Commit graph

151 commits

Author SHA1 Message Date
Paladox b3081e1798 Update mediawiki/mediawiki-codesniffer to 0.5.1
Change-Id: I4b2055a76db4362a8136e3fd595228cf07d083a9
2016-08-23 16:18:27 +02:00
jenkins-bot 6bd39475bb Merge "Only run filters once for direct uploads (without stash)" 2016-08-11 04:44:52 +00:00
Kunal Mehta 722550e431 Remove 'UnitTestsList' hook
Extension unit tests are now autodiscovered.

Bug: T142120
Change-Id: I45dc300b24d27e2a36533600e1232ee56b76b2b8
2016-08-04 13:16:06 -07:00
Bartosz Dziewoński f2e05b105b Only run filters once for direct uploads (without stash)
Uses the new UploadStashFile hook.

Bug: T140522
Depends-On: I2f574b355cd33b2e9fa7ff8e1793503b257cce65
Change-Id: Ic7c2dbc54c6ad300d26172796ee21027a8c372ee
2016-08-03 16:30:18 +02:00
Glaisher 67a62093c7 Generate user vars from User passed by hook instead of $wgUser in onArticleDelete
$wgUser causes issues when it is not properly set when doing deletions in jobs and we want to
generate variables for the deletion performer anyway. WikiPage::doDeleteArticleReal already
ensures that $wgUser is only used when the performer is not set. Also updated docs.

Bug: T138571
Change-Id: If4895fe86acfd1dc2c439837df3830f9b2214336
2016-07-23 14:30:17 +05:00
Bartosz Dziewoński 1826d39620 Use custom error code for all edit and upload API responses
The error code 'abusefilter-disallowed' or 'abusefilter-warning' is
used, depending on whether the filter only warns (and will allow the
action when retried) or prevents the user from performing the action.
The API response has been extended with some additional properties.

* For simple filters with no custom messages where the only action is
  'disallow' or 'warn', the error code is the same as before.
* For filters with different actions, different error codes would
  previously be returned; 'abusefilter-disallowed' will be returned
  for them all, with the actions taken listed in the
  .abusefilter.actions property of the API response.
* For filters with custom messages, the message key would previously
  be used as the error code; now 'abusefilter-disallowed' or
  'abusefilter-warning' is used, with the message available in the
  .message property of the API response.

Also cleaned up some dead "forwards-compatibility" code and made a
recently introduced public method private.

The new functionality depends on Ifac8995a4d16d11840cee814177fc2808bc2072c
in MediaWiki core, older MediaWiki versions behave mostly as before.

The new .message property contains both the key and the parameters
duplicated from .abusefilter, so that the client doesn't have to know
what AbuseFilter is - it'll be able to just display the given
message with the given parameters. My specific use case is the upload
dialog in core (core shouldn't have to know about any extensions).

See also TitleBlacklist change I97c1f5c6bbbdfc0b8ea9914bb075d5299c14df8f.

Bug: T137961
Change-Id: I5780eae96930211191ecd874aacf53fdacb58f89
2016-07-11 19:20:19 +00:00
jenkins-bot e49bd1bdba Merge "Provide page text and edit summary when filtering file uploads" 2016-07-11 19:12:52 +00:00
Bartosz Dziewoński 069e0c89a5 Provide page text and edit summary when filtering file uploads
This allows filters using `action='upload'` to use the variables
`summary`, `new_wikitext` and several others that previously were only
provided when editing pages (`action='edit'`).

This is achieved using the new UploadVerifyUpload hook, introduced in
MediaWiki core in change Ie68801b307de8456e1753ba54a29c34c8063bc36.

`action='upload'` is now only used when publishing an upload, and not
for uploads to stash. A new `action='stashupload'` is introduced,
which is used for all uploads, including uploads to stash. This
behaves like `action='upload'` used to, and only provides file
metadata variables.

Filter authors should use `action='stashupload'` when a file can be
checked based only on the file contents, and `action='upload'` only
when the wikitext edit needs to be examined too.

Bug: T87381
Bug: T89252
Bug: T139848
Change-Id: I9654f82ecda82e4917fd0ac6b364b947a1434c73
2016-07-09 13:31:15 +00:00
Aaron Schulz 4091c87bad Remove "minor_edit" variable
This is almost never used and greatly complicates edit stash hooks.
It now always set to false.

