Commit graph

1880 commits

Author SHA1 Message Date
jenkins-bot 2cff210d31 Merge "Use UserIdentity in VariableGenerator::addEditVars" 2022-07-30 13:55:24 +00:00
Umherirrender 7e8162c705 Special:AbuseFilter: Include primary key for unique pagination
A unique column is needed in the order to ensure the next offset is
correct and does not skip items

As mention in the doc for IndexPager::getExtraSortFields the extra
columns are not for pagination, only to help the optimizer building a
better query plan by mention denormalized columns.

Bug: T191694
Change-Id: I9fb9f848a0b165dbaa0a2b31d9504324f43578de
2022-07-29 17:38:13 +02:00
Umherirrender 081a8e3c3c Add LinkBatch to Special:AbuseFilter/home and /history
Combine the check for red/blue user/talk links into one database query
This can improve the performance of the page view when many filters
from many different users are linked

Change-Id: I0b87ee15ecee4cecd5d5d6164e8c18e1b788ecd1
2022-07-29 13:56:03 +02:00
Umherirrender da4bc8643a Use UserIdentity in VariableGenerator::addEditVars
Change-Id: If0a65d7a86de776e6499d43949bfb217f20d9b07
2022-07-29 12:55:52 +02:00
jenkins-bot f13f3dcd2c Merge "Call IContextSource::getAuthority instead of IContextSource::getUser" 2022-07-29 10:25:23 +00:00
Matěj Suchánek 3914c913e3 Remove deprecated static methods
They are unused in Wikimedia code (finally).

Change-Id: I74c81d950d992552d3edf184b5eecc46e5e2c567
Depends-On: I62533e21d2bc1a22c3fcba4c7c650ca9d95700ef
Depends-On: I95ce9897d89213e358c436135278b729f0adc3a2
2022-07-27 13:01:10 +02:00
Umherirrender 11386c312d postgres: Fix changeNullableField calls
Follow-Up: I97cb12e6aa25d75ea24e187174db2fe88e5ce790
Change-Id: I61b8e102fd5041685941d89995f54a23ff5509c8
2022-07-13 22:13:48 +02:00
jenkins-bot eb20298739 Merge "Convert to abstract schema" 2022-07-13 16:47:22 +00:00
jenkins-bot 4329c21ba7 Merge "Delimit namespace and title text in warning keys" 2022-07-07 18:40:24 +00:00
dreamyjazz 0bb914c482 Add a space between the checkbox and timestamp in Special:AbuseLog
Add a space between the checkbox (shown for users who can hide abuse
filter entries) and the timestamp so that it looks nicer.

Change-Id: I6e495f8cb56ad8f0b53f06d2aecb8ac34b16ff25
2022-07-07 15:51:34 +01:00
jenkins-bot c3c70f7fa0 Merge "FilterProfiler: use WRStats" 2022-07-06 00:05:15 +00:00
Tim Starling cdf2f474e8 FilterProfiler: use WRStats
A new core facility written for this use case.

Bug: T310662
Depends-On: I26b1cdba0a06ad16ad8bb71b455e1b6180924d17
Change-Id: I2b902d034a8c3308c0ba9878b69e873ca8fbda52
2022-07-06 09:35:08 +10:00
dreamyjazz 13e6c1c06a Add the ListToggle to Special:AbuseLog for users who can hide entries
Add the ListToggle provided in core's ListToggle.php to
Special:AbuseLog when a list of abuse filter entries are being
shown and the user can hide abuse filter entries. This will allow
them to select multiple checkboxes to hide at once (without having
to shift and selecting the first and last).

Bug: T311954
Change-Id: I1aa4fa3fa7016a5d9ae4a904c151011743d2c8ed
2022-07-03 16:56:03 +01:00
Umherirrender dc4dd928b7 Call IContextSource::getAuthority instead of IContextSource::getUser
Change to use Authority object where possible
to use the interface instead of implementation

Change-Id: I90ef126b3d799c3fc27467a4ffe671785c446d3e
2022-07-03 16:37:18 +02:00
jenkins-bot 2709583b52 Merge "Clean up AbuseFilterViewExamine and AbuseFilterExaminePager" 2022-07-03 14:16:57 +00:00
Matěj Suchánek be247401bb Clean up AbuseFilterViewExamine and AbuseFilterExaminePager
Move most stuff from the pager to the view class to untangle
circular dependency. Declare class properties as private.
Leave input validation to the form.

Change-Id: Ia8b1a9d08af9c0cac23b34f6bbbe2c44d01f6c8c
2022-07-03 11:29:43 +02:00
Matěj Suchánek e7492a230f Replace unnecessary use of User
In action=abusefilterunblockautopromote, leave UserIdentity
instantiation to the parent. Note that this changes the "code"
in the response from "baduser_user" to "baduser".

Change-Id: I97d2bf3fa3c5486e461823f840cad2763e1bcfea
2022-07-02 23:58:08 +00:00
Matěj Suchánek 799e1db093 Convert remaining permissions checks to use Authority
Change-Id: I5e996cac37bc806db6c3d7ad5c666a606cd79236
2022-07-02 14:49:47 +02:00
DannyS712 139ca18efe Migrate AbuseFilterPermissionManager to authority
Almost all callers already provide an Authority in the form
of a User object, so mostly just need to change the typehints

Depends-On: I58661943c7e1acb6ff09798ee1a30be0fde3f459
Change-Id: I2ad86859c8194c14d7331f58db62b7cff4698085
2022-07-01 06:58:17 +00:00
Matěj Suchánek 3b5b3cbae7 Show syntax error message in an error box on Special:AbuseFilter/test
Otherwise it's barely noticable.

Change-Id: Iff10036996c9e190c850d0b24f3ea0817624b95f
2022-06-30 20:23:22 +00:00
Matěj Suchánek 93acf0d80b Delimit namespace and title text in warning keys
Bug: T311543
Change-Id: I20f42d27d35390dcba96cc26bcc245cbeeff59f5
2022-06-29 19:39:24 +02:00
Matěj Suchánek 60e03c965e Fix form input normalization
Prevent invalid assignments to properties. On
Special:AbuseFilter/test/123, handle when id of
a non-existing filter was provided. Allow '0'
as user and title on Special:AbuseLog and
Special:AbuseFilter/test.

Change-Id: I196ae62b165d1a60babaf4fe6bd733aa52be1726
2022-06-29 12:19:24 +02:00
jenkins-bot 8d4c5d4d33 Merge "Use LinkTarget in ConsequencesExecutor" 2022-06-29 08:52:37 +00:00
Reedy 60cb198e81 SpecialAbuseLog: Don't call explode() on null
Bug: T311579
Change-Id: I2481beb2344a57242795a722e255e119ea29ac18
2022-06-29 01:14:07 +01:00
jenkins-bot 8ee28b2373 Merge "pager: Declare Title only for local filters" 2022-06-28 21:40:48 +00:00
Matěj Suchánek 4beca85154 Compute user and page age relative to recent change timestamp
These are apparently the only two variables for which we can
quickly determine their value in such simple way.

Later, we can also try it for recent contributions.

Bug: T102944
Change-Id: Iecfa9e5c5ba8c078691334b676cc6f289790cb74
2022-06-28 20:53:33 +00:00
jenkins-bot e6c61b94f3 Merge "Replace deprecated HTMLForm methods" 2022-06-28 19:47:11 +00:00
jenkins-bot 5f7e69757c Merge "pager: Fix LinkBatch for user name" 2022-06-28 19:33:19 +00:00
jenkins-bot c8dacb59d9 Merge "Use UserIdentity/Authority in SpecialAbuseLog" 2022-06-28 19:33:10 +00:00
Matěj Suchánek 5dca456535 Replace deprecated HTMLForm methods
Change-Id: Ic9ba981b94541b181acf88c3c40c205ab81962a8
2022-06-28 19:01:54 +00:00
Matěj Suchánek 7ae2060b27 Avoid array to object cast in filterToDatabaseRow
Both callers immediately call get_object_vars
to cast it back to array. Avoid this roundtrip.

Change-Id: I6525d76f8a03a4d28c2b50b580c539affe98064f
2022-06-28 18:46:28 +00:00
Umherirrender 1f8e6f5737 pager: Fix LinkBatch for user name
Adding the user id to the LinkBatch does not preload the correct page

Change-Id: Iacc852fe1f3ee74849af6146218aecaff70363d9
2022-06-28 20:37:41 +02:00
Umherirrender 5c8296393c pager: Declare Title only for local filters
No need to get the Title for the global filter

Change-Id: I9d282f0112e7e380615ea3760c17f02792694113
2022-06-28 20:33:46 +02:00
Umherirrender 20fd8f7b07 Use LinkTarget in ConsequencesExecutor
The Parameters class already only needs a LinkTarget

Change-Id: I4e8e1d7c92f41502a084be3359b97e0d434f08c0
2022-06-28 19:46:50 +02:00
Umherirrender 9abc464e3d Use UserIdentity/Authority in SpecialAbuseLog
Change-Id: I5b3b2b758e17c94298e7217d755dd8c7b08cb1ac
2022-06-28 19:30:37 +02:00
jenkins-bot f9a2d4cf6c Merge "Use UserIdentity in FilterStore::doSaveFilter" 2022-06-27 21:56:57 +00:00
Umherirrender 5f979bcf16 Use UserIdentity in FilterStore::doSaveFilter
Change-Id: I8cbdaff1bd049a893b69f2ce13f0ba30b96f93b4
2022-06-27 22:39:37 +02:00
Umherirrender 30fefb75bf Use UserIdentity in ConsequencesExecutor
Change-Id: I281a30610595ed3e984f43aa747eff37abe72939
2022-06-27 22:05:18 +02:00
Daimona Eaytoy f33bc5868c Set the 'timestamp' var in addGenericVars
This was most definitely my intention when I introduced the concept of
"generic vars", so it's a bit surprising to discover, 3.5 years later,
that the timestamp isn't computed there.

Also make the timestamp always be a string for consistency, since that's
the type documented on mw.org. I've manually checked all filters on
Wikimedia wikis using the timestamp variable, and added explicit int
casts where needed (although I think they'd still work due to implicit
casts).

Change-Id: Ib6e15225dd95c2eead7e48c200d203d6918e0c18
2022-06-26 14:49:40 +02:00
Matěj Suchánek 40c5712311 Pass RecentChange to addGenericVars
Change-Id: Ia843c23b46ecf8e9fe987a538a09e69f845f4488
2022-06-25 13:03:03 +02:00
jenkins-bot f78a92cb2e Merge "Remove $info argument from ReversibleConsequence::revert" 2022-06-24 02:07:31 +00:00
Umherirrender e18136f269 Convert to abstract schema
Rename index on postgres and fix nullable fields

Bug: T259377
Change-Id: I97cb12e6aa25d75ea24e187174db2fe88e5ce790
2022-06-20 17:19:57 +00:00
Tim Starling 855347b4a4 Configure FilterProfiler cache separately
Since it seems to be the bulk of the traffic to the mainstash in
production.

Bug: T212129
Change-Id: Id20223ac03ada16b3ad4bd47744dea5e415cf160
2022-06-14 15:30:02 +10:00
Matěj Suchánek 40564ca635 Remove $info argument from ReversibleConsequence::revert
It was a temporary catch-all variable, but we can replace it
(and probably won't need it).

Change-Id: Ie1a64455c47445050bd83c853b3cafd283d5d020
2022-06-08 11:59:18 +02:00
jenkins-bot 6fe7cd9648 Merge "Add class to AF log contribs link" 2022-06-07 08:11:46 +00:00
jenkins-bot 1a6985469b Merge "Inline/simplify smaller pieces of duplicate/complex PHP code" 2022-06-03 20:38:22 +00:00
Thiemo Kreuz bbded6231c Inline/simplify smaller pieces of duplicate/complex PHP code
Change-Id: I59d0f17b77c8c3d47bc532bdefd9d8c0883f180b
2022-06-03 21:04:38 +02:00
TerraCodes 2c0e61a030 Add class to AF log contribs link
Continuation of MW core change 603941

Change-Id: I16ade657179fdce40b8acb7f8be8cde8b9a64949
2022-06-02 09:34:38 +00:00
jenkins-bot bb94c0914c Merge "Add support for regex string replacements." 2022-05-31 14:54:33 +00:00
jenkins-bot f0ae0ec101 Merge "Optimize loop in 'diff-split' case" 2022-05-21 18:32:31 +00:00
Matěj Suchánek d4b15cb7ee Optimize loop in 'diff-split' case
The "substr( $line, 0, 1 )" expression has already assumed
the prefix has length 1. Therefore, it's pointless
to compute its length later. The assumption does hold,
the only two prefixes the code works with are '+' and '-'.

