Commit graph

220 commits

Author SHA1 Message Date
shirayuki b460fa790f Adding trailing dot + comment for grep (24 messages)
Change-Id: I7b532028a2bdbed11f0dfe6cdf4eb4514671294c
2013-03-07 23:03:59 +09:00
Marius Hoch 3a3c738f50 Escape AbuseFilter description properly (disallow wikitext)
Right now the public description of AbuseFilters can contain
wikitext which will be parsed.

With this change the public description will be escaped
everywhere to prevent the parsing of eg. templates on
Special:AbuseFilter/history.

Change-Id: I777cac5fc195819ed296f791d0b8cc3ed2ae9eea
2013-02-05 00:08:20 +01:00
Marius Hoch c4e78e9713 (bug 18174) Added Older and Newer change link to Abusefilter diff
On top of that I changed /history to no longer show the
changes link if it's the first revision of the filter.

As I was on it I fixed the diff selection for diffs like
history/1/diff/2/next where change number 2 was compared
to the last change of the filter instead of the next one.
This probably went unnoticed because the /next action isn't
linked anywhere within the software itself.

Change-Id: Ic28bb696a4dbbb75e0bfcae1843ccefab1a9508a
2013-01-18 10:42:22 +01:00
CSteipp b8b799630b Merge "Properly integrate $wgAbuseFilterValidGroups" 2013-01-07 23:01:48 +00:00
Matthias Mullie 0c174aec42 Properly integrate $wgAbuseFilterValidGroups
The concept of different AbuseFilter groups had not properly been integrated, but should be now:
- The total number of matches is now group-specific
- .. Which will also fix the emergency shutdown calculations
- And a portion of incorrect code (involving $logged_local_filters) has been fixed (action != group)

Change-Id: I091199a9d74aee47dcb3d8942394a28e0ffd3234
2013-01-07 14:42:51 +01:00
Hoo man 25232efb24 Merge "Adding a Link back to Abuse filter management page Added the navigation bar Set page title to 'Editing Abuse filter'" 2013-01-06 20:59:59 +00:00
Adithya Parthasarathy 2128a52a9c Adding a Link back to Abuse filter management page
Added the navigation bar
Set page title to 'Editing Abuse filter'

Change-Id: Ic11846d43587c2241df0635aabf3b9b3fae4056d
2013-01-07 01:55:19 +05:30
Marius Hoch d307970e1e Fixed a PHP notice in Views/AbuseFilterViewEdit.php
Change-Id: I39a6a4b3063dd4c5b07b014940170442c2bbdbe7
2012-12-30 05:02:04 +01:00
Hoo man f10b8eaab5 Merge "Add Permission for Global-Rule Editing" 2012-12-28 01:29:39 +00:00
csteipp cc000576d7 Add Permission for Global-Rule Editing
Add a permission 'abusefilter-modify-global' which an administrator must
have to set global rules in the central database.

By default, this right is not associated with any group.

Change-Id: Ied92f7ffd90cb2d8eeb8f3f26b941edbb22b10d6
2012-12-28 02:27:08 +01:00
Hoo man 7950267f98 Merge "Run filter number through formatNum()" 2012-11-02 21:14:33 +00:00
Hoo man d2568a7d43 Merge "fix php notices" 2012-11-02 19:57:52 +00:00
Aaron Schulz 3fde2a8c75 Merge "Don't revert global log actions" 2012-10-26 22:39:06 +00:00
raymond 3f1b73e5f4 Run filter number through formatNum()
Change-Id: If95bbae4af3d4c5a35ee02f1adadc4040ef36009
2012-10-26 20:27:08 +02:00
Kaldari 6e3c9e4acf Merge "Bug 40672 - Abuse filter: Increase 5% limit to allow filtering for very short posts" 2012-10-25 18:22:52 +00:00
Matthias Mullie 1706ca0832 Bug 40672 - Abuse filter: Increase 5% limit to allow filtering for very short posts
This patchset will make it possible for other extensions to tap into abusefilter with a custom group, and set different tresholds per group.
See https://gerrit.wikimedia.org/r/#/c/29569/

Change-Id: I21d31bdf28e26f3c830652efc08a247db9f7a86c
2012-10-25 20:21:19 +02:00
Amir E. Aharoni d146521d99 (bug 18277) Add GENDER to abusefilter-diff-version
Passed the username parameter to all uses of abusefilter-diff-version.
Added documentation and dummy GENDER to the English message.

