Core change I8d825eb0 begins the process of changing core database
tables from using xx_user and xx_user_text fields to using xx_actor.
This updates the extension to continue to function during and after the
transition.
Bug: T167246
Change-Id: I4065716022aa60c0fa1a258659db22be2b7f43de
This is part of a project to enchance blocking in AF. With this patch,
users are allowed to specify two block durations for each filter, one
for anonymous and one for registered users. For backward compatibility,
default values are set to the global variables.
Bug: T32024
Change-Id: Ib072433d19dabae48d8514e08be9893135b5d63c
Blocks preventing edit of own talk currently don't show "cannot edit own
talk page". Added it to the flags to make it display properly.
Bug: T188970
Change-Id: Ia8d1c2b93038c3c43bb224a8cae073b694d74cbe
The IP is currently displayed as plain text. Add instead userLinks in
the usual way to provide some handy links for CUs.
Bug: T188600
Change-Id: I47ee007f450f06a1a19b4c7598373a952efbe06a
Currently, array_diff is only performed in one direction. This way, some
edits to tags (and, in future, to custom block durations) aren't catched
and the filter isn't saved.
Bug: T180194
Change-Id: I22fb9368208380c1a8205a566ac5ff07bbb6e05b
So that users have no longer to modify the URL.
Links like "Special:AbuseFilter/history/1" will still
work but request parameters have higher priority.
Bug: T27897
Change-Id: I2d8c26d3350fdd4052b68c7bced10e3fae859d18
Adds option to stop logging IPs in afl_ip in the abuse_filter_log table.
Introduces a new global variable: $wgAbuseFilterLogIP
Bug: T187169
Change-Id: I1615ba6949c9f8bcdd6ee6aef580c87a05f43e6a
Users can choose whether they want to see entries
that changed the wiki or didn't (or they can apply
no filter).
Bug: T159061
Change-Id: I6cee9b001c26c4bbc837131781deef27d5e3ef1a
Currently, the message informing that some actions have been disabled is
quite impossible to notice at a first glance, since it's a bit confused
with other form elements. However it actually is a warning and needs to
be treated as that.
Change-Id: I0d851333f8da200fb0b9b0c7d05ccd1f63e9e948
Change I758795f01eaf3ff56c5720d660cd989ef95764a7, first released
in 1.20, added columns to AbuseFilter tables for MySQL, but not for
PostgreSQL.
This adds those columns for PostgreSQL, both for the installer and
for the updater.
Combined with already-merged change 192002, this change closes
bug T89514.
Bug: T89514
Change-Id: Ie33a5a932ffd85fa8a4111b949bd0a4d07a2af91
When an action reaches the limit, the remaining filters are not executed.
But there is no way find out which one it was.
Bug: T71492
Change-Id: I28fac76d4e9ca341bed25cd35e1249b19586b773
Added the contains_all function, with basically the same role as
contains_any but using logic AND instead of OR. Also added
ccnorm_contains_all, that is the same of ccnorm_contains_any but with
AND mode. Finally, fixed three wrong task IDs.
Co-authored with Valerio Bozzolan.
Bug: T21176
Change-Id: Ib0a8b783db6ce0d5db64771c8e0c70f0f8d13d36
This parameter was never documented. It was just
a leftover from migrating to the current message API
in Id69a9d603. Note that the same message pair further up
in this file does not use it.
Change-Id: I38caa1611d78b6cb182861c8f5d731b27379f62a
This patch introduces a config variable for the range block sizes.
It changes the default IPv6 block size from /16 to /19 using the
same reasoning as Ia25e156fd8234519c4d74f1d41d93f94a313ce14
Using a config var (as opposed to hardcoded range size) allows
future changes proposed in T179454 to make the range size vary
for different IPs, based on the actual subnet they belong to.
Bug: T179455
Bug: T179456
Change-Id: I8dfa17f553a7af524f0a11c0fd51c48773e27be5
Per T178092, AbuseFilter now maintains compatibility with older versions
of MediaWiki using release branches. Thus, various back-compat code
paths may be removed from the master branch.
Change-Id: Ia1b5eade30d7486e3b1b386b15a7db4e5c8cfead
Various selectFields() methods were deprecated in MediaWiki core change
Idcfd1556, replaced with getQueryInfo() methods.
Change-Id: If75d2e76c2f166bc40a544dd502da43171ce1e7b
Depends-On: Idcfd15568489d9f03a7ba4460e96610d33bc4089
This PHP extension doesn't have any speed benefits over our minimum
required PHP and so isn't used in WMF production anymore.
Change-Id: I4883643908f765eee5db6b3ca88eed179264e93f
Use the new equivset library instead of AntiSpoof.
Bug: T175413
Change-Id: I439387deeba99543e194c210953ac73ff98bc5b7
Depends-On: I977d3498b2084a426e2ab4d85c000d1b9dcfe824
When $wgAbuseFilterRuntimeProfile is true, all filters taking
longer than $wgAbuseFilterRuntimeLimit will be logged for
later analysis
Bug: T174205
Change-Id: Id81833afa8421476a6cee47eb3393acdb3a38d65
When you are in Specia:AbuseFilter/test and you test a filter
against RC if the filter has a regex with a rlike condition
you receive a Call Stack warning for a wrong regex.