Not changing the check to use str_starts_with now, because
it was suggested in I113a8d052b6845852c15969a2f0e6fbbe3e9f8d9
that this shouldn't be done for performance-sensitive code
at least until we are on PHP 8.

Change-Id: I00cb2fc50ed534bb2bbef3ee1e5f6f466afeeb27
2022-05-21 18:07:21 +00:00
jenkins-bot 00ad47bab3 Merge "Fix validation for ip_in_ranges" 2022-05-21 15:24:20 +00:00
jenkins-bot 2779c92cf7 Merge "Add ip_in_ranges function" 2022-05-21 15:15:17 +00:00
Daimona Eaytoy a46db47bd5 Fix validation for ip_in_ranges
We want to make sure that all parameters are valid regardless of whether
there's a match.

Also make the minimum number of parameters = 2, so it's easier to switch
between this function and ip_in_range.

Change-Id: I141558a7ef4533485e315b3d93ea9b64f0959db7
2022-05-21 15:39:21 +02:00
jenkins-bot f1ccb60272 Merge "AbuseFilterViewDiff: simplifications to prepare for refactor" 2022-05-15 23:05:32 +00:00
fossifer b1739a588f Add ip_in_ranges function
Added support for ip_in_ranges which allow multiple ranges to be
checked at the same time. If the IP is in any of the ranges, the
function returns true.

Bug: T305017
Change-Id: Ic75c87ecd4cacf47ce2ff1b04173405230ff81d0
2022-05-11 12:27:16 +08:00
DannyS712 9de0b19ba4 AbuseFilterViewDiff: simplifications to prepare for refactor
Clean up the existing code a bit before refactoring to be reusable
for a diff button in the edit form.

Includes:
* use the Html class rather than the Xml class for building the display html, and avoid manual
html strings

* replace formatVersionLink() with getVersionHeading() to reduce duplication in the handling of
the headings for the old and new versions, and in the process fix the name used as a parameter to
the old version heading (should be the old version editor, not the new version editor)

* rename some parameters for clarity

* organization and other cleanup

Bug: T180954
Change-Id: I1c02f407e72789a871a23b0d4a279a5c341b1e93
2022-04-30 19:31:21 +00:00
Thiemo Kreuz be3af66876 Simplify code dealing with filter ids in FilterStore
Before the information if a filter was new was stored in 2 places:
In the bool $isNew and in the two variables $filter and $newID.
$newID was especially confusing because it was used for both old and
new ids.

Change-Id: I15bdf36c96c8d86a37f305aab2647f7d57bc2bf1
2022-04-27 19:29:55 +02:00
jenkins-bot b1ea4f2d69 Merge "FilterStore: Use upsert instead of replace" 2022-04-27 11:58:24 +00:00
Thiemo Kreuz a25e2c784a Fix capitalization of method calls accross the codebase
Change-Id: Icbbad4858735c24611daee693c53af479c75d1fb
2022-04-26 17:42:34 +02:00
Amir Sarabadani c1d8037815 FilterStore: Use upsert instead of replace
You should never write to auto_increment value.

Bug: T306692
Change-Id: I363711336658a24a0dedf42643296185dfa4a024
2022-04-26 17:10:03 +02:00
Umherirrender 89df7dfddb Remove index detection 'rev_page_timestamp'
Rename in 1.37

Change-Id: Ia9a7682f9f9751de3071b0a644d945dbbd3ed824
2022-04-22 19:26:36 +02:00
proc 1d1215bafb
Add support for regex string replacements.
Bug: T285468
Change-Id: I25f8ad1b58cc10f4c6f6ef5ebab99fe58ec71b1e
2022-04-20 18:38:24 +01:00
Daimona Eaytoy 59eb3b70fb Inject dependencies into the authentication provider
- Define it with the extension.json key, instead of using the
  registration callback
- Inject the services it needs
- Replace direct User instantiation with UserFactory
- Move log subtypes to extension.json as well

Change-Id: I86a761c7fa844b1f417b974798373622a15f6411
2022-04-09 18:44:25 +02:00
jenkins-bot c7903f9a7c Merge "Fix check for null Content in getEditTextForFiltering" 2022-04-06 17:40:31 +00:00
gerritbot 8e55018613 Fix usage of ApiBase::PARAM_* deprecated constants
The ones that are replaced with ParamValidator

Bug: T275455
Change-Id: If1fbef4707eecd7a6bfa5947614fe46d70c62dd6
2022-04-04 00:49:37 +00:00
gerritbot a617a846f0 Replace deprecated ApiBase::PARAM_ with IntegerDef ones
The rest of ApiBase::PARAM_  will be done in separate patches

Bug: T275455
Change-Id: I1c836d2d85e3004e8b6b1a53e11770910acc0616
2022-04-03 22:13:20 +02:00
Matěj Suchánek 58dfab4aeb Fix check for null Content in getEditTextForFiltering
The check was not consistent and the code could still crash
when $oldContent was null. RevisionRecord:getContent only
returns null when audience check fails, but we don't ask
for that.

Change-Id: Id64646a6762167f552e104f623130bedc6b2dd18
2022-04-03 13:06:24 +02:00
jenkins-bot 59def97891 Merge "Use RestrictionStore instead of deprecated method" 2022-03-30 09:59:35 +00:00
Matěj Suchánek 686d7ea88c Use RestrictionStore instead of deprecated method
Also restructure the unit test a bit.

Change-Id: If5ce26f1bc4efdb29653aed3fc47335dddc1e44c
2022-03-29 16:11:55 +02:00
jenkins-bot 50311e750d Merge "Remove SpecialAbuseLog::isHidden" 2022-03-27 18:27:05 +00:00
Func 24f5ca6e2d Use setTitle() instead of setAction() where posible
The getLocalURL() method can return url with query string when
wgArticlePath is configured to do so, and query string of GET form
would be ignored by browsers.
The setAction() method is problematic (T285464 and above) and hard to
warn the wrong usage. I'm going to go through and fix every use case,
and finally deprecate it.

Change-Id: I66b634f0cc996be3d7048d410b46fe77c88f9879
2022-03-27 21:06:38 +08:00
Daimona Eaytoy 773d553c8e Remove SpecialAbuseLog::isHidden
This is a breaking change for the API: 'hidden' is now either true or
false, depending on afl_deleted. 'implicit' is no longer a possible
value, the caller should compute it instead if necessary.

Then simplify the remaining usage of isHidden, using a temporary private
method.

Bug: T291718
Change-Id: I97b5195d306c35ddca3f071d9ff4d896f9fd5c8d
2022-03-25 21:22:59 +00:00
jenkins-bot def507f6d3 Merge "Refactor ConsequencesExecutor to process consequences in more steps" 2022-03-23 09:06:55 +00:00
Func 3ff1a7f34d ViewRevert: Adjust use cases of HTMLForm
Use setTitle() instead of setAction(), T285464.

HTMLForm would set edit token for post form, use setTokenSalt() to amend.

HTMLForm would fetch user input value from the request itself, since
the two form shared the same field name, the 'default' params assigned
are unfunctional.

HTMLForm would prefix descriptor keys with 'wp' as the default name
of generated input fields, make use of this feature.

Bug: T285464
Change-Id: I2cc3c1d042998b65df5ee51f0715fe25a5e18e72
2022-03-20 23:28:06 +08:00
Daimona Eaytoy 2de5fce177 Refactor ConsequencesExecutor to process consequences in more steps
Introduce shorter methods, one for each steps, so that it's easier to
understand what the code is doing and figure out if the order makes
sense. The ConsequencesExecutor test is now a proper unit test. Also
simplify AbuseFilterConsequencesTest, removing old/wrong logic and
fixing two expected values that were actually wrong (but worked because
of the aforementioned wrong logic).

The only functional changes should be:
 - We pick the longest block *after* checking the ConsequenceDisabler
   consequences, so e.g. if a filter has a long block + warn and another
   filter has a shorter block, we still keep the second one if warn will
   disable the block.
 - Remove disallow in presence of dangerous actions after checking
   ConsequenceDisabler's and deduplicating blocks. Otherwise we may
   remove disallow for filters where block (etc.) doesn't end up being
   disabled. We may also want to consider not removing disallow at all,
   now that messages are customizable.

Bug: T303059
Change-Id: If00adbf2056758222eaaea70b16d3b4f89502c20
2022-03-19 15:49:36 +00:00
jenkins-bot 1e105c8821 Merge "Cast filter id to integer in AbuseLogPrivateDetails output" 2022-03-12 17:22:55 +00:00
Matěj Suchánek 7232bfc647 Cast filter id to integer in AbuseLogPrivateDetails output
Change-Id: If4a1bf4181e3a84281299bf4aa66fd314100f3dc
2022-03-12 12:37:47 +01:00
Matěj Suchánek 222aebab91 QueryAbuseLog: Cast revision id to integer
Change-Id: Id670a1cd7e3695211b202dba45b60c9f9c69649e
2022-03-12 01:19:56 +00:00
Alexander Vorwerk 4aedfe8d91 Use updated ObjectFactory namespace
Change-Id: I99c5e5664d2401c36a9890f148eba7c25e6e8324
2022-03-09 22:17:07 +00:00
Daimona Eaytoy d5bb976f51 Fix logging for parser exceptions
This was likely a rebase artefact or something: the 'implode' was meant
to be called with two parameters as usual. Currently, the parameters are
simply concatenated which makes the logs quite hard to read.

Change-Id: I84f9a7cb05e210f60a791d513dfb5b74fa7dfb8a
2022-03-07 13:32:54 +01:00
jenkins-bot 894b94bf7d Merge "Add logging when the 'block' action fails" 2022-03-07 09:26:42 +00:00
jenkins-bot 3da40866f8 Merge "Move throttle range sizes to class constants" 2022-03-06 20:22:13 +00:00
Alexander Vorwerk 9bc01b4986 Use namespaced Renameuser classes
Change-Id: Ibac446d50a34a26182b801fa15c8a8ddffd2eea0
2022-03-06 17:10:41 +00:00
Daimona Eaytoy 4b6fff36e1 Move throttle range sizes to class constants
Change-Id: Iac436578f94022762b7f67959af894261c59fc66
2022-03-06 16:37:11 +01:00
Daimona Eaytoy a0fd0bae01 Overhaul throttle identifiers
- Use a /64 range for IPv6 instead of /16.
- Fix a curious and serious bug for IPv6, where grouping by range
  would only use the first (!) number of the IP address, due to the
  'v6-' prefix returned by IP::toHex.
- Fail hard if the identifier is unknown -- it's not something that's
  supposed to happen.
- Include the type name in each identifier, instead of prefixing all
  type names to all identifiers. This makes it easier to understand the
  parts of the key.
- Test the whole lot.

Bug: T211101
Change-Id: I54c4209f2f0d5a4c5e7b81bed240ca3e28a2ded7
2022-03-06 13:31:06 +00:00
Daimona Eaytoy 496c2ee370 Add logging when the 'block' action fails
Also avoid using User, use Authority instead.

Bug: T303059
Change-Id: I419ab3726d95ef600e2aa14dca5fa14066d245e3
2022-03-05 19:12:53 +00:00
russ-rogovetz 3505fa63f6 Change comment for TextExtractor getNativeData to getText
Update TextExtractor comment, change Content::getNativeData to TextContent::getText.
Code got already updated.

