Commit graph

284 commits

Author SHA1 Message Date
Daimona Eaytoy 3c1dae9e14 Allow users with abusefilter-view-private to use testing interface
Now the required need will be abusefilter-modify OR
abusefilter-view-private for /tools, /test and /examine.

Bug: T193903
Change-Id: I3f1a91a2cc1df2272e5d4099cefd7c649a0683d5
2018-06-24 14:10:38 +00:00
jenkins-bot c34eda8936 Merge "Introduce sanitize() function" 2018-06-24 13:53:46 +00:00
jenkins-bot 9eb736d63d Merge "Enable OOUI and add unused button to the output" 2018-06-10 03:13:20 +00:00
jenkins-bot a4a6511972 Merge "Don't allow invalid IP ranges to be entered in ip_in_range()" 2018-06-10 00:33:27 +00:00
jenkins-bot 8fa73341cf Merge "Remove all not needed & from hook handler signatures" 2018-06-09 09:22:29 +00:00
jenkins-bot 075ccac1a2 Merge "Show throttled filters in Special:AbuseFilter" 2018-06-08 20:21:53 +00:00
Max Semenik 5c8a8da1f2 Fix some Doxygen problems
Change-Id: I04ce5564ec73e45a6d94c51be94bd1423a86780a
2018-06-08 13:02:40 -07:00
Daimona Eaytoy cf4ac34420 Show throttled filters in Special:AbuseFilter
With this patch, filters which are both enabled and throttled have an
"actions automatically disabled" label together with "enabled" and the
row is displayed in red. Plus, some minor changes like removing unused
fields from sortable ones and added a comment to getQueryInfo about used
columns (the idea is that it'll be easy to understand if a given column
is already there, plus if we'll need the missing one we may just replace
it with '*').

Bug: T154206
Change-Id: Iab157d094cbf2d50e9db537535fd48243e74af0b
2018-06-08 21:54:58 +02:00
jenkins-bot 1981c9f8b8 Merge "Add an option to hide private filters on Special:AbuseFilter" 2018-06-08 19:46:53 +00:00
jenkins-bot 5820b21ae3 Merge "Remove all default "return true" from hook handlers" 2018-06-08 19:42:02 +00:00
jenkins-bot 617e045483 Merge "Get rid of call_user_func_array()" 2018-06-08 19:32:31 +00:00
Thiemo Kreuz 9a185042b8 Update \AbuseFilter::checkSyntax documentation
Change-Id: I5c5caefab8d46773a459809d956a91fda7471863
2018-06-08 19:18:39 +00:00
Max Semenik 4c312a2693 Get rid of call_user_func_array()
Yay PHP7!

Change-Id: I2ec13d1a51981c6922949bed0c7dd2525c48f591
2018-06-07 23:01:27 -07:00
Thiemo Kreuz 7f600d2ebe Remove all not needed & from hook handler signatures
Most of these are accidential, obsolete from a time when PHP4 required
these & to enforce passing by reference. This is the default since PHP5.
The issue with this & is that is (in theory) allows hook handlers to
replace the object with an entirely different one. Luckily this does
not work in all cases I'm aware of. But it is confusing, semantically.

Change-Id: If1e9e2723ef96308f9b4b27377398a5e497bfe70
2018-06-07 13:29:22 +02:00
Thiemo Kreuz 7ec9725c42 Remove all default "return true" from hook handlers
This is the default for many years now. Returning true is not different
from returning nothing.

I'm not touching functions that can either return true or false.

Change-Id: I6c70b8ef44f17271201a69a85301a631b32763c0
2018-06-07 13:26:13 +02:00
Daimona Eaytoy 9fe281e704 Enable OOUI and add unused button to the output
In If67035991a0835ec3edc13be4543e6b40c76c3ea I changed a couple of links
to OOUI buttons, but forgot to add one of these to the output (and to
enable OOUI as well).

Change-Id: I7dd4b554bae406bc0c8326867298302ee10b47f2
2018-06-04 11:21:41 +00:00
Daimona Eaytoy 43ec6cf830 Add an option to hide private filters on Special:AbuseFilter
While the change itself is simple, the only problem here is the desing,
since we're adding even more vertical space with this.