Change-Id: Ie4df30cd6bdc8a1451fe42478bdfba5acb05c8d7
2012-10-24 15:00:48 +02:00
Siebrand c94c0e2687 Merge "Resolved two array_map wfMsg FIXMEs" 2012-10-17 22:37:51 +00:00
Krenair 060a1d2cf8 Fix some errors on the main AbuseFilter page
I've been getting some errors on Special:AbuseFilter:
Warning: array_merge(): Argument #2 is not an array in /my/path/to/includes/Sanitizer.php on line 840
Warning: Invalid argument supplied for foreach() in /my/path/to/includes/Linker.php on line 366

This is the fix I came up with for them. I don't know how the previous code ever worked...

Change-Id: Ia6b159f184786d10fb696d267e65ce0530e8c64f
2012-10-14 22:46:55 +01:00
Marius Hoch 636018137b Resolved two array_map wfMsg FIXMEs
Resolved two wfMsg related FIXMEs introduced in
I02ba4ce31b6aca5b7324114093f8ece143abc295 using
foreach loops. (UNTESTED)

Change-Id: I84e9b875b670f9eaa9c8a70e85c3b1b637113033
2012-10-10 19:59:14 +02:00
Siebrand Mazeland 176227e721 Maintenance for AbuseFilter extension.
* Replace deprecated methods.
* Remove no longer needed function fnmatch().
* Remove superfluous newlines.
* Remove unused and redundant local variables and globals.
* Deglobalization.
* Update documentation.
* Fix incorrect return values or add FIXMEs when in doubt.
* Escape output in a few places where needed.
* Remove unneeded MEDIAWIKI constant checks.
* Fix various JSHint/JSLint issues.

Patch Set 11: Merged https://gerrit.wikimedia.org/r/24701 into
this one per Siebrand's request

Change-Id: I02ba4ce31b6aca5b7324114093f8ece143abc295
2012-10-09 22:26:45 +02:00
Matthias Mullie 457c38cc3a fix php notices
Change-Id: I44ec2181ac7f2aea775f17c162838d52524084f8
2012-09-27 12:15:22 +02:00
csteipp 736095adaa Don't revert global log actions
Prevent attempting to revert a global rule's actions, when the action
happened on another wiki.

This is probably a temporary fix. Eventually, we may want to support
having a central administrator revert actions from global rules on
the local wikis.

Change-Id: Idd29596ddc21c37d81528a8ae6ed14367c373c5f
2012-09-12 09:49:13 -07:00
grunny 13bdc746ed Add missing message from the edit view for global filters
This message is used on the edit view when global filters are enabled to specify
whether or not a filter is global.

Patch Set 2: Add comments on where the message is used along with other messages
that can be formed by the concatenated string so they are easier to find

Change-Id: I5d1e99fa1dcaea8ed298affbd6388042f58686ee
2012-09-04 19:13:02 +10:00
csteipp 1973ea6714 Add Global Rules
* Update rules list view to show global rules toggle, global rules
* Update rule processing to get global rules from memcache, if no
rule exists, get them from the central database and store them in
memcache
* Delete global rule key whenever global rules are updated
* Add filtering for log by wiki on the central database, updated
table definitions to add index on afl_wiki
* Add global $wgAbuseFilterDisallowGlobalLocalBlocks so local wikis
can prevent global rules from locally blocking, removing or revoking
permissions.

