Commit graph

1379 commits

Author SHA1 Message Date
DannyS712 db8d373a87 LazyVariableComputer: update parseNonEditWikitext documentation
Article::prepareContentForEdit is deprecated and being removed,
refer to WikiPage::prepareContentForEdit instead

Plus remove an extra line

Change-Id: Ie4438c710639a16557816b53510ce230d15d641c
2021-03-24 17:32:31 +00:00
Daimona Eaytoy 8b81df4d16 Fix fatal when computing user_editcount for anons
UserEditTracker checks that the user is not anonymous, whereas
User::getEditCount() would just return null. This was not spotted by
tests because UserEditTracker is mocked.

Bug: T277859
Follow-up: I8a55bd5cb17bbc259ec36c40261058e0b46ee4a6
Change-Id: I05fb6cc780c80b72b3278e6dc670ed2025628ffb
2021-03-19 13:09:03 +01:00
jenkins-bot fa8358ce0c Merge "Replace RecentChange::getPerformer with RecentChange::getPerformerIdentity" 2021-03-18 14:15:11 +00:00
jenkins-bot b23278d5a8 Merge "Apply proper visibility checks for recentchanges queries" 2021-03-18 10:03:54 +00:00
Vadim Kovalenko 85be3c57bc Replace RecentChange::getPerformer with RecentChange::getPerformerIdentity
Bug: T276412
Change-Id: I8a55bd5cb17bbc259ec36c40261058e0b46ee4a6
2021-03-15 16:57:40 +02:00
jenkins-bot 1c5e5eb1e2 Merge "Create distinct builders for plain and ace editor" 2021-03-13 13:36:53 +00:00
Daimona Eaytoy 3413d15b68 Apply proper visibility checks for recentchanges queries
Follow-up: I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2

Bug: T274152
Bug: T274158
Change-Id: I71a6d521bd12931ce60eec4d2dc35af19146000f
2021-03-11 11:52:48 +01:00
jenkins-bot 12f230b94b Merge "SECURITY: Remove deleted rows from /examine and /test" 2021-03-09 23:03:42 +00:00
jenkins-bot 577aa83309 Merge "SECURITY: Avoid deleted usernames leak in page_recent_contributors" 2021-03-09 22:50:20 +00:00
jenkins-bot 01d9cb2a89 Merge "SECURITY: Skip deleted RCs in /test if we're only showing matches" 2021-03-09 22:50:17 +00:00
jenkins-bot ecd84180c7 Merge "SECURITY: Avoid info leaks in ApiAbuseFilterCheckMatch" 2021-03-09 22:41:37 +00:00
jenkins-bot b9bd4b9492 Merge "SECURITY: Don't filter suppressions" 2021-03-09 22:41:35 +00:00
Daimona Eaytoy 33445addff SECURITY: Remove deleted rows from /examine and /test
This is kind of a nuclear option, if anything in a row is hidden, we
hide the whole row. This is just to keep this patch slim. A public
follow-up will adjust the visibility

Bug: T274152
Change-Id: I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2
2021-03-09 16:10:16 -06:00
Daimona Eaytoy f25c96f472 SECURITY: Avoid deleted usernames leak in page_recent_contributors
Bug: T71367
Change-Id: I8d5ed9ca84282ee50832035af86123633fc88293
2021-03-09 15:56:09 -06:00
Daimona Eaytoy 18f439053e SECURITY: Skip deleted RCs in /test if we're only showing matches
Otherwise we'd be telling whether the filter matches or not the edit. If
we're showing all edits regardless of whether they match the filter, we
can keep showing the row: it will be redacted (and the filter result
hidden) by AbuseFilterChangesList.

Bug: T223654
Change-Id: I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d
2021-03-09 15:46:21 -06:00
sbassett 64f3f7e6c5 SECURITY: Avoid info leaks in ApiAbuseFilterCheckMatch
There are various info leaks for both deleted rc rows, and suppressed
AbuseLog entries.