Bug: T177744
Change-Id: I2bc62b5709d2863eb355a249610b3e80fab55448
Forcing user namespace will handle IPv6 correctly as well
as possible "User:" prefix supported by the former code.
Bug: T176045
Change-Id: I0b4a5468ca44799cade0b0774d749e05d4ff5865
The following sniffs are failing and were disabled:
* MediaWiki.VariableAnalysis.ForbiddenGlobalVariables.ForbiddenGlobal$wgTitle
Change-Id: I7163cd8f97a7d2fe5b4410245a72eb416302f4f6
A confusing warning message was displayed when filters
have af_throttled = true. That message was replaced with a
new one reflecting the behavior that is actually ocurring and
how to solve it
Bug: T54525
Change-Id: I5c6e434249d5c9649eb2d7c5b16b9ecb1f530c8a
Metrics per edit:
- Execution time of all filters
- Number of filters executed
- Number of conditions executed
Due to the current structure of abuse filter there was not
a clean way to include filter actions and abuselog creation
as part of the runtime metrics.
Bug: T161059
Change-Id: I6208b620453863133c6623aa419775f63c7d3eb1
It should have been deleted in I02ba4ce31b6aca5b7324114093f8ece143abc295
but accidentally survived.
Change-Id: Icdbe8fb0154513d643905f7f8bd6391780cd44a7
- Use rc_source with values that we know we support. In
particular, this drops categorization changes.
- Filter on rc_log_type and rc_log_action (which itself
may be shared across types).
- Use the same query on both Special:AbuseFilter/test
and Special:AbuseFilter/examine.
Bug: T170574
Change-Id: I79b903b4424d3c15095a1e0491d35f6e005db0b8
Cleaned ccnorm method to use AntiSpoof::normalizeString instead going
after AntiSpoof extension files and doing a manual implementation of it.
Also removed composer requirement for AntiSpoof extension.
Bug: T172766
Depends-On: I731733671b650b6bb2f480c41c4f6f2d2f5c62e8
Change-Id: Ib38ba0b06918e81e8af03032eef95e3942773bc1
After I544cdfa75c7472f2d98b2561bc6f6f9c2d2ad639 (dieWithError
and checkUserRightsAny), this is the oldest MediaWiki version
AbuseFilter can be run on.
AbortMove was removed from MediaWiki in 1.25, UploadVerifyFile
is only relevant for 1.27 and older.
(Replaces I1e962217c3b20d901a5742cf76339a3f488a6e97.)
Change-Id: Iec237b2887f72b115fdcef78d2d7a944ba82c784
As described in the task, anyone can view the page but do nothing
with it. It doesn't make sense, it should either work or be disabled.
I chose the latter.
Bug: T124096
Change-Id: I7271cd5a0d00d5fdba28ce3974c50ea5dfd0ad9b
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected
* MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic
* MediaWiki.Commenting.FunctionComment.MissingParamComment
* MediaWiki.Commenting.FunctionComment.MissingParamName
* MediaWiki.Commenting.FunctionComment.MissingParamTag
* MediaWiki.Commenting.FunctionComment.MissingReturn
* MediaWiki.Commenting.FunctionComment.ParamNameNoMatch
* MediaWiki.Commenting.FunctionComment.WrongStyle
The following sniffs now pass and were enabled:
* MediaWiki.Commenting.FunctionComment
Change-Id: I0874c547ef2bc8a7c3fa4ca72738aa3320f2bdbe
It seems that move actions have rc_this_oldid set. rc_log_type
should have higher priority.
Bug: T170586
Change-Id: I9bb4ea599f12ef01fad823ac3232330966b0d281
Also move --ignore to phpcs.xml for use by phpcbf
Short array syntax will be used in follow ups
to keep this patch set small
Change-Id: Ib91f3768cc7cdccdc26a4d5200178ceb8e61e098
The return value from the method is only suitable for passing to
$db->insert(). To get the inserted ID, you need to call $db->insertId()
even if $db->nextSequenceValue() returned non-null.
Change-Id: Id5a0df17c77445e9f29564a55fb850c3ecad2630
We add FORCE INDEX to revision because probably we have hit a MariaDB
bug that can potentially create an outage on pages with thousands of
revisions due to extreme resource usage by this query when using the
wrong index page_user_timestamp, instead of page_timestamp.
This is considered to be a hack, and once we are in the clear, I promise
to review this an try to get a saner execution path (both in MySQL and
in PHP.
Bug: T116557
Change-Id: I41853da5c0e1a15efad5594eff0cee62be1ad9a4
Follows-up e4ac1ef. A lot of this class gets its own cache object
in key-generation methods because of legacy compat with public
methods and because of how wfMemcKey used to be.
However where possible, we should encourage passing $cache
so that makeKey() can be used on the same instance that uses
the key.
This is a no-op since it's exactly the same object.
Change-Id: Ib3c31110176659a9175679eb716369e7f0a1d3b2