Bug: T164108
Change-Id: Ic5373dd4f0b85dc1311d90ac165d4520ac956e68
2018-06-04 11:21:18 +00:00
Huji Lee 2792fce41e Introduce sanitize() function
Normalizes HTML entities into unicode characters

Bug: T169122
Change-Id: Ic916a6f8976e486d62d65156fa2dab56a55cf22a
2018-06-03 16:37:23 -04:00
Max Semenik 94f3bc67ca Use PHP7 ?? operator
Change-Id: I757b832ac86f52d8b70ffc42fdb60796ab81e7fe
2018-05-31 11:53:03 -07:00
jenkins-bot 7682a61786 Merge "Reset condCount when entering checkAllFilters" 2018-05-27 11:03:56 +00:00
libraryupgrader 99c212226d build: Updating mediawiki/mediawiki-codesniffer to 20.0.0
Change-Id: Ib1d0dfa76babc01c30f4e905e8f6fb80e1e9a0bc
2018-05-25 23:31:49 +00:00
jenkins-bot 424e5eab70 Merge "Simplify contentToString function" 2018-05-25 12:12:22 +00:00
jenkins-bot 96a91ac9b2 Merge "Allow IP addresses in user selectors" 2018-05-24 18:15:33 +00:00
Matěj Suchánek 45b8855754 Allow IP addresses in user selectors
Also unify username normalisation in Special:AbuseLog with /examine and /test.

Change-Id: I85e10ba9262c698b8c279b5cad9fae4a0ab3d7b0
2018-05-24 18:53:23 +02:00
Daimona Eaytoy ba9df944c8 Compare with null instead of using $config->has
With I91a9c5cca55e540a6c95b750579c1c369a760b15 we replaced some globals
with Config and, in doing this, we added "$config->has()" to check if a
variable was null. However, "has" will always return true even if the
value is null (it only checks if it exists), and thus we end up showing
a global abusefilter pager even if no central DB is set.

Bug: T195022
Change-Id: I751fdefd29b6af1361021d4343ba67f16c99a037
2018-05-21 12:11:45 +02:00
Daimona Eaytoy ef489d7ab5 Simplify contentToString function
Use TextContent::normalizeLineEndings instead of manually replacing
carriage returns, plus avoid the if with a simple string cast. This also
fixes some cases where a null edit isn't counted as such due to a "\n"
in new_wikitext which isn't trimmed.

Bug: T168736
Change-Id: Idfafab3fcf7912bf0aec22700d2c0137bdd6c3c8
2018-05-16 16:52:29 +02:00
Daimona Eaytoy 91c5f6d5b9 Improve the i18n message for throttling to show in history
With the introduction of custom block durations in Ib072433d19dabae48d8514e08be9893135b5d63c, the method which generates action display was enlarged in order to provide a more readable and complete message. However, for throttling we currently have an unreadable message like "Throttle: xx, yy, zzz". This is wrong for two reasons: first, those numbers need to be deciphered; second, the first number is the filter ID which is totally unuseful here.

Change-Id: I0ec6a27ff5f37aae864dfd91161bf44f0a217ef1
2018-05-13 13:29:45 +02:00
Daimona Eaytoy 38c46216db Explicitly declare title fields as optional
They were defaulted to false with
I93ad51ffe7bee597d2d127f4c5d6b2929ffc8f7e, which broke use cases where
the page field is NOT required, nor has a 'required' => false explicitly
declared.

Bug: T194425
Change-Id: I5ab768c02a30b6d053104e590729ef22bb4e0808
2018-05-10 22:20:05 +02:00
Daimona Eaytoy 69c8929468 Add an option to hide bots in /test
Pretty self-explanatory and straightforward, since recentchanges has a
dedicated column for bot edits.

Bug: T193994
Change-Id: I76d41e082aed262640e9fff856eeb97df49633d5
2018-05-07 17:25:40 +02:00
jenkins-bot d882f18e5f Merge "Prevent the user from overriding blacklisted variables" 2018-05-07 13:55:31 +00:00
Daimona Eaytoy 096bb4872b Fix flags checkboxes broken in recent patch
With If16975dd394cfdb3c57ff263366c2fc865de362a I broke flags checkboxes,
i.e. the one for enabling/deleting/etc. a filter. In fact, I
misunderstood the way cbReadOnlyAttribute was used (a dirty way,
actually) and this caused such checkboxes not to be disabled if the user
didn't have rights to edit the filter.

Change-Id: Ibf80b54e0f620734ad7767e4769a93bbf1feccff
2018-05-05 14:35:01 +02:00
Umherirrender 42769ce676 Replace wfGetLB
@deprecated since 1.27, extension.json required 1.31

Change-Id: I0467cde378c85095673fd39fed1924c330c27d7b
2018-05-04 21:35:11 +02:00
Daimona Eaytoy 5916910e25 Prevent the user from overriding blacklisted variables
Like we do for built-in values. If a blacklisted variable is overridden,
it still works, but there's no reason to allow it.

Bug: T191715
Change-Id: Ia4d42ec56dc4805454b96c52c2eace1924f6536c
2018-05-04 19:33:12 +02:00
jenkins-bot 4557b3961e Merge "Fix an undeclared variable in block options" 2018-05-04 02:03:20 +00:00
jenkins-bot 479cce9f58 Merge "Show "blocktalk" in AbuseFilter diff and improve message generation" 2018-05-03 23:22:44 +00:00
Daimona Eaytoy 80ef9d442a Show "blocktalk" in AbuseFilter diff and improve message generation
Quite self-explanatory. If the talk page is blocked, a sentence is
added, otherwise it remains as it is. Plus, improved the way messages
are generated and reduced their reuse.

