Commit graph

5196 commits

Author SHA1 Message Date
Daimona Eaytoy c03f0a3b08 Convert static arrays to constants
Beloved PHP7!

Change-Id: Id5170662f7c5ceacfc0ac8d90787f2c92fd93464
2019-11-16 16:32:36 +01:00
Translation updater bot a0b349d4c3 Localisation updates from https://translatewiki.net.
Change-Id: Ib8d00edacae2b6bdb654ee247711c4f198bd72bb
2019-11-15 09:18:35 +01:00
Martin Urbanec 5fd861365f SECURITY: Make sure provided filter id match provided history ID in history view
AbuseFilterViewEdit does privilege checks based on filter ID,
and displays what is hidden under given history ID, but doesn't
make sure those two IDs actually belong to one filter.

That means user can easily change filter ID to a public
filter and view old versions of nowadays private filters.

Bug: T237887
Change-Id: Ic12790bd33982473f77551bde9599ed083a3e1f1
2019-11-14 15:53:14 -06:00
Translation updater bot af000125ac Localisation updates from https://translatewiki.net.
Change-Id: Iff2e73bd4dd691d14598c63c10dd06b9a9f18e34
2019-11-13 09:24:23 +01:00
jenkins-bot 80f4742416 Merge "When viewing old filter revisions, show abusefilter-view-oldwarning to users who cannot edit the filter" 2019-11-12 18:59:28 +00:00
Daimona Eaytoy 98bcad25c3 Also parse numbers with the new syntax and hard-deprecate the old one
This will allow people to switch their filters to the new syntax. The
deprecation warning is now more exhaustive, and the info() warning is
kept to ensure that everything proceeds smoothly.
The regex v2 has also been fixed to:
 - Consume all the digits/letters on the right (*)
 - Have named groups
 - Be created dynamically with other constants

(*) The previous version of v2 could complete the match and leave
digits/letters on the right when encountering numbers with the old
syntax, hence dropping support too early. We also cannot use a word
boundary (\b) because that would prevent matching numbers with trailing
dots (e.g. "5.").

Bug: T212730
Change-Id: Ibf6ac571f6b5c09149d69a19c38240ce6b024dff
2019-11-12 11:52:38 +00:00
Daimona Eaytoy a77a59b962 Hard-deprecate empty operands
This bumps the level to WARN, and makes it very clear that people should
fix the affected filters. It also removes the calling method, which was
mostly meant for debugging purposes, and changes the type to 'op_type'
to avoid conflicting with type:mediawiki in logstash.

Bug: T156096
Change-Id: Ie73f1604e8ed82bc2e1be9fc90fa065be37889a3
2019-11-12 11:39:25 +00:00
DannyS712 338341d097 When viewing old filter revisions, show abusefilter-view-oldwarning to users who cannot edit the filter
Currently, `abusefilter-edit-oldwarning` is shown to all users, but not all users are able to edit the filters, and thus the warning about editing isn't applicable to them.

Bug: T235590
Change-Id: I3717d06d4a757684fe6622961391ae06b5bd3c38
2019-11-12 11:36:44 +00:00
Translation updater bot c0a99d876b Localisation updates from https://translatewiki.net.
Change-Id: Ic6e345e2870282bc8083fc58a19d195f571cf8d5
2019-11-12 09:30:12 +01:00
jenkins-bot c4eb01186a Merge "Hard-deprecate too many params" 2019-11-11 23:38:31 +00:00
Translation updater bot 805cca30bc Localisation updates from https://translatewiki.net.
Change-Id: I8151efee17a589f15e2567b61f634f734fbf9186
2019-11-11 15:32:19 +01:00
Translation updater bot d23086323b Localisation updates from https://translatewiki.net.
Change-Id: Idc0c1d853e1c4f46e4abca6b41e630c1906e11fb
2019-11-11 14:44:48 +01:00
Daimona Eaytoy f7ac35d5c6 Hard-deprecate too many params
Bug: T230803
Change-Id: Icec8bcb8ab23956654857acc8b3d235889f587a9
2019-11-10 12:59:33 +00:00
jenkins-bot 91bc961712 Merge "Check for 0-like floats passed to the modulo operator" 2019-11-10 11:51:28 +00:00
jenkins-bot 77681bd67b Merge "Restrict viewing Special:Log/AbuseFilter, and remove from recent changes" 2019-11-10 11:48:15 +00:00
Daimona Eaytoy c0f8374624 Check for 0-like floats passed to the modulo operator
That throws an error in PHP.

