Commit graph

198 commits

Author SHA1 Message Date
csteipp 736095adaa Don't revert global log actions
Prevent attempting to revert a global rule's actions, when the action
happened on another wiki.

This is probably a temporary fix. Eventually, we may want to support
having a central administrator revert actions from global rules on
the local wikis.

Change-Id: Idd29596ddc21c37d81528a8ae6ed14367c373c5f
2012-09-12 09:49:13 -07:00
grunny 13bdc746ed Add missing message from the edit view for global filters
This message is used on the edit view when global filters are enabled to specify
whether or not a filter is global.

Patch Set 2: Add comments on where the message is used along with other messages
that can be formed by the concatenated string so they are easier to find

Change-Id: I5d1e99fa1dcaea8ed298affbd6388042f58686ee
2012-09-04 19:13:02 +10:00
csteipp 1973ea6714 Add Global Rules
* Update rules list view to show global rules toggle, global rules
* Update rule processing to get global rules from memcache, if no
rule exists, get them from the central database and store them in
memcache
* Delete global rule key whenever global rules are updated
* Add filtering for log by wiki on the central database, updated
table definitions to add index on afl_wiki
* Add global $wgAbuseFilterDisallowGlobalLocalBlocks so local wikis
can prevent global rules from locally blocking, removing or revoking
permissions.

* patchset 13: Include recommendations from Tim. Add db updates to
LoadExtensionSchemaUpdates hook.
* patchset 14: forgot to add new files

Change-Id: Id69a9d603f9679f838e8691c651a3e9d8461b422
2012-08-27 03:30:07 +00:00
Liangent 1b7994b3bd Use a new message for subtitle of edit view when creating filter
Change-Id: Ie956ce2954e8f2507191677561fe68b548eddba5
2012-07-02 01:43:47 +08:00
Andrew Garrett 18bac6fed9 AbuseFilter: Make it possible to have differing default warning messages for differing filter groups.
Includes JS to sneakily change the default message if the user changes the filter group without having selected the "warn" action yet.

Change-Id: Ic753c3e018321dba3bf9f6d7bcee10a49c9faac8
2012-06-26 21:56:30 +02:00
Andrew Garrett b8ef2830bb Add some documentation improvements to Views/AbuseFilterViewEdit.php
Change-Id: I1f6fa1ff32b6fb1d71f99b0d456972c4ecaed29c
2012-06-17 23:03:39 +02:00
Alex Monk 5a05bb7e47 (bug 37335) Let people with abusefilter-view-private see diffs for changes to private abusefilters.
Change-Id: I0db040f327ed501714f70ede4abc3654799973f5
2012-06-07 16:55:09 +01:00
Andrew Garrett dc207d0cbd Abuse Filter: Allow filters to be split into "groups" for the purposes of operating them on different types of input.
The purpose of this change is to allow AFTv5 developers to run a separate list of filters against article feedback actions without issues of cross-contamination and bumping up against the condition limit.

Change-Id: I758795f01eaf3ff56c5720d660cd989ef95764a7
2012-05-12 12:53:32 +10:00
Sam Reed 69e582dc17 More documentation stubs
Fix Html::inputLabel to Xml::inputLabel

Fix up some deprecated code

Change-Id: If6503b1794d89666206802591094949e5d715ac1
2012-03-26 16:03:23 +02:00
Roan Kattouw 6c4bd57043 Revert r111217 (unreviewed rev in AbuseFilter) and its dependencies r113585, r113587, r113588, r113589.
All of these revisions are tagged with 'gerritmigration' and will be resubmitted into Gerrit after the Gerrit switchover. See also http://lists.wikimedia.org/pipermail/wikitech-l/2012-March/059124.html
2012-03-21 19:41:11 +00:00
Sam Reed 05a9d4d061 More documentation stubs
Fix Html::inputLabel to Xml::inputLabel

Fix up some deprecated code
2012-03-11 20:51:54 +00:00
Sam Reed 642200ea1c Add some more __METHOD__ 2012-02-29 15:36:10 +00:00
Andrew Garrett e2479d45da (bug 33392) Fix issue where users without permission to add restricted actions could nonetheless remove them. Patch by Nikola Kovacs, with modifications for code style. 2012-02-08 01:02:11 +00:00
Sam Reed 1b383fe0ae Fix r98659 per Nikerabbit 2012-01-13 20:41:16 +00:00
Sam Reed a084822a88 Documentation
Remove unreachable return

