Commit graph

7622 commits

Author SHA1 Message Date
STran bd819b98a2 Add preference for viewing protected variables in AbuseFilter
Users need to enable a preference before gaining access to the IPs
from `user_unnamed_ip`, a protected variable.

- Add a preference that the user can check to toggle their access
- Check for the preference and the view right for logs that reveal
  protected variables on:
  + AbuseFilterViewExamine
  + SpecialAbuseLog
  + QueryAbuseLog

Bug: T371798
Change-Id: I5363380d999118982b216585ea73ee4274a6eac1
2024-09-12 07:59:24 -07:00
Translation updater bot 86370ce996
Localisation updates from https://translatewiki.net.
Change-Id: I8ae8cad2792bd17aec12bbce4948a2ef482f5898
2024-08-06 09:45:24 +02:00
Translation updater bot 425772c917
Localisation updates from https://translatewiki.net.
Change-Id: I0ca9695ef472463c0d330ab67dbde90f7299dca0
2024-08-05 09:24:19 +02:00
Translation updater bot d60fbef793
Localisation updates from https://translatewiki.net.
Change-Id: Ia37a015890cc9ad9bd4161a9aed98b0af2e48ff3
2024-08-02 09:38:28 +02:00
jenkins-bot cafb0c49e9 Merge "Remove usage of writeapi userright" 2024-08-01 21:06:48 +00:00
Translation updater bot 82bd56a0aa
Localisation updates from https://translatewiki.net.
Change-Id: I38ce7ea690d6179ace75687bffdb3f1a2a4fc1ff
2024-08-01 09:17:49 +02:00
Translation updater bot c0115f3b37
Localisation updates from https://translatewiki.net.
Change-Id: I03e947472be5927135567cdc1af44092224b7417
2024-07-31 09:22:13 +02:00
Fomafix 805a1e8248 Use overrideConfigValues/overrideConfigValue instead of setMwGlobals
Also use MainConfigNames.

Change-Id: I35c7099a63f8665ddf433116732a93ede8711e35
2024-07-30 15:04:40 +00:00
jenkins-bot de16ec7509 Merge "ConsequencesExecutor: Use Message objects in the Status" 2024-07-30 00:21:19 +00:00
jenkins-bot b0771ea6ca Merge "AbuseFilterExtensionJsonTest: Allow skipping other extension hooks" 2024-07-29 12:52:29 +00:00
Translation updater bot 02a8dfd882
Localisation updates from https://translatewiki.net.
Change-Id: I8cbdcb55fc109c1656b3b088291f5f831e6b11a4
2024-07-29 09:25:38 +02:00
jenkins-bot 0c51fbd3e6 Merge "Use namespaced MessageSpecifier" 2024-07-28 21:30:01 +00:00
Bartosz Dziewoński 80f56e599b ConsequencesExecutor: Use Message objects in the Status
In my recent change c458651370, which used Status::getMessages()
in FilteredActionsHandler, I overlooked the fact that it returns
MessageSpecifier objects instead of Message objects, and the return
value of MessageSpecifier::getParams() is not exactly specified
(the docs only promise that it's an array).

Now I'm working on a MediaWiki core change (I625a48a6ec) that
causes a different MessageSpecifier to be used, which stores
parameters in a different format, and would break that code.

To avoid problems, ConsequencesExecutor now stores Message objects
in the Status, which guarantees that FilteredActionsHandler will
get the same objects back.