Change-Id: I7f13773766e12f3d4b86451fdf3ae23e067ac373
2016-06-27 13:07:14 -07:00
Aaron Schulz 6af0857c55 Move the filter pre-caching outside of the DB lock
Edits should not wait on this to finish, especially since it does
both the minor and non-minor edit cases, only one of which actually
being useful. If the cache is there in time and there is no edit
summary it will be used; if not, there probably no reason to wait.

Bug: T138550
Change-Id: Ifc3b97ddf4dbb94f8ec3eacfcd5c8994c69aafbc
2016-06-27 11:30:29 -07:00
Bartosz Dziewoński b053963b87 Minor code quality tweaks
Change-Id: If34e763e7cc82917c8611ec638972d20f559a601
2016-06-20 19:10:57 +02:00
Bartosz Dziewoński c03ac953ad Remove backwards-compatibility code using APIEditBeforeSave hook
It was only needed for MediaWiki prior to 1.25
(09a5febb7b024c0b6585141bb05cba13a642f3eb).
We no longer support those versions after
d527574d2b.

Bug: T137832
Change-Id: I9d0b7e7713c805ebc7bf59f55456e69c6491e265
2016-06-17 01:45:29 +02:00
Aaron Schulz e91939fb3f Cache AbuseFilter::checkAllFilters during edit stashing
This should improve page save times when manual edit summaries are
not used (and in a few cases, where they are).

Also fix a few annoying IDEA errors with block comments.

Bug: T137698
Depends-On: I2e407a3ac8b74e77bf88b1e34c1519f4dea63b80
Change-Id: I972e9147a5e52a941f478eaf1e96dc3ef8bdfe94
2016-06-14 04:26:14 -07:00
Gergő Tisza ed5cc1b5fc Update for AuthManager
Repeats I61e4327ef3c7a31b19feef727de7d683f69e260b (which had to be
reverted due to a problem with an ancestor patch) without any
significant change.

Bug: T110448
Bug: T135360
Change-Id: I1688cf9fbcb04bb56d075c9f0876bd0ffeced4f6
2016-06-06 19:54:26 +00:00
Gergő Tisza 6a2627e944 Change some globals to work better with extension registration
Rename $wgAbuseFilterAvailableActions / $wgAbuseFilterRestrictedActions
to $wgAbuseFilterActions / $wgAbuseFilterRestrictions and make
them an associative array instead of a plain one, as that works more
sanely with extension registration. (The renaming helps to give more
useful errors to sites using the old config.)

Change-Id: I790d39c2849922d7daf7479f298cd90cf30af129
2016-06-06 19:53:53 +00:00
Gergő Tisza 8cc1aa78bf Revert extension registration and following changes
Reverts:
* e71808f4c4 ("Add extension.json, empty php entry point")
* 8c937957c0 ("Update for AuthManager")

Bug: T136929
Change-Id: Iefc88cb4e981113119f850ca70b9486675bf8a8d
2016-06-03 14:57:55 +00:00
Gergő Tisza 8c937957c0 Update for AuthManager
Bug: T110448
Bug: T135360
Change-Id: I61e4327ef3c7a31b19feef727de7d683f69e260b
2016-05-28 18:42:28 +00:00
Aaron Schulz 51b572a27a Make negative process caching in onGetAutoPromoteGroups() work
Storing "false" is not allowed, so this resulted in duplicate fech log
warnings in that case.

Bug: T133728
Change-Id: I985700f8c42773569e53b54820b972e50be776ba
2016-05-16 19:03:39 +00:00
Aaron Schulz 5f34ea278a Remove bogus AbuseFilter::contentToString param
Change-Id: I53e9ad12418b6cb2605b8d4189be43e0091a0aff
2016-05-12 21:17:51 -07:00
Aaron Schulz 2807b5883a Avoid duplicate autopromote block key fetches
Bug: T133728
Change-Id: Ia3a955547e8147e92c7ca9782e399f9abd6d3949
2016-05-05 19:14:19 +00:00
Bartosz Dziewoński 8e48a8eb37 Avoid crippled APIEditBeforeSave hook, use new features of EditFilterMergedContent instead
Back when APIEditBeforeSave was being introduced here, it was
impossible to return error data for API requests from it (T34216). But
this hook runs a lot earlier than EditFilterMergedContent, and only
gives us the text submitted in the action=edit API call and not the
actual text that's going to be saved, which are different for section
edits (T54077) or edits where an edit conflict is automatically
resolved (T73947).

