Commit graph

132 commits

Author SHA1 Message Date
Aaron Schulz 2807b5883a Avoid duplicate autopromote block key fetches
Bug: T133728
Change-Id: Ia3a955547e8147e92c7ca9782e399f9abd6d3949
2016-05-05 19:14:19 +00:00
Bartosz Dziewoński 8e48a8eb37 Avoid crippled APIEditBeforeSave hook, use new features of EditFilterMergedContent instead
Back when APIEditBeforeSave was being introduced here, it was
impossible to return error data for API requests from it (T34216). But
this hook runs a lot earlier than EditFilterMergedContent, and only
gives us the text submitted in the action=edit API call and not the
actual text that's going to be saved, which are different for section
edits (T54077) or edits where an edit conflict is automatically
resolved (T73947).

T54077 was solved by making the APIEditBeforeSave lie that there are
no sections edits in the API. Perhaps T73947 could also be resolved by
lying that there are no edit conflicts in the API, but it seemed that
this would require duplicating even more logic from EditPage in the
API than T54077.

And luckily, EditFilterMergedContent recently gained the ability to
return precise error messages to the API (in MediaWiki 1.25,
I4b4270dd868a643512d4717927858b6ef0556d8a). So let's use that if
available and only fall back to APIEditBeforeSave on older versions.

Bug: T73947
Change-Id: I30c1e3d0a6c10888e6ac53745313434474663cce
2016-04-09 01:16:28 +00:00
Bartosz Dziewoński 6298c91bde Remove executable bit from files
find . -perm /111 -type f | grep -v .git | xargs chmod ago-x

Change-Id: I1e5994ba0a74eafdeff262017f90d4c0f09f3ab4
2016-04-08 14:00:52 +00:00
jenkins-bot ff09b901d8 Merge "Add more file_* variables for file metadata" 2016-04-05 19:38:06 +00:00
Bartosz Dziewoński 8858cdd42a Add more file_* variables for file metadata
* file_mime
  The MIME type of the file, e.g. 'image/png'.

* file_mediatype
  The media type of the file, one of 'UNKNOWN', 'BITMAP', 'DRAWING',
  'AUDIO', 'VIDEO', 'MULTIMEDIA', 'OFFICE', 'TEXT', 'EXECUTABLE', 'ARCHIVE'.

* file_width
  Width of the image in pixels, or 0 if it's inapplicable (e.g. for
  audio files).

* file_height
  Height of the image in pixels, or 0 if it's inapplicable (e.g. for
  audio files).

* file_bits_per_channel
  Bits per color channel of the image, or 0 if it's inapplicable (e.g.
  for audio files). The most common value is 8.

Bug: T131643
Change-Id: Id355515a18d3674393332c0f4094e34f9f522623
2016-04-04 23:40:03 +02:00
Reedy f2715ee51c Save upload related title vars in ARTICLE prefix not FILE
We don't define FILE_* as useable title variables, so they're
not accessible

Change-Id: I857b55937204c9ecd2bbd433a33f360b7d3e3aa7
2016-04-02 23:13:38 +01:00
Marius Hoch b2ae8af263 Don't filter undos coming in via the "APIEditBeforeSave" hook
For consistency with other hooks.

Bug: T126861
Change-Id: I087276495c6f5f7fb01855aee3798516869e1a3e
2016-03-17 19:51:16 +00:00
Brad Jorsch c0c4e390b9 Avoid unstubbing $wgUser during AbortAutoAccount hook
At this point $wgUser->getId() will be 0 anyway because the $wgUser is
in the process of being created, so skip the call.

Bug: T124367
Change-Id: I4c6c999f1799db6ff21db3d9df537da643442d27
2016-02-08 19:06:59 +00:00
Aaron Schulz ff18e8a06c Compute last-recent-authors result during edit stashing
This query takes a large chunk of page save time (per xenon).
Try to perform the query before page save.

Bug: T116557
Change-Id: I50432658d387b24e47db7ed66880e53c3e4adee7
2016-01-28 21:11:39 +00:00
Siebrand Mazeland ce1396aea7 Add support for PHP CodeSniffer checks
Also fix any remaining errors and warnings.