Change-Id: I2c1bc8dde9a078d03badecf6d89443b65eeb92c5
2024-07-28 20:08:56 +00:00
Bartosz Dziewoński 1c0ab3010a AbuseFilterExtensionJsonTest: Allow skipping other extension hooks
Change-Id: I1146cec2b27c964f5ed07e7da76fc7b9ec4a09c5
2024-07-28 20:08:30 +00:00
Bartosz Dziewoński 517beb3c0d Use namespaced MessageSpecifier
Depends-On: I9ff4ff7beb098b60c92f564591937c7d789c6684
Change-Id: I7097b4d80df790ef14a5bc053306dc2f1fd195da
2024-07-28 21:59:35 +02:00
James D. Forrester 841214ab43 Upgrade required version of wikimedia/equivset to 1.7.0
Bug: T370976
Depends-On: I30cbc5c0b710f9cbd64d64ee798e309b0129222b
Change-Id: I4a6a9baafe9fff87d159626b744ce80a7505585d
2024-07-26 16:48:17 -04:00
jenkins-bot 1d5dc260e1 Merge "Use expression builder to avoid IDatabase::makeList" 2024-07-26 18:44:31 +00:00
Translation updater bot e7faf0160a
Localisation updates from https://translatewiki.net.
Change-Id: Ib7a5615f3975209e0e0606d1c338cfd6b0ccf935
2024-07-26 09:42:10 +02:00
Translation updater bot 9b629596ad
Localisation updates from https://translatewiki.net.
Change-Id: I3186f4450439bda638aeb79ec92c28f4cc246d08
2024-07-25 09:18:02 +02:00
Translation updater bot b51459ba3f
Localisation updates from https://translatewiki.net.
Change-Id: I6a32d083d92c6662deb31315deb0d95f31ccdfff
2024-07-24 09:22:18 +02:00
Translation updater bot 975e343eb7
Localisation updates from https://translatewiki.net.
Change-Id: Idd0ae1de72d24475bf51178cb0ff4a7ec51c70f2
2024-07-23 09:44:13 +02:00
Umherirrender e88494212e Use expression builder to avoid IDatabase::makeList
Bug: T350968
Change-Id: Iacb407a9aef293f401e0dbf754bb1f51f6b390c5
2024-07-22 21:42:28 +00:00
jenkins-bot 2d418bb61c Merge "Use expression builder instead of raw sql" 2024-07-22 20:48:01 +00:00
Translation updater bot 062f0039f1
Localisation updates from https://translatewiki.net.
Change-Id: Ibba5126d0bce50662ec9f3159f6c34c91fbe9052
2024-07-22 09:23:20 +02:00
Umherirrender 91b369b7af Use expression builder instead of raw sql
Bug: T350968
Change-Id: Ibad11ea11e7955172d35d4499372d0fcd726bf74
2024-07-21 22:07:58 +02:00
Umherirrender 6db3b3287f tests: Use LanguageFactory to create en language
Bug: T343771
Change-Id: Id2423c87c17a2f357d5e1cfeef3aeb83b6ad9a0d
2024-07-20 21:41:52 +02:00
Translation updater bot 750410c687
Localisation updates from https://translatewiki.net.
Change-Id: I5c02cf68177fe5232bd15d76610ebc913e93dfd4
2024-07-19 09:39:06 +02:00
Translation updater bot 19ca2cad10
Localisation updates from https://translatewiki.net.
Change-Id: I9ace4121ba7dd3fde9d5bcfcb3de2bb5770d7398
2024-07-18 09:21:47 +02:00
jenkins-bot 7bde8bcdf0 Merge "Use IDatabase::buildComparison in MigrateActorsAF" 2024-07-17 19:49:37 +00:00
Translation updater bot 1e780b50b2
Localisation updates from https://translatewiki.net.
Change-Id: I04c98eb129c828b33855e460482966a217993243
2024-07-17 09:32:57 +02:00
Umherirrender 73a15cdcbf Use IDatabase::buildComparison in MigrateActorsAF
Avoid IDatabase::addQuotes

Change-Id: I68712c407cec15eb7fac0303ad7fa94651f4e0be
2024-07-16 23:35:21 +02:00
Translation updater bot 6b326ff2e0
Localisation updates from https://translatewiki.net.
Change-Id: I7c947cf27ac5872d0eaa9562c02d6c0699bf5c74
2024-07-16 09:38:35 +02:00
Translation updater bot 29747424be
Localisation updates from https://translatewiki.net.
Change-Id: Ibb7f11474f369163ca753af519cbb5aabf4d2e01
2024-07-15 09:23:04 +02:00
Translation updater bot df9e545f7a
Localisation updates from https://translatewiki.net.
Change-Id: Id341fc862b25c9debb23651ef7e7a62018210b62
2024-07-12 09:39:20 +02:00
Bartosz Dziewoński 3df92fcbe4 Use stable andExpr() / orExpr() methods
Change-Id: I0010a7c9d273e63acbed78190f0c23283a192ef2
2024-07-11 18:36:04 +02:00
jenkins-bot e256fca1ad Merge "selenium: Document when, how and why a test is skipped" 2024-07-11 15:25:08 +00:00
Translation updater bot e045f60dbc
Localisation updates from https://translatewiki.net.
Change-Id: I611ea9d3dfa96b0429e036c67a48e7093b9ec86e
2024-07-11 09:28:44 +02:00
jenkins-bot 5a18e60b76 Merge "Disallow protected variable access on AbuseFilterViewTestBatch" 2024-07-10 18:48:07 +00:00
STran 30227231f6 Disallow protected variable access on AbuseFilterViewTestBatch
A filter using a protected variable can be loaded via filter id
using testing tools even though the user might not have the right
to view protected variables. This can potentially leak PII and as
such, testing tools should check for the right before allowing
protected filters to be seen.