T54077 was solved by making the APIEditBeforeSave lie that there are
no sections edits in the API. Perhaps T73947 could also be resolved by
lying that there are no edit conflicts in the API, but it seemed that
this would require duplicating even more logic from EditPage in the
API than T54077.

And luckily, EditFilterMergedContent recently gained the ability to
return precise error messages to the API (in MediaWiki 1.25,
I4b4270dd868a643512d4717927858b6ef0556d8a). So let's use that if
available and only fall back to APIEditBeforeSave on older versions.

Bug: T73947
Change-Id: I30c1e3d0a6c10888e6ac53745313434474663cce
2016-04-09 01:16:28 +00:00
Bartosz Dziewoński 6298c91bde Remove executable bit from files
find . -perm /111 -type f | grep -v .git | xargs chmod ago-x

Change-Id: I1e5994ba0a74eafdeff262017f90d4c0f09f3ab4
2016-04-08 14:00:52 +00:00
jenkins-bot ff09b901d8 Merge "Add more file_* variables for file metadata" 2016-04-05 19:38:06 +00:00
Bartosz Dziewoński 8858cdd42a Add more file_* variables for file metadata
* file_mime
  The MIME type of the file, e.g. 'image/png'.

* file_mediatype
  The media type of the file, one of 'UNKNOWN', 'BITMAP', 'DRAWING',
  'AUDIO', 'VIDEO', 'MULTIMEDIA', 'OFFICE', 'TEXT', 'EXECUTABLE', 'ARCHIVE'.

* file_width
  Width of the image in pixels, or 0 if it's inapplicable (e.g. for
  audio files).

* file_height
  Height of the image in pixels, or 0 if it's inapplicable (e.g. for
  audio files).

* file_bits_per_channel
  Bits per color channel of the image, or 0 if it's inapplicable (e.g.
  for audio files). The most common value is 8.

Bug: T131643
Change-Id: Id355515a18d3674393332c0f4094e34f9f522623
2016-04-04 23:40:03 +02:00
Reedy f2715ee51c Save upload related title vars in ARTICLE prefix not FILE
We don't define FILE_* as useable title variables, so they're
not accessible

Change-Id: I857b55937204c9ecd2bbd433a33f360b7d3e3aa7
2016-04-02 23:13:38 +01:00
Marius Hoch b2ae8af263 Don't filter undos coming in via the "APIEditBeforeSave" hook
For consistency with other hooks.

Bug: T126861
Change-Id: I087276495c6f5f7fb01855aee3798516869e1a3e
2016-03-17 19:51:16 +00:00
Brad Jorsch c0c4e390b9 Avoid unstubbing $wgUser during AbortAutoAccount hook
At this point $wgUser->getId() will be 0 anyway because the $wgUser is
in the process of being created, so skip the call.

Bug: T124367
Change-Id: I4c6c999f1799db6ff21db3d9df537da643442d27
2016-02-08 19:06:59 +00:00
Aaron Schulz ff18e8a06c Compute last-recent-authors result during edit stashing
This query takes a large chunk of page save time (per xenon).
Try to perform the query before page save.

Bug: T116557
Change-Id: I50432658d387b24e47db7ed66880e53c3e4adee7
2016-01-28 21:11:39 +00:00
Siebrand Mazeland ce1396aea7 Add support for PHP CodeSniffer checks
Also fix any remaining errors and warnings.

Change-Id: Ie49c6172e6bbf8040e5524d33d2f719e96784745
2016-01-06 09:59:47 -08:00
Reedy 50736dbfcb Replace wfBaseConvert with Wikimedia\base_convert
Change-Id: Id31638973bff5c8e6a8b5910e31bdedc9bf11134
2015-11-26 23:28:43 +00:00
Niklas Laxström 622be7f9de Remove unnecessary check for MW_SUPPORTS_CONTENTHANDLER
This extension already requires 1.23+

Change-Id: Ie23339ffeaf6d6a9613b1b9c3929db0bccae65c8
2015-11-23 11:17:37 +01:00
Niklas Laxström df6cde026c Remove EditFilterMerged BC code
This extension already requires 1.23+

Change-Id: Ie56d701c1663a280372caaf71560dfdca7500619
2015-11-23 11:17:34 +01:00
Niklas Laxström 6354f6047a Fix typo in comment and remove unnecessary BC
This extensions already requires 1.23+

Change-Id: Iecb8067d43a38b531b46802ea53abfde20f66cef
2015-11-23 11:17:32 +01:00
jenkins-bot 2b2ebc2c10 Merge "Include global filters in defined and active tags lists" 2015-10-20 17:20:08 +00:00
Brad Jorsch 99652db13d Include global filters in defined and active tags lists
Bug: T105329
Change-Id: I9ea8e0450e8d75de8ce3b00cd7df5960c9521d97
2015-09-25 10:24:51 -04:00
Brad Jorsch a926b2b44f Use new User::newSystemUser() when available
See core change I2c736ad72d946fa9b859e6cd335fa58aececc0d5.