Remove unused globals
2012-01-05 20:31:02 +00:00
Mark A. Hershberger 4e8be82722 Bug 33380 - Details of actions caught by a private filter should be private
Author: Nikola Kovacs

Hide private information from logs
2012-01-03 17:29:10 +00:00
Mark A. Hershberger a4858a5109 Fix Bug 33390 - Examine page is visible for hidden log entries
Fix Bug 24186 - "Examine" page is visible to users without abusefilter-log-detail right
Author: Nikola Kovacs

There was a more complex patch on Bug 24186, but I think he makes a
good argument why his is better.

Beware: I'm not set up to test AbuseFilter, but I didn't see anyone
else in core MW who regularly works on it.
2011-12-27 23:35:24 +00:00
Liangent c576289635 Followup r100969: There may be Mac newlines as well. 2011-12-10 08:40:11 +00:00
Victor Vasiliev 0f89170b4e Fix a syntax error caused by using the same variable name for two different things. 2011-11-27 08:58:46 +00:00
John Du Hart 7cf809bb0e Changes from r103817 2011-11-22 16:08:18 +00:00
John Du Hart 274dcd06a2 Pass one of converting AbuseFilter to use ContextSource
The main AbuseFilter class still needs to be fixed up, but that's a bigger job and I'm out of time
2011-11-16 05:34:24 +00:00
Liangent 44f71ac0b7 Normalize newline before exploding by "\n" 2011-10-27 12:50:48 +00:00
Liangent 8ac1b4c619 Newline to <br> replacement should take place after escaping 2011-10-27 12:17:48 +00:00
Raimond Spekking 4e578cac93 Run some filter IDs through formatNum() for better l10n 2011-10-17 07:56:05 +00:00
Andrew Garrett 4a37f1b892 Respond to CR on r96225: use rawParam 2011-10-02 07:06:38 +00:00
Andrew Garrett 137e0ece3a Do not use replaceafter, per r52735 CR 2011-09-04 14:12:18 +00:00
Siebrand Mazeland 8ecd76b867 Use Linker statically.
No constant check needed for files only containing a class.
2011-09-02 15:34:55 +00:00
John Du Hart b30697e94c Adds ResourceLoader support to AbuseFilter
Rewrote javascript to use jQuery
Added API modules to replace sajax_* calls
Solves bug 29714
2011-08-26 20:12:34 +00:00
Sam Reed a9e738f099 More document
Few minor code improvements
2011-08-24 22:11:52 +00:00
John Du Hart e6e286ba31 (bug 30480) Fixes AbuseFilter's tool page from having its own subtitle, it shoudl have the navigation bar instead 2011-08-22 21:52:07 +00:00
Robin Pepermans b7881fc102 (bug 25898) AbuseFilter: clearer permission error when attempting to view diff of private filter
Also change some link functions to use Linker::link*
2011-07-14 04:57:29 +00:00
Robin Pepermans f4750e9250 (bug 23086) AbuseFilter config diff date and time should use user preference instead of UTC 2011-07-06 23:14:04 +00:00
Happy-melon 12e1428629 * Implement an extensible Block::prevents( <action> ) function to replace the plethora of direct member variable accesses This pushes the historic *disable*-createaccount-vs-*allow* usertalk-edit wierdness down to the database layer
* Implement accessors for isHardblock() and getRangeStart()/getRangeEnd() in the same fashion.
* Make the corresponding variables private, removing external accessors.  This required updating AbuseFilter with non-B/C code, so I also implemented the rest of the changes I've made to the blocking backend in that extension.
* Move the "get an IP range which encompasses the given IP/range" logic to Block.php; will be needed later... :D
2011-03-19 23:47:08 +00:00
Sam Reed 6d548203f7 Parameter and Return Type hints 2011-02-10 17:32:57 +00:00
Sam Reed a0a6d18b88 Code cleanup, mainly unused variables 2010-11-04 01:29:10 +00:00
Sam Reed 6098610527 Another big cull on unused variables and such 2010-10-29 21:55:29 +00:00
Sam Reed 961f512452 More deprecated method call removals and updates 2010-10-29 15:32:44 +00:00
Sam Reed cf800e4c18 Start removing/fixing calls to deprecated methods in WMF used extensions 2010-10-29 15:14:44 +00:00
Jack Phoenix 5e0330c6cc AbuseFilter: coding style tweaks, changed some while loops to foreach (as per http://www.mediawiki.org/wiki/Manual:Coding_conventions#Assignment_expressions) and added __METHOD__ to one DB query 2010-08-19 21:12:09 +00:00
Sam Reed 485a5b0856 Minor revert of CentralNotice.db.php
Add some braces