Bug: T237459
Change-Id: Ia0b29d6a8b9f4aac6b5b72ce8f2f45afb03f4c99
2019-11-10 11:22:04 +00:00
jenkins-bot 7ff4b95aec Merge "Expand the list of types that can be cast to int" 2019-11-10 11:00:36 +00:00
jenkins-bot 398500121a Merge "Fix conditionals examples in i18n messages" 2019-11-10 10:41:39 +00:00
DannyS712 a137992900 Restrict viewing Special:Log/AbuseFilter, and remove from recent changes
Only allow users with `abusefilter-view` to see abuse filter log
entries. Note that this is different from the abuse log itself.

Bug: T34959
Change-Id: I587c2eb9bdc2e5ca2652aa338440cdc5b6eb9235
2019-11-10 10:41:17 +00:00
Daimona Eaytoy 585d6cdb24 Make to sure to report division by zero when the LHS is undefined
Bug: T234339
Change-Id: I1575ec013c1e7e321a8f13f40804ebc5ab076268
2019-11-08 14:08:52 +00:00
Daimona Eaytoy 1abaff1aac Better handling of keywords and functions
Always run the keyword/function handler, even if there are DUNDEFINED
arguments, so that the handler can perform further validation on the
input and report any error to the user. However, replace DUNDEFINED with
DNULL before running the handler, to avoid special-casing DUNDEFINED in
every handler. If any argument was a DUNDEFINED, we will return
DUNDEFINED anyway.

Also centralize the keyword handling logic to a new method, like it
happens for functions.

Bug: T234339
Change-Id: I875cb77418a39790e91fe5867c49917bfe406ed4
2019-11-08 15:07:20 +01:00
Daimona Eaytoy e98799a00a Centralize the code for calling keywords
This allows sharing the code between cachingparser and the old parser
(for DRY-ness), and even when the old parser will be killed, having the
logic outside of the generic parse method seems saner.

This copies what I446a307e5395ea8cc8ec5ca5d5390b074bea2f24 did for
functions.

Change-Id: Ie6290243a6c78661510a9b4cb713d6e7b2778248
2019-11-08 15:02:17 +01:00
Translation updater bot e1a2aa37a4 Localisation updates from https://translatewiki.net.
Change-Id: I958d7b361b4f1b26ed02714bdcf87cb602fd9239
2019-11-08 09:43:34 +01:00
Daimona Eaytoy b7c7ae168d Explicitly forbid negative indexes in arrays
This emits its own error because:
1- It's clearer to understand
2- It's easier to find where we're dealing with negative offsets, if
we'll ever want to allow that.

Note that trying to use a negative index already results in a hard PHP
error being thrown.

Bug: T237219
Change-Id: Ib11eaaca5e21f740269141c75e62bac48093e8d0
2019-11-08 05:55:56 +00:00
Daimona Eaytoy a7b28369ea Expand the list of types that can be cast to int
Bug: T237624
Change-Id: I2220cb8a8ec998a433a4469d7e0591ec0b4f2b12
2019-11-07 15:14:17 +01:00
Translation updater bot 6a1531b7d4 Localisation updates from https://translatewiki.net.
Change-Id: I3a38fd0004d7f4f48841c304cd2e2f2fa0ac207c
2019-11-07 09:39:33 +01:00
Translation updater bot 4bbb8911d5 Localisation updates from https://translatewiki.net.
Change-Id: I95dcc01683e3eb58ed5beb648514523975e81817
2019-11-05 09:42:51 +01:00
Translation updater bot 93dcea0043 Localisation updates from https://translatewiki.net.
Change-Id: I002d7a6729067b78855a708716a63d7cfbabac7c
2019-11-04 09:25:40 +01:00
Daimona Eaytoy cb15400f97 Fix conditionals examples in i18n messages
Bug: T237131
Change-Id: I68ca3906c64f3da43c7a4985c16f1ab031caebb5
2019-11-02 11:32:05 +01:00
jenkins-bot 5562aade87 Merge "Use PHP regexps instead of SQL to filter on Special:AbuseFilter" 2019-11-01 00:52:28 +00:00
Daimona Eaytoy 7bc70d116e Use PHP regexps instead of SQL to filter on Special:AbuseFilter
As the code comment says, and as it was suggested in
Iafe54285384bc28b3e8812b495166f2682d4571c, we were validating the
provided regexp as PCRE, but using it in SQL, which only supports POSIX.
Furthermore, we won't have to worry about cross-DBMS compat anymore.

