Commit graph

1753 commits

Author SHA1 Message Date
C. Scott Ananian 2107ee4f38 Remove unused SecurityCheck-ReDoS suppression
Change-Id: I7809c29e1150ea6770f3aa70a3fb790f3e4ce32f
2023-09-22 21:17:31 +00:00
jenkins-bot 1f1c5e477b Merge "When testing against a page creation in RC, set page_id to 0 as in the real filtering" 2023-09-11 09:28:33 +00:00
Matěj Suchánek 9beeca3752 Fix various typos and documentation issues
Change-Id: I1e9d297f665282d251343598e102e1d342488965
2023-09-04 12:55:17 +02:00
Amir Sarabadani ead29fc0fe Re-enable skipped test
Depends-On: I04c1dcf5129df437589149f0f3e284974d7c98fa
Change-Id: Ib071cd62d21090d28088729d2b2850363b750dae
2023-08-25 17:06:15 +02:00
Derick Alangi 623b9dbea3
Migrate DeferredUpdatesManager to use DeferredUpdates directly
Reverts part of Id9056528a433faf0, to switch to DeferredUpdates in
CirrusSearch back from DeferredUpdatesManager.

Bug: T265749
Change-Id: I8126cc76440724753c356c48ba4e0fcc9be5b41a
2023-08-21 12:59:28 +01:00
Umherirrender 62127964b7 Use namespaced MediaWiki\User\ActorMigrationBase
Bug: T321681
Change-Id: If3940c982d55643a685e2dedccab0540f86b9ae9
2023-08-20 01:08:09 +02:00
jenkins-bot e23b4bf8ef Merge "Use namespaced Title" 2023-08-19 18:33:50 +00:00
Umherirrender cd7e9d31a7 Use namespaced Title
Bug: T321681
Change-Id: I66fd9b70a5de06ac3c81bdf6a2a5bca64ed094c2
2023-08-19 19:49:36 +02:00
jenkins-bot 96f6e1961f Merge "Clean up AbuseFilterConsequencesTest a bit" 2023-08-19 17:29:27 +00:00
Daimona Eaytoy 85f8f90531 Clean up AbuseFilterConsequencesTest a bit
Most notably, make it not use additional DB tables to test global
filters. Instead, just pretend that the local database is not local (via
config) and "hide" local filters with a simple test-only flag in
FilterLookup.

Change-Id: Ib431dbf6c9d84978ee84e7f0671cfcbf8a54d7a2
2023-08-19 15:31:41 +00:00
gerritbot f5258d16bc Replace some moved Title class uses, now MediaWiki\Title\Title
Bug: T321681
Change-Id: I0402e835b5c05bac0a890b6fe0036516751c411b
2023-08-19 04:13:30 +00:00
Umherirrender 8e6d820154 Use HookHandlers for UserMerge hook
Bug: T254306
Depends-On: Ib78dae49854863af1a37a00636737c94694776ae
Change-Id: If2bc517fb612199f4d744efbfa261ee5c556b6a5
2023-08-16 09:44:30 +02:00
jenkins-bot e80a4337c0 Merge "Use HookHandlers for Echo hook" 2023-08-16 05:26:14 +00:00
gerritbot ae1262fb68 Replace some moved Title class uses, now MediaWiki\Title\Title
Bug: T321681
Change-Id: I505b97ffbb74f1b1a12bf141b73b1414c60c5020
2023-08-16 01:54:05 +00:00
Umherirrender a328477b8d Use HookHandlers for Echo hook
Bug: T254306
Depends-On: Iffa2b409502b4269c9746e0304feb4aaee37a86e
Change-Id: I0e27c535367b37b7038a54955e43ff96d9c81d32
2023-08-16 00:18:02 +02:00
jenkins-bot e566cb1327 Merge "Avoid TestUser in non-database tests" 2023-08-07 13:13:25 +00:00
Daimona Eaytoy 2a6b7edecb Avoid TestUser in non-database tests
TestUser requires a DB connection, so avoid using it in database-less
tests. Add to the Database group tests that are making DB writes (e.g.,
for log entries).

Change-Id: I211cb60296e5c2446128fcdf2caaadc728a8c272
2023-08-06 22:18:49 +00:00
Amir Sarabadani 049e602b07 BlockedDomains: Move filtering logic to a dedicated class
I'm planning to add support for bypass and regex-based blocking which
means it'll grow a bit. So let's give it a dedicated class.

