Commit graph

30 commits

Author SHA1 Message Date
Brad Jorsch ad4ea2c79c Update token handling for core API change
Core change I2793a3f2 changes API handling in a way that needs updates
to extensions for proper operation:
* needsToken() now returns a string
* Most custom token types are being replaced with a 'csrf' token (the
  former 'edit' token); any others need a new hook.
* All tokens must use a static salt. Compat with web UI using non-static
  tokens is supported and also serves to handle the now-deprecated token
  fetching.
* Documentation in getParamDescription() should return a string (not
  array) for 'token', as the signal to core that it should be replaced
  with a standardized message.

When compatibility with earlier versions of MediaWiki is no longer
maintained, the entry for 'token' from getAllowedParams() and
getParamDescription() may be removed, as may getTokenSalt(). This patch
leaves them in place.

Note this is intended to be compatible with earlier versions of
MediaWiki, and so should be safe to merge before the core change.

Change-Id: Ie1f483e2d0fd97d6ff5b2b953aa6390c35c75ee7
2014-08-09 16:27:19 +01:00
helderwiki f73b148a82 Do not ignore the "vars" parameter on action=abusefiltercheckmatch
For this, we just need to convert the associative array to an
instance of AbuseFilterVariableHolder.

Bug: 53501
Change-Id: Ie6925e1ce7df6c6c179e32ff69ff4138a3285545
2014-08-02 11:38:19 +00:00
Siebrand Mazeland ddc930e897 Ensure variables are defined
Change-Id: Iab1d36b0162c1d7a91cdd80ac36bbf338e7df61d
2013-11-06 17:09:24 +01:00
umherirrender b3456b1e17 API: Add text for Unknown error: "permissiondenied"
The api does not known a generic "permissiondenied" message.

Change-Id: I65822c9f58ce323352db759d46bf11d4ddab14bd
2013-10-27 17:33:39 +01:00
Marius Hoch 202d3fb7b5 API: Fix abuse log detail visibility for private filters
This seems like it never really worked, changed the API
module to match the special page now.

Change-Id: I8dc6d5f5adfb7835ed8a5084b3407505aca2a6d5
2013-07-17 17:18:13 +02:00
Marius Hoch d2a342788f Make global AbuseFilters searchable on Special:AbuseLog
Global AbuseFilters will be searchable using "global-123"
with this. Furthermore this patch fixes the visibility of
global AbuseFilter ids within the API module.

Bug: 51007
Change-Id: Ia6caba5ae3d727b778076ecdba500b4dc1d55b6f
2013-07-10 14:54:51 +00:00
Marius Hoch 8957c003ba Revert "Change AbuseFilter to use UserCache instead of user_text fields"
This reverts commit aaa256aa94.

Bug: 49918
Change-Id: I597cbc03e2ecc45cfcca632232d5bbb1ef7be9d8
2013-06-27 01:01:15 +02:00
Aaron Schulz 05b38eb613 Merge "Change AbuseFilter to use UserCache instead of user_text fields" 2013-04-09 22:00:51 +00:00
Alex Monk aaa256aa94 Change AbuseFilter to use UserCache instead of user_text fields
Change-Id: I51210ff91366a3a1610d34ca20e8966aaded89a0
2013-03-27 15:59:34 +00:00
Marius Hoch 2a7e5c8193 Make use of the user_timestamp index in ApiQueryAbuseLog
Furthermore sanitize IPs as ::01 == ::1

Change-Id: I91489d17c012004f607bbe571b9a2702afbf3d81
2013-03-26 15:16:43 +01:00
Kunal Mehta 75e3fa4b8b Change right needed to see filter id in API to hidden from private.
Currently it checks if the filter is set to hidden, and then
requires the private permission to view it, which is intended
for private data (like IP addresses), not hidden filters.

Change-Id: Iff8f9edf2466050aeadf3907dcff5464e179ff68
2013-03-13 00:41:03 -05:00
CSteipp 37d05a77d3 Merge "(bug 42802) Let the client specify multiple filters for list=abuselog" 2012-12-19 20:23:20 +00:00
CSteipp 99f89ec50c Merge "(bug 42814) Fix the visibility of action=query&list=abuselog" 2012-12-19 01:20:04 +00:00
Krenair a0bf987aff (bug 42802) Let the client specify multiple filters for list=abuselog
Change-Id: I9d06186aea207896bdb354d0e86ee35632fc2090
2012-12-19 01:27:02 +01:00
Kunal Mehta a5658f6004 (bug 42819) AbuseFilter API does not give diff information
Change-Id: Ia5075c241b95e28ad6371df9e82fc42cd51136b4
2012-12-19 01:14:23 +01:00
Marius Hoch ad9f60a9d3 (bug 42814) Fix the visibility of action=query&list=abuselog
Made prop=details invisible for hidden filters if the current
user isn't allowed to see that. Visibility should match the web
interface now.

