Commit graph

42 commits

Author SHA1 Message Date
Bartosz Dziewoński 52723aec0c AbuseLogPager: Fix passing false as message parameter
Bug: T377917
Change-Id: I1e4eee10d7ee0cac777f89dd85f2e8bd364b8475
(cherry picked from commit 3b2b1c4fee)
2024-10-26 23:13:03 +00:00
Umherirrender c3af3157b4 Use namespaced classes
Changes to the use statements done automatically via script
Addition of missing use statement done manually

Change-Id: I48fcc02c61d423c9c5111ae545634fdc5c5cc710
2024-06-12 20:01:35 +02:00
jenkins-bot 056bcafe08 Merge "Use expression builder to build where conditions" 2024-06-09 03:45:36 +00:00
STran bf28dbce0e Allow variables to be restricted by user right
Some exposed variables (eg. `user_ip`) used in filters are sensitive
and need to only be available to restricted groups of users.

Back-end changes:
- Add `AbuseFilterProtectedVariables` which defines what variables are
  protected by the new right `abusefilter-access-protected-vars`
- Add the concept of a `protected` variable, the use of which will
  denote the entire filter as protected via a flag on `af_hidden`

New UX features:
- Display changes to the protected status of filters on history and diff
  pages
- Check for protected variables and the right to see them in filter
  validation and don't allow a filter to be saved if it uses a variable
  that the user doesn't have access to
- Check for the right to view protected variables before allowing access
  and edits to existing filters that use them

Bug: T364465
Bug: T363906
Change-Id: I828bbb4015e87040f69a8e10c7888273c4f24dd3
2024-06-04 06:54:53 -07:00
Umherirrender 69debb0a22 Use expression builder to build where conditions
Bug: T350968
Change-Id: I8a0fdf868efd403e02a68c5293a4e603d16657e6
2024-05-30 11:35:57 +02:00
STran ca23e9f06b Convert af_hidden into a bitmask
Protected variables will cause the filter using them to become
protected as well. `af_hidden` can be used to track this flag,
as it is a TINYINT and can be converted into a bitmask with no
schema changes.

This is not a backwards-compatible change, as now all checks must
check the `hidden` flag specifically or otherwise will be cast to
true if any flag is set.

To support this change:
- "hidden" is considered a flag set in the `af_hidden`. This is a
  change in concept with no need for updates to the column values,
  as there is currently only one flag in the bitmask.
- `Flag`s store the bitmask as well as the state of single flags
  and can return either.
- Any checks against the `af_hidden` value no longer check a
  boolean value and instead now check the `hidden` flag value.

Bug: T363906
Change-Id: I358205cb1119cf1e4004892c37e36e0c0a864f37
2024-05-28 00:59:08 -07:00
jenkins-bot 58c5edce98 Merge "Add user_unnamed_ip variable" 2024-05-23 18:10:52 +00:00
STran fe0b1cb9e9 Add user_unnamed_ip variable
After temporary accounts are enabled, filters that rely on an ip
in the `user_name` will fail (eg. `ip_in_range` and `ip_in_ranges`).
To keep these filters working:

- Expose the IP through another variable, `user_unnamed_ip`, that can be
  used instead of `user_name`.
- The variable is scoped to only reveal the IPs of temporary accounts
  and un-logged in users.
- Wikis that don't have temporary accounts enabled will be able to see
  this variable but it won't provide information that `user_name`
  wasn't already providing
- Introduce the concept of transforming variable values before writing
  to the blob store and after retrieval, as IPs need to be deleted from
  the logs eventually and can't be stored as-is in the amend-only blob
  store

Bug: T357772
Change-Id: I8c11e06ccb9e78b9a991e033fe43f5dded8f7bb2
2024-05-23 07:19:48 -07:00
Matěj Suchánek f9dcf46d70 Replace most Xml methods with Html
Xml::buildForm and Xml::fieldset are left.

Change-Id: Iff88869fd002165ec9ee80897d4deb585005b9d1
2024-05-08 13:08:52 +02:00
xtex bc6240fbda
Replace some deprecated functions
Change-Id: I4070a3655f2fac1d7afe1c3a244a64cb55019b9a
2024-05-04 21:32:04 +08:00
Alexander Vorwerk ce59b52c48 Add afl_var_dump to AbuseLogPager::getQueryInfo
Follow-Up: I08a399f1b6a66442317b151be5386c9d2485f1fb
Bug: T363213
Change-Id: I6cdd59687a7e23d472eb2aa7d5c55714967a77ee
2024-04-23 21:38:23 +02:00
Umherirrender 0a601acd6f Replace SELECT * with real list of used fields
It is a common pattern to avoid SELECT * and use the fields used by
the application to avoid loading to much data into memory and maybe use
performance benefits when fields are covered by index.