* patchset 13: Include recommendations from Tim. Add db updates to
LoadExtensionSchemaUpdates hook.
* patchset 14: forgot to add new files

Change-Id: Id69a9d603f9679f838e8691c651a3e9d8461b422
2012-08-27 03:30:07 +00:00
Liangent 1b7994b3bd Use a new message for subtitle of edit view when creating filter
Change-Id: Ie956ce2954e8f2507191677561fe68b548eddba5
2012-07-02 01:43:47 +08:00
Andrew Garrett 18bac6fed9 AbuseFilter: Make it possible to have differing default warning messages for differing filter groups.
Includes JS to sneakily change the default message if the user changes the filter group without having selected the "warn" action yet.

Change-Id: Ic753c3e018321dba3bf9f6d7bcee10a49c9faac8
2012-06-26 21:56:30 +02:00
Andrew Garrett b8ef2830bb Add some documentation improvements to Views/AbuseFilterViewEdit.php
Change-Id: I1f6fa1ff32b6fb1d71f99b0d456972c4ecaed29c
2012-06-17 23:03:39 +02:00
Alex Monk 5a05bb7e47 (bug 37335) Let people with abusefilter-view-private see diffs for changes to private abusefilters.
Change-Id: I0db040f327ed501714f70ede4abc3654799973f5
2012-06-07 16:55:09 +01:00
Andrew Garrett dc207d0cbd Abuse Filter: Allow filters to be split into "groups" for the purposes of operating them on different types of input.
The purpose of this change is to allow AFTv5 developers to run a separate list of filters against article feedback actions without issues of cross-contamination and bumping up against the condition limit.

Change-Id: I758795f01eaf3ff56c5720d660cd989ef95764a7
2012-05-12 12:53:32 +10:00
Sam Reed 69e582dc17 More documentation stubs
Fix Html::inputLabel to Xml::inputLabel

Fix up some deprecated code

Change-Id: If6503b1794d89666206802591094949e5d715ac1
2012-03-26 16:03:23 +02:00
Roan Kattouw 6c4bd57043 Revert r111217 (unreviewed rev in AbuseFilter) and its dependencies r113585, r113587, r113588, r113589.
All of these revisions are tagged with 'gerritmigration' and will be resubmitted into Gerrit after the Gerrit switchover. See also http://lists.wikimedia.org/pipermail/wikitech-l/2012-March/059124.html
2012-03-21 19:41:11 +00:00
Sam Reed 05a9d4d061 More documentation stubs
Fix Html::inputLabel to Xml::inputLabel

Fix up some deprecated code
2012-03-11 20:51:54 +00:00
Sam Reed 642200ea1c Add some more __METHOD__ 2012-02-29 15:36:10 +00:00
Andrew Garrett e2479d45da (bug 33392) Fix issue where users without permission to add restricted actions could nonetheless remove them. Patch by Nikola Kovacs, with modifications for code style. 2012-02-08 01:02:11 +00:00
Sam Reed 1b383fe0ae Fix r98659 per Nikerabbit 2012-01-13 20:41:16 +00:00
Sam Reed a084822a88 Documentation
Remove unreachable return

Remove unused globals
2012-01-05 20:31:02 +00:00
Mark A. Hershberger 4e8be82722 Bug 33380 - Details of actions caught by a private filter should be private
Author: Nikola Kovacs

Hide private information from logs
2012-01-03 17:29:10 +00:00
Mark A. Hershberger a4858a5109 Fix Bug 33390 - Examine page is visible for hidden log entries
Fix Bug 24186 - "Examine" page is visible to users without abusefilter-log-detail right
Author: Nikola Kovacs

There was a more complex patch on Bug 24186, but I think he makes a
good argument why his is better.

