Back when APIEditBeforeSave was being introduced here, it was
impossible to return error data for API requests from it (T34216). But
this hook runs a lot earlier than EditFilterMergedContent, and only
gives us the text submitted in the action=edit API call and not the
actual text that's going to be saved, which are different for section
edits (T54077) or edits where an edit conflict is automatically
resolved (T73947).
T54077 was solved by making the APIEditBeforeSave lie that there are
no sections edits in the API. Perhaps T73947 could also be resolved by
lying that there are no edit conflicts in the API, but it seemed that
this would require duplicating even more logic from EditPage in the
API than T54077.
And luckily, EditFilterMergedContent recently gained the ability to
return precise error messages to the API (in MediaWiki 1.25,
I4b4270dd868a643512d4717927858b6ef0556d8a). So let's use that if
available and only fall back to APIEditBeforeSave on older versions.
Bug: T73947
Change-Id: I30c1e3d0a6c10888e6ac53745313434474663cce
* file_mime
The MIME type of the file, e.g. 'image/png'.
* file_mediatype
The media type of the file, one of 'UNKNOWN', 'BITMAP', 'DRAWING',
'AUDIO', 'VIDEO', 'MULTIMEDIA', 'OFFICE', 'TEXT', 'EXECUTABLE', 'ARCHIVE'.
* file_width
Width of the image in pixels, or 0 if it's inapplicable (e.g. for
audio files).
* file_height
Height of the image in pixels, or 0 if it's inapplicable (e.g. for
audio files).
* file_bits_per_channel
Bits per color channel of the image, or 0 if it's inapplicable (e.g.
for audio files). The most common value is 8.
Bug: T131643
Change-Id: Id355515a18d3674393332c0f4094e34f9f522623
At this point $wgUser->getId() will be 0 anyway because the $wgUser is
in the process of being created, so skip the call.
Bug: T124367
Change-Id: I4c6c999f1799db6ff21db3d9df537da643442d27
This query takes a large chunk of page save time (per xenon).
Try to perform the query before page save.
Bug: T116557
Change-Id: I50432658d387b24e47db7ed66880e53c3e4adee7
Tags from deleted filters are excluded when the list of tags
is fetched. So they aren't defined by the extension and can
be deleted. They are excluded in all cases just to be sure.
Bug: T90349
Change-Id: I41ec5203f689b4eb6ccf1f85ca9560a8c272705c
This allows users to visit Special:Tags or use the API to see
which change tags are still in active use.
The ChangeTagsListActive hook was introduced to core in
I77f476c8d0f32c80f720aa2c5e66869c81faa282
Change-Id: I456da1d151b576a4b4b62569a7804e3a3dd5e611
GlobalRename is having its page moves stopped by AbuseFilter rules
that shouldn't affect it at all. This is a temporary hack until
something like bug 67936 is fixed.
This is less evil than unsubscribing AbuseFilter from $wgHooks IMO.
Change-Id: I6b301fda119be167d3f092d86ba5914289045fab
We shouldn't try to set the attribute of a variable which isn't
actually an object as this will lead to the "Creating default
object from empty value" PHP error and it will trigger a further
fatal down the road. This gets triggered in Wikibase and probably
other extension unit tests.
Change-Id: I0f2e93657e5cfdb84ee351be371d421c11291b82
I've also added myself to the credits file as I'm the only
maintainer of this extension for a while now.
Change-Id: Id998172ea2abd70b8243de9db1a96cc2cfa47a64
Use the UploadVerifyFile hook instead of the UploadVerification
one as it provides more data about the upload.
This is the first step towards better upload filtering.
Change-Id: Ie535c7d20ed79a1e26d8d399a7c25d632c9c7fa0
lot of code was using ::merge() to create a new AbuseFilterVariableHolder
this is now simplified using a single addHolders method.
merge() still exists as its usful as a static function.
addHolder() is deprecated.