Bug: T283667
Change-Id: I09e3c537c7e55737d79e69abdd3b7faf693e58cc
2022-03-04 11:01:13 +02:00
Umherirrender 533e3dc5da Use new namespace for MediaWiki\Revision\RevisionLookup
MediaWiki\Storage is alias since 1.35

Change-Id: I1688cb27847b9154c5133b157ac9c18bd4859a47
2022-02-26 20:39:01 +01:00
jenkins-bot 829009b8d9 Merge "Normalize logged parser error messages" 2022-02-26 16:45:40 +00:00
jenkins-bot ac0ed20e4f Merge "Improve debug messages of loading ext. links" 2022-02-26 14:26:13 +00:00
Daimona Eaytoy 2f5a587b1d Normalize logged parser error messages
Change-Id: I31cf73533a46ab5e452c2870fccb8603bb54d3df
2022-02-26 12:57:42 +01:00
Daimona Eaytoy b5c22f2b77 Improve wording for throttled filter warnings
List which actions were disabled, or explicitly say that no actions were
disabled if that's the case. Also avoid the word "throttle" in messages
as it may be hard to translate. Also don't suggest optimizations to the
filter conditions -- unoptimized rules have nothing to do with a filter
being throttled.

Bug: T200036
Change-Id: Id989fb185453d068b7685241ee49189a2df67b5f
2022-02-22 11:10:19 +00:00
Daimona Eaytoy 167f6cb642 Introduce ActionSpecifier
This is a plain value object that represents the action being filtered,
replacing associative arrays that were being used up to this point.

We should now check whether it's possible to make it not require an
accountname (which complicates things), and then use it in related
classes as well, e.g. Parameters.

Change-Id: I9550c14819b600c97c46b632cc1c2d447972d69c
2022-02-18 11:30:56 +00:00
Matěj Suchánek 95c0978dc6 Clean up AbuseLogPager
- Make $mConds private and rename it.
- Use the injected permission manager.

Change-Id: Ie92b63da50264226bde5b3b361916bb31fd9448e
2022-02-11 11:21:12 +01:00
jenkins-bot 6b9098eae1 Merge "Replace use of deprecated OutputPage::enableClientCache( false )" 2022-02-10 07:01:54 +00:00
Reedy 62380ccb9a Drop non namespaced back compat aliases
Change-Id: I013959b13e233b6ee577d2b959c2f222687b0c7b
2022-02-06 14:16:10 +00:00
jenkins-bot 59e2bfcaff Merge "Make rmspecials preserve whitespace" 2022-02-06 06:22:38 +00:00
Huji 52827acbab Make rmspecials preserve whitespace
The existing filters on WMF wikis has been changes such that calls
to rmspecials() are now rmspecials(rmwhitespace()) to ensure no change
is made in behaviour. Filter admins can change this back if filter is
not meant to trigger when part of the input is contains spaces.

Bug: T263024
Change-Id: Idde09b50fb8eda357afbedc1199a5483fa8217c1
2022-02-06 06:07:46 +00:00
C. Scott Ananian aecfc7e62e Replace use of deprecated OutputPage::enableClientCache( false )
Replaced with the more readable ::disableClientCache() method, added
in 1.38.  Minimum MW version bumped to match.

Depends-On: I7c89e20528a0d91173f0edcb997dcae631935ee5
Change-Id: I91d0b8e8f69a2d309b6fc61e13bfb5d86dc0218d
2022-02-04 14:29:43 -05:00
Matěj Suchánek 238649ebc1 Declare AbuseFilterView::$mParams as protected
It is not supposed to be read or written to by other classes.

Change-Id: I02fe2861a6102ddf1a587cdd7e7423a62d8e0c57
2022-02-02 12:32:09 +01:00
Matěj Suchánek 2694751355 Don't implode and explode links
old_links and all_links are an array. Casting
them to string and then splitting by newlines
is a no-op.

Change-Id: I05c69f14e981ac2842032e7db888f4841d6b48b7
2022-01-24 12:58:56 +00:00
Amir Sarabadani d1ce258a9b Use MainStash instead of db-replicated
We should avoid using ObjectCache directly and use services instead. On
top of that, db-replicated writes to objectcache table that should be
avoided and it's now blocking schema changes.

This should go to MainStash.

Bug: T272512
Change-Id: I9c76399ec4c0ea6644f9ca1b4536428052e5ac38
2022-01-19 18:51:19 +01:00
Alexander Vorwerk d22ea2b57e Don't use array keys for OOUI in AbuseFilterViewDiff
Bug: T299463
Change-Id: I3d02e18566532e9e4824a089c9504ec13b6ad33e
2022-01-18 22:57:02 +00:00
Alexander Vorwerk edcefa729c Don't use array keys for OOUI
Bug: T299463
Change-Id: Id1f6e0c43db38003c1b198ab86c37b1c37412124
2022-01-18 23:20:32 +01:00
Thiemo Kreuz 489cfa4f3d Don't use array keys for OOUI GroupElement items
Change-Id: Id120e49c7e6d62c1ad30a3109afbe9bf77c4d81d
Required-For: I7a19fba8bce65640bdb69b3a63812537e1d29af3
2022-01-13 16:37:04 +01:00
Matěj Suchánek 1d31c86ee4 Improve debug messages of loading ext. links
These are not necessarily old links, the new links
can also be retrieved using this code path.
Also print debug messages before the code execution.

Change-Id: I1a85bb7b5a2af4fe514625d2236cf92f15daf304
2021-12-19 14:19:16 +01:00
Alexander Vorwerk e0b781e32e build: Upgrade mediawiki-phan-config to 0.11.1
Somehow LibUp-Bot is not doing this. The last run for Abusefilter was a
month ago.

Change-Id: Id9ee5a73f403d8391937d699727470cb78e959aa
2021-12-05 11:29:54 +00:00
jenkins-bot 3cb985ad7e Merge "Update docs after PP limit report core change" 2021-12-04 12:46:46 +00:00
Umherirrender 1b2551701e Avoid SpecialPage::getContext in SpecialAbuseLog::__construct
The special page itself is a MessageLocalizer
SpecialPage::getContext on constructor results in global state

Change-Id: I6a3dd263dbe02111aea65a087ce69a5a191f63fc
2021-11-09 22:09:49 +00:00
Daimona Eaytoy 4344d4e438 Update docs after PP limit report core change
The report is now generated in ParserOutput, not Parser, meaning we can
simply avoid passing the `enableLimitReport` option (off by default) if
we don't want the report to be there.

Depends-On: I154c0a77a5b0287b5572614d56339fb57ac56c33
Change-Id: I8cdab35c475f10433234ddb55b5e6a0cc8109498
2021-11-09 13:33:42 +00:00
Daimona Eaytoy 5e95676e99 Rename filter_timestamp index in a different file
Otherwise there might be interferences with the remove-afl_filter patch.

Bug: T291725
Change-Id: If339663d491e1da4a118c13cd667d228365b4864
2021-10-20 15:22:04 +02:00
Daimona Eaytoy f2e2f5ae48 Move renaming of the afl_wiki_timestamp index to its own file
Note that this doesn't have to be applied in WMF prod, since the indexes
are already correct there.

Bug: T291725
Change-Id: I7fcee0581f469e0d7ada43d1f30f31061c5bf5c0
2021-10-16 16:55:52 +00:00
jenkins-bot 0dae59616c Merge "Replace custom regex with TextContent::normalizeLineEndings()" 2021-10-01 14:04:36 +00:00
Thiemo Kreuz 0e8a08ebca Replace custom regex with TextContent::normalizeLineEndings()
This does the same as before, replacing \r\n as well as \r with \n.
Additionally the new method applies an rtrim() on both strings. I
believe this is even a good thing. It possibly removes irrelevant
noise from the diff.

Change-Id: I584740a24e6b25bbcbc928c2369f09b785a485c8
2021-10-01 08:49:49 +02:00
Thiemo Kreuz 8db314612d Update incomplete type hints in TablePager subclasses
Change-Id: Ia19a2507282f7973adb312428d04561cbd25035e
2021-10-01 08:46:54 +02:00
Matěj Suchánek 632b39f8ca Stop requiring the Skin interface in AbuseFilterChangesList
IContextSource is now enough for ChangesList.

Change-Id: Iebb525227efe841a17c799d460d352017a2cfc4f
2021-09-25 10:28:50 +02:00
Daimona Eaytoy 020f8a09b4 Remove leftovers of AbuseFilterAflFilterMigrationStage
On second thought, no need to keep the migration script now, since it's
unusable anyway.

Also remove an usage in SpecialAbuseLog, likely a rebase artefact.

Change-Id: I938924b3617ef30046d8317e68a101ed2c1883d3
2021-09-25 03:48:37 +02:00
jenkins-bot a332b3ff0f Merge "Remove afl_filter entirely" 2021-09-25 01:39:08 +00:00
Daimona Eaytoy e8471a717c Add method to properly check visibility of AbuseLog entries
This replaces the previous pattern of callers having to use
RevisionLookup if the result was 'implicit'. Also, in some cases where
we were just hiding things if the visibility was !== true, properly
handle the implicit case by using the new method. Make the new method
return string constants rather than bool|string.

The new method also fixes some potential info leaks which happened when
the row was hidden, the user could view suppressed AbuseLog entries, but
the associated revision was also deleted and the user couldn't see it
(this shouldn't be relevant for WMF wikis since AF deletion is
oversight-level).

Also add a bunch of tests for the various cases to ensure we don't
regress again.

Bug: T261532
Change-Id: I929f865acf5d207b739cb3af043f70cb59243ee0
2021-09-25 00:08:33 +00:00
jenkins-bot 72d03778d0 Merge "Refactor ParserStatus" 2021-09-24 09:34:20 +00:00
Umherirrender 2deea7bb01 Avoid non-namespaced aliases for Wikimedia\Rdbms namespace
Change-Id: Iadc147ff96649253a4b83709f8ebe291305e4bf8
2021-09-18 20:06:16 +02:00
Daimona Eaytoy dae374aec2 Remove afl_filter entirely
As per T220791, the old schema and the flag can be removed in 1.38.

Bug: T220791
Change-Id: Ic6b1c8a22d17a301faf32d2e23778d90c41c39de
2021-09-18 11:06:10 +00:00
Daimona Eaytoy b2dc2c4dd8 Refactor ParserStatus
ParserStatus is now more lightweight, and doesn't know about "result"
and "from cache". Instead, it has an isValid() method which is merely a
shorthand for checking whether getException() is null.

Introduce a child class, RuleCheckerStatus, which knows about result and
cache and can be (un)serialized.

This removes the ambiguity of the $result field, and helps the
transition to a new RuleChecker class.

Change-Id: I0dac7ab4febbfdabe72596631db630411d967ab5
2021-09-17 11:25:54 +00:00
Daimona Eaytoy ccd9b8c889 Re-add space in AbuseLog entries
Follows-up: I097d051e3c30e61d74a8e329b6110b219c72ec1a

Bug: T291206
Change-Id: Id5b6a715019b715a2da96dee71d52850b7984b21
2021-09-16 19:16:28 +02:00
jenkins-bot 0ba45db169 Merge "Remove various AtEase and error_reporting" 2021-09-16 15:29:36 +00:00
Timo Tijhof 3f33e08bac Remove various AtEase and error_reporting
Something somewhere is leaving error_reporting in a dirty state
causing AbuseFilter's ConsequencesExecutorTest case to fail for
the core change Ic9fee6cdd88001025.

Per T253461, we're meant to eventually remove this anyway, so might
as well remove it in areas that are known to get it wrong somehow.

Change-Id: I2a665f09a357f2f2cc258d8c4011d49a7ab9c13b
2021-09-16 02:59:37 +00:00
Daimona Eaytoy 742cc865ad Bump EditStashCache version
I0a30e044877c6c858af3ff73f819d5ec7c4cc769 added a new param to
ParserStatus.

Bug: T291123
Change-Id: Ie82d01d85a189081b45a1d34a0f5390536163ee4
2021-09-15 21:17:16 +02:00
Daimona Eaytoy 7c26c4b8d5 More cleanup for parser-related classes
Change-Id: I6a2bbf519e1d5c6fe2778f69624bd80b9ea1ef86
2021-09-10 12:50:20 +00:00
Daimona Eaytoy a722dfe1a4 Rename ParserFactory -> RuleCheckerFactory
The old parser now has the correct name "Evaluator", so the
ParserFactory name was outdated. Additionally, the plan is to create a
new RuleChecker class, acting as a facade for the different
parsing-related stages (lexer, parser, evaluator, etc.), which is what
most if not all callers should use. The RuleCheckerFactory still returns
a FilterEvaluator for now.
Also, "Parser" is a specific term defining *how* things happen
internally, whereas "RuleChecker" describes *what* callers should expect
from the new class.