Change-Id: Ie49c6172e6bbf8040e5524d33d2f719e96784745
2016-01-06 09:59:47 -08:00
Reedy 50736dbfcb Replace wfBaseConvert with Wikimedia\base_convert
Change-Id: Id31638973bff5c8e6a8b5910e31bdedc9bf11134
2015-11-26 23:28:43 +00:00
Niklas Laxström 622be7f9de Remove unnecessary check for MW_SUPPORTS_CONTENTHANDLER
This extension already requires 1.23+

Change-Id: Ie23339ffeaf6d6a9613b1b9c3929db0bccae65c8
2015-11-23 11:17:37 +01:00
Niklas Laxström df6cde026c Remove EditFilterMerged BC code
This extension already requires 1.23+

Change-Id: Ie56d701c1663a280372caaf71560dfdca7500619
2015-11-23 11:17:34 +01:00
Niklas Laxström 6354f6047a Fix typo in comment and remove unnecessary BC
This extensions already requires 1.23+

Change-Id: Iecb8067d43a38b531b46802ea53abfde20f66cef
2015-11-23 11:17:32 +01:00
jenkins-bot 2b2ebc2c10 Merge "Include global filters in defined and active tags lists" 2015-10-20 17:20:08 +00:00
Brad Jorsch 99652db13d Include global filters in defined and active tags lists
Bug: T105329
Change-Id: I9ea8e0450e8d75de8ce3b00cd7df5960c9521d97
2015-09-25 10:24:51 -04:00
Brad Jorsch a926b2b44f Use new User::newSystemUser() when available
See core change I2c736ad72d946fa9b859e6cd335fa58aececc0d5.

Change-Id: I3f20b408c039937c1f08c9232c336268ba13895d
2015-09-17 11:55:15 -04:00
Ori Livneh e008e68b5f Only check for auto-promote block if there is a promotion to block
Save the trip to Redis and back in that case.

Change-Id: I0f4d7292faa2330059d7b61325f2948715c86bf1
2015-08-05 17:18:49 -07:00
Aaron Schulz 9ffa400322 Conversion to using getMainStashInstance()
Bug: T97620
Change-Id: I7fc2c0a42bf295d71b9e0721ab4261290334cdec
2015-06-24 20:18:22 +00:00
cenarium 8bf9c62cbe Don't define tags from deleted filters
Tags from deleted filters are excluded when the list of tags
is fetched. So they aren't defined by the extension and can
be deleted. They are excluded in all cases just to be sure.

Bug: T90349
Change-Id: I41ec5203f689b4eb6ccf1f85ca9560a8c272705c
2015-02-26 03:50:14 +01:00
This, that and the other e00c245beb Implement ChangeTagsListActive hook
This allows users to visit Special:Tags or use the API to see
which change tags are still in active use.

The ChangeTagsListActive hook was introduced to core in
I77f476c8d0f32c80f720aa2c5e66869c81faa282

Change-Id: I456da1d151b576a4b4b62569a7804e3a3dd5e611
2015-02-04 19:22:00 +00:00
se4598 323848c2f3 parse AF error message on action delete
parse the error message, so wikitext gets HTML for display

Bug: T87586
Change-Id: I5bd5ea19283319fd3e1e884c66992d038ea1b19d
2015-01-26 20:36:56 +01:00
Kunal Mehta 68639158f8 Add file_size variable
To be able to filter on extremely large uploads

Change-Id: Id4c4c0f900ba6b91579211b8412ee194f09f6118
2015-01-07 20:56:53 -08:00
Kunal Mehta 8ed29d19b6 Use MovePageCheckPermissions hook if possible
Change-Id: Ic5026384b92a0d68d628397ffe1de6e5b6183f02
2014-10-27 16:13:58 -07:00
Kunal Mehta 0a79fa054f Add hook subscriber for UserMergeAccountFields
Bug: 67757
Change-Id: Ibd77e7169c29f0757bc57fb1d0d13f765706d57e
2014-09-16 21:25:13 +00:00
Jackmcbarn 9a2f79cc0a Only skip apparent null-edits when the page exists
Bug: 70675
Change-Id: I161bc61eb89702e273fef58932f8fb1c150257af
2014-09-10 17:35:02 -04:00
Kunal Mehta d962b418a9 Add "abusefilter-bypass" userright as a hack for GlobalRename page moves
GlobalRename is having its page moves stopped by AbuseFilter rules
that shouldn't affect it at all. This is a temporary hack until
something like bug 67936 is fixed.

This is less evil than unsubscribing AbuseFilter from $wgHooks IMO.