Bug: T223654
Change-Id: I4900b1be73323599d74e3164447f81eded094d75
2021-03-09 15:41:31 -06:00
Daimona Eaytoy 59e45409a6 SECURITY: Don't filter suppressions
Bug: T71617
Change-Id: I38a0a24fa32ca7a052b6940864a32b3856e84553
2021-03-09 15:38:55 -06:00
Daimona Eaytoy c5d19577a4 Fix method names of hook interfaces
The hook names contain a dash, which is mapped to an underscore by the
hook runner (see Ie8c8fb603b33ff95c8f8d52f392227f147c528d8), and the
previous method names weren't matching this.

Follow-up: Ic5c82a367e34135bbc0f00ece5aeef4f2d92881b

Change-Id: Ie80b62c49b2f4aaea49d5a1883f513348689d16a
2021-03-09 17:03:14 +00:00
jenkins-bot 5c355d3acb Merge "Use Language::userTimeAndDate" 2021-03-09 12:22:38 +00:00
Umherirrender 5e12102b6d Use Language::userTimeAndDate
Avoid use of global user

Change-Id: Ic30cfe705dfe39fca7dd45c6c2e1248dd37f08ff
2021-03-09 00:54:03 +01:00
Daimona Eaytoy 25d1abde0b Fix hook name
Dashes are mapped to underscores, but following the "modern" convention,
the hook name should be pure PascalCase.

Bug: T275798
Change-Id: I77909b3ee772b983c7933f3b82230476772bd3b5
2021-03-08 16:15:23 +00:00
Daimona Eaytoy 6ba8e93537 Create distinct builders for plain and ace editor
Change-Id: I9d2b7572fed6e0b3660d3b0d5dad324d6b75fde9
2021-03-08 09:44:58 +00:00
Daimona Eaytoy 92ecccbdc7 Simplify AbuseFilterBlockTest
Requires injecting a temporary block factory, and excluding
ManualLogEntry::insert from the test, but it's now much cleaner and
quicker.

It still cannot be a unit test due to the usage of User.

Change-Id: Iba9732d6d79733b31b45eb4d0187b1c8a82499dc
2021-03-05 14:18:01 +00:00
jenkins-bot 50334c27ce Merge "Use a different message for unprivileged users" 2021-02-28 14:05:08 +00:00
jenkins-bot ef4a5c4115 Merge "Make FilterProfiler independent of DeferredUpdate" 2021-02-28 13:18:51 +00:00
Matěj Suchánek 709803eb46 Make FilterProfiler independent of DeferredUpdate
Schedule the deferred update from FilterRunner, just like
we do with EmergencyCache.

Change-Id: I121211bb02a77c191001d11d4af3796e8572967e
2021-02-28 12:03:05 +01:00
Daimona Eaytoy 3365a648f2 Reject filters with invalid groups
It is currently possible to save a filter with an invalid group, if you
manually change the form data. So prevent this by validating the group
before saving.

Change-Id: I03f80b8c6ab583a357273f7b2679a424ac784db7
2021-02-27 16:01:09 +00:00
Matěj Suchánek b8ac52c51c Use independent stats for emergency disable
Bug: T264629
Change-Id: I64b611243b6a4c136b82b09f2ccf588d1c3e3426
2021-02-26 18:10:49 +01:00
jenkins-bot 1f3597f925 Merge "Update hit counts in a DeferredUpdate" 2021-02-23 06:34:17 +00:00
jenkins-bot 1b6e209ce6 Merge "Create a new method for authorizing access to test tools" 2021-02-22 18:00:06 +00:00
jenkins-bot 63a9c86607 Merge "Improve test coverage metrics" 2021-02-22 17:00:23 +00:00
jenkins-bot 54c56139a9 Merge "Avoid using User ::getCanonicalName" 2021-02-22 16:56:12 +00:00
jenkins-bot ea6a6ab4fc Merge "Fix StatsdDataFactory injection" 2021-02-22 16:56:09 +00:00
Matěj Suchánek 569c02f3ae Fix StatsdDataFactory injection
This was an obvious mistake and contradiction to
what the above comment stated.