Change-Id: I25b47a162d933c1e385175aae715ca38872b1442
2021-09-08 21:59:34 +02:00
Daimona Eaytoy 357ddd498c Clean up / simplify parser-related classes
Remove unnecessary setters, injecting everything in the constructor.
These were leftovers from before the introduction of ParserFactory.
Remove public access to the conds used, include the information inside
the returned ParserStatus instead, and consequently simplify callers.

Change-Id: I0a30e044877c6c858af3ff73f819d5ec7c4cc769
2021-09-08 13:41:52 +02:00
Daimona Eaytoy f8e9ac7e2a Rename AbuseFilterCachingParser -> FilterEvaluator
It's an evaluator, not a parser.

Change-Id: Ib6d33e8423ea72709cf5a33f4397ba33e352ea80
2021-09-08 13:40:47 +02:00
libraryupgrader 2a4860e322 build: Updating mediawiki/mediawiki-phan-config to 0.11.0
Change-Id: I097d051e3c30e61d74a8e329b6110b219c72ec1a
2021-09-07 19:30:42 -07:00
Daimona Eaytoy 6684ea6450 Remove AFPTransitionBase
Also cleanup the mPos hack in the CachingParser.

Change-Id: Ib5693802a3ceb80cb736880ed65e27340abef689
2021-09-06 19:33:48 +00:00
jenkins-bot 199cf1edf8 Merge "Add a static analyzer for the filter language" 2021-09-03 19:51:58 +00:00
Matěj Suchánek 0af21948fc Replace WikiPage::factory in non-test code
Change-Id: I1442ca6603ce5151b98fc88cd84c25af0f34e4f6
2021-09-01 04:55:25 +00:00
Daimona Eaytoy 86257d825c tests: Use DBConnRef, not IDatabase, as retval of getConnectionRef
So that the method can be typehinted in core.

Also add phan-var to fix broken master build due to typehint additions
in core.

Change-Id: I4a072e00ffeeb437753fc3d3c1f15de9929df510
2021-08-31 21:45:10 +02:00
Sorawee Porncharoenwase 320e3d696f Add a static analyzer for the filter language
This commit adds a class AFPSyntaxChecker which can statically analyze
a filter code to detect the following errors:

- unbound variables (which comes in two modes: conservative and liberal,
  default to conservative)
- unused variables (disabled by default for compatibilty)
- assignment on built-in identifiers
- function application's arity mismatch
- function application's invalid function name
- non-string literal in the first argument of set / set_var

The existing parser and evaluator are modified as follows:

- The new (caching) evaluator no longer needs to perform variable
  hoisting at runtime.
  - Note that for array assignment, this changes the semantics.
- The new parser is more lenient, reducing parsing errors.
  The static analyzer will catch these errors instead, allowing us
  to give a much better error message and reduces the complexity of
  the parser.
  * The parser now allows function name to be any identifier.
  * The parser now allows arity mismatch to occur.
  * The parser now allows the first argument of set to be any expression.

Concretely, obvious changes that users will see are:

1. a := [1]; false & (a[] := 2); a[0] === 1

   would evaluate to true, while it used to evaluate to the undefined value
   due to hoisting

2. f(1)

   will now error with 'f is not a valid function' as opposed to
   'Unexpected "T_BRACE"'

3. length

   will now error with 'Illegal use of built-in identifier "length"'
   as opposed to 'Expected a ('

Appendix: conservative and liberal mode

The conservative mode is completely compatible with the current evaluator.
That is,

false & (a := 1); a

will not deem `a` as unbound, though this is actually undesirable because
`a` would then be bound to the troublesome undefined value.

The liberal mode rejects the above pattern by deeming `a` as unbound.
However, it also rejects

true & (a := 1); a

even though (a := 1) is always executed. Since there are several filters
in Wikimedia projects that rely on this behavior, we default the mode
to conservative for now.

Note that even the liberal mode doesn't really respect lexical scope
appeared in some other programming languages (see also T234690).
For instance:

(if true then (a := 1) else (a := 2) end); a

would be accepted by the liberal checker, even though under lexical scope,
`a` would be unbound. However, it is unlikely that lexical scope
will be suitable for the filter language, as most filters in
Wikimedia projects that have user-defined variable do violate lexical scope.

Bug: T260903
Bug: T238709
Bug: T237610
Bug: T234690
Bug: T231536
Change-Id: Ic6d030503e554933f8d220c6f87b680505918ae2
2021-08-31 03:28:24 +02:00
Daimona Eaytoy 704364a5e7 Move parser exceptions to specific namespace and rename them
Create a dedicated "Exception" sub-namespace and remove the "AFP"
prefix, a leftover from the pre-namespace era.

Change-Id: I7e5fded9316d8b7d1628bc1a6ba8b1879ac901e1
2021-08-29 23:38:31 +00:00
Matěj Suchánek 3630bb0a3f Use array_fill_keys() instead of array_flip() if that reflects the developer's intention
Do what Tim Starling did in core: If8d340a8bc816a15afec37e64f00106ae45e10ed.

Change-Id: Ic68e167e51ff8d289a0dab68874191b9b1a20665
2021-08-24 01:08:13 +00:00
jenkins-bot 9b93b0256a Merge "Avoid passing invalid offset to mb_strpos" 2021-08-18 18:45:12 +00:00
Daimona Eaytoy e9795468c4 Switch filterable actions hooks to the new system
Bug: T261067
Bug: T211680
Change-Id: I0e7e4a48b56c3e5fde56f50693fd0cdc19c30dd0
2021-08-16 14:18:56 +00:00
Alexander Vorwerk 8e7d389029 Disallow interwiki on Special:AbuseLog
Bug: T288155
Depends-On: Ic00f4a0f27747b5ff0893b4c01f42f68a99771ab
Change-Id: I62574460bfaea04af2f617ca0929246c784cb4e8
2021-08-05 11:15:39 +02:00
jenkins-bot ca31a12be4 Merge "Clean up Throttle::throttleIdentifier" 2021-07-30 01:37:24 +00:00
Matěj Suchánek 83794d7cb4 Clean up Throttle::throttleIdentifier
In 1.37, UserEditTracker was changed to allow anonymous users
as well.

Change-Id: I70d9e6db13416b7c017319ecac3e7e604aacd586
2021-07-22 16:56:12 +02:00
Lucas Werkmeister a2e42d5050 Don’t generate current content text twice
Previously, for non-newly-created pages, AbuseFilter would get the text
for filtering twice: once in AbuseFilterHooks::filterEdit(), and then
again in RunVariableGenerator::getEditTextForFiltering(). (Plus another
call for the text of the previous revision.) The first copy of the text
is only passed into RunVariableGenerator::getEditVars(), and there only
used if the title doesn’t exist, otherwise it’s overwritten with the
second copy. Instead, let’s make AbuseFilterHooks not get the text at
all, and only get the text from the content when we actually need it
(the content is new).

Change-Id: Id12430fa6ba4643113b945e0d0c01b9c0ee1742f
2021-07-22 13:45:32 +02:00
libraryupgrader 5377ebe819 build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 36.0.0 → 37.0.0

npm:
* postcss: 7.0.35 → 7.0.36
  * https://npmjs.com/advisories/1693 (CVE-2021-23368)

Change-Id: I2b382f3bb236fb44eb24c6a257b13b8fd886541c
2021-07-21 18:51:18 +00:00
jenkins-bot edaf650151 Merge "Revert "Replace depricating method IContextSource::getWikiPage to WikiPageFactory usage"" 2021-07-04 06:17:09 +00:00
DannyS712 3f4430473e Revert "Replace depricating method IContextSource::getWikiPage to WikiPageFactory usage"
This reverts commit 15fc159cb1.

Reason for revert: this is breaking the addition of rev ids to filter
hits after edits are saved. I suspect this is because the context wikipage
is for a different title than the one being edited, though I'm not sure
way - regardless, testing on patchdemo shows that with this revert
is applied, rev ids are once again added to filter hits.

Bug: T286140
Change-Id: I3ab6324a73050154cef1c20a2bf8307eb11eea2d
2021-07-04 05:54:30 +00:00
jenkins-bot db15b13396 Merge "SECURITY: Avoid database for MediaWiki:Abusefilter-blocker fallback" 2021-07-02 15:46:53 +00:00
Daimona Eaytoy 069fa064f5 Avoid passing invalid offset to mb_strpos
Bug: T285978
Change-Id: I3d100fd05f34fe3b01ecbbce5361badc613f9406
2021-07-02 14:07:46 +00:00
jenkins-bot 39dfd40abc Merge "ViewImport/ViewList: Use setTitle instead of addHiddenField/setAction" 2021-07-02 12:27:55 +00:00
Kosta Harlan 833aa70f10 ViewImport/ViewList: Use setTitle instead of addHiddenField/setAction
Bug: T285464
Change-Id: I3845f3261373d2aa3318ab39d125210f64f65447
2021-07-02 13:18:01 +02:00
DannyS712 71bf9faf49 SECURITY: Avoid database for MediaWiki:Abusefilter-blocker fallback
If the content language is English and the message is invalid as
a username, or the content language is not English and both the
content language version and the English version are invalid, the
user in FilterUser would not be created - now, avoid the onwiki
version of the English message in the fallback, so it could only
be invalid if the default in the i18n files was invalid.

Bug: T284364
Change-Id: I9e9f44b7663e810de70fb9ac7f6760f83dd4895b
2021-07-01 17:35:54 -05:00
jenkins-bot 2deac909ad Merge "Pass a user to WikiPage::prepareContentForEdit()" 2021-06-28 22:50:38 +00:00
Roman Stolar 15fc159cb1 Replace depricating method IContextSource::getWikiPage to WikiPageFactory usage
Bug: T275710
Change-Id: I7fe24059e9909352e95aaa82fb48688f9260b207
2021-06-28 16:12:48 +03:00
jenkins-bot 97f805b67c Merge "Bump MW requirement to 1.37" 2021-06-26 14:19:01 +00:00
jenkins-bot eb24f02c25 Merge "Handle EditFilterMergedContent hook properly to break hook chains and display error message" 2021-06-26 12:21:55 +00:00
Daimona Eaytoy e56dcc7cb1 Bump MW requirement to 1.37
The master version of the extension is only meant to support the most
recent version of MediaWiki.

Change-Id: I33612e69fc37bf5eb70133c8f0e95199dd7fcb65
2021-06-26 14:18:43 +02:00
DannyS712 47f861b6f6 Pass a user to WikiPage::prepareContentForEdit()
Bug: T285447
Change-Id: I4d277419106c3af5222377a863c80dd866ba188b
2021-06-24 04:01:33 +00:00
jenkins-bot 4dd9644bf6 Merge "Make phan not complain about Throttle::throttleIdentifier" 2021-06-22 12:07:22 +00:00
Matěj Suchánek d7ec0b992c Make phan not complain about Throttle::throttleIdentifier
UserEditTracker::getUserEditCount now allows anonymous users,
but it returns null and phan is aware of this. Suppress this
warning until at least 1.37 is required.

Change-Id: I9962abe08fa31d55421d8bdda23ea0a1c0471a86
2021-06-22 11:37:58 +02:00
jenkins-bot 52024847e8 Merge "Pass a valid regexp to preg_match in checkRegexMatchesEmpty" 2021-06-04 09:11:50 +00:00
jenkins-bot 997e665530 Merge "Don't use p class="success" for success messages" 2021-06-04 08:59:58 +00:00
Daimona Eaytoy 57f11631ba Pass a valid regexp to preg_match in checkRegexMatchesEmpty
Bug: T283966
Change-Id: I99688aa8f3e62e410392a9142df56b1a3c708987
2021-05-29 11:38:07 +00:00
Umherirrender 360d41c8ec Replace uses of DB_MASTER with DB_PRIMARY
Change-Id: I60719654b2062bbe52d2eadef8b942cea477e522
2021-05-13 01:43:37 +02:00
Tim Starling 2c939e28a9 Move onUserMergeAccountFields to its own file
Sharing a handler class with UserRenameHandler means that attempting to
merge users fails due to a missing interface if AbuseFilter and MergeUser
are installed but Renameuser is not installed.