Bug: T337431
Change-Id: I5a6fe2fd2f1efdebd8cada0ba6c481341f830e27
2023-08-06 16:27:23 +02:00
jenkins-bot a3ffaba341 Merge "Replace userNameUtils with UserIdentityUtils" 2023-08-06 10:00:04 +00:00
gerritbot 806ac5285d Migrate ILB::getConnectionRef() calls to ILB::getConnection()
Deprecated since 1.39 (I6e7544763bd)

Bug: T343277
Change-Id: I1d6d8d8bee8b39a5d364d8bb65f5f9a85194114d
2023-08-03 22:28:51 +00:00
Umherirrender c72b6a20f0 Pass ParserFactory to LazyVariableComputer
Make the init of Parser lazy

Bug: T343070
Change-Id: If0f0ca3c4aa2136c85903289f7f80b95dc5132c8
2023-07-29 14:20:07 +02:00
AnaïsGueyte 2efd6d9ac9 Replace userNameUtils with UserIdentityUtils
Where UserIdentity is available and where it's necessary to check ::isNamed

Bug: T342741
Change-Id: I5b52686f1c072282e76874f3863962345ca8097e
2023-07-27 10:29:31 -03:00
Matěj Suchánek 82ff324ae9 Remove faulty phan suppression
Change-Id: I5928d14f92d2bf7e8ceae9b40086533d7e0d0061
2023-07-21 21:47:34 +02:00
jenkins-bot ad37cd8725 Merge "Get parsed content from PreparedUpdate" 2023-07-18 14:15:40 +00:00
jenkins-bot 78c7334d6a Merge "Split VariableGenerator::addEditVars" 2023-07-17 23:26:53 +00:00
Matěj Suchánek 1e93f8b674 Get parsed content from PreparedUpdate
This finally makes new_html work for non-wikitext contents.

Bug: T264104
Change-Id: I1174b63a8e3a96e83ee7472dd086bfc91636316c
2023-07-16 14:48:30 +02:00
jenkins-bot 9aa87e9234 Merge "Clean up AbuseFilterViewTestBatch" 2023-07-12 13:12:47 +00:00
Matěj Suchánek 49edc86a78 Split VariableGenerator::addEditVars
This method actually consists of two: add derived vars, and initialize
content vars. The former part depends on no parameters of this method.
On the other hand, the latter part combines multiple implementations
for some of the content variables using branching.

The branching is a dirty workaround and inferior to the GRASP principle:
"When related alternatives or behaviors vary by type, assign
responsibility for the behavior to the types for which the behavior
varies."
In other words, the callers (extensions) should be responsible for
choosing the initialization strategy themselves, instead of letting
VariableGenerator figure it out.

As the first step, split the former part to a separate method.
For now, it will be implicitly called by ::addEditVars.

Change-Id: I5ff00dbdbf29ec54eabfd95c44a4fd7f713969f5
2023-07-05 14:58:32 +00:00
Tim Starling fe592746b7 Use the new Wikimedia\Diff namespace
Bug: T339184
Change-Id: I381686678524868c85466bdafde3856a73a8cb1c
2023-06-29 11:56:13 +10:00
Abijeet b1e404fc79 ConsequencesFactory: Avoid creating Session object during service wiring
Service wiring should only depend on config, not on request state.

Creating a session object during service wiring causes issues with entry
points such as opensearch_desc.php that disable the session.

Bug: T340113
Change-Id: I2450b0b6821ff0b097e283ff660a0b8aeea9590a
2023-06-27 20:11:38 +05:30
Matěj Suchánek c2a40fb0ff Clean up AbuseFilterViewTestBatch
Inject dependencies, use implicit form validation.

Change-Id: I74afeeceb39ada93cf3c20d5d3fc417ab4e3bf4b
2023-06-27 10:53:45 +02:00
jenkins-bot c897335bd7 Merge "Various code style clean-ups" 2023-06-23 18:43:58 +00:00
jenkins-bot 0c33716f5b Merge "Mark protected stuff in classes with no subclasses as private" 2023-06-23 18:35:48 +00:00
thiemowmde 9316a7d65f Mark some unused public class features as private
These are not used anywhere outside of these classes.

