Commit graph

165 commits

Author SHA1 Message Date
Brad Jorsch cec8352e5b Improve tag name validation
Various pieces of the tagging system will break if the tag name contains
slashes or commas, so that should be checked for.

MediaWiki core (as of Ic5d75432) contains a method for doing just that,
so use it if possible.

Also require that tag names be either:
* Intended for reuse (canAddTagsAccompanyingChange)
* Already in use
* Creatable

This prevents the use of software-defined tags (unless whitelisted)
or tags that are blocked from creation (e.g. OAuth reserved tag
prefixes)

Add caching for tag lookup since it's used more often now.

Bug: T92956
Bug: T27151
Depends-On: Ic5d754323cbfd2c2b54c4df1245767946ebb1821
Change-Id: Ibc3095879f276a5436362f471b885e64f338522e
2017-06-15 20:15:20 -04:00
Umherirrender a063e33ee8 Use short array syntax
Done by phpcbf over composer fix

Change-Id: I53fd1fc8d056b9b60194d2d630852cfca37aadea
2017-06-15 17:02:57 +02:00
Matěj Suchánek c5c6e77c63 Fix warning string
Bug: T137330
Change-Id: I4b0a11e35285d0a47f3dc52832f22bba208cf7c2
2017-04-15 16:37:04 +00:00
Matěj Suchánek 9e4f0a0944 Add GENDER support for 'abusefilter-log-linkoncontribs-text'
Bug: T159657
Change-Id: Ic9d4efa9a0f32396694b102ee8904166d8f7048a
2017-03-06 14:43:14 +00:00
Kunal Mehta 18d29ccc05 Don't access protected SpecialPage::getLinkRenderer()
It should be public but can fix that later...

Follows-up f4ddf5dd2.

Change-Id: Ia1f84226859e0ac170f4697cf40d682e36850712
2016-12-07 15:32:41 -08:00
Subin Siby f4ddf5dd23 Replaced Linker::link() & Linker::linkKnown() with LinkRenderer
All usages of Linker::link() and Linker::linkKnown() has been replaced with LinkRenderer

Bug: T149346
Change-Id: Id087fe2aeaae81445e83e020ef66b541d9da4060
2016-12-06 23:21:31 -08:00
Niklas Laxström a85a0c2b5a Properly escape abusefilter-log-linkoncontribs
Change-Id: I4dd89acdea34568e9b33aa0652aad0a54c1b7030
2016-11-30 13:58:52 +01:00
Paladox 2beb56348c Replace ArticleSaveComplete hook usage
Bug: T147390
Change-Id: Id0fb48d867d7a7542f589deed90bae8195daa556
2016-10-09 17:27:54 +00:00
jenkins-bot cb58215838 Merge "Use RecentChange::addTags rather than ChangeTags::addTags" 2016-09-28 02:14:02 +00:00
cenarium 782a25937e Use RecentChange::addTags rather than ChangeTags::addTags
To avoid consecutive DB writes on changetag table.
See I8df2fd983c12632337e8d2922fa357808482338c

Change-Id: Id168581956001902f1c02727a6692f5d65b262e9
2016-09-27 17:12:16 +02:00
jenkins-bot 959077f03f Merge "Avoid global state in ContributionsToolLinks if possible" 2016-09-23 16:20:13 +00:00
Kunal Mehta 06dc4510cc Avoid global state in ContributionsToolLinks if possible
Change-Id: I4fe92ae6947de798d7e7c7dfa8e3b44b5bfa5a1c
2016-09-15 15:36:59 -07:00
Kunal Mehta 1e550ddda9 Allow filtering content model changes
This adds the new_content_model and old_content_model variables. The
latter will be an empty string upon page creation when there is no old
revision.

This also required adjusting the null edit detection to not treat
content model changes as null, as well as some other internal
refactoring.

Bug: T145489
Change-Id: I7c3385056751421ba22efb7d8d064981420e8819
2016-09-13 01:40:21 -07:00
Kunal Mehta c1b2420dfb Fix documentation of AbuseFilter::filterEdit()
$content will always be a Content object, the only caller is the
EditFilterMergedContent hook, which always passes one.

Change-Id: Ic6356c51ec48084c27ce046b78d2380e723cd4b0
2016-09-13 00:44:34 -07:00
Paladox b3081e1798 Update mediawiki/mediawiki-codesniffer to 0.5.1
Change-Id: I4b2055a76db4362a8136e3fd595228cf07d083a9
2016-08-23 16:18:27 +02:00
jenkins-bot 6bd39475bb Merge "Only run filters once for direct uploads (without stash)" 2016-08-11 04:44:52 +00:00
Kunal Mehta 722550e431 Remove 'UnitTestsList' hook
Extension unit tests are now autodiscovered.