Change-Id: I2cd682a2ec298473e5398fbf20d850b710f4e93a
2012-12-18 23:02:16 +01:00
csteipp 7a21a8f76a (bug 42814) Fix AbuseLog API permissions
Match the API to how Special:AbuseLog prevents unprivileged users from
seeing the filter number that triggered an action, when the filter is
private.

Change-Id: Iff352a0a6dbfeaa05f9272af927119ba1bb2194d
2012-12-18 22:48:28 +01:00
Krenair 7c85b208c5 (bug 42816) Run the same permissions checks for list=abuselog as Special:AbuseLog
Change-Id: I763db9fecfdb994e95d2cb747b0ded6c8700e505
2012-12-10 21:19:50 +00:00
Siebrand Mazeland 176227e721 Maintenance for AbuseFilter extension.
* Replace deprecated methods.
* Remove no longer needed function fnmatch().
* Remove superfluous newlines.
* Remove unused and redundant local variables and globals.
* Deglobalization.
* Update documentation.
* Fix incorrect return values or add FIXMEs when in doubt.
* Escape output in a few places where needed.
* Remove unneeded MEDIAWIKI constant checks.
* Fix various JSHint/JSLint issues.

Patch Set 11: Merged https://gerrit.wikimedia.org/r/24701 into
this one per Siebrand's request

Change-Id: I02ba4ce31b6aca5b7324114093f8ece143abc295
2012-10-09 22:26:45 +02:00
Andrew Garrett 53aea9c0ce AbuseFilter: Resolve bug 18374, bug 28633.
* Store the revision ID associated with a log entry
 if the action is successful.
* Expose this as a diff link in the UI.
* Implicitly hide log entries if their
 corresponding revisions are also hidden.
* Includes scope for expanding to log entries if desired.

Change-Id: Ie2d43dd1bacf14289fdf0492bb22267590ee649d
2012-07-11 10:16:59 -04:00
Liangent 7ec9201ead Add token to the example of ApiAbuseFilterUnblockAutopromote.
Change-Id: I165afd2412053ea6477c0cd882b903855b277da2
2012-05-19 14:41:44 +08:00
Roan Kattouw 6c4bd57043 Revert r111217 (unreviewed rev in AbuseFilter) and its dependencies r113585, r113587, r113588, r113589.
All of these revisions are tagged with 'gerritmigration' and will be resubmitted into Gerrit after the Gerrit switchover. See also http://lists.wikimedia.org/pipermail/wikitech-l/2012-March/059124.html
2012-03-21 19:41:11 +00:00
Andrew Garrett 5e4289ce4e AbuseFilter: Resolve bugs 18374, 28633.
* Store the revision ID associated with a log entry if the action is successful.
* Expose this as a diff link in the UI.
* Implicitly hide log entries if their corresponding revisions are also hidden.
* Includes scope for expanding to log entries if desired.
2012-02-10 23:41:05 +00:00
Sam Reed 76a226ed77 Fix action= examples from r95572, need abusefilter prefix 2012-01-13 21:36:51 +00:00
John Du Hart 274dcd06a2 Pass one of converting AbuseFilter to use ContextSource
The main AbuseFilter class still needs to be fixed up, but that's a bigger job and I'm out of time
2011-11-16 05:34:24 +00:00
John Du Hart 9c75f9907f Followup r95572, minor tweaks per CR 2011-09-30 00:48:00 +00:00
John Du Hart 3f06314486 Followup r95572, rename API modules to reduce chance of collisions per CR 2011-09-29 23:30:42 +00:00
Sam Reed 648ffcb3b5 Followup r95572
Couple of stylistic tweaks

Move calls of extractRequestParams after the initial check that may abort the api call
2011-08-26 23:52:46 +00:00
John Du Hart b30697e94c Adds ResourceLoader support to AbuseFilter
Rewrote javascript to use jQuery
Added API modules to replace sajax_* calls
Solves bug 29714
2011-08-26 20:12:34 +00:00
Sam Reed 56f266da57 Create api folder, move api files into it
Same for special
2011-05-10 23:05:25 +00:00