Change-Id: I0a0a5cf1e84133bae69b95da771c285ee27f926c
2023-06-23 12:32:38 +02:00
thiemowmde d9bca83ec6 Various code style clean-ups
For example:
* Use the more meaningful str_contains().
* Add missing type hints.
* Make use of early returns/guard clauses.

Change-Id: Id150d1b17a80ea637a0639a8f2fd7fd017ad23b1
2023-06-23 12:32:12 +02:00
thiemowmde 24888bea15 Mark protected stuff in classes with no subclasses as private
Protected effectively means "public to subclasses" and should be
avoided for the same reasons as marking everything as public should
be avoided.

Change-Id: Iba674b486ce53fd1f94f70163d47824e969abb77
2023-06-23 12:28:06 +02:00
thiemowmde 0bb3aa38ed Fix removing a domain when the page doesn't exist
This was an unfortunate mistake in the refactoring in I2ccb587,
caused by incomplete documentation and a confusing mixture of
possible return types.

I9166c2b fixed one of the two places already. The situation in this
patch here cannot really happen in reality (there is nothing to
remove when the page is empty). Still I think the code is easier to
read when the two places behave the same.

Change-Id: Iea51c3a7a8185cbc3771143353f4795dde712ec4
2023-06-22 11:54:53 +02:00
Amir Sarabadani 8f216a6030 Fix adding a domain when the page doesn't exist
It should fail on null but it should create the page if it doesn't
exist or doesn't have any content yet.
This is breaking the special page, see:
[[de:234828092#New_special_page_to_fight_spam_//_Neue_Spezialseite_zur_Spam-Bekämpfung]]

Change-Id: I9166c2bdcfacb4b19706d246fbf99b2f24ca4cc6
2023-06-22 08:36:49 +00:00
Timo Tijhof 110484b6a0 BlockedExternalDomains: De-duplicate validateDomain logic
Bug: T337431
Change-Id: Icbedf750f6ecaa9caf7bb900e8ad0bc2124e8743
2023-06-19 13:36:32 +00:00
Timo Tijhof 203d54be11 BlockedExternalDomains: Optimize host extraction by using parse_url
Unlike what the 20-year old source comments in UrlUtils.php would
have you believe, parse_url() works fine nowadays, including for
protocol-relative URLs and indeed lots of prod code uses it directly.

The class still has some convenience value for case where you need to
expand or manipulate URLs, but for the common case of extracting a part
of it, you really don't need it.

Test plan:
$ php phpunit.php ../../extensions/AbuseFilter/tests/phpunit/integration/FilteredActionsHandlerTest.php

Bug: T337431
Change-Id: I1e76d2f5aef65365743214530faba656325b965a
2023-06-19 13:36:27 +00:00
Timo Tijhof ee238e79b9 BlockedExternalDomains: Minor code clean up and docs improvement
* Remove stray `@ingroup` from file blocks, move to class block.

* Fix mention of "WAN" cache where actually APCU is used.

* Document that the storage class takes a local-server cache.
  This is an important requirement since the class has no
  coordination for purging or other invalidation. It expects
  an uncoordinated cache.

* Rename "load" to "loadConfig" as it's ambigious what it means among
  the half dozen other "load*" methods in this class. Also inline
  loadFromConfig and loadComputedUncached while at it to further
  reduce this.

* Rename "loadConfigContent" to "fetchLatestConfig" to match
  the existing fetchConfig, which does the same thing except it queries
  the primary db using READ_LATEST.

* Use Html.php when building HTML, instead of legacy Xml.php.
  While at it, also switch a few to Html::element instead of
  Html::rawElement (aka Xml::tags) by using Message->text() for
  messages that are not expected to contain rich wikitext.

Change-Id: Ic74d1597aa9201b371894e7a4bf9361752d9db21
2023-06-19 13:36:23 +00:00
Amir Sarabadani 9dc1a601ac Blocked domains: Fix removing a domain via the special page
Doing unset on array leads to the final array turning into associative array
and gets blocked by the validator.

You can check that it's broken in Persian Wikipedia, beta cluster or
localhost. Tested locally, fixes the issue.