Change-Id: I1244ab1c446840ff2648248f943d7fc784b889a7
2021-05-06 11:33:24 +10:00
libraryupgrader 06cdddc9d0 build: Updating composer dependencies
* mediawiki/mediawiki-codesniffer: 35.0.0 → 36.0.0
* php-parallel-lint/php-parallel-lint: 1.2.0 → 1.3.0

Change-Id: I92d6f6d6f817765df24f845103a489624f4290f2
2021-05-02 06:41:54 +00:00
Umherirrender 1fa7a83f60 Use static closures where safe to use
Created by I25a17fb22b6b669e817317a0f45051ae9c608208

Change-Id: I533690311ca559685de8a4bf123348c9bcfa5931
2021-04-30 20:55:35 +02:00
mainframe98 a32d483ef4 Don't use p class="success" for success messages
These are part of legacy styles and aren't provided by all skins.
Using Html::successbox abstracts the classes away.
Internally that uses div class="successbox" instead.

Bug: T280766
Change-Id: I0cca59e2f391510095c2c6fb187ace5e91fdde8b
2021-04-30 18:19:31 +00:00
Ammarpad 6a799ec9c5 Check forcing of page_timestamp revision index
Bug: T270033
Change-Id: I16fc273b14e7f4b00e8c31ec1ed7712149aafe37
2021-04-30 13:06:43 +01:00
Daimona Eaytoy c091a2f749 Fix MySQL db patches compatibility
Follow-up I574bda15f0f5c92a7d97a6e3150981b8f97ee7fc
Apologies for not noticing before:

If somebody hadn't already added the afl_filter_id column, the
rename-indexes patch would try to rename a non-existing index
(filter_timestamp_full and fail). So put rename-indexes after the other
patch.
Then, for the afl_filter_id patch, check the column and not the index.
We were checking the index because it's the last thing that the DB patch
does (so if the index is found, we can be certain that the patch was
fully applied). However, now that renaming the index happens afterwards,
if somebody had already added afl_filter_id (with the old index name),
running the updater would try adding it again, because the new index
name isn't found (as it's renamed later).

Change-Id: I0250a7c187202facd932c160ace57930db510f64
2021-04-25 11:28:35 +02:00
jenkins-bot 4e7e2f6c64 Merge "Give MySQL indexes explicit names, align MySQL and SQLite" 2021-04-25 08:50:08 +00:00
Func 351f9f02bc Handle EditFilterMergedContent hook properly to break hook chains and display error message
Extensions are supposed to return false to break hook chains when failed, which can avoid unnecessary call of later handlers in other extensions and work around with problems caused by difference betwen multiple triggers.

On mediawiki version 1.36 and before, just returning false in this hook can't display error message by default.
Set $status->value manually still to provide backward compatibility.

Bug: T280312
Change-Id: I78888247063c726ebcd18ba54a21d6c7891481fc
2021-04-24 02:02:01 +00:00
jenkins-bot ffe3b0cbc4 Merge "Clean up AbuseFilterViewHistory and AbuseFilterHistoryPager" 2021-04-19 14:37:00 +00:00
jenkins-bot ec804600c6 Merge "Stop using legacy ActorMigration fields" 2021-04-19 14:36:58 +00:00
Tim Starling 04f298c82c Stop using legacy ActorMigration fields
Migration was completed in MW 1.34, so it's no longer necessary to
call ActorMigration.

Bug: T278917
Change-Id: I26ad45b6d26756c3074c44f0192ceb04fb2698ae
2021-04-19 15:18:47 +10:00
DannyS712 0fa804ff3a QueryAbuseLog: remove duplicate setting $conds = []
Change-Id: I50ffe91656c9c74111a3ecd4808b8a1d2cd79504
2021-04-19 01:22:57 +00:00
Matěj Suchánek 644b7aa288 Clean up AbuseFilterViewHistory and AbuseFilterHistoryPager
- Untangle circular dependency.
- Inject dependencies.
- Declare class properties as private.

Change-Id: I7b9892c85d168024d6b44d182af9443fdfee45cc
2021-04-18 18:31:17 +02:00
jenkins-bot 0dc93136d6 Merge "Improve test coverage of API modules" 2021-04-18 16:03:25 +00:00
jenkins-bot 4332a20c34 Merge "Clean up (Global)AbuseFilterPager" 2021-04-18 16:02:30 +00:00
jenkins-bot 19bc3dcf9b Merge "Api: inject more abuse filter services" 2021-04-18 09:15:17 +00:00
Matěj Suchánek a2ee8c41e2 Improve test coverage of API modules
Also solve one a TODO.

Change-Id: I61a38f3c741274f00ad0ad4789106a943daef222
2021-04-18 10:37:38 +02:00
Matěj Suchánek 7ed7b97369 Clean up (Global)AbuseFilterPager
- Inject dependencies.
- Make class variables private or protected and rename them.

Untangling the circular dependency is left for a future patch.

Change-Id: I5d625e30171bfbf60d9f5a94fa50475fdfe853dd
2021-04-17 21:02:07 +02:00
jenkins-bot 5cd39a51fa Merge "Remove the old parser" 2021-04-17 15:21:54 +00:00
jenkins-bot 8a7511c5d2 Merge "Drop database patches for MW < 1.27" 2021-04-17 15:00:26 +00:00
jenkins-bot f869c74bb6 Merge "Remove deprecated $wgAbuseFilterCustomActionsHandlers" 2021-04-17 14:58:53 +00:00
jenkins-bot 5f65899b55 Merge "SECURITY: Use an anonymous user as creator for autocreations" 2021-04-17 10:50:02 +00:00
Daimona Eaytoy ddb06aa783 SECURITY: Use an anonymous user as creator for autocreations
This is saner, and allows consequences such as blocks to go through.

Bug: T272244
Change-Id: Ie1f4333d5b1c9d17fb2236fe38a31de427a4cc48
2021-04-16 14:34:16 -05:00
Daimona Eaytoy 25547c47ee SECURITY: Don't leak IPs when blocking anon account creations
The block log entry will be automatically suppressed, until we can
implement a better solution.

Bug: T152394
Change-Id: I8bae477ad7e4d0190335363ac2decf28e4313da1
2021-04-16 14:26:14 -05:00
Daimona Eaytoy 91d9e2e0d3 Give MySQL indexes explicit names, align MySQL and SQLite
Bug: T251613
Change-Id: I574bda15f0f5c92a7d97a6e3150981b8f97ee7fc
2021-04-15 11:30:30 +02:00
Daimona Eaytoy 560d6fe7b5 Drop database patches for MW < 1.27
Bug: T280012
Change-Id: I4ba68f1c7784f7f8b4cf661fe5e0918103c9dc15
2021-04-13 14:12:05 +02:00
James D. Forrester 6849817cf0 Make default wgAbuseFilterAflFilterMigrationStage SCHEMA_COMPAT_NEW
The only user we were worried about has now migrated to this; it auto-
ran in other installs just fine, so let's proceed.

Bug: T269712
Depends-On: I2b905f1e13ec13ec94d33527803c91c04b491eb2
Change-Id: Ie7d6bc95ebc871b0effee069e2146f2750d5f408
2021-04-12 15:29:00 -07:00
Daimona Eaytoy f67c2d5434 Remove deprecated $wgAbuseFilterCustomActionsHandlers
Extensions should now specify custom actions using the
AbuseFilterCustomActions hook.

Change-Id: Id21640d406b18c627eedff39d3f246cf21e042b3
2021-04-11 14:49:50 +00:00
Daimona Eaytoy f8438a4647 Remove the old parser
All methods were moved to the new parser. Tests and other pieces were
adjusted to expect just a single parser. There are still some TODOs
(remove AFPTransitionBase, remove $this->mCur), but these are left for
another commit.

Note that the new parser was not renamed: this is because the names are
wrong anyway (CachingParser is more of an Evaluator than a Parser, and
AFPTreeParser is the real parser, and should be renamed as well).

NOTE to reviewers: this patch looks quite big, but if you diff the old
parser with the new version of the CachingParser, you'll notice that the
diff is actually small, since everything was basically copied verbatim.

Bug: T239990
Change-Id: Ie914ef64c70503a201b4d2dec698ca2fa8e69b10
2021-04-09 13:23:07 +00:00
Daimona Eaytoy 3e2153b86b Update userCanViewRev to use Authority
Change-Id: Ia10acf499ce33af03eeea45e34779a00e6628fe1
2021-04-07 13:55:10 +02:00
DannyS712 6da2eaef01 Api: inject more abuse filter services
Bug: T259960
Change-Id: I50565bdc8669f233ac68589a203104bf1632d637
2021-04-04 19:23:33 +00:00
Matěj Suchánek edc347aee2 Clean up AbuseFilterViewRevert
- mark properties as private (unused outside)
  and rename them to avoid legacy naming
- do result filtering server-side
- order query by timestamp

Change-Id: If2d714753a2b040c5cefa8f8126f82a3c08dab44
2021-04-02 19:29:12 +02:00
jenkins-bot 69c2b2ca79 Merge "Api: inject AbuseFilterPermissionManager where needed" 2021-04-02 16:20:14 +00:00
Umherirrender b849e5daea Move documentation from hooks.txt to hook interfaces
The new system allows to have documentation directly at the interfaces

Change-Id: I3e8afb3605dea80db95e314b3dd42087e9bc1b06
2021-03-31 21:50:30 +02:00
DannyS712 1bd0b02441 Api: inject AbuseFilterPermissionManager where needed
Some of these api modules still retrieve other services
statically, this patch is focused just on injecting the
permission manager and setting up DI

Bug: T259960
Change-Id: Ic5196f230d68604fdf321f705377a1e6e1e2efca
2021-03-28 15:22:59 +00:00
DannyS712 db8d373a87 LazyVariableComputer: update parseNonEditWikitext documentation
Article::prepareContentForEdit is deprecated and being removed,
refer to WikiPage::prepareContentForEdit instead

Plus remove an extra line

Change-Id: Ie4438c710639a16557816b53510ce230d15d641c
2021-03-24 17:32:31 +00:00
Daimona Eaytoy 8b81df4d16 Fix fatal when computing user_editcount for anons
UserEditTracker checks that the user is not anonymous, whereas
User::getEditCount() would just return null. This was not spotted by
tests because UserEditTracker is mocked.

Bug: T277859
Follow-up: I8a55bd5cb17bbc259ec36c40261058e0b46ee4a6
Change-Id: I05fb6cc780c80b72b3278e6dc670ed2025628ffb
2021-03-19 13:09:03 +01:00
jenkins-bot fa8358ce0c Merge "Replace RecentChange::getPerformer with RecentChange::getPerformerIdentity" 2021-03-18 14:15:11 +00:00
jenkins-bot b23278d5a8 Merge "Apply proper visibility checks for recentchanges queries" 2021-03-18 10:03:54 +00:00
Vadim Kovalenko 85be3c57bc Replace RecentChange::getPerformer with RecentChange::getPerformerIdentity
Bug: T276412
Change-Id: I8a55bd5cb17bbc259ec36c40261058e0b46ee4a6
2021-03-15 16:57:40 +02:00
jenkins-bot 1c5e5eb1e2 Merge "Create distinct builders for plain and ace editor" 2021-03-13 13:36:53 +00:00
Daimona Eaytoy 3413d15b68 Apply proper visibility checks for recentchanges queries
Follow-up: I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2

Bug: T274152
Bug: T274158
Change-Id: I71a6d521bd12931ce60eec4d2dc35af19146000f
2021-03-11 11:52:48 +01:00
jenkins-bot 12f230b94b Merge "SECURITY: Remove deleted rows from /examine and /test" 2021-03-09 23:03:42 +00:00
jenkins-bot 577aa83309 Merge "SECURITY: Avoid deleted usernames leak in page_recent_contributors" 2021-03-09 22:50:20 +00:00
jenkins-bot 01d9cb2a89 Merge "SECURITY: Skip deleted RCs in /test if we're only showing matches" 2021-03-09 22:50:17 +00:00
jenkins-bot ecd84180c7 Merge "SECURITY: Avoid info leaks in ApiAbuseFilterCheckMatch" 2021-03-09 22:41:37 +00:00
jenkins-bot b9bd4b9492 Merge "SECURITY: Don't filter suppressions" 2021-03-09 22:41:35 +00:00
Daimona Eaytoy 33445addff SECURITY: Remove deleted rows from /examine and /test
This is kind of a nuclear option, if anything in a row is hidden, we
hide the whole row. This is just to keep this patch slim. A public
follow-up will adjust the visibility

Bug: T274152
Change-Id: I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2
2021-03-09 16:10:16 -06:00
Daimona Eaytoy f25c96f472 SECURITY: Avoid deleted usernames leak in page_recent_contributors
Bug: T71367
Change-Id: I8d5ed9ca84282ee50832035af86123633fc88293
2021-03-09 15:56:09 -06:00
Daimona Eaytoy 18f439053e SECURITY: Skip deleted RCs in /test if we're only showing matches
Otherwise we'd be telling whether the filter matches or not the edit. If
we're showing all edits regardless of whether they match the filter, we
can keep showing the row: it will be redacted (and the filter result
hidden) by AbuseFilterChangesList.

