manually be added when creating filters. Since the
distinction is interal to AbuseFilter, we can't use hooks to achieve the
goal (the tag isn't already usable from outside AF). Also making
isAllowedTag public to make it testable.
Change-Id: I75ce47d247cf6949117370c8c78ab7c6980538f3
Actually, it seems like I almost got it right at the first try. I tested
every validation scenario and it worked as espected, so ready for
review.
Bug: T193596
Change-Id: I7fd1798030d83292ce46543e25c0c431ec345a28
Otherwise, a blank page will be considered as having a newline inside,
which won't be marked as added (or removed) in the diff. This requires
introducing a new method and leaving the old one for backward
compatibility, and may cause regressions.
Bug: T74329
Change-Id: I9a2397fd849544b499cad97a383e5331471e9d73
Old_text and old_html were disabled a long time ago. With this patch,
the user will get a custom error message if trying to use them (instead
of the unrecognisedvar one), plus they'll stop appearing in /examine and
/details, unless they were computed for the examined edit (and in that case, their description message is now restored). Lastly, added a precisation to their messages.
Bug: T190698
Change-Id: Ife168522e6b1d8eb94ebbb8a16ae8831ec1dc497
Arrays were introduced with the name "lists". While it **may** look
user-friendlier and so on, it actually uses a wrong name: lists are
different from arrays. I ran a grep and I should've replaced
every occurrence, plus everything seems to work, however a double check
wouldn't be bad.
Change-Id: I6a858f02f5dd9250ba7e1abf9c6422fd98758c9e
Now the required need will be abusefilter-modify OR
abusefilter-view-private for /tools, /test and /examine.
Bug: T193903
Change-Id: I3f1a91a2cc1df2272e5d4099cefd7c649a0683d5
Use TextContent::normalizeLineEndings instead of manually replacing
carriage returns, plus avoid the if with a simple string cast. This also
fixes some cases where a null edit isn't counted as such due to a "\n"
in new_wikitext which isn't trimmed.
Bug: T168736
Change-Id: Idfafab3fcf7912bf0aec22700d2c0137bdd6c3c8
With the introduction of custom block durations in Ib072433d19dabae48d8514e08be9893135b5d63c, the method which generates action display was enlarged in order to provide a more readable and complete message. However, for throttling we currently have an unreadable message like "Throttle: xx, yy, zzz". This is wrong for two reasons: first, those numbers need to be deciphered; second, the first number is the filter ID which is totally unuseful here.
Change-Id: I0ec6a27ff5f37aae864dfd91161bf44f0a217ef1
Quite self-explanatory. If the talk page is blocked, a sentence is
added, otherwise it remains as it is. Plus, improved the way messages
are generated and reduced their reuse.
Bug: T193692
Change-Id: I01f5113ca586b94c25e1102c73d158ebb01c5a4b
I found these vulnerabilities while trying to setup seccheck. Although
I'm not sure whether seccheck recognised them, I'm sure that they exist
since I did manual tests, and it's possible to inject custom scripts
with these.
Change-Id: I97804be8352a1b784d483195edb29e363a0c616e
'disallow' rules with a missing first parameters are perfectly fine (and
quite common), so don't throw notices when that happens.
This broke Flow's unit tests, and caused exceptions for all api.php
edits that triggered a 'disallow' rule.
Change-Id: Ibebedb566da705e77ffb831ebda6476adba07c93
This seems like the logical way to be sure that multiple mass actions
won't be counted as one, thus reaching the conditions limit. I tried to
test this locally, but I actually had troubles to simply replicate the
issue of the reached limit in a stable manner, so I'm not totally sure.
Anyway, this shouldn't do any harm.
Bug: T193374
Change-Id: Icdc172f76705870ee502339a53e912e15a3bd31d
This is taken from I6a57a28f22600aafb2e529587ecce6083e9f7da4 and makes
all the needed changes to make phan pass. Seccheck will instead fail,
but since it's not clear how to fix it (and it is non-voting), for the
moment we may merge this and enable phan on IC.
Bug: T192325
Change-Id: I77648b6f8e146114fd43bb0f4dfccdb36b7ac1ac
Introduce a new function which can be used to group multiple comparisons
in a single condition. In particular, equals_to_any(S, A, B) is the
equivalent of S === A || S === B. This is especially useful in checking
for multiple namespaces, as proposed in the Community health initiative.
Change-Id: I9dcfe303eb5e51e1882fe4a65fa876aa93db7686
Basically, with this we always start with a functioning textarea. If JS
is enabled (and CodeEditor installed), it gets then replaced by the Ace
editor.
Bug: T192241
Change-Id: Id4dc1debf0240d5b336f4d9ab5b363c240f08807