Beware: I'm not set up to test AbuseFilter, but I didn't see anyone
else in core MW who regularly works on it.
2011-12-27 23:35:24 +00:00
Liangent c576289635 Followup r100969: There may be Mac newlines as well. 2011-12-10 08:40:11 +00:00
Victor Vasiliev 0f89170b4e Fix a syntax error caused by using the same variable name for two different things. 2011-11-27 08:58:46 +00:00
John Du Hart 7cf809bb0e Changes from r103817 2011-11-22 16:08:18 +00:00
John Du Hart 274dcd06a2 Pass one of converting AbuseFilter to use ContextSource
The main AbuseFilter class still needs to be fixed up, but that's a bigger job and I'm out of time
2011-11-16 05:34:24 +00:00
Liangent 44f71ac0b7 Normalize newline before exploding by "\n" 2011-10-27 12:50:48 +00:00
Liangent 8ac1b4c619 Newline to <br> replacement should take place after escaping 2011-10-27 12:17:48 +00:00
Raimond Spekking 4e578cac93 Run some filter IDs through formatNum() for better l10n 2011-10-17 07:56:05 +00:00
Andrew Garrett 4a37f1b892 Respond to CR on r96225: use rawParam 2011-10-02 07:06:38 +00:00
Andrew Garrett 137e0ece3a Do not use replaceafter, per r52735 CR 2011-09-04 14:12:18 +00:00
Siebrand Mazeland 8ecd76b867 Use Linker statically.
No constant check needed for files only containing a class.
2011-09-02 15:34:55 +00:00
John Du Hart b30697e94c Adds ResourceLoader support to AbuseFilter
Rewrote javascript to use jQuery
Added API modules to replace sajax_* calls
Solves bug 29714
2011-08-26 20:12:34 +00:00
Sam Reed a9e738f099 More document
Few minor code improvements
2011-08-24 22:11:52 +00:00
John Du Hart e6e286ba31 (bug 30480) Fixes AbuseFilter's tool page from having its own subtitle, it shoudl have the navigation bar instead 2011-08-22 21:52:07 +00:00
Robin Pepermans b7881fc102 (bug 25898) AbuseFilter: clearer permission error when attempting to view diff of private filter
Also change some link functions to use Linker::link*
2011-07-14 04:57:29 +00:00
Robin Pepermans f4750e9250 (bug 23086) AbuseFilter config diff date and time should use user preference instead of UTC 2011-07-06 23:14:04 +00:00
Happy-melon 12e1428629 * Implement an extensible Block::prevents( <action> ) function to replace the plethora of direct member variable accesses This pushes the historic *disable*-createaccount-vs-*allow* usertalk-edit wierdness down to the database layer
* Implement accessors for isHardblock() and getRangeStart()/getRangeEnd() in the same fashion.
* Make the corresponding variables private, removing external accessors.  This required updating AbuseFilter with non-B/C code, so I also implemented the rest of the changes I've made to the blocking backend in that extension.
* Move the "get an IP range which encompasses the given IP/range" logic to Block.php; will be needed later... :D
2011-03-19 23:47:08 +00:00
Sam Reed 6d548203f7 Parameter and Return Type hints 2011-02-10 17:32:57 +00:00
Sam Reed a0a6d18b88 Code cleanup, mainly unused variables 2010-11-04 01:29:10 +00:00
Sam Reed 6098610527 Another big cull on unused variables and such 2010-10-29 21:55:29 +00:00
Sam Reed 961f512452 More deprecated method call removals and updates 2010-10-29 15:32:44 +00:00
Sam Reed cf800e4c18 Start removing/fixing calls to deprecated methods in WMF used extensions 2010-10-29 15:14:44 +00:00
Jack Phoenix 5e0330c6cc AbuseFilter: coding style tweaks, changed some while loops to foreach (as per http://www.mediawiki.org/wiki/Manual:Coding_conventions#Assignment_expressions) and added __METHOD__ to one DB query 2010-08-19 21:12:09 +00:00
Sam Reed 485a5b0856 Minor revert of CentralNotice.db.php
Add some braces

Remove more unused variables
2010-07-26 21:55:18 +00:00
Sam Reed bfeb901839 Remove some more unused variables 2010-07-24 21:32:07 +00:00
Sam Reed 6981886b50 Nuke some more unused globals 2010-07-24 21:12:27 +00:00
Aryeh Gregor ed5b83e6ac Remove most named character references from output
Recommit of r66254 to trunk.  This was just