Remove more unused variables
2010-07-26 21:55:18 +00:00
Sam Reed bfeb901839 Remove some more unused variables 2010-07-24 21:32:07 +00:00
Sam Reed 6981886b50 Nuke some more unused globals 2010-07-24 21:12:27 +00:00
Aryeh Gregor ed5b83e6ac Remove most named character references from output
Recommit of r66254 to trunk.  This was just

find extensions phase3 -iname '*.php' \! -iname '*.i18n.php' \! -iname 'Messages*.php' \! -iname '*_Messages.php' -exec sed -i 's/&nbsp;/\&#160;/g;s/&mdash;/―/g;s/&bull;/•/g;s/&aacute;/á/g;s/&acute;/´/g;s/&agrave;/à/g;s/&alpha;/α/g;s/&auml;/ä/g;s/&ccedil;/ç/g;s/&copy;/©/g;s/&darr;/↓/g;s/&deg;/°/g;s/&eacute;/é/g;s/&ecirc;/ê/g;s/&euml;/ë/g;s/&egrave;/è/g;s/&euro;/€/g;s/&harr;//g;s/&hellip;/…/g;s/&iacute;/í/g;s/&igrave;/ì/g;s/&larr;/←/g;s/&ldquo;/“/g;s/&middot;/·/g;s/&minus;/−/g;s/&ndash;/–/g;s/&oacute;/ó/g;s/&ocirc;/ô/g;s/&oelig;/œ/g;s/&ograve;/ò/g;s/&otilde;/õ/g;s/&ouml;/ö/g;s/&pound;/£/g;s/&prime;/′/g;s/&Prime;/″/g;s/&raquo;/»/g;s/&rarr;/→/g;s/&rdquo;/”/g;s/&Sigma;/Σ/g;s/&times;/×/g;s/&uacute;/ú/g;s/&uarr;/↑/g;s/&uuml;/ü/g;s/&yen;/¥/g' {} +

followed by reading over every single line of the resulting diff and
fixing a whole bunch of false positives.  The reason for this change is
given in <http://lists.wikimedia.org/pipermail/wikitech-l/2010-April/047617.html>.
I cleared it with Tim and Brion on IRC before committing.  It might
cause a few problems, but I tried to be careful; please report any
issues.

I skipped all messages files.  I plan to make a follow-up commit that
alters wfMsgExt() with 'escapenoentities' to sanitize all the entities.
That way, the only messages that will be problems will be ones that
output raw HTML, and we want to get rid of those anyway.

This should get rid of all named entities everywhere except messages.  I
skipped a few things like &nbsp that I noticed in manual inspection,
because they weren't well-formed XML anyway.