Bug: T337431
Change-Id: Ib1be294bae1ae057dfb9a4445a8e13ac72b333b9
2023-06-18 00:35:21 +02:00
Amir Sarabadani 8b67de5bc1 blocked domains: Make sure users can't bypass the list by using uppercase
Added tests too

Bug: T337431
Change-Id: Ie3406d0b3c7d82ba44c11865e493375453555664
2023-06-16 01:22:48 +02:00
jenkins-bot 596a36866b Merge "Add missing AbuseFilterServices::getHookRunner()" 2023-06-15 18:06:28 +00:00
jenkins-bot 12d6d204ce Merge "BlockedDomains: Add logging in case of hit" 2023-06-15 16:33:37 +00:00
Amir Sarabadani da53cfe9dd BlockedDomains: Add logging in case of hit
This is basically copy paste of SpamBlacklist logging with the added
extra bit of what triggered the hit.

Bug: T337431
Change-Id: Ieb9e3ca615af88ab56735b56e24c80c42a68d478
2023-06-14 22:23:50 +02:00
thiemowmde b63d5c138e Use much more narrow IReadableDatabase and related where possible
Much more narrow interfaces. This code doesn't need more.

Change-Id: Iab0f1da27968246333a4a555b02bfb750cf9eedb
2023-06-14 19:42:01 +00:00
thiemowmde 7e6132d4d7 Remove bits of unused code across the codebase
Mostly found with the code inspection tools in PHPStorm.

Change-Id: I7f59dddca0aaab0ddd1093d52c07ec12efd20d6d
2023-06-14 19:41:00 +00:00
Lucas Werkmeister 9bb4b1e5db Add missing AbuseFilterServices::getHookRunner()
And register AbuseFilterRunnerFactory as a service name that’s allowed
to not have a getRunnerFactory() method without the test complaining
(the service was renamed, getFilterRunnerFactory() exists).

Change-Id: Idedb87e64a6df02b0edae8d9e7dbf441752dc480
Needed-By: If5af88e7f70b83d53f66b9617a5ef37daf81830f
2023-06-14 17:35:43 +02:00
Amir Sarabadani 191e719a79 Fix cases of LogicException in $update->getParserOutputForMetaData()
Abuse filter needs to check both if the update is available and if the
page is rendered. This is the exact issue FlaggedRevs have:
050b9593fb/backend/FlaggedRevs.php (L718)

Bug: T339094
Change-Id: I943c8dbb525dc4c988e97e180474ea71b4cf731d
2023-06-14 13:35:16 +02:00
Matěj Suchánek 8fb53edfbb Retrieve external links from PreparedUpdate
When forFilter is true and PreparedUpdate is available
(most save operations), retrieve all_links from
PreparedUpdate::getParserOutputForMetaData. Otherwise
do what was done before.

Note that this change probably leaves some dead code. It will be dealt
with later.

NOTE: this changes code potentially executed on every save operation.

Bug: T65632
Bug: T264104
Change-Id: I3628a56e5277846c1b90444fb55983870eb54c1e
2023-06-13 14:30:06 +02:00
Matěj Suchánek d82a716ad0 Make old_links retrieval cleaner
The method for old_links retrieval depends on the "forFilter"
value, which we know in advance. If it's true, old_links should
be retrieved from the database. Make a case in the switch
that does nothing but retrieves links from the database,
and direct the evaluation to it.

This change was split from I3628a56e5 to make its review easier.

NOTE: this changes code potentially executed on every save operation.

Change-Id: I33b688f6be3c58beec403f7bf26407a42e7c18ab
2023-06-13 14:03:21 +02:00
jenkins-bot fad3a6e888 Merge "Fix error reporting in BlockedDomainStorage for real" 2023-06-12 21:28:38 +00:00
jenkins-bot 54b9cbd6da Merge "BlockedDomains: Use cleaner array building and add tests" 2023-06-12 18:06:38 +00:00
Amir Sarabadani 60cbc3b464 BlockedDomains: Use cleaner array building and add tests
Regarding array building: Instead of adding to array with
$array[] = 'foo' and then doing array_flip(), simply do
$array['foo'] = true;

Regarding tests: I originally wanted to create a unit test but I ended
up mocking so many things that it wasn't worth it and the config variable
is globaly which first we need to clean up after deployment is done.

Bug: T337431
Change-Id: Iac8dca7078668ee3441d19b6aafe499c1aa0d732
2023-06-12 17:46:55 +00:00
thiemowmde 518955f9c3 Fix error reporting in BlockedDomainStorage for real
This is a direct follow up for I6373fa6 where we apparently fixed
half of the cases while breaking the other half. There was actualy
a code path that can return null, and anther one that can return a
status object.