find extensions phase3 -iname '*.php' \! -iname '*.i18n.php' \! -iname 'Messages*.php' \! -iname '*_Messages.php' -exec sed -i 's/&nbsp;/\&#160;/g;s/&mdash;/―/g;s/&bull;/•/g;s/&aacute;/á/g;s/&acute;/´/g;s/&agrave;/à/g;s/&alpha;/α/g;s/&auml;/ä/g;s/&ccedil;/ç/g;s/&copy;/©/g;s/&darr;/↓/g;s/&deg;/°/g;s/&eacute;/é/g;s/&ecirc;/ê/g;s/&euml;/ë/g;s/&egrave;/è/g;s/&euro;/€/g;s/&harr;//g;s/&hellip;/…/g;s/&iacute;/í/g;s/&igrave;/ì/g;s/&larr;/←/g;s/&ldquo;/“/g;s/&middot;/·/g;s/&minus;/−/g;s/&ndash;/–/g;s/&oacute;/ó/g;s/&ocirc;/ô/g;s/&oelig;/œ/g;s/&ograve;/ò/g;s/&otilde;/õ/g;s/&ouml;/ö/g;s/&pound;/£/g;s/&prime;/′/g;s/&Prime;/″/g;s/&raquo;/»/g;s/&rarr;/→/g;s/&rdquo;/”/g;s/&Sigma;/Σ/g;s/&times;/×/g;s/&uacute;/ú/g;s/&uarr;/↑/g;s/&uuml;/ü/g;s/&yen;/¥/g' {} +

followed by reading over every single line of the resulting diff and
fixing a whole bunch of false positives.  The reason for this change is
given in <http://lists.wikimedia.org/pipermail/wikitech-l/2010-April/047617.html>.
I cleared it with Tim and Brion on IRC before committing.  It might
cause a few problems, but I tried to be careful; please report any
issues.

I skipped all messages files.  I plan to make a follow-up commit that
alters wfMsgExt() with 'escapenoentities' to sanitize all the entities.
That way, the only messages that will be problems will be ones that
output raw HTML, and we want to get rid of those anyway.

This should get rid of all named entities everywhere except messages.  I
skipped a few things like &nbsp that I noticed in manual inspection,
because they weren't well-formed XML anyway.