Bug: T223654
Change-Id: I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d
2021-03-09 15:46:21 -06:00
sbassett 64f3f7e6c5 SECURITY: Avoid info leaks in ApiAbuseFilterCheckMatch
There are various info leaks for both deleted rc rows, and suppressed
AbuseLog entries.

Bug: T223654
Change-Id: I4900b1be73323599d74e3164447f81eded094d75
2021-03-09 15:41:31 -06:00
Daimona Eaytoy 59e45409a6 SECURITY: Don't filter suppressions
Bug: T71617
Change-Id: I38a0a24fa32ca7a052b6940864a32b3856e84553
2021-03-09 15:38:55 -06:00
Daimona Eaytoy c5d19577a4 Fix method names of hook interfaces
The hook names contain a dash, which is mapped to an underscore by the
hook runner (see Ie8c8fb603b33ff95c8f8d52f392227f147c528d8), and the
previous method names weren't matching this.

Follow-up: Ic5c82a367e34135bbc0f00ece5aeef4f2d92881b

Change-Id: Ie80b62c49b2f4aaea49d5a1883f513348689d16a
2021-03-09 17:03:14 +00:00
jenkins-bot 5c355d3acb Merge "Use Language::userTimeAndDate" 2021-03-09 12:22:38 +00:00
Umherirrender 5e12102b6d Use Language::userTimeAndDate
Avoid use of global user

Change-Id: Ic30cfe705dfe39fca7dd45c6c2e1248dd37f08ff
2021-03-09 00:54:03 +01:00
Daimona Eaytoy 25d1abde0b Fix hook name
Dashes are mapped to underscores, but following the "modern" convention,
the hook name should be pure PascalCase.

Bug: T275798
Change-Id: I77909b3ee772b983c7933f3b82230476772bd3b5
2021-03-08 16:15:23 +00:00
Daimona Eaytoy 6ba8e93537 Create distinct builders for plain and ace editor
Change-Id: I9d2b7572fed6e0b3660d3b0d5dad324d6b75fde9
2021-03-08 09:44:58 +00:00
Daimona Eaytoy 92ecccbdc7 Simplify AbuseFilterBlockTest
Requires injecting a temporary block factory, and excluding
ManualLogEntry::insert from the test, but it's now much cleaner and
quicker.

It still cannot be a unit test due to the usage of User.

Change-Id: Iba9732d6d79733b31b45eb4d0187b1c8a82499dc
2021-03-05 14:18:01 +00:00
jenkins-bot 50334c27ce Merge "Use a different message for unprivileged users" 2021-02-28 14:05:08 +00:00
jenkins-bot ef4a5c4115 Merge "Make FilterProfiler independent of DeferredUpdate" 2021-02-28 13:18:51 +00:00
Matěj Suchánek 709803eb46 Make FilterProfiler independent of DeferredUpdate
Schedule the deferred update from FilterRunner, just like
we do with EmergencyCache.

Change-Id: I121211bb02a77c191001d11d4af3796e8572967e
2021-02-28 12:03:05 +01:00
Daimona Eaytoy 3365a648f2 Reject filters with invalid groups
It is currently possible to save a filter with an invalid group, if you
manually change the form data. So prevent this by validating the group
before saving.

Change-Id: I03f80b8c6ab583a357273f7b2679a424ac784db7
2021-02-27 16:01:09 +00:00
Matěj Suchánek b8ac52c51c Use independent stats for emergency disable
Bug: T264629
Change-Id: I64b611243b6a4c136b82b09f2ccf588d1c3e3426
2021-02-26 18:10:49 +01:00
jenkins-bot 1f3597f925 Merge "Update hit counts in a DeferredUpdate" 2021-02-23 06:34:17 +00:00
jenkins-bot 1b6e209ce6 Merge "Create a new method for authorizing access to test tools" 2021-02-22 18:00:06 +00:00
jenkins-bot 63a9c86607 Merge "Improve test coverage metrics" 2021-02-22 17:00:23 +00:00
jenkins-bot 54c56139a9 Merge "Avoid using User ::getCanonicalName" 2021-02-22 16:56:12 +00:00
jenkins-bot ea6a6ab4fc Merge "Fix StatsdDataFactory injection" 2021-02-22 16:56:09 +00:00
Matěj Suchánek 569c02f3ae Fix StatsdDataFactory injection
This was an obvious mistake and contradiction to
what the above comment stated.

Bug: T275369
Change-Id: Idf0c012151738fd842101586ab5c3e2656a86db2
2021-02-22 12:08:50 +01:00
vladshapik dcd038e613 Avoid using User ::getCanonicalName
Remove using of User::getCanonicalName since this method will be hard-deprecated. Now it is soft-deprecated

Bug: T275030
Change-Id: I3ce1199f18276096279ce3c80f63e53d023a0f5a
2021-02-21 23:16:40 +02:00
Matěj Suchánek c2376efddc Improve test coverage metrics
Change-Id: I1618883e3ade7dde538242fb51a36c22999df76d
2021-02-21 09:59:52 +01:00
jenkins-bot b050e36843 Merge "Align arg counting between the parsers" 2021-02-21 03:37:52 +00:00
Daimona Eaytoy 2470bea0d9 Update hit counts in a DeferredUpdate
Bug: T274455
Change-Id: Iadd383f150c5f9b736e37bfd8bdad56298f3d8d5
2021-02-21 03:15:16 +00:00
Matěj Suchánek 4f1a63107d Use a different message for unprivileged users
Everyone can examine generated variables but not everyone
can test filters. Concerns Special:AbuseFilter/examine.

Change-Id: I9c205a0f1d9a7fdf15c4998d43983b9fa37f4694
2021-02-20 17:55:09 +01:00
Matěj Suchánek 5d4025d8c9 Create a new method for authorizing access to test tools
This commit doesn't change any permissions for anybody.
It's the first step to achieve what the task asks for.

Bug: T242821
Change-Id: I8060ca926e6769b11d470fe4037854cda496000d
2021-02-20 17:54:35 +01:00
jenkins-bot b02594a8aa Merge "Avoid using Title in addNavigationLinks" 2021-02-20 14:52:51 +00:00
jenkins-bot 8575201ab2 Merge "Do not serialize RunnerData to array in FilterRunner" 2021-02-20 14:47:15 +00:00
Daimona Eaytoy 2bb5c3c7b5 Align arg counting between the parsers
1 - Change the structure of if/elseif for readability
2 - In the old parser, if there's an empty argument, never add it (the
new parser was already doing that).

Bug: T156095
Bug: T156096
Change-Id: I4237b1a0ba01e7ce04dcc945f7daf34612fcf07d
2021-02-20 14:33:56 +00:00
Matěj Suchánek ca806b46b7 Avoid using Title in addNavigationLinks
Simple TitleValue object will do the same job.
I verified LinkRenderer localizes the targets.

Change-Id: Ia25659947da1d2d7e5557884b2ab9153c9c1bc43
2021-02-19 19:00:01 +01:00
Daimona Eaytoy e64049c30b Create dedicated types of parser exceptions
Introduce a clear distinction between internal exceptions and
user-visible exceptions, leaving AFPException as base abstract class.

Later, it should be possible to narrow some types around, e.g. in
ParserStatus (that might work with user-visible exceptions only).

Also a future TODO is putting all the exceptions in their own namespace
(probably ...\Parser\Exception).

Change-Id: I4e33a45117f0a3e73af03cc1e3f2734beaf2b5e1
2021-02-12 13:56:02 +00:00
Matěj Suchánek c18e4a4a5f Do not serialize RunnerData to array in FilterRunner
Change-Id: Ia803042224959e516bc14bdc034421b8e80390a8
2021-02-12 14:03:50 +01:00
jenkins-bot 431226ac39 Merge "Serialize all data for edit stash" 2021-02-12 13:01:10 +00:00
Reedy e197161c79 Use updated CheckUser Hooks class
Depends-On: I3f66b660f9d59c0e88b182c9b06ee8cec994348e
Change-Id: Ia488ce647c5dbd0ab83d2782e76d8c6a35f53bfb
2021-02-11 19:27:06 +00:00
Matěj Suchánek a51b9bf903 Serialize all data for edit stash
Thanks to this, we will be able to provide more information
to consequences and watchers, which will open door for new
features and possibly cleaner code.

Change-Id: I7135509823ea84b2a2923d2c1831ce293b98a9f9
2021-02-11 15:09:50 +01:00
jenkins-bot 64cf6e2e7a Merge "Allow testing Flow edits" 2021-02-10 16:56:08 +00:00
Daimona Eaytoy 4067f54351 Allow testing Flow edits
Bug: T115128
Depends-On: Ia736596d0e65904b62233e7625868c9988ffa9ff
Change-Id: Ifc014f190298bfcb17f3e9b6c2f630e027cb4116
2021-02-10 15:04:00 +00:00
Matěj Suchánek 2b3af752ef Get rid of hitCondLimit parameter and field
As the todo says, move the check to the callers.

Change-Id: I5c5fbf772ca57758c901a1ae8068a0f119b4f26f
2021-02-08 15:48:59 +00:00
Matěj Suchánek 1a0a702641 Create RunnerData class to store data about filter runtime and results
Get rid of the $profilingData property.

Change-Id: I608e7b9bcf9e91d9afaadfb8cd191e60d47f9db7
2021-02-08 16:06:25 +01:00
Matěj Suchánek 0eff5a3fa0 Separate loose and backwards compatible code
Small refactoring. Create checkAllFiltersInternal and process
its return value in checkAllFilters to ensure compatibility.

Also fix some annotations.

Change-Id: If9d296de48f08d719f1700f88870002b814c5b31
2021-02-08 11:18:53 +01:00
Matěj Suchánek 865b7023e4 Make FilterRunner::checkFilter return ParserStatus
This is a small refactoring. The method is protected,
so we only take care of compatibility of ::checkAllFilters.

This might be also be useful if we decide to work on T174554.

Change-Id: I83cd58ec325972264e86d7a73366c0affed0a37e
2021-02-07 12:28:45 +01:00
jenkins-bot a7b24b1dee Merge "Clean up EditStashCache and test" 2021-02-07 01:32:26 +00:00
Daimona Eaytoy a5d79f426c Clean up EditStashCache and test
Change-Id: I952b7bb32d8697c89988f4e0eda8d3177cb30972
2021-02-06 23:16:32 +00:00
jenkins-bot 27c0130d53 Merge "Skip regexp validation if the regex is (partly) unknown" 2021-02-06 21:50:35 +00:00
jenkins-bot d7204eaf73 Merge "Use a different message prefix for parser warnings" 2021-02-06 19:19:19 +00:00
jenkins-bot 3ea76b04ef Merge "Move all "secondary" hooks away from AbuseFilterHooks" 2021-02-06 18:46:01 +00:00
Daimona Eaytoy 4dbde4dcf0 Use a different message prefix for parser warnings
The abusefilter-warning prefix is reserved for filter warnings. Pointed
out by Matěj.