Since there is never anything done with the status object we can as
well get rid of it and always return null in case of an error.

Bug: T337431
Bug: T279275
Change-Id: I2ccb58756182897bcd6649c9f589e2f7a0321b20
2023-06-12 17:11:49 +02:00
jenkins-bot afaf9d34f8 Merge "Fix broken error reporting in BlockedExternalDomains" 2023-06-12 14:20:20 +00:00
thiemowmde 1eb985c619 Fix broken error reporting in BlockedExternalDomains
Apparently a mistake from I3df949c.

Bug: T337431
Bug: T279275
Change-Id: I6373fa6de561b3018e85f61f5e45ed8c886ce311
2023-06-12 10:52:35 +02:00
thiemowmde 84058c3d96 Make use of the ??= operator and such where it makes sense
We can avoid a bit of code duplication and move code closer together
when it belongs together.

Change-Id: Iffca7e4abfbf03d4663ee909220057bcbd54da75
2023-06-12 10:27:03 +02:00
Amir Sarabadani 9ca20e7749 Make edit summary of blocked domain changes use i18n
It shouldn't be all in English.

Bug: T337431
Change-Id: I57c6b08b652e83baaef41ab0b74af7a4668698a2
2023-06-08 22:06:19 +02:00
Amir Sarabadani 0acfe05251 Add abusefilter-bypass-blocked-external-domains right
This is similar to sboverride right in SpamBlacklist. Defaults are also
the same

Bug: T337431
Change-Id: Iaff91c1f9f7aece0787348dd071701ef99e0291d
2023-06-08 22:06:19 +02:00
Amir Sarabadani 7658885d75 BlockedDomains: Make lookup for domains added in blocked domains faster
We will have a pretty large list of blocked domains that we need to
swift through in each edit for any added domain. In order to cacth
subdomains being added, we have to do all sorts of complicated
operations and string search in large set of strings which is quite
slow. To fix that, let's simply pretend a user who has added
foo.bar.com, also added bar.com and com and do exact match in array of
strings making it much faster.

h/t Krinkle for the idea

Bug: T337431
Change-Id: I96795ed7d1a25f051db0b591dde21b032b138ded
2023-06-08 21:50:43 +02:00
jenkins-bot d6d8608161 Merge "Replace deprecated MWException" 2023-06-07 23:25:54 +00:00
jenkins-bot 90414626fb Merge "Degroup: Return early if user is a temporary user" 2023-06-07 17:18:46 +00:00
Daimona Eaytoy caee78c24d Replace deprecated MWException
These are all unchecked.

Bug: T328220
Change-Id: I8d2f098a8b634d4a226b40ddaef31f0303a0789f
2023-06-07 17:41:20 +02:00
Amir Sarabadani 462096f523 Allow interface-admins to edit blocked domains json directly
For now, we will revisit this in the future. Specially if the
communities think otherwise.

Bug: T337431
Change-Id: I2847264eba9a3cc4fc47a22eacb523199015f9e7
2023-06-06 23:36:12 +02:00
Siddharth VP 8a22007034 BlockedExternalDomains: validate JSON structure before save
This makes raw page editing safer, and potentially enables opening up
access to less restricted user groups.

Bug: T337431
Change-Id: I14f21003a551f34b6e524e9b229613e79b0e5a70
2023-06-06 23:31:28 +02:00
Thalia 573838efc5 Degroup: Return early if user is a temporary user
Treat temporary users the same as IP users. Neither has user groups,
so return early for both.

Bug: T335062
Change-Id: I20b48608cf6ba5f8e8e36a378d66c603d84b032f
2023-06-06 14:10:21 +01:00
jenkins-bot 3feb7d5af0 Merge "BlockedDomains: Put a cache behind parsing of notes of blocked domains" 2023-06-04 15:33:00 +00:00
Amir Sarabadani be928818a4 BlockedDomains: Put a cache behind parsing of notes of blocked domains
It'll be 6K rows in enwiki, parsing 6000 wikitext notes is going to be
expensive.