- Unload a filter asap if it uses protected variables and the
  requestor doesn't have viewing rights. This:
    + disallows loading of existing protected filters on page load
    + disallows testing against rules that use protected variables
    + disallows subsequent requests for protected filters (via API)

There is a known bug (see T369620) where no user feedback is
provided if an API request for a filter returns no result (typically
when no filter matches the requested id). This commit adds another
pathway to that bug (the filter exists but is protected and not
returned by the API) but does not update this UI/UX.

Bug: T364834
Change-Id: I6a572790edd743596d70c9c4a2ee52b4561e25f3
2024-07-10 05:31:03 -07:00
Kosta Harlan b58d91bcac ConfirmEditHandlerTest: Loosen message check test
Why:

- Ie13181b78b8e2903c6cc0f0f778689bcc8b8ce2e modifies the status message
  returned

What:

- Loosen the check for the status error message such that 'captcha-edit'
  and 'captcha-edit-fail' are both valid; we can revert this after
  Ie13181b78b8e2903c6cc0f0f778689bcc8b8ce2e is merged

Change-Id: I5a0698d84932a474800a68dba9b76b3433b19290
2024-07-10 08:20:18 +00:00
jenkins-bot c316be857b Merge "ConfirmEditHandlerTest: Remove method_exists checks" 2024-07-09 11:32:25 +00:00
jenkins-bot 218627233b Merge "Only return filters visible to user in search" 2024-07-09 09:45:55 +00:00
Kosta Harlan 62629ec3e9
ConfirmEditHandlerTest: Remove method_exists checks
Why:

- These checks are no longer needed, now that Idc47bda has been merged

What:

- Remove the `method_exists()` checks

Change-Id: I6e428df6b6e036146ae4cc57374cde8810d3f5f7
2024-07-09 10:27:03 +02:00
Translation updater bot 18ed47a687
Localisation updates from https://translatewiki.net.
Change-Id: I737a1012f865c2d664b7eac9920b1d295c930092
2024-07-09 09:41:37 +02:00
Željko Filipin 8f3ca526b9 selenium: Document when, how and why a test is skipped
Bug: T280652
Change-Id: I6bb1e0c0fdebe103311ea45e4d788e14deb844e0
2024-07-08 15:02:10 +02:00
jenkins-bot 98eab47d9b Merge "Simplify FilterEvaluator::getUsedVars using ::checkSyntax" 2024-07-08 12:42:18 +00:00
STran ceaedb8b95 Only return filters visible to user in search
Search is restricted to users with the right to view private variables
but not necessarily the right to view protected variables. Users who
don't have the right to view protected variables shouldn't be able to
search against protected variables, as this might leak the PII.

- Filter out filters using protected variables in search results
  if the user doesn't have the right to view protected variables

Bug: T367390
Change-Id: I7412112c9cc676f29d706b116b779bc17183a952
2024-07-08 02:47:57 -07:00
Translation updater bot 993fa76c25
Localisation updates from https://translatewiki.net.
Change-Id: I3f4a8deafc80c7f23627b88f76303a37e01fbdf1
2024-07-08 09:31:57 +02:00
jenkins-bot 69508bf153 Merge "Add missing permission check to canSeeLogDetailsForFilter" 2024-07-05 10:09:47 +00:00
Matěj Suchánek bf180e0490 Simplify FilterEvaluator::getUsedVars using ::checkSyntax
Alternative approach to fixing the regression proposed by
Daimona in I78d3a2cd7bada962d7ef9b0f2c39d898bf8987ce.

Bug: T368203
Change-Id: I637367c3b3850f7988d890379fef7f4753159953
2024-07-05 11:32:09 +02:00