Change-Id: I6b301fda119be167d3f092d86ba5914289045fab
2014-07-22 23:04:40 -07:00
se4598 03f18d2578 abuse_filter_log table only uses tinyint not int for namespace ID
Bug: 31397
Change-Id: Ifb1275798a8dc383d37743fb75b93d162360424c
2014-03-04 02:24:27 +00:00
Marius Hoch 044d86b276 Check whether AbuseFilter::$editboxName is set before using it
Bug: 60981
Change-Id: I6b769d05865ea0865c6e0e9837968014c6ea70c3
2014-02-07 16:05:52 +01:00
Siebrand Mazeland 84d5cd33a2 Remove unused local variables
Change-Id: If708a112ae6df070da19f52682f0e2b19fe67959
2013-10-14 21:39:35 +02:00
Jackmcbarn 89b600a44e Avoid connecting to central database when not necessary
When using SQLite, this fails entirely. But it's a good idea for all
databases.

Bug: 54078
Change-Id: I2cc2e57d812fe87ffc227477425029c1e9b15543
2013-09-18 16:26:22 +00:00
Kunal Mehta 5596a3b572 Remove call to deprecated MWInit::methodExists with method_exists
MWInit::methodExists was deprecated in 1.22.

Change-Id: I5bbda455c64afa8ac0c9f7d1af03c4c57cff06ca
2013-07-27 21:13:17 +00:00
Marius Hoch 38bce17f2d Really parse the API warning in the APIEditBeforeSave hook
Status::getHtml doesn't actually parse messages, but
performs a dumb message transformation on them.

Bug: 51403
Change-Id: I9d82d0a74f049648735b820e731ab1883aaa3131
2013-07-16 01:01:02 +02:00
jenkins-bot a6b1dade84 Merge "Avoid wgUser in AbuseFilterHooks edit handlers" 2013-07-12 23:19:27 +00:00
Marius Hoch 9062371ef2 Avoid wgUser in AbuseFilterHooks edit handlers
Also a minor comment fix.
(Partly a follow up to Id998172)

Change-Id: Ie6a8f1e17afbf39a0aae7519fa7872504907223f
2013-07-10 14:55:26 +00:00
Marius Hoch 150bf280cb Don't create default object from empty value in AbuseFilterHooks
We shouldn't try to set the attribute of a variable which isn't
actually an object as this will lead to the "Creating default
object from empty value" PHP error and it will trigger a further
fatal down the road. This gets triggered in Wikibase and probably
other extension unit tests.

Change-Id: I0f2e93657e5cfdb84ee351be371d421c11291b82
2013-07-10 14:54:43 +00:00
Marius Hoch 35747761fb Allow running the AbuseFilter parser tests via phpunit
I've also added myself to the credits file as I'm the only
maintainer of this extension for a while now.

Change-Id: Id998172ea2abd70b8243de9db1a96cc2cfa47a64
2013-07-08 19:22:43 +02:00
Marius Hoch 83357aafd0 Make use of the APIEditBeforeSave hook for nicer errors
Bug: 32216
Change-Id: I654eb21faffa1371f637d98d0fcd38c005048507
2013-07-08 19:10:25 +02:00
Marius Hoch 3ab18c2306 Don't try to filter uploads with an invalid title
This was causing fatals and is pointless anyway as
these uploads will never succeed.

Bug: 49399
Change-Id: Ifb16afe3e02854b8f53eb8dae87e13de669381ab
2013-06-11 15:21:26 +02:00
Marius Hoch 3c5a074881 Use the UploadVerifyFile hook
Use the UploadVerifyFile hook instead of the UploadVerification
one as it provides more data about the upload.
This is the first step towards better upload filtering.

Change-Id: Ie535c7d20ed79a1e26d8d399a7c25d632c9c7fa0
2013-05-16 23:13:10 +02:00
jenkins-bot 84487b86d8 Merge "Deprecate addHolder for addHolders." 2013-04-23 21:22:37 +00:00
nischayn22 454a7cc897 Deprecate addHolder for addHolders.
lot of code was using ::merge() to create a new AbuseFilterVariableHolder
this is now simplified using a single addHolders method.

merge() still exists as its usful as a static function.
addHolder() is deprecated.

Change-Id: Ia4f6a56f642242a04cf2973b74ce44d91fce00eb
2013-04-23 23:19:32 +02:00
Tim Starling 7450622fff Update afl_rev_id even if the edit summary changed
(bug 28633) With $wgUseAutomaticEditSummaries=true, the edit summary is
different between EditFilterMerged and ArticleSaveComplete. AbuseFilter
was using edit summary changes to attempt to detect whether the two
hooks refer to the same edit. If it really is possible for multiple
edits to be performed in the same request, with arbitrary patterns of
EditFilterMerged and ArticleSaveComplete calls, then some more robust
method would be needed to match the hook calls. But I don't think that
is necessary at present.