Bug: T337431
Change-Id: I010d773a7b096c783f5da0d6997d946b3bfd6b6e
2023-06-02 20:13:33 +02:00
jenkins-bot 64ed21cff7 Merge "Use new DeferredUpdatesManager service" 2023-06-01 19:00:42 +00:00
James D. Forrester fb50c1f019 BlockedExternalDomains: Make this a special right, prohibit direct editing
Bug: T337431
Bug: T279275
Change-Id: I96d1e2c8d8728c26e38515032ef773770e26dda4
2023-06-01 09:20:44 -04:00
Amir Sarabadani adae5b95b5 Minor improvements to blocked domain filtering
See I3df949c4d41ce

Follows-Up: I3df949c4d41ce65bb4afa013da9c691ac05fc760
Change-Id: I81974a8d935838e00b4155454f2fb619f8a6bad9
2023-05-31 21:59:45 +02:00
Amir Sarabadani 53eb27f086 Introduce Special:BlockedExternalDomains
It is behind a feature flag. Improvements on it can happen in follow
ups. The patch is already quite massive.

Bug: T337431
Bug: T279275
Change-Id: I3df949c4d41ce65bb4afa013da9c691ac05fc760
2023-05-30 20:48:42 +02:00
Daimona Eaytoy 1c0e558c78 Use new DeferredUpdatesManager service
And remove some hacks for unit tests.

Change-Id: I4e9932a003ac7420f307f01b8d12062fd05a3bb8
2023-05-30 12:50:08 +00:00
Amir Sarabadani e9bec9ffa2 Improve support for read-new wikis with externallinks
Bug: T337149
Change-Id: I68e72243346725fa78281c78dbd6b4cab0b7cbca
2023-05-26 15:47:06 +02:00
jenkins-bot 17cb8ac514 Merge "Update user type checks to handle temporary users" 2023-05-26 11:56:35 +00:00
AnaïsGueyte d42b7335d5 Update user type checks to handle temporary users
* Set the same block expiry for temp and anon users
* Don't block autopromote for temp users; they can't be autopromoted
* Bail early from CheckUserHandler if the user is temporary

Bug: T335062
Change-Id: I6b72537f568c4c70a0b86f1825ea30b767f5634a
2023-05-25 17:26:58 -02:30
gerritbot 66c00defac Update moved class RawMessage
See T321882. Moved in I195cf4c67bd514

Bug: T321681
Change-Id: Ia5479b083c9c086b0fa11be6b1c8358ce9b920bf
2023-05-19 10:30:17 +00:00
gerritbot 3f7e5c9271 Update moved class WikiMap
See T321882. Moved in I60cf4b9ef02b9d5

Bug: T321681
Change-Id: I2c9a5dbde0080984dad1a23eba52504c4b7df4d1
2023-04-25 09:52:41 +00:00
Amir Sarabadani 66f79695d4 Use core's externallinks lookup
Depends-On: I8ae9ef388957b0c04efa281f3bc3b5796bec17fe
Bug: T326251
Change-Id: I34b4a151f23f834b695b0abba2982681b79f68e7
2023-04-24 15:12:41 +02:00
Umherirrender 6fabca14c8 Use renamed CheckUserInsert*Hook interfaces
Follow-Up: I8d632f2808fde57c977c0ed22531db7b3741beef
Change-Id: I88bee654f80d9c40996ebef75136f310520a496f
2023-04-22 20:06:24 +02:00
jenkins-bot d3b5dbb092 Merge "Add tests for extension.json and services" 2023-04-20 00:48:30 +00:00
Jean-Luc Hassec 9369d08773 When testing against a page creation in RC, set page_id to 0 as in the real filtering
Bug: T334617
Change-Id: Id4465cb36131b745d386168e7e158b6bb4d6418c
2023-04-13 08:55:35 +00:00
Jean-Luc Hassec 6c500f8ea9 Clean up unused DEMPTY data type
Bug: T334640
Change-Id: Ie20d760b6e31a9dc97083d3fe4008fb31c990076
2023-04-13 05:27:38 +00:00
Matěj Suchánek 0628dbdab6 Add tests for extension.json and services
Change-Id: Ie83e4a85a408e1ba1d2cc827c4bf353bdd5500df
2023-03-28 09:35:02 +02:00
jenkins-bot 290dd70bb2 Merge "Replace deprecated database object access methods" 2023-03-27 09:11:46 +00:00
jenkins-bot 9fcf5d92d1 Merge "Use actor table in AbuseFilter" 2023-03-26 00:25:50 +00:00
Matěj Suchánek bb78cb0a56 Use actor table in AbuseFilter
This patch migrates abuse_filter and abuse_filter_history tables
to new actor schema.