Bug: T193692
Change-Id: I01f5113ca586b94c25e1102c73d158ebb01c5a4b
2018-05-03 21:11:13 +02:00
Daimona Eaytoy 9c01724053 Remove unused code
The $deadActions array is populated but never used. At first I thought
it was about actions which aren't available, but this isn't right.
Instead, it's only used to keep track of available actions which aren't
used in the current filter. Which is some data that we don't need, nor
there's nothing we may do with that.

Bug: T188181
Change-Id: Ibdfeb92ccd790c0b1a4d79b382b053b9361459f8
2018-05-03 19:36:27 +02:00
Daimona Eaytoy 69c0fd9e7c Fix an undeclared variable in block options
We used to display the checkbox to block talk without checking if
it was defined. This caused a warning and an empty space with
wgBlockAllowsUTEdit set to false.

Change-Id: I97f82633e932de7e325615473c85245a406a55ef
2018-05-03 19:14:03 +02:00
jenkins-bot 9387a4fb88 Merge "Use OOUI buttons instead of plain links and Html::errorbox for errors" 2018-05-03 00:41:21 +00:00
jenkins-bot 0366cc7f55 Merge "Show only changed sections in diffs" 2018-05-03 00:34:36 +00:00
jenkins-bot b70b53216f Merge "Re-apply fix to show textarea when JS is disabled" 2018-05-02 23:59:56 +00:00
Daimona Eaytoy 632c8e77e2 Don't let enabled filters be marked as deleted
Adds both client-side and server-side validation.

Bug: T156619
Change-Id: If16975dd394cfdb3c57ff263366c2fc865de362a
2018-05-02 22:20:53 +00:00
Daimona Eaytoy f9be4226b8 Re-apply fix to show textarea when JS is disabled
After Id4dc1debf0240d5b336f4d9ab5b363c240f08807, the method has been
moved, and in doing that I forgot to change this line.

Change-Id: I20caf06f2c568605bd6a90c9cf2b425cd51512e7
2018-05-02 19:31:35 +02:00
Daimona Eaytoy 2d876d08bd Use OOUI buttons instead of plain links and Html::errorbox for errors
Like we did for other links in /diff and /histories, there are some
links that we'd better display as OOUI buttons. Also, use the Html
class' specific method to show errorboxes.

Bug: T132284
Change-Id: If67035991a0835ec3edc13be4543e6b40c76c3ea
2018-05-02 13:13:01 +02:00
Matěj Suchánek 45d1d71def Reduce use of globals in favor of Config
I'd like to have this reviewed by more than one user before merging, to avoid regressions of annoying typos.

Change-Id: I91a9c5cca55e540a6c95b750579c1c369a760b15
2018-05-02 02:27:26 +00:00
Daimona Eaytoy 354e75f681 Show only changed sections in diffs
In order to have a less clogged diff and spot the real changes more
easily.

Bug: T21716
Change-Id: I60ab88d47716186fd0af289081033a8e274d9d85
2018-05-01 21:05:01 +02:00
Daimona Eaytoy 9b1f1b263e Fix XSS vulnerabilities
I found these vulnerabilities while trying to setup seccheck. Although
I'm not sure whether seccheck recognised them, I'm sure that they exist
since I did manual tests, and it's possible to inject custom scripts
with these.

Change-Id: I97804be8352a1b784d483195edb29e363a0c616e
2018-05-01 16:55:46 +02:00
Roan Kattouw cbabcf1276 Follow-up 392f37d516: fix undefined index notice
'disallow' rules with a missing first parameters are perfectly fine (and
quite common), so don't throw notices when that happens.

This broke Flow's unit tests, and caused exceptions for all api.php
edits that triggered a 'disallow' rule.

Change-Id: Ibebedb566da705e77ffb831ebda6476adba07c93
2018-04-30 15:24:25 -07:00
Daimona Eaytoy 04b15a1b75 Reset condCount when entering checkAllFilters
This seems like the logical way to be sure that multiple mass actions
won't be counted as one, thus reaching the conditions limit. I tried to
test this locally, but I actually had troubles to simply replicate the
issue of the reached limit in a stable manner, so I'm not totally sure.
Anyway, this shouldn't do any harm.

Bug: T193374
Change-Id: Icdc172f76705870ee502339a53e912e15a3bd31d
2018-04-30 18:42:24 +02:00
Daimona Eaytoy 99f32a1408 Fix undeclared variable
The variable was declared in the "if" branch but also used in the "else"
one. This caused the rules textarea to not have the readonly attribute
if the user wasn't allowed and CodeEditor wasn't installed.

Change-Id: I2bf69dc0f2d24efac41d1ac6100ed7e286e3afa4
2018-04-30 15:55:10 +02:00