Also, to everyone who uses non-breaking spaces when they could use a
normal space, or nothing at all, or CSS padding: I still hate you.  Die.
2010-05-30 17:33:59 +00:00
Raimond Spekking de5b7258b9 Add accesskeys 's' for save actions 2010-03-13 17:35:12 +00:00
Raimond Spekking ac8439bd8a Use commaList() for better i18n 2010-03-13 17:23:08 +00:00
Siebrand Mazeland b274606879 Update code formatting, run stylize.php, whitespace updates 2010-02-13 14:10:36 +00:00
Siebrand Mazeland e86b1357ac Update break notation to self enclosed and properly spaced 2009-11-14 20:59:15 +00:00
Jack Phoenix e2a16fe755 AbuseFilter: big commit - coding style & spacing cleanup; also marked SpecialPages' construct() and execute() functions as public and capitalized some SQL keywords 2009-10-07 13:57:06 +00:00
Andrew Garrett 13ab814753 AbuseFilter: Show permissions errors on new filter and importing a filter when the user does not have permission.
Resolves bug 20467
2009-09-18 10:05:20 +00:00
Andrew Garrett 6133a51192 Fix bug 19799, hide public versions of private filters. 2009-08-07 16:13:06 +00:00
Andrew Garrett 5524008a54 Fix bug 20033, error in AbuseFilterView.php 2009-08-03 10:17:29 +00:00
Andrew Garrett c89fb0e608 Fix for bug 19894, now preview and view/edit buttons for warning messages are no longer disabled for unprivileged users. 2009-07-27 10:48:07 +00:00
Andrew Garrett 94a9b2b174 Require tags to be valid page titles. In the message, gives general recommendations that they be short and simple, rather than specifying the exact criteria. I want to encourage simplicity in tags, rather than fixing an immediate problem 2009-07-17 15:37:03 +00:00
Andrew Garrett d69a31acb3 Fix weird bug where unchanged conditions were being parsed as wikitext in diff displays, and usage of deprecated method 2009-07-17 14:03:11 +00:00
Andrew Garrett 5c08223f77 Fix bug 18176, hard-coded JS strings needed localisation. 2009-07-17 13:52:40 +00:00
Andrew Garrett 4e3f9ab256 Add abusefilter-view-private right for viewing private abuse filters. Patch by Haza-w with stylistic and other minor adjustments 2009-07-03 14:17:05 +00:00
Andrew Garrett fb9d1978cf Change disabled to readonly for textboxes on uneditable filters 2009-07-03 13:54:08 +00:00
Andrew Garrett 3c51c81c93 Add condition limit profiling as well as time profiling to the abuse filter (bug 19256) 2009-07-03 13:46:51 +00:00
Andrew Garrett 0d97b9e140 GENDER support for abusefilter-diff-version 2009-07-03 12:55:10 +00:00
Andrew Garrett 98fb7d2689 log_action field now expanded to 32 chars, re-activating change logging 2009-07-03 12:48:28 +00:00
Andrew Garrett 924b9f19ba Core changes for r52307 2009-06-23 21:52:39 +00:00
Victor Vasiliev eecea2cd0e Fix SQL error on sorting filters by status 2009-06-18 15:19:58 +00:00
Andrew Garrett 695a2aad56 Fixes from bug 19135:
* Load abuse filter data from the master for edits, prevents unintended reversion in the case of replication lag.
* Load explicit field list, preventing another issue seen on Wikimedia and described in the comments.
2009-06-17 11:50:26 +00:00
Andrew Garrett 3018de0453 Per comments on code review, use JSON instead of PHP serialization for Abuse Filter data interchange. PHP's unserialize() can expose remote code execution vulnerabilities with some input. 2009-06-02 12:59:05 +00:00
Purodha B Blissenbach b6b6c154c8 Message 'abusefilter-edit-lastmod-text' - date and time separated as of request by user "Der Umherirrende" at
http://translatewiki.net/w/i.php?title=Support&oldid=1243738#split_date_and_time
and user name added for GENDER use.
2009-06-01 23:15:23 +00:00
Andrew Garrett 48bfcc35ee Various code quality fixes for AbuseFilter suggested by Tim Starling in a private email, including bugfixes, memory safeguards, performance improvements, removal of redundant code, consolidation of similar functionaality. 2009-05-26 13:08:15 +00:00
Siebrand Mazeland e454269bfc Proper casing for getDBkey() 2009-05-24 08:33:57 +00:00
Tim Starling 268d72f43b Code formatting and comments. 2009-05-22 06:42:10 +00:00
Andrew Garrett 32aedf1644 (bug 18077) PostgreSQL compatibility issues in AbuseFilter, patch contributed by Brad Jorsch 2009-04-24 03:27:14 +00:00