MigrateActorsAF was copy-pasted from core's
maintenance/includes/MigrateActors.php before removal (ba3155214).

Bug: T188180
Change-Id: Ic755526d5f989c4a66b1d37527cda235f61cb437
2023-03-22 14:01:29 +01:00
jenkins-bot 25b1820f4c Merge "abusefilter.css: Increase the default abusefilter editor width" 2023-03-15 14:00:30 +00:00
Daimona Eaytoy 31210e66f5 Re-add BC alias for the VariableHolder class
Looks like it's needed for the UpdateVarDumps script, so add a note
about that. Also add a type check to the script so that it produces a
clearer error message if it finds an entity with unexpected type.

Bug: T331861
Change-Id: I68f8f954ed754c4282e13599ce06118e2336ecbb
2023-03-13 13:46:09 +01:00
Matěj Suchánek 8f6a428f02 Replace deprecated database object access methods
Use the very new getPrimaryDatabase and getReplicaDatabase.
We skip FilterLookup and CentralDBManager in this patch.

Change-Id: I22c6f8fa60be90599ee177a4ac4a97e1547f79be
2023-03-08 16:50:56 +01:00
Taavi Väänänen 7789ce1090
UserRenameHandler: Use core RenameUser classes
Bug: T27482
Change-Id: Ia36cd6d0ae8562101f8bcb0ddbf647097b6a8429
2023-03-08 12:53:43 +02:00
TheresNoTime fdcf2aab36 abusefilter.css: Increase the default abusefilter editor width
Increase default widths from `65%` to `90%` for the editor, notes,
description, group inputs.
Add `mw-abusefilter-edit-description-input` id to
`abusefilter-edit-description` TextInputWidget.

Bug: T294856
Change-Id: Ia9472298170740a39fd24864003b766078fcdfaf
2023-02-07 20:59:13 +00:00
Matěj Suchánek 5dbb4792b7 Add styles to display zero contributions link in red
Bug: T327603
Change-Id: I319b69d21f3c6195cd9192285a3f0ec3b52bcfd0
2023-01-24 15:11:19 +01:00
Dreamy Jazz 8e4a1237f1 Hook on privateEvent and logEvent insert hooks like CuChangesInsert
Hook on to CheckUserInsertPrivateEventRow and CheckUserInsertLogEventRow
to override the IP, XFF and User-Agent string when the user is the
abuse filter user for log events.

These two hooks are being added as log entries are being removed from
cu_changes and added into two new tables. Because the columns and their
names are different for these tables, reusing the same hook won't work
for callers that rely on setting values for a specific column name.

Edits and log entries performed by the abuse filter user need to be
marked as being by the software (and not using the IP, XFF and
User-Agent provided in the main request).

These hooks will not be run until the appropriate config is set to
write to the two new tables. Until that point using the one currently
defined hook will work for all actions.

Bug: T324907
Bug: T44345
Depends-On: I7c7754323ade9a8d96273c1742f30b1b5fbe5828
Follow-Up: Idd77545af94f9f9930d9ff38ab6423a72e680df9
Change-Id: Id78417e9d95220946f110afbe1430df5b3bb4f4f
2023-01-08 13:09:52 +00:00
Dreamy Jazz d3d0910bee Add RecentChange as a optional parameter for CheckUser hook
Add RecentChange as a optional parameter to the code that hooks
on CheckUserInsertChangesRow as this hook will soon provide a
RecentChange object if this row was triggered by a RecentChange.
If this row was not triggered by a RecentChange, then this
parameter will be null. This needs to be added before the parameter
is added to the definition of the hook in the CheckUser extension
as the tests will fail if all usages do not already have the new
parameter.

Bug: T324907
Change-Id: I44e54a3fca5558a1cb8d8f06a3990ded863454bc
2023-01-08 13:09:23 +00:00
jenkins-bot 595b0a9969 Merge "Ensure IP, XFF and UA are valid for abuse filter user actions in CheckUser" 2023-01-06 20:51:17 +00:00
jenkins-bot 1ff0e96e38 Merge "Replace VariableHolder::$forFilter" 2023-01-05 21:23:24 +00:00
jenkins-bot 24d797e6cc Merge "Create real integration test for variables" 2022-12-22 02:07:02 +00:00