Also, to everyone who uses non-breaking spaces when they could use a
normal space, or nothing at all, or CSS padding: I still hate you.  Die.
2010-05-30 17:33:59 +00:00
Raimond Spekking de5b7258b9 Add accesskeys 's' for save actions 2010-03-13 17:35:12 +00:00
Raimond Spekking ac8439bd8a Use commaList() for better i18n 2010-03-13 17:23:08 +00:00
Siebrand Mazeland b274606879 Update code formatting, run stylize.php, whitespace updates 2010-02-13 14:10:36 +00:00
Siebrand Mazeland e86b1357ac Update break notation to self enclosed and properly spaced 2009-11-14 20:59:15 +00:00
Jack Phoenix e2a16fe755 AbuseFilter: big commit - coding style & spacing cleanup; also marked SpecialPages' construct() and execute() functions as public and capitalized some SQL keywords 2009-10-07 13:57:06 +00:00
Andrew Garrett 13ab814753 AbuseFilter: Show permissions errors on new filter and importing a filter when the user does not have permission.
Resolves bug 20467
2009-09-18 10:05:20 +00:00
Andrew Garrett 6133a51192 Fix bug 19799, hide public versions of private filters. 2009-08-07 16:13:06 +00:00
Andrew Garrett 5524008a54 Fix bug 20033, error in AbuseFilterView.php 2009-08-03 10:17:29 +00:00
Andrew Garrett c89fb0e608 Fix for bug 19894, now preview and view/edit buttons for warning messages are no longer disabled for unprivileged users. 2009-07-27 10:48:07 +00:00
Andrew Garrett 94a9b2b174 Require tags to be valid page titles. In the message, gives general recommendations that they be short and simple, rather than specifying the exact criteria. I want to encourage simplicity in tags, rather than fixing an immediate problem 2009-07-17 15:37:03 +00:00
Andrew Garrett d69a31acb3 Fix weird bug where unchanged conditions were being parsed as wikitext in diff displays, and usage of deprecated method 2009-07-17 14:03:11 +00:00
Andrew Garrett 5c08223f77 Fix bug 18176, hard-coded JS strings needed localisation. 2009-07-17 13:52:40 +00:00
Andrew Garrett 4e3f9ab256 Add abusefilter-view-private right for viewing private abuse filters. Patch by Haza-w with stylistic and other minor adjustments 2009-07-03 14:17:05 +00:00
Andrew Garrett fb9d1978cf Change disabled to readonly for textboxes on uneditable filters 2009-07-03 13:54:08 +00:00
Andrew Garrett 3c51c81c93 Add condition limit profiling as well as time profiling to the abuse filter (bug 19256) 2009-07-03 13:46:51 +00:00
Andrew Garrett 0d97b9e140 GENDER support for abusefilter-diff-version 2009-07-03 12:55:10 +00:00
Andrew Garrett 98fb7d2689 log_action field now expanded to 32 chars, re-activating change logging 2009-07-03 12:48:28 +00:00
Andrew Garrett 924b9f19ba Core changes for r52307 2009-06-23 21:52:39 +00:00
Victor Vasiliev eecea2cd0e Fix SQL error on sorting filters by status 2009-06-18 15:19:58 +00:00
Andrew Garrett 695a2aad56 Fixes from bug 19135:
* Load abuse filter data from the master for edits, prevents unintended reversion in the case of replication lag.
* Load explicit field list, preventing another issue seen on Wikimedia and described in the comments.
2009-06-17 11:50:26 +00:00
Andrew Garrett 3018de0453 Per comments on code review, use JSON instead of PHP serialization for Abuse Filter data interchange. PHP's unserialize() can expose remote code execution vulnerabilities with some input. 2009-06-02 12:59:05 +00:00
Purodha B Blissenbach b6b6c154c8 Message 'abusefilter-edit-lastmod-text' - date and time separated as of request by user "Der Umherirrende" at
http://translatewiki.net/w/i.php?title=Support&oldid=1243738#split_date_and_time
and user name added for GENDER use.
2009-06-01 23:15:23 +00:00
Andrew Garrett 48bfcc35ee Various code quality fixes for AbuseFilter suggested by Tim Starling in a private email, including bugfixes, memory safeguards, performance improvements, removal of redundant code, consolidation of similar functionaality. 2009-05-26 13:08:15 +00:00
Siebrand Mazeland e454269bfc Proper casing for getDBkey() 2009-05-24 08:33:57 +00:00
Tim Starling 268d72f43b Code formatting and comments. 2009-05-22 06:42:10 +00:00
Andrew Garrett 32aedf1644 (bug 18077) PostgreSQL compatibility issues in AbuseFilter, patch contributed by Brad Jorsch 2009-04-24 03:27:14 +00:00
Andrew Garrett d00d767207 Allow filtering by page on AbuseFilter batch testing interface 2009-04-23 04:30:17 +00:00
Andrew Garrett 1a0fc0fea9 Add import/export interface for filters so that filters can be copied across wikis 2009-04-23 04:23:56 +00:00
Andrew Garrett 7c3f048fff Usability work, making abuse filter forms readonly (rather than just lacking a submit button and rejecting submissions) for users without permission. 2009-04-01 04:34:21 +00:00
Andrew Garrett 186fc67373 Crackdown on filter evaluation by users unable to modify filters. This is a DoS vector which I thought I'd already plugged. 2009-03-31 15:13:26 +00:00
Andrew Garrett 14b850f891 Implementation of global filters, including a major i18n change for abusefilter-log-detailedentry message (rename and split). Needs further testing before deployment 2009-03-30 06:12:12 +00:00
Andrew Garrett 9d9c666fea Remove accidentally-committed code in r48856 2009-03-26 04:44:47 +00:00
Andrew Garrett 920f04d4fa Fix batch-testing (follow-up to r48855) 2009-03-26 04:41:05 +00:00
Andrew Garrett 32c83009e3 Fix examine interface, was broken for a while 2009-03-25 02:53:23 +00:00
Andrew Garrett 2eaf10edde Make changes link for first filter revision link to the history item (bug 18027) 2009-03-22 23:27:27 +00:00