Bug: T142120
Change-Id: I45dc300b24d27e2a36533600e1232ee56b76b2b8
2016-08-04 13:16:06 -07:00
Bartosz Dziewoński f2e05b105b Only run filters once for direct uploads (without stash)
Uses the new UploadStashFile hook.

Bug: T140522
Depends-On: I2f574b355cd33b2e9fa7ff8e1793503b257cce65
Change-Id: Ic7c2dbc54c6ad300d26172796ee21027a8c372ee
2016-08-03 16:30:18 +02:00
Glaisher 67a62093c7 Generate user vars from User passed by hook instead of $wgUser in onArticleDelete
$wgUser causes issues when it is not properly set when doing deletions in jobs and we want to
generate variables for the deletion performer anyway. WikiPage::doDeleteArticleReal already
ensures that $wgUser is only used when the performer is not set. Also updated docs.

Bug: T138571
Change-Id: If4895fe86acfd1dc2c439837df3830f9b2214336
2016-07-23 14:30:17 +05:00
Bartosz Dziewoński 1826d39620 Use custom error code for all edit and upload API responses
The error code 'abusefilter-disallowed' or 'abusefilter-warning' is
used, depending on whether the filter only warns (and will allow the
action when retried) or prevents the user from performing the action.
The API response has been extended with some additional properties.

* For simple filters with no custom messages where the only action is
  'disallow' or 'warn', the error code is the same as before.
* For filters with different actions, different error codes would
  previously be returned; 'abusefilter-disallowed' will be returned
  for them all, with the actions taken listed in the
  .abusefilter.actions property of the API response.
* For filters with custom messages, the message key would previously
  be used as the error code; now 'abusefilter-disallowed' or
  'abusefilter-warning' is used, with the message available in the
  .message property of the API response.

Also cleaned up some dead "forwards-compatibility" code and made a
recently introduced public method private.

The new functionality depends on Ifac8995a4d16d11840cee814177fc2808bc2072c
in MediaWiki core, older MediaWiki versions behave mostly as before.

The new .message property contains both the key and the parameters
duplicated from .abusefilter, so that the client doesn't have to know
what AbuseFilter is - it'll be able to just display the given
message with the given parameters. My specific use case is the upload
dialog in core (core shouldn't have to know about any extensions).

See also TitleBlacklist change I97c1f5c6bbbdfc0b8ea9914bb075d5299c14df8f.

Bug: T137961
Change-Id: I5780eae96930211191ecd874aacf53fdacb58f89
2016-07-11 19:20:19 +00:00
jenkins-bot e49bd1bdba Merge "Provide page text and edit summary when filtering file uploads" 2016-07-11 19:12:52 +00:00
Bartosz Dziewoński 069e0c89a5 Provide page text and edit summary when filtering file uploads
This allows filters using `action='upload'` to use the variables
`summary`, `new_wikitext` and several others that previously were only
provided when editing pages (`action='edit'`).

This is achieved using the new UploadVerifyUpload hook, introduced in
MediaWiki core in change Ie68801b307de8456e1753ba54a29c34c8063bc36.

`action='upload'` is now only used when publishing an upload, and not
for uploads to stash. A new `action='stashupload'` is introduced,
which is used for all uploads, including uploads to stash. This
behaves like `action='upload'` used to, and only provides file
metadata variables.

Filter authors should use `action='stashupload'` when a file can be
checked based only on the file contents, and `action='upload'` only
when the wikitext edit needs to be examined too.

Bug: T87381
Bug: T89252
Bug: T139848
Change-Id: I9654f82ecda82e4917fd0ac6b364b947a1434c73
2016-07-09 13:31:15 +00:00
Aaron Schulz 4091c87bad Remove "minor_edit" variable
This is almost never used and greatly complicates edit stash hooks.
It now always set to false.

Change-Id: I7f13773766e12f3d4b86451fdf3ae23e067ac373
2016-06-27 13:07:14 -07:00
Aaron Schulz 6af0857c55 Move the filter pre-caching outside of the DB lock
Edits should not wait on this to finish, especially since it does
both the minor and non-minor edit cases, only one of which actually
being useful. If the cache is there in time and there is no edit
summary it will be used; if not, there probably no reason to wait.