Change-Id: I94321905f38eafde8add00eff73745af255c1f15
2013-03-19 11:34:30 +11:00
Marius Hoch 42bd0d84f4 AbuseFilter: Change format of database logging/ performance
AF is setting several lazy load variables for the currently editing user.
To do this it's passing along the user name extracted from a user object
and generating a new user object later from that name which is of course
pointless. With this patch I'll pass user objects directly to prevent that.
On top of that I've deprecated a method in AFComputedVariable::compute which
was redundant as there is a more generic one which can solve that task
just fine.

Furthermore I've changed the logging behaviour from serializing the whole
AbuseFilterVariableHolder object to only store the variables. That has two
major advantages:
 * The amount of data that needs to be saved on a filter hit is reduced
   to about 1/10 of what the old version needed.
 * This is much more forward compatible as the old way of saving this
   relied on the class structure to stay the same while this is a simple
   array containing the vars.

On top of that we now only log variables already set by the time
a filter is hit. On top of the obvious performance increasement
that makes it easier for the user to spot the relevant data.

Another thing this change alters is the way the AbuseFilter internally
works with AbuseFilterVariableHolder objects. Right now we use one for
testing the filter(s) and later we use another one to compute the same
data again in case a filter was hit (for logging)!

This is not thoroughly tested yet, but way more sane than what we're
currently doing!

Change-Id: Ib15e7501bff32a54afe2d103ef5aedb950e58ef6
2013-02-28 22:35:22 +01:00
jeblad 53e230c5c7 Check that $title is defined and is a Title object
During testing the context does not always contain a valid
Title object. In those cases AbuseFilter will fail hard.
This changeset makes the filter survive some of those
failures.

Change-Id: I0b2247432619ddf15cc17ed41b4b7a6a11e910e0
2013-02-19 13:39:47 +01:00
daniel 6522f70fb8 Use Status object to report filter results.
This changes the AbuseFilter to use Status objects for internal
error handling. This allows for more flexibility in passing error
messages back from hooks and avoids double escaping.

Change-Id: I72e1a6dd7dee19f889fc13b60456e9bfebd5e22b
2013-01-17 18:34:19 +01:00
daniel f3788c4f0c (bug 42064) AbuseFilter + EditFilterMergedContent
This makes AbuseFilter use EditFilterMergedContent if support for
the ContentHandler infrastructure is present. This means living
without some nice bits of context, because EditFilterMergedContent
doesn't provide an EditPage object.

This requires core change I99a19c93 to work correctly.

Change-Id: Ibb9d4c9a36b8a199213958b920902e8006c71fe8
2013-01-17 11:18:28 +01:00
jeblad 68ecb6f985 (Bug 42064) Add a hook to AbuseFilter
The hook 'AbuseFilter-interceptVariable' can be used
for intercepting any request to recalculate a variable,
and if a handler is returning false the later code
will be skipped. That makes it possible to avoid using
content if the content model is wrong, as it could be
for a Wikibase entity.

The hook uses the same arguments as the hook
'AbuseFilter-computeVariable', thereby making it simple
to move handlers around.

The arguments to the hook are
@param string $method
@param AbuseFilterVariableHolder $vars
@param array $parameters
@param AFPData|array|int|mixed|null|string &$result

Patchset 2: Fix for arg 1 to the hook, it got $this
	instead of $this->mMethod

Change-Id: I4944ea612369d6f96319e24c96d97cf9739358c7
2012-12-19 10:13:31 +01:00
jeblad ae2c2f7e67 (Bug 42064) Change getText to getContent in AbuseFilter
Patchset 2: Handle more content types
Patchset 3: Change cover letter
Patchset 4: Make it b/c
Patchset 5: Refactor and use previous audience
Patchset 6: Fixed/ minor changes

Change-Id: Ib1d2f9803bc95bb9efd445e3778126d5c3090a71
2012-11-25 18:09:47 +01:00
Siebrand Mazeland 176227e721 Maintenance for AbuseFilter extension.
* Replace deprecated methods.
* Remove no longer needed function fnmatch().
* Remove superfluous newlines.
* Remove unused and redundant local variables and globals.
* Deglobalization.
* Update documentation.
* Fix incorrect return values or add FIXMEs when in doubt.
* Escape output in a few places where needed.
* Remove unneeded MEDIAWIKI constant checks.
* Fix various JSHint/JSLint issues.

Patch Set 11: Merged https://gerrit.wikimedia.org/r/24701 into
this one per Siebrand's request

Change-Id: I02ba4ce31b6aca5b7324114093f8ece143abc295
2012-10-09 22:26:45 +02:00