Bug: T193068
Change-Id: If6d8717795b6c1dcf619a23363eb6144902cfaed
2019-11-01 11:26:17 +11:00
Translation updater bot 61742d946e Localisation updates from https://translatewiki.net.
Change-Id: Ia909ee4552530bd21da4c5e1fec174bcde658468
2019-10-31 09:24:25 +01:00
Petr Pchelko 915b9a1538 Remove usages of deprecated User methods
Bug: T220191
Change-Id: I54e20870a32ff98b41a98495694ff563c4c4c5ca
2019-10-30 12:51:01 +00:00
Translation updater bot e3cffb465d Localisation updates from https://translatewiki.net.
Change-Id: Ide766b61933462b10dfd8c6d2aafb93afa75d070
2019-10-30 09:30:27 +01:00
Daimona Eaytoy 03b3a555ba SECURITY: Check visibility for each version in ViewDiff
Instead of checking if the filter is currently hidden, check the
visibility for each version and, if the user cannot see private filters,
only show the diff if none of the revision is hidden.
Also avoid showing a "diff" link if the user cannot see it.

Bug: T104807
Change-Id: Ie23e8234ae550273bf3f6f9c5ac45b7fc54eec2a
2019-10-28 15:32:00 -05:00
Translation updater bot c3e78ced15 Localisation updates from https://translatewiki.net.
Change-Id: I78563bb06749bdf44aab9539f7c7bbc3204ba9b9
2019-10-28 14:53:16 +01:00
Translation updater bot 037f037995 Localisation updates from https://translatewiki.net.
Change-Id: If929688a7909e9e110a72f7d344fa213ab16a8e3
2019-10-25 09:15:41 +02:00
Translation updater bot aa5c8d8ae3 Localisation updates from https://translatewiki.net.
Change-Id: I31c266b6342164a516f156a843c692eaf9b78002
2019-10-24 10:37:49 +02:00
Daimona Eaytoy 3a9eac9ad5 Unbreak filter edit form
In Ib7427e15f673a575738489476e604c387f449ddd, I thought that $parameters could've only been null if $action wasn't
enabled, but actually, they're null even if the action is just not set.
Which is true for all actions when creating a new filter, and all
non-set actions when editing an existing one.

Hence, revert the part that touched ViewEdit.

Also add a selenium test to ensure that warn parameters are visible.

Bug: T236286
Change-Id: I8150baa077208eb1fc54ebc1d8415a243d0f3bd3
2019-10-23 18:50:44 +02:00
Translation updater bot cdee6802ea Localisation updates from https://translatewiki.net.
Change-Id: I9d7a230175216f5228571eadfd9f0d292656333e
2019-10-23 09:50:54 +02:00
Translation updater bot 25873c9cbe Localisation updates from https://translatewiki.net.
Change-Id: I750fdc2dd1ccd16073f5d2b6072dc40807f21e31
2019-10-22 09:11:08 +02:00
Translation updater bot 65e48fae59 Localisation updates from https://translatewiki.net.
Change-Id: I8fd625c0252a68bd2fafb3240956ecd6e3e9b2b5
2019-10-21 09:56:15 +02:00
libraryupgrader 08d3431130 build: Updating grunt-stylelint to 0.11.1
Additional changes:
* Added .eslintcache to .gitignore.

Change-Id: Ia603aec7dd94a397867a24ebf721906d50b959ea
2019-10-20 23:04:43 +00:00
Thalia 63eb7eafb7 Use AbstractBlock setters and getters instead of deprecated properties
Change-Id: I01728f919254a9435f051af3fc390eb80ca8d17e
2019-10-20 00:35:00 +01:00
jenkins-bot af86fe62a4 Merge "build: Upgrade mediawiki-phan-config to 0.8.0" 2019-10-19 20:04:47 +00:00
Translation updater bot 2c51fb37e9 Localisation updates from https://translatewiki.net.
Change-Id: I4f3768315556119b0bcb8391085333d4d4851760
2019-10-16 20:37:22 +02:00
Translation updater bot 828f1d881c Localisation updates from https://translatewiki.net.
Change-Id: I0fa3509ad517b045d93835777ddc3f553b54fdaa
2019-10-16 10:36:44 +02:00
Translation updater bot 7bd97f6a13 Localisation updates from https://translatewiki.net.
Change-Id: Ic514113078f2f18297269ce445fd265216837df6
2019-10-10 09:30:09 +02:00
James D. Forrester 4d988471be build: Upgrade mediawiki-codesniffer to v28.0.0
Change-Id: I7ef6ec1614718c016562281a166867ee3bd93df7
2019-10-09 18:34:07 +00:00
Daimona Eaytoy b9e4475985 build: Upgrade mediawiki-phan-config to 0.8.0
This is to verify that our CI is able to handle the new version.

Bug: T235049
Change-Id: Ib7427e15f673a575738489476e604c387f449ddd
2019-10-09 19:12:51 +02:00