Bug: T138550
Change-Id: Ifc3b97ddf4dbb94f8ec3eacfcd5c8994c69aafbc
2016-06-27 11:30:29 -07:00
Bartosz Dziewoński b053963b87 Minor code quality tweaks
Change-Id: If34e763e7cc82917c8611ec638972d20f559a601
2016-06-20 19:10:57 +02:00
Bartosz Dziewoński c03ac953ad Remove backwards-compatibility code using APIEditBeforeSave hook
It was only needed for MediaWiki prior to 1.25
(09a5febb7b024c0b6585141bb05cba13a642f3eb).
We no longer support those versions after
d527574d2b.

Bug: T137832
Change-Id: I9d0b7e7713c805ebc7bf59f55456e69c6491e265
2016-06-17 01:45:29 +02:00
Aaron Schulz e91939fb3f Cache AbuseFilter::checkAllFilters during edit stashing
This should improve page save times when manual edit summaries are
not used (and in a few cases, where they are).

Also fix a few annoying IDEA errors with block comments.

Bug: T137698
Depends-On: I2e407a3ac8b74e77bf88b1e34c1519f4dea63b80
Change-Id: I972e9147a5e52a941f478eaf1e96dc3ef8bdfe94
2016-06-14 04:26:14 -07:00
Gergő Tisza ed5cc1b5fc Update for AuthManager
Repeats I61e4327ef3c7a31b19feef727de7d683f69e260b (which had to be
reverted due to a problem with an ancestor patch) without any
significant change.

Bug: T110448
Bug: T135360
Change-Id: I1688cf9fbcb04bb56d075c9f0876bd0ffeced4f6
2016-06-06 19:54:26 +00:00
Gergő Tisza 6a2627e944 Change some globals to work better with extension registration
Rename $wgAbuseFilterAvailableActions / $wgAbuseFilterRestrictedActions
to $wgAbuseFilterActions / $wgAbuseFilterRestrictions and make
them an associative array instead of a plain one, as that works more
sanely with extension registration. (The renaming helps to give more
useful errors to sites using the old config.)

Change-Id: I790d39c2849922d7daf7479f298cd90cf30af129
2016-06-06 19:53:53 +00:00
Gergő Tisza 8cc1aa78bf Revert extension registration and following changes
Reverts:
* e71808f4c4 ("Add extension.json, empty php entry point")
* 8c937957c0 ("Update for AuthManager")

Bug: T136929
Change-Id: Iefc88cb4e981113119f850ca70b9486675bf8a8d
2016-06-03 14:57:55 +00:00
Gergő Tisza 8c937957c0 Update for AuthManager
Bug: T110448
Bug: T135360
Change-Id: I61e4327ef3c7a31b19feef727de7d683f69e260b
2016-05-28 18:42:28 +00:00
Aaron Schulz 51b572a27a Make negative process caching in onGetAutoPromoteGroups() work
Storing "false" is not allowed, so this resulted in duplicate fech log
warnings in that case.

Bug: T133728
Change-Id: I985700f8c42773569e53b54820b972e50be776ba
2016-05-16 19:03:39 +00:00
Aaron Schulz 5f34ea278a Remove bogus AbuseFilter::contentToString param
Change-Id: I53e9ad12418b6cb2605b8d4189be43e0091a0aff
2016-05-12 21:17:51 -07:00
Aaron Schulz 2807b5883a Avoid duplicate autopromote block key fetches
Bug: T133728
Change-Id: Ia3a955547e8147e92c7ca9782e399f9abd6d3949
2016-05-05 19:14:19 +00:00
Bartosz Dziewoński 8e48a8eb37 Avoid crippled APIEditBeforeSave hook, use new features of EditFilterMergedContent instead
Back when APIEditBeforeSave was being introduced here, it was
impossible to return error data for API requests from it (T34216). But
this hook runs a lot earlier than EditFilterMergedContent, and only
gives us the text submitted in the action=edit API call and not the
actual text that's going to be saved, which are different for section
edits (T54077) or edits where an edit conflict is automatically
resolved (T73947).

T54077 was solved by making the APIEditBeforeSave lie that there are
no sections edits in the API. Perhaps T73947 could also be resolved by
lying that there are no edit conflicts in the API, but it seemed that
this would require duplicating even more logic from EditPage in the
API than T54077.

And luckily, EditFilterMergedContent recently gained the ability to
return precise error messages to the API (in MediaWiki 1.25,
I4b4270dd868a643512d4717927858b6ef0556d8a). So let's use that if
available and only fall back to APIEditBeforeSave on older versions.