Change-Id: Ia4f6a56f642242a04cf2973b74ce44d91fce00eb
(bug 28633) With $wgUseAutomaticEditSummaries=true, the edit summary is
different between EditFilterMerged and ArticleSaveComplete. AbuseFilter
was using edit summary changes to attempt to detect whether the two
hooks refer to the same edit. If it really is possible for multiple
edits to be performed in the same request, with arbitrary patterns of
EditFilterMerged and ArticleSaveComplete calls, then some more robust
method would be needed to match the hook calls. But I don't think that
is necessary at present.
Change-Id: I94321905f38eafde8add00eff73745af255c1f15
AF is setting several lazy load variables for the currently editing user.
To do this it's passing along the user name extracted from a user object
and generating a new user object later from that name which is of course
pointless. With this patch I'll pass user objects directly to prevent that.
On top of that I've deprecated a method in AFComputedVariable::compute which
was redundant as there is a more generic one which can solve that task
just fine.
Furthermore I've changed the logging behaviour from serializing the whole
AbuseFilterVariableHolder object to only store the variables. That has two
major advantages:
* The amount of data that needs to be saved on a filter hit is reduced
to about 1/10 of what the old version needed.
* This is much more forward compatible as the old way of saving this
relied on the class structure to stay the same while this is a simple
array containing the vars.
On top of that we now only log variables already set by the time
a filter is hit. On top of the obvious performance increasement
that makes it easier for the user to spot the relevant data.
Another thing this change alters is the way the AbuseFilter internally
works with AbuseFilterVariableHolder objects. Right now we use one for
testing the filter(s) and later we use another one to compute the same
data again in case a filter was hit (for logging)!
This is not thoroughly tested yet, but way more sane than what we're
currently doing!
Change-Id: Ib15e7501bff32a54afe2d103ef5aedb950e58ef6
During testing the context does not always contain a valid
Title object. In those cases AbuseFilter will fail hard.
This changeset makes the filter survive some of those
failures.
Change-Id: I0b2247432619ddf15cc17ed41b4b7a6a11e910e0
This changes the AbuseFilter to use Status objects for internal
error handling. This allows for more flexibility in passing error
messages back from hooks and avoids double escaping.
Change-Id: I72e1a6dd7dee19f889fc13b60456e9bfebd5e22b
This makes AbuseFilter use EditFilterMergedContent if support for
the ContentHandler infrastructure is present. This means living
without some nice bits of context, because EditFilterMergedContent
doesn't provide an EditPage object.
This requires core change I99a19c93 to work correctly.
Change-Id: Ibb9d4c9a36b8a199213958b920902e8006c71fe8
The hook 'AbuseFilter-interceptVariable' can be used
for intercepting any request to recalculate a variable,
and if a handler is returning false the later code
will be skipped. That makes it possible to avoid using
content if the content model is wrong, as it could be
for a Wikibase entity.
The hook uses the same arguments as the hook
'AbuseFilter-computeVariable', thereby making it simple
to move handlers around.
The arguments to the hook are
@param string $method
@param AbuseFilterVariableHolder $vars
@param array $parameters
@param AFPData|array|int|mixed|null|string &$result
Patchset 2: Fix for arg 1 to the hook, it got $this
instead of $this->mMethod
Change-Id: I4944ea612369d6f96319e24c96d97cf9739358c7
Patchset 2: Handle more content types
Patchset 3: Change cover letter
Patchset 4: Make it b/c
Patchset 5: Refactor and use previous audience
Patchset 6: Fixed/ minor changes
Change-Id: Ib1d2f9803bc95bb9efd445e3778126d5c3090a71
* Replace deprecated methods.
* Remove no longer needed function fnmatch().
* Remove superfluous newlines.
* Remove unused and redundant local variables and globals.
* Deglobalization.
* Update documentation.
* Fix incorrect return values or add FIXMEs when in doubt.
* Escape output in a few places where needed.
* Remove unneeded MEDIAWIKI constant checks.
* Fix various JSHint/JSLint issues.
Patch Set 11: Merged https://gerrit.wikimedia.org/r/24701 into
this one per Siebrand's request
Change-Id: I02ba4ce31b6aca5b7324114093f8ece143abc295