Change-Id: I08a399f1b6a66442317b151be5386c9d2485f1fb
2024-04-16 21:14:10 +02:00
Paladox f1feb6c456 Fix "PHP Deprecated: preg_replace_callback(): Passing null to parameter #3 ($subject) of type array|string is deprecated"
Change-Id: Ic5eff58389a66f56bd2a9585c476dcde5a93f4d1
2023-12-15 23:01:09 +00:00
Umherirrender bd84a6514c Use namespaced classes
This requires 1.42 for some new names

Changes to the use statements done automatically via script
Addition of missing use statements and changes to docs done manually

Change-Id: Ic1e2c9a0c891382744e4792bba1effece48e53f3
2023-12-10 23:03:12 +01:00
Umherirrender cd7e9d31a7 Use namespaced Title
Bug: T321681
Change-Id: I66fd9b70a5de06ac3c81bdf6a2a5bca64ed094c2
2023-08-19 19:49:36 +02:00
gerritbot 3f7e5c9271 Update moved class WikiMap
See T321882. Moved in I60cf4b9ef02b9d5

Bug: T321681
Change-Id: I2c9a5dbde0080984dad1a23eba52504c4b7df4d1
2023-04-25 09:52:41 +00:00
jenkins-bot f13f3dcd2c Merge "Call IContextSource::getAuthority instead of IContextSource::getUser" 2022-07-29 10:25:23 +00:00
dreamyjazz 0bb914c482 Add a space between the checkbox and timestamp in Special:AbuseLog
Add a space between the checkbox (shown for users who can hide abuse
filter entries) and the timestamp so that it looks nicer.

Change-Id: I6e495f8cb56ad8f0b53f06d2aecb8ac34b16ff25
2022-07-07 15:51:34 +01:00
Umherirrender dc4dd928b7 Call IContextSource::getAuthority instead of IContextSource::getUser
Change to use Authority object where possible
to use the interface instead of implementation

Change-Id: I90ef126b3d799c3fc27467a4ffe671785c446d3e
2022-07-03 16:37:18 +02:00
jenkins-bot 8ee28b2373 Merge "pager: Declare Title only for local filters" 2022-06-28 21:40:48 +00:00
Umherirrender 1f8e6f5737 pager: Fix LinkBatch for user name
Adding the user id to the LinkBatch does not preload the correct page

Change-Id: Iacc852fe1f3ee74849af6146218aecaff70363d9
2022-06-28 20:37:41 +02:00
Umherirrender 5c8296393c pager: Declare Title only for local filters
No need to get the Title for the global filter

Change-Id: I9d282f0112e7e380615ea3760c17f02792694113
2022-06-28 20:33:46 +02:00
Daimona Eaytoy 773d553c8e Remove SpecialAbuseLog::isHidden
This is a breaking change for the API: 'hidden' is now either true or
false, depending on afl_deleted. 'implicit' is no longer a possible
value, the caller should compute it instead if necessary.

Then simplify the remaining usage of isHidden, using a temporary private
method.

Bug: T291718
Change-Id: I97b5195d306c35ddca3f071d9ff4d896f9fd5c8d
2022-03-25 21:22:59 +00:00
Matěj Suchánek 95c0978dc6 Clean up AbuseLogPager
- Make $mConds private and rename it.
- Use the injected permission manager.

Change-Id: Ie92b63da50264226bde5b3b361916bb31fd9448e
2022-02-11 11:21:12 +01:00
jenkins-bot a332b3ff0f Merge "Remove afl_filter entirely" 2021-09-25 01:39:08 +00:00
Daimona Eaytoy e8471a717c Add method to properly check visibility of AbuseLog entries
This replaces the previous pattern of callers having to use
RevisionLookup if the result was 'implicit'. Also, in some cases where
we were just hiding things if the visibility was !== true, properly
handle the implicit case by using the new method. Make the new method
return string constants rather than bool|string.

The new method also fixes some potential info leaks which happened when
the row was hidden, the user could view suppressed AbuseLog entries, but
the associated revision was also deleted and the user couldn't see it
(this shouldn't be relevant for WMF wikis since AF deletion is
oversight-level).

Also add a bunch of tests for the various cases to ensure we don't
regress again.

Bug: T261532
Change-Id: I929f865acf5d207b739cb3af043f70cb59243ee0
2021-09-25 00:08:33 +00:00
Daimona Eaytoy dae374aec2 Remove afl_filter entirely
As per T220791, the old schema and the flag can be removed in 1.38.