Change-Id: I169e4c3d29b08c7f5af2136a683fc4427f8e93f5
2021-02-06 15:42:33 +00:00
jenkins-bot 2de19b61d2 Merge "Introduce EditStashCache" 2021-02-06 15:36:52 +00:00
Matěj Suchánek 6bb44fd088 Introduce EditStashCache
This class is responsible for interaction with edit stash.

Bug: T271520
Change-Id: I7cc32de0494e76cd9ba12220235c1cdb6b1d5ee1
2021-02-06 12:43:34 +01:00
jenkins-bot c81f791804 Merge "Add a hook to allow computing variables from different types of RC rows" 2021-02-05 16:43:48 +00:00
Daimona Eaytoy 1893120748 Fix doc of AbuseFilterParser::evaluateExpression
It was changed to use AFPData::toNative, so it no longer returns a
string. Instead, it can return any PHP native type.

Change-Id: I92eba03a5fa1149860634a97318b5b15807eb5a5
2021-02-05 16:23:37 +01:00
jenkins-bot 707450c01c Merge "Add debug logging for edits presumably prevented by other extensions" 2021-02-05 11:20:29 +00:00
Daimona Eaytoy 634742324e Add debug logging for edits presumably prevented by other extensions
Bug: T211680
Change-Id: I0c9ac09044122521f67ffaf38a92e42b20f3ea43
2021-02-04 23:18:49 +00:00
jenkins-bot 07612675f4 Merge "Use Authority in TextExtractor" 2021-02-04 17:53:52 +00:00
jenkins-bot 38772b193d Merge "Partial integration of EditBoxBuilder with HTMLForm" 2021-02-04 17:41:29 +00:00
Daimona Eaytoy 28bd23f38d Skip regexp validation if the regex is (partly) unknown
Bug: T273809
Change-Id: Ib8ab29ad69088baf5b826d9cdada0ded29a58871
2021-02-04 15:16:22 +00:00
Daimona Eaytoy b0058c0f1b Use Authority in TextExtractor
And make its test a pure unit test, as per TODO comment.

Change-Id: Ia3ca38702ea61c5e551a581248d2b9471ef881fb
2021-02-02 00:43:01 +00:00
Daimona Eaytoy da6165b3dd Move all "secondary" hooks away from AbuseFilterHooks
Every hook that is not directly responsible for filtering an action is
now moved to its own handler class. Some of these are still static
methods because the respective hooks still use the old system.

Bug: T261067
Change-Id: I157169f968a7d6a4d1bcfde09358e5a66a3353bf
2021-02-01 17:29:26 +01:00
Daimona Eaytoy bf9142a644 Partial integration of EditBoxBuilder with HTMLForm
This patch adds a transparent HTMLForm field that can be used to insert
the edit box inside an HTMLForm, and updates /test and /tools to use
that. The field class, together with the other editbox-related classes,
is now in a dedicated namespace. A future TODO is making it a real
HTMLForm field.

Also improve a bit the form in /test: add section labels and
avoid reusing the same label message used on Special:AbuseFilter.

Bug: T261584
Change-Id: Ib74bb5fdba4f8476169b754030fce6d4f72ce65a
2021-02-01 16:23:42 +00:00
Daimona Eaytoy db09ad81e0 Add a hook to allow computing variables from different types of RC rows
Bug: T115128
Change-Id: Ia6de35b70f491591ea6eb699106ba97c94510091
2021-02-01 14:57:10 +00:00
Daimona Eaytoy a4a0503174 Mixed improvements for AbuseFilter pages and forms
- Clarify the label of the search form on Special:AbuseFilter
- Move introductory paragraphs to the very beginning of the page:
-- Before the profiling data on Special:AbuseFilter
-- Before the search form on Special:AbuseLog
- Make the search form on Special:AbuseFilter collapsible, and collapsed
  by default
- Make a few buttons primary+progressive, specifically those that take
  the user to a different page or act as submit-like buttons

Bug: T261584
Change-Id: I54517b01a9ea81d276283140e5cfafef575c3e2b
2021-02-01 15:51:43 +01:00
Aaron Schulz dddfcd6f0f Consolidate the per-filter deferred profiling updates into one deferred update
This makes debug logs easier to follow without all of the update spam

Change-Id: I6fb0b3b16a05e35b086edc0a50e20c5265ee2a3a
2021-01-27 15:11:58 -08:00
jenkins-bot d96f0ea3f2 Merge "Introduce an EditRevUpdater service" 2021-01-27 00:33:29 +00:00
Daimona Eaytoy a04a601240 Introduce an EditRevUpdater service
This service allows linking the EditFilterMergedContent and
PageSaveComplete hooks for the same edit, so we can update rev IDs in
the abuse_filter_log table. Having such a services also avoids two hacky
static props, and should allow separating the hook handlers easily.

Change-Id: I622d15225ee3af202cb5730a7112652aef8ca71a
2021-01-27 00:24:39 +01:00
Daimona Eaytoy 5c43c0ab35 Allow single IPs in ip_in_range
Also add a bunch of tests for this function.

REMINDER: Change the docs on mw.org when this will be merged.

Bug: T218074
Depends-On: I155024341e8e6b13240e37b30c31b95dc83a47e0
Change-Id: I979e45110bc0e76b499679184993085062ffcac5
2021-01-26 04:37:51 +00:00
Daimona Eaytoy 44dd0f6c96 Catch FilterNotFoundException in ApiQueryAbuseLog
And report an invalid ID in this case. Also, assume that the filter is
hidden if the global DB is not available, for consistency with the UI.

Bug: T272593
Change-Id: Ic08023161d95be5cadc8837d3aaaf941cacd89bd
2021-01-22 01:54:40 +00:00
jenkins-bot 4f9676677c Merge "Don't return the status of doBlockInternal when processing block actions" 2021-01-21 10:25:46 +00:00
jenkins-bot 825537c232 Merge "Catch CentralDBNotAvailableException in ViewExamine" 2021-01-21 10:24:01 +00:00
Daimona Eaytoy 2c9f2faa9f Catch ClosestFilterVersionNotFoundException in ViewDiff
Use null if no version can be found, like the previous code.
Follow-up: I747216df65c2f34f7167612e90506890bc61880a

Bug: T272505
Change-Id: Ie574523fb8a779dda495b05ed6d56fd3f4086f1d
2021-01-20 17:25:47 +01:00
Daimona Eaytoy 0a45c0abc8 Don't return the status of doBlockInternal when processing block actions
This will not be correct if the target already has a partial block
applied (which is very rare BTW). Leaving a TODO because this is low
priority.

Also keep returning the status in tests, because it makes tests easier
to write.

Change-Id: Ifac795125927d584a31d95e1b4c4241eef860fa1
2021-01-19 22:38:20 +00:00
Daimona Eaytoy 7800c3fdcf Catch CentralDBNotAvailableException in ViewExamine
Bug: T272361
Change-Id: Ic7e5b5a4c55264fe340fec88be4cef1461d4de42
2021-01-19 14:54:18 +01:00
jenkins-bot daaf9a6bbe Merge "Increase coverage for more classes" 2021-01-18 00:07:28 +00:00
Daimona Eaytoy bebc7b40de Bump cache key version of FilterLookup::getAllActiveFiltersInGroup
The DB lookup was changed to return ExistingFilter objects, not Filter,
and FilterRunner also requires ExistingFilter's. So update the version
to avoid fatals due to cached data.

Bug: T272248
Change-Id: I1076f65df5b6d030cea40beb2266c9ec54fa675f
2021-01-17 23:55:11 +01:00
Daimona Eaytoy 005cc83642 Increase coverage for more classes
Change-Id: Iae6a24291f821fda77a45d8c1584de010af6a834
2021-01-17 17:38:58 +00:00
jenkins-bot 3306c341fc Merge "Make User::get* calls explicit in LazyVariableComputer" 2021-01-17 02:49:20 +00:00
Daimona Eaytoy bae4d8f20d Use FilterLookup in HistoryPager to retrieve the previous version
Change-Id: I6d8548b4e5171b4ccbc42dd0d57079c3bda40a03
2021-01-17 00:47:38 +00:00
Daimona Eaytoy 22b408d9e6 Use Filter objects in ViewDiff
And cleanup weird spacing, conditionals, etc.

Change-Id: I747216df65c2f34f7167612e90506890bc61880a
2021-01-17 00:47:33 +00:00
Daimona Eaytoy 8639e0c368 Introduce subclasses of Filter with specific use cases
In particular, this brings stronger typing for getID(), and we can get
rid of many phan suppressions.

Change-Id: Icbf3a6f7db8105082646ec227f62c09449fb165d
2021-01-17 00:47:29 +00:00
Daimona Eaytoy ed49f86b74 Make User::get* calls explicit in LazyVariableComputer
With explicit calls it's easier to see what method is being used,
whether it's deprecated, etc. Some methods here are in fact deprecated
or already have a proper replacement, but this is left for a follow-up.

Change-Id: Iee3154855f86c76aab98e7c14250c14e8b9ee939
2021-01-17 00:35:40 +00:00
jenkins-bot 64eb1c2688 Merge "Improve coverage for several classes" 2021-01-16 23:40:52 +00:00
Daimona Eaytoy a4d3548d47 Remove dead code
Change-Id: I4f4065aeaf5b015679c28808be430f8af99d1294
2021-01-16 16:59:42 +01:00
Daimona Eaytoy 5fcc5ef357 Improve coverage for several classes
Change-Id: I257524dd22a5617ac47a3565a5b8fe4855aa67c7
2021-01-16 15:01:40 +00:00
jenkins-bot 76ae26d51e Merge "Add unit tests for load-first-author method" 2021-01-15 18:02:15 +00:00
jenkins-bot e35ab7c3e7 Merge "Improve coverage of parser-related classes" 2021-01-15 16:45:10 +00:00
jenkins-bot b12778316a Merge "Improve coverage for hooks" 2021-01-15 03:43:52 +00:00
Daimona Eaytoy a9722868ab Improve coverage of parser-related classes
Change-Id: I229c528505f0208b34f37d8c969450731e5a08a3
2021-01-15 03:16:48 +00:00
jenkins-bot 504e807b5f Merge "Misc coverage improvements" 2021-01-15 02:15:42 +00:00
jenkins-bot 7d6d0f9b8a Merge "Improve coverage around consequences" 2021-01-15 02:12:18 +00:00
Daimona Eaytoy 159046fc5a Misc coverage improvements
Change-Id: I656d9c9eedf4e8b8dfb7a13513d699e5ced22423
2021-01-15 00:51:16 +00:00
Daimona Eaytoy ab2ad164ff Improve coverage around consequences
Add a lot more unit tests, improve code testability, remove duplicated
integration tests.

Change-Id: Id8c9266ae107217047f267296070f26f575889d1
2021-01-15 00:51:04 +00:00
Daimona Eaytoy 66928eda89 Remove deprecated param
Depends-On: Ie6abd2df5cf1b09c35f0a9e53b0d559e887de09b
Depends-On: Id99b94806095a974a65dd892b2200e59c475802f
Change-Id: I9a33cadb9903461038aa1095be18b68a60dd726d
2021-01-14 23:43:51 +01:00
Daimona Eaytoy 10c7a11077 Improve coverage for hooks
- Exclude a couple of classes from coverage reports
- Add tests for all handlers
- Add tests for the runner, copied from core
- Make AbuseFilterRunner a real service

Change-Id: I7a0fe3cd8300faef5ef72d7f986b1734c324d8d1
2021-01-14 22:49:24 +01:00
jenkins-bot 192fb15e4d Merge "Refactor VariableGenerator and LazyVariableComputer tests" 2021-01-14 21:47:13 +00:00
Daimona Eaytoy 8646db7573 Add unit tests for load-first-author method
This is using core methods, so it can be unit tested. The same isn't
true for load-recent-authors, which performs a custom DB query and whose
test is probably the slowest AbuseFilter test. Simplify it for now,
until the method is moved to MW core.