Andrew Garrett d00d767207 Allow filtering by page on AbuseFilter batch testing interface 2009-04-23 04:30:17 +00:00
Andrew Garrett 1a0fc0fea9 Add import/export interface for filters so that filters can be copied across wikis 2009-04-23 04:23:56 +00:00
Andrew Garrett 7c3f048fff Usability work, making abuse filter forms readonly (rather than just lacking a submit button and rejecting submissions) for users without permission. 2009-04-01 04:34:21 +00:00
Andrew Garrett 186fc67373 Crackdown on filter evaluation by users unable to modify filters. This is a DoS vector which I thought I'd already plugged. 2009-03-31 15:13:26 +00:00
Andrew Garrett 14b850f891 Implementation of global filters, including a major i18n change for abusefilter-log-detailedentry message (rename and split). Needs further testing before deployment 2009-03-30 06:12:12 +00:00
Andrew Garrett 9d9c666fea Remove accidentally-committed code in r48856 2009-03-26 04:44:47 +00:00
Andrew Garrett 920f04d4fa Fix batch-testing (follow-up to r48855) 2009-03-26 04:41:05 +00:00
Andrew Garrett 32c83009e3 Fix examine interface, was broken for a while 2009-03-25 02:53:23 +00:00
Andrew Garrett 2eaf10edde Make changes link for first filter revision link to the history item (bug 18027) 2009-03-22 23:27:27 +00:00
Andrew Garrett 903cd76bd8 Fix output for examine interface in cases where no edits are available 2009-03-22 03:12:53 +00:00
Andrew Garrett 23ba2cb968 Fix abuse filter examine interface for new account creation log. 2009-03-22 02:59:01 +00:00
Andrew Garrett 4e6754e082 Prevent leaking of filters through diffs 2009-03-22 02:12:51 +00:00
Alexandre Emsenhuber 80fdcf77ce Fix calls to deprecated functions 2009-03-21 18:47:26 +00:00
Andrew Garrett 1d180de4ed Fix abuse filter sorting by hitcount 2009-03-19 06:56:30 +00:00
Andrew Garrett f234bcf66d Add basic filter profiling to AbuseFilter -- display on the edit filter page the average time taken to run the filter. Currently sampling at 1/50 2009-03-19 02:40:48 +00:00
Victor Vasiliev d400dc6763 Fix an XSS bug in AbuseFilter 2009-03-18 19:57:25 +00:00
Andrew Garrett 58a95312e0 Prevent cross-filter diffing 2009-03-18 04:10:04 +00:00
Andrew Garrett de1d5965ad filters are not wikitext 2009-03-18 01:03:29 +00:00
Andrew Garrett ac575f599b Fix double-escaping on diff page 2009-03-18 00:15:47 +00:00
Andrew Garrett 1aa5ea69e8 Disable logging until logging table is fixed up 2009-03-17 23:54:56 +00:00
Andrew Garrett 0ce853e093 Prevent leaking of hidden filters through history interface. 2009-03-17 13:18:33 +00:00
Andrew Garrett 99805ab584 Use POST instead of GET for the evaluate with vars AJAX widget -- results in too-long URIs and therefore 400s 2009-03-17 00:10:58 +00:00
Andrew Garrett b35585733b Add paging to examine 2009-03-12 11:38:21 +00:00
Andrew Garrett 5493b2a690 Add diffs to AbuseFilter. Includes a related pare-down of history, under the assumption that diffs will take up the slack 2009-03-12 05:04:39 +00:00
Raimond Spekking 06a1e8303d Follow up r47847: Show the timestemp in users preference timezone 2009-03-11 18:58:38 +00:00
Andrew Garrett cca12dab2e Hide rollback links in examine interface 2009-03-11 09:45:45 +00:00
Andrew Garrett fe5141c412 Add a normal log for filter changes, mostly just a pointer back to the real log. 2009-03-11 07:12:42 +00:00
Andrew Garrett 3a55ecbc85 Link together abusefilter pages with a navigation interface at the top. Add a better intro to the abusefilter home page. 2009-03-11 05:55:06 +00:00
Raimond Spekking 58fdf4f05d * Add Language::semicolonList() function
** Todo: combine all three list functions (comma, semicolon, pipe) into one function with a parameter?
* Use pipe as backlink separator to be consistent with other navigation elements
* Show the colon for case 'afh_actions' only if parameters exist
** Remove the now useless message
* Localize the usages of comma and semicolon
2009-03-06 10:56:37 +00:00
Andrew Garrett 8cb94549d1 Use parseinline instead of parsemag for abusefilter-status 2009-03-01 12:43:36 +00:00
Andrew Garrett f94f42b506 Store Abuse Filter variable dumps to external storage instead of leaving in afl_var_dump. afl_var_dump needs to be left as a BLOB for the moment for backwards-compatibility. 2009-02-27 03:06:19 +00:00