Bug: T220791
Change-Id: Ic6b1c8a22d17a301faf32d2e23778d90c41c39de
2021-09-18 11:06:10 +00:00
Daimona Eaytoy ccd9b8c889 Re-add space in AbuseLog entries
Follows-up: I097d051e3c30e61d74a8e329b6110b219c72ec1a

Bug: T291206
Change-Id: Id5b6a715019b715a2da96dee71d52850b7984b21
2021-09-16 19:16:28 +02:00
libraryupgrader 2a4860e322 build: Updating mediawiki/mediawiki-phan-config to 0.11.0
Change-Id: I097d051e3c30e61d74a8e329b6110b219c72ec1a
2021-09-07 19:30:42 -07:00
libraryupgrader 5377ebe819 build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 36.0.0 → 37.0.0

npm:
* postcss: 7.0.35 → 7.0.36
  * https://npmjs.com/advisories/1693 (CVE-2021-23368)

Change-Id: I2b382f3bb236fb44eb24c6a257b13b8fd886541c
2021-07-21 18:51:18 +00:00
Umherirrender 5e12102b6d Use Language::userTimeAndDate
Avoid use of global user

Change-Id: Ic30cfe705dfe39fca7dd45c6c2e1248dd37f08ff
2021-03-09 00:54:03 +01:00
Daimona Eaytoy 005cc83642 Increase coverage for more classes
Change-Id: Iae6a24291f821fda77a45d8c1584de010af6a834
2021-01-17 17:38:58 +00:00
Daimona Eaytoy bfbdd13c2e Restore hide link when viewing single AbuseLog entries
Partial revert of I13f476d8126f81b0417e7509784c83d4f21cf348

Bug: T271667
Change-Id: I58f162c7ed72c42b24b214d3857590bfd66e8f82
2021-01-12 11:56:19 +01:00
Daimona Eaytoy 5eee6f6e5d Don't show checkbox for hiding AbuseLog entries when showing details
The checkbox should only appear on Special:AbuseLog, not when deleting
items (checked with $this->hideEntries), AND not when viewing details of
a single entry, which is check with $isListItem.

Change-Id: Id2db07641bf98992b4838e4e7439ac3ee4b1ad8e
2021-01-07 16:25:59 +00:00
Matěj Suchánek f5b18a36bf Move special page classes to own namespace
Change-Id: Ic2d13518924e77b1be96d1a7489abcd07e6d1dab
2021-01-02 10:54:13 +01:00
Daimona Eaytoy 7bcb5ec2d5 Add a service to format filter specs
This requires a MessageLocalizer, which currently means providing the
main RequestContext. This is the only alternative right now, until core
provides a proper MessageLocalizer service (see T247127).

Change-Id: I8c93e2ae7e7bd4fc561c5e8490ed2feb1ef0edc2
2020-12-19 14:22:08 +01:00
jenkins-bot a7e965bbad Merge "Overhaul the interface for hiding AbuseLog entries" 2020-12-15 02:33:33 +00:00
Daimona Eaytoy 5e609eb537 Add GlobalNameUtils class
This is just a temporary location for these two methods. Since they're
used a lot, having them in the AbuseFilter class means that the
dependency graph is unnecessarily complicated. Thus, since these methods
aren't doing much, they were moved to a dedicated class. Future todo is
finding an appropriate location, that might be either as part of another
service, or keep them in a Utilities class, perhaps a single class with
all util methods, rather than a specific class.

Change-Id: I52cc47a6b9a387cd1e68c5127f6598a4c43ca428
2020-12-12 17:49:48 +00:00
Daimona Eaytoy 21d7c08aa7 Overhaul the interface for hiding AbuseLog entries
The main change is the addition of checkboxes to hide/show multiple
entries at the same time. Also, tweaked some i18n and made the process
return more useful success/error messages.

This patch introduces some technical debt, caused by SpecialAbuseLog and
AbuseLogPager being tightly coupled (which is a pre-existing problem,
but it got worse here).

Bug: T260904
Bug: T144096
Bug: T206945
Bug: T206938
Change-Id: I13f476d8126f81b0417e7509784c83d4f21cf348
2020-12-11 20:55:08 +00:00
Daimona Eaytoy 86f308c6f0 Partly decouple SpecialAbuseLog and AbuseLogPager
Move to the latter some methods that make more sense in there. Inject
some more services, don't require a SpecialAbuseLog to be passed in the
constructor.

There are still a couple of static calls, but fixing those would require
factoring more classes out of SpecialAbuseLog (e.g. a service to
determine visibility of AbuseLog entries).

Change-Id: I1b3012ca85bf049a07e0433fc0b357f502c355ad
2020-12-11 20:53:53 +00:00
Daimona Eaytoy 815ef6051c Split afl_filter in afl_filter_id and afl_global
Add a script to migrate the columns (which can also
be executed in dry run), and a config option with the migration stage
(defaults to SCHEMA_COMPAT_OLD).
Some of the script-related code is stolen from
Ic755526d5f989c4a66b1d37527cda235f61cb437.

Bug: T220791
Change-Id: I7460a2d63f60c2933b36f8383a8abdbba8649e12
2020-12-08 18:31:27 +00:00
Daimona Eaytoy 1a3bd4b2b3 Move pagers to their own namespace
Change-Id: I5d3da5e51bbc54179c0618f1877f2eabb8302542
2020-12-03 14:17:09 +00:00
Renamed from includes/pagers/AbuseLogPager.php (Browse further)