Change-Id: I3f20b408c039937c1f08c9232c336268ba13895d
2015-09-17 11:55:15 -04:00
Ori Livneh e008e68b5f Only check for auto-promote block if there is a promotion to block
Save the trip to Redis and back in that case.

Change-Id: I0f4d7292faa2330059d7b61325f2948715c86bf1
2015-08-05 17:18:49 -07:00
Aaron Schulz 9ffa400322 Conversion to using getMainStashInstance()
Bug: T97620
Change-Id: I7fc2c0a42bf295d71b9e0721ab4261290334cdec
2015-06-24 20:18:22 +00:00
cenarium 8bf9c62cbe Don't define tags from deleted filters
Tags from deleted filters are excluded when the list of tags
is fetched. So they aren't defined by the extension and can
be deleted. They are excluded in all cases just to be sure.

Bug: T90349
Change-Id: I41ec5203f689b4eb6ccf1f85ca9560a8c272705c
2015-02-26 03:50:14 +01:00
This, that and the other e00c245beb Implement ChangeTagsListActive hook
This allows users to visit Special:Tags or use the API to see
which change tags are still in active use.

The ChangeTagsListActive hook was introduced to core in
I77f476c8d0f32c80f720aa2c5e66869c81faa282

Change-Id: I456da1d151b576a4b4b62569a7804e3a3dd5e611
2015-02-04 19:22:00 +00:00
se4598 323848c2f3 parse AF error message on action delete
parse the error message, so wikitext gets HTML for display

Bug: T87586
Change-Id: I5bd5ea19283319fd3e1e884c66992d038ea1b19d
2015-01-26 20:36:56 +01:00
Kunal Mehta 68639158f8 Add file_size variable
To be able to filter on extremely large uploads

Change-Id: Id4c4c0f900ba6b91579211b8412ee194f09f6118
2015-01-07 20:56:53 -08:00
Kunal Mehta 8ed29d19b6 Use MovePageCheckPermissions hook if possible
Change-Id: Ic5026384b92a0d68d628397ffe1de6e5b6183f02
2014-10-27 16:13:58 -07:00
Kunal Mehta 0a79fa054f Add hook subscriber for UserMergeAccountFields
Bug: 67757
Change-Id: Ibd77e7169c29f0757bc57fb1d0d13f765706d57e
2014-09-16 21:25:13 +00:00
Jackmcbarn 9a2f79cc0a Only skip apparent null-edits when the page exists
Bug: 70675
Change-Id: I161bc61eb89702e273fef58932f8fb1c150257af
2014-09-10 17:35:02 -04:00
Kunal Mehta d962b418a9 Add "abusefilter-bypass" userright as a hack for GlobalRename page moves
GlobalRename is having its page moves stopped by AbuseFilter rules
that shouldn't affect it at all. This is a temporary hack until
something like bug 67936 is fixed.

This is less evil than unsubscribing AbuseFilter from $wgHooks IMO.

Change-Id: I6b301fda119be167d3f092d86ba5914289045fab
2014-07-22 23:04:40 -07:00
se4598 03f18d2578 abuse_filter_log table only uses tinyint not int for namespace ID
Bug: 31397
Change-Id: Ifb1275798a8dc383d37743fb75b93d162360424c
2014-03-04 02:24:27 +00:00
Marius Hoch 044d86b276 Check whether AbuseFilter::$editboxName is set before using it
Bug: 60981
Change-Id: I6b769d05865ea0865c6e0e9837968014c6ea70c3
2014-02-07 16:05:52 +01:00
Siebrand Mazeland 84d5cd33a2 Remove unused local variables
Change-Id: If708a112ae6df070da19f52682f0e2b19fe67959
2013-10-14 21:39:35 +02:00
Jackmcbarn 89b600a44e Avoid connecting to central database when not necessary
When using SQLite, this fails entirely. But it's a good idea for all
databases.

Bug: 54078
Change-Id: I2cc2e57d812fe87ffc227477425029c1e9b15543
2013-09-18 16:26:22 +00:00