Bug: T73947
Change-Id: I30c1e3d0a6c10888e6ac53745313434474663cce
2016-04-09 01:16:28 +00:00
Bartosz Dziewoński 6298c91bde Remove executable bit from files
find . -perm /111 -type f | grep -v .git | xargs chmod ago-x

Change-Id: I1e5994ba0a74eafdeff262017f90d4c0f09f3ab4
2016-04-08 14:00:52 +00:00
jenkins-bot ff09b901d8 Merge "Add more file_* variables for file metadata" 2016-04-05 19:38:06 +00:00
Bartosz Dziewoński 8858cdd42a Add more file_* variables for file metadata
* file_mime
  The MIME type of the file, e.g. 'image/png'.

* file_mediatype
  The media type of the file, one of 'UNKNOWN', 'BITMAP', 'DRAWING',
  'AUDIO', 'VIDEO', 'MULTIMEDIA', 'OFFICE', 'TEXT', 'EXECUTABLE', 'ARCHIVE'.

* file_width
  Width of the image in pixels, or 0 if it's inapplicable (e.g. for
  audio files).

* file_height
  Height of the image in pixels, or 0 if it's inapplicable (e.g. for
  audio files).

* file_bits_per_channel
  Bits per color channel of the image, or 0 if it's inapplicable (e.g.
  for audio files). The most common value is 8.

Bug: T131643
Change-Id: Id355515a18d3674393332c0f4094e34f9f522623
2016-04-04 23:40:03 +02:00
Reedy f2715ee51c Save upload related title vars in ARTICLE prefix not FILE
We don't define FILE_* as useable title variables, so they're
not accessible

Change-Id: I857b55937204c9ecd2bbd433a33f360b7d3e3aa7
2016-04-02 23:13:38 +01:00
Marius Hoch b2ae8af263 Don't filter undos coming in via the "APIEditBeforeSave" hook
For consistency with other hooks.

Bug: T126861
Change-Id: I087276495c6f5f7fb01855aee3798516869e1a3e
2016-03-17 19:51:16 +00:00
Brad Jorsch c0c4e390b9 Avoid unstubbing $wgUser during AbortAutoAccount hook
At this point $wgUser->getId() will be 0 anyway because the $wgUser is
in the process of being created, so skip the call.

Bug: T124367
Change-Id: I4c6c999f1799db6ff21db3d9df537da643442d27
2016-02-08 19:06:59 +00:00
Aaron Schulz ff18e8a06c Compute last-recent-authors result during edit stashing
This query takes a large chunk of page save time (per xenon).
Try to perform the query before page save.

Bug: T116557
Change-Id: I50432658d387b24e47db7ed66880e53c3e4adee7
2016-01-28 21:11:39 +00:00
Siebrand Mazeland ce1396aea7 Add support for PHP CodeSniffer checks
Also fix any remaining errors and warnings.

Change-Id: Ie49c6172e6bbf8040e5524d33d2f719e96784745
2016-01-06 09:59:47 -08:00
Reedy 50736dbfcb Replace wfBaseConvert with Wikimedia\base_convert
Change-Id: Id31638973bff5c8e6a8b5910e31bdedc9bf11134
2015-11-26 23:28:43 +00:00
Niklas Laxström 622be7f9de Remove unnecessary check for MW_SUPPORTS_CONTENTHANDLER
This extension already requires 1.23+

Change-Id: Ie23339ffeaf6d6a9613b1b9c3929db0bccae65c8
2015-11-23 11:17:37 +01:00
Niklas Laxström df6cde026c Remove EditFilterMerged BC code
This extension already requires 1.23+

Change-Id: Ie56d701c1663a280372caaf71560dfdca7500619
2015-11-23 11:17:34 +01:00
Niklas Laxström 6354f6047a Fix typo in comment and remove unnecessary BC
This extensions already requires 1.23+

Change-Id: Iecb8067d43a38b531b46802ea53abfde20f66cef
2015-11-23 11:17:32 +01:00
jenkins-bot 2b2ebc2c10 Merge "Include global filters in defined and active tags lists" 2015-10-20 17:20:08 +00:00
Brad Jorsch 99652db13d Include global filters in defined and active tags lists
Bug: T105329
Change-Id: I9ea8e0450e8d75de8ce3b00cd7df5960c9521d97
2015-09-25 10:24:51 -04:00
Brad Jorsch a926b2b44f Use new User::newSystemUser() when available
See core change I2c736ad72d946fa9b859e6cd335fa58aececc0d5.

Change-Id: I3f20b408c039937c1f08c9232c336268ba13895d
2015-09-17 11:55:15 -04:00