Change-Id: Ifbdae1a06aabca996eeac151a6d029fd991ad64d
2021-01-14 17:23:54 +01:00
Daimona Eaytoy bfbdd13c2e Restore hide link when viewing single AbuseLog entries
Partial revert of I13f476d8126f81b0417e7509784c83d4f21cf348

Bug: T271667
Change-Id: I58f162c7ed72c42b24b214d3857590bfd66e8f82
2021-01-12 11:56:19 +01:00
jenkins-bot 57fbeddbd0 Merge "Add pure unit tests for FilterRunner" 2021-01-09 13:56:24 +00:00
Daimona Eaytoy 9afc968523 Refactor VariableGenerator and LazyVariableComputer tests
Additionally, avoid building Title objects in LazyVariableComputer, it
just adds a dependency on TitleFactory and creating mocks is more
complicated, but it's pointless because the caller already has a Title
object.

And also stop using Title::getEarliestRevTime(), since the replacement
is easy (we already have a RevisionLookup).

Note for reviewers about renames:
- Code VariableGeneratorDBTest was moved to LazyVariableComputerDBTest,
  RCVariableGeneratorTest, and AbuseFilterVariableGeneratorTest
- AbuseFilterVariableGenerator test was moved into a dedicated
  directory, methods were changed not to test the var values

Change-Id: I3dff8739a9b79f33321d836449b082c3ce63f277
2021-01-09 11:26:24 +00:00
jenkins-bot 208d64dc07 Merge "Don't show checkbox for hiding AbuseLog entries when showing details" 2021-01-08 09:30:46 +00:00
Daimona Eaytoy 5eee6f6e5d Don't show checkbox for hiding AbuseLog entries when showing details
The checkbox should only appear on Special:AbuseLog, not when deleting
items (checked with $this->hideEntries), AND not when viewing details of
a single entry, which is check with $isListItem.

Change-Id: Id2db07641bf98992b4838e4e7439ac3ee4b1ad8e
2021-01-07 16:25:59 +00:00
Daimona Eaytoy b8efb924f3 Fix a bunch of fatal errors seen in production
Mostly uncaught exceptions, that appeared in places where the previous
code was silently using DWIM-style booleans.
Also a TypeError due to ViewDiff not using filter objects.

Copy the fix from Ic8032592799756521a59ee23c0e76cb03a510b94 to another
place as well.

Bug: T271430
Bug: T271431
Bug: T271432
Bug: T271433
Change-Id: Ica4b82024c57482656cf6bca95bf37641c09cb9a
2021-01-07 17:17:43 +01:00
Daimona Eaytoy 72a23b4e5c Add pure unit tests for FilterRunner
Mainly constructor and conditions limit, which can be removed from
ConsequencesTest (where it was very slow).

Additionally, inject globals into FilterRunner.

Change-Id: I56ca67de6878dbc2185038faae3eb2b04fb56be9
2021-01-07 12:15:11 +00:00
Daimona Eaytoy 4c0690b4b1 Move getFirstFilterChange to FilterLookup
Additionally:
- Add typehints for stronger typing, and use strict comparison in the
  callers
- Use MIN instead of sorting, as the former is optimized by the DBMS;
  sorting was also happening on the wrong key, i.e. afh_timestamp, as
  opposed to afh_id

Change-Id: I631772fdfeb510b0bc8b582b84bcf2533d7bc097
2021-01-04 14:52:42 -08:00
jenkins-bot 6a153096ad Merge "Make HookRunner parameter mandatory in VariableGenerator" 2021-01-04 21:08:51 +00:00
jenkins-bot 93ec5951e2 Merge "Move remaining classes to own namespace" 2021-01-04 21:08:01 +00:00
jenkins-bot d0a7e7ec91 Merge "Move maintenance scripts to a separate namespace" 2021-01-04 21:07:56 +00:00
jenkins-bot 33a095efc6 Merge "Check for non-existing version in ViewDiff" 2021-01-04 21:01:25 +00:00
Daimona Eaytoy a5eab82204 Add a bunch of tests
Code change: in buildVarDumpTable remove special-cased null value. This
was used to avoid passing null to Html::element, but is no longer
necessary, since we now pretty-print the value.

Change-Id: I6180f6c53448d2a8c8c6066f222e9fd9df577554
2021-01-04 15:54:54 +01:00
Daimona Eaytoy b83d532830 Check for non-existing version in ViewDiff
Bug: T271069
Change-Id: I775061098bb5674b7842bce03e9da7a6e5555664
2021-01-04 14:17:25 +01:00
Daimona Eaytoy 4cc608e320 Make HookRunner parameter mandatory in VariableGenerator
Depends-On: Icae3c7cd00bd9be62a46f9e85c311e46157ccabf
Depends-On: Ie5031528593ea28f3cdc3169336aa0e4337306f7
Depends-On: I7ff2f90d890a74fa14f40535c4a567fb3124920e
Change-Id: I4d629e26e31517aa06e6215499cc3422f0fe6c72
2021-01-04 12:47:26 +01:00
Daimona Eaytoy 45f0a66616 Move remaining classes to own namespace
So everything can be loaded using PSR-4. These classes weren't renamed,
nor the alias for the AbuseFilter class was deprecated, because they
should be refactored first.

Change-Id: Ia328db58eb326968edf5591daac9bacf8c2f75da
2021-01-04 12:11:58 +01:00
Daimona Eaytoy d2fa65673c Move maintenance scripts to a separate namespace
Depends-On: Iaf3c218abd5578d604a89634c38d9156bb19a0d2
Change-Id: Ifcc2bff9e400fde564179fe6b96496ceae6b8623
2021-01-04 12:09:00 +01:00
jenkins-bot f7fb9ec57e Merge "Remove deprecated VariableHolder::getVar" 2021-01-03 23:10:14 +00:00
jenkins-bot 21890a7bea Merge "Introduce a VariableGeneratorFactory service" 2021-01-03 22:59:47 +00:00
jenkins-bot 1c67a5b223 Merge "Make VariableHolder param optional in VariableGenerator" 2021-01-03 22:17:12 +00:00
Daimona Eaytoy 496e5baaa5 Remove deprecated VariableHolder::getVar
Bug: T261069
Depends-On: I3468fa5339873efbbef1eaa22f4f654b4e9e166d
Change-Id: I46d69b0c43a45549ceddd837f2b37c76fec2e469
2021-01-03 19:14:13 +00:00
Daimona Eaytoy 6081bf90c4 Introduce a VariableGeneratorFactory service
So we can use DI in all generators. Some improvements were deliberately
omitted, e.g. injecting more services and relaxing User/Title to
UserIdentity/LinkTarget, and they'll be included in a subsequent commit.

Depends-On: I1f351071ef2b0b7c80e91407a9c3bb17be293044
Depends-On: Ie71740fac35a86f8fe03023080ae8ca08671243d
Depends-On: I589a0e1c2c5891070ab82cd5adfd9cedec19e67d
Change-Id: I92ef0abd5e45b672e6f297a71b3c2c345d56f136
2021-01-03 14:17:39 +01:00
jenkins-bot b0e8a76b2e Merge "DI for AbuseFilterSpecialPage" 2021-01-03 12:40:04 +00:00
Daimona Eaytoy 1beb405bc7 Make VariableHolder param optional in VariableGenerator
So we can remove it from callers and then use DI in this class.

Change-Id: I9055f54397279870740a7ff9567635ee4f17e4d2
2021-01-03 13:25:59 +01:00
Daimona Eaytoy 6e27a9ddb3 Cleanup variables-related classes
Change-Id: I20a7fe1a40255043ed0d125dee61ea6052dda69c
2021-01-02 18:19:38 +01:00
Daimona Eaytoy 762d71c51d Create a dedicated namespace for variables-related classes
Some cleanup is left for later to keep the diff easier to read.

Change-Id: Ife445b5e47e707ab77ec867ac3b005866aa74ef2
2021-01-02 18:16:48 +01:00
Daimona Eaytoy d3b330b6d4 Create a VariablesManager service
This makes VariableHolder a true value object, and introduces a
stateless service, VariableManager, to operate on it.

Note, in theory, this new service is still cyclically coupled with
LazyVariableComputed. However, it's now two stateless service being
coupled, not two smart/god value objects, so we've still earned
something. For now, the dependency is hidden by using a callback. Some
alternatives for that are mentioned in a code comment.

Bug: T261069
Change-Id: I2f2c84c8e91472ba36084a8bbb4a923f6e04354b
2021-01-02 17:15:31 +00:00
Daimona Eaytoy 3d33891ab1 Inherit hooks documentations in AbuseFilterHookRunner
Documentation is already in hooks.txt and in every hook interface, let's
not have to maintain it in a third place.

Change-Id: I8cc5e52b6bc164d9512d22283700966d4c51b943
2021-01-02 15:03:15 +01:00
jenkins-bot aaf8722a96 Merge "Harmonize HookAborterConsequence::getMessage implementations" 2021-01-02 13:42:13 +00:00
Matěj Suchánek 85a3e230e6 Harmonize HookAborterConsequence::getMessage implementations
I think either all or none should consider global filters.
Are there any backwards compatibility concerns?

Change-Id: I22b664e9752588edc195dc4e4f5369392f91ad23
2021-01-02 13:07:57 +01:00
Matěj Suchánek de5b7ee8ea DI for AbuseFilterSpecialPage
Change-Id: I5c702990398e0adb5fa73be54638cb8b6b268beb
2021-01-02 11:13:41 +01:00
Matěj Suchánek f5b18a36bf Move special page classes to own namespace
Change-Id: Ic2d13518924e77b1be96d1a7489abcd07e6d1dab
2021-01-02 10:54:13 +01:00
jenkins-bot d2884049be Merge "Add a TextExtractor service" 2021-01-01 19:36:42 +00:00
jenkins-bot b43fc2387c Merge "Inject the condition limit into AbuseFilterParser" 2021-01-01 19:20:57 +00:00
jenkins-bot 80e6e582e4 Merge "Make tests pass on SQLite" 2021-01-01 18:08:58 +00:00
Daimona Eaytoy aafd3bcfcd Inject the condition limit into AbuseFilterParser
Change-Id: I487ba25ca3f3ac4b84c3afaf88b35678944cdb4d
2021-01-01 18:27:06 +01:00
Daimona Eaytoy fad9a11f7a Add a TextExtractor service
This is an important step towards removing the AbuseFilter class. Note:
proposals for the name of the new service are welcome.

Change-Id: Ib4632173f728b1bdafadef96e01645a833bfceaa
2021-01-01 18:25:32 +01:00
Daimona Eaytoy b85f464530 Introduce a VariablesFormatter service
Moves more methods away from the AbuseFilter class. Testing
buildVarDumpTable is not easy because we'd have to parse the generated HTML.

Change-Id: I073a537201de150ba9dd7bf15a99f3a009dc6ba1
2021-01-01 15:45:52 +01:00
jenkins-bot 544911a78d Merge "Add a LazyVariableComputer service" 2021-01-01 00:18:32 +00:00
Daimona Eaytoy a6176399b1 Make tests pass on SQLite
Skip a test that fails with
  Wikimedia\Rdbms\DBQueryError: Error 5: database is locked
  Function: Wikimedia\Rdbms\Database::beginIfImplied (MediaWiki\Extension\AbuseFilter\FilterLookup::getAllActiveFiltersInGroupFromDB)
  
Probably due to some concurrency issue caused by the duplicate connection, and also with

  Wikimedia\Rdbms\DBQueryError: Error 1: no such table: unittest_external_abuse_filter
  Function: MediaWiki\Extension\AbuseFilter\FilterLookup::getAllActiveFiltersInGroupFromDB
  
for unknown reasons.

Move the mwGlobals override inside the test to avoid the same "database is locked" error
on every other test in that class.

Bug: T251967
Change-Id: I552a8d1fa532941f630fd734e590993e7462aeb0
2020-12-31 20:11:10 +00:00
Matěj Suchánek 2793e7f1cf Reversible consequences
Introduce ReversibleConsequence interface for Consequence classes
whose potentially destructive actions can be reverted using
Special:AbuseFilter/revert. This allows moving reverting logic from
AbuseFilterViewRevert to individual Consequence classes and testing.

Unfortunately, the code is definitely not very clean now.

Change-Id: I558da711f1645ccf64792c6102cf743827171320
2020-12-31 14:43:32 +01:00