Bug: T275369
Change-Id: Idf0c012151738fd842101586ab5c3e2656a86db2
2021-02-22 12:08:50 +01:00
vladshapik dcd038e613 Avoid using User ::getCanonicalName
Remove using of User::getCanonicalName since this method will be hard-deprecated. Now it is soft-deprecated

Bug: T275030
Change-Id: I3ce1199f18276096279ce3c80f63e53d023a0f5a
2021-02-21 23:16:40 +02:00
Matěj Suchánek c2376efddc Improve test coverage metrics
Change-Id: I1618883e3ade7dde538242fb51a36c22999df76d
2021-02-21 09:59:52 +01:00
jenkins-bot b050e36843 Merge "Align arg counting between the parsers" 2021-02-21 03:37:52 +00:00
Daimona Eaytoy 2470bea0d9 Update hit counts in a DeferredUpdate
Bug: T274455
Change-Id: Iadd383f150c5f9b736e37bfd8bdad56298f3d8d5
2021-02-21 03:15:16 +00:00
Matěj Suchánek 4f1a63107d Use a different message for unprivileged users
Everyone can examine generated variables but not everyone
can test filters. Concerns Special:AbuseFilter/examine.

Change-Id: I9c205a0f1d9a7fdf15c4998d43983b9fa37f4694
2021-02-20 17:55:09 +01:00
Matěj Suchánek 5d4025d8c9 Create a new method for authorizing access to test tools
This commit doesn't change any permissions for anybody.
It's the first step to achieve what the task asks for.

Bug: T242821
Change-Id: I8060ca926e6769b11d470fe4037854cda496000d
2021-02-20 17:54:35 +01:00
jenkins-bot b02594a8aa Merge "Avoid using Title in addNavigationLinks" 2021-02-20 14:52:51 +00:00
jenkins-bot 8575201ab2 Merge "Do not serialize RunnerData to array in FilterRunner" 2021-02-20 14:47:15 +00:00
Daimona Eaytoy 2bb5c3c7b5 Align arg counting between the parsers
1 - Change the structure of if/elseif for readability
2 - In the old parser, if there's an empty argument, never add it (the
new parser was already doing that).

Bug: T156095
Bug: T156096
Change-Id: I4237b1a0ba01e7ce04dcc945f7daf34612fcf07d
2021-02-20 14:33:56 +00:00
Matěj Suchánek ca806b46b7 Avoid using Title in addNavigationLinks
Simple TitleValue object will do the same job.
I verified LinkRenderer localizes the targets.

Change-Id: Ia25659947da1d2d7e5557884b2ab9153c9c1bc43
2021-02-19 19:00:01 +01:00
Daimona Eaytoy e64049c30b Create dedicated types of parser exceptions
Introduce a clear distinction between internal exceptions and
user-visible exceptions, leaving AFPException as base abstract class.

Later, it should be possible to narrow some types around, e.g. in
ParserStatus (that might work with user-visible exceptions only).

Also a future TODO is putting all the exceptions in their own namespace
(probably ...\Parser\Exception).

Change-Id: I4e33a45117f0a3e73af03cc1e3f2734beaf2b5e1
2021-02-12 13:56:02 +00:00
Matěj Suchánek c18e4a4a5f Do not serialize RunnerData to array in FilterRunner
Change-Id: Ia803042224959e516bc14bdc034421b8e80390a8
2021-02-12 14:03:50 +01:00
jenkins-bot 431226ac39 Merge "Serialize all data for edit stash" 2021-02-12 13:01:10 +00:00
Reedy e197161c79 Use updated CheckUser Hooks class
Depends-On: I3f66b660f9d59c0e88b182c9b06ee8cec994348e
Change-Id: Ia488ce647c5dbd0ab83d2782e76d8c6a35f53bfb
2021-02-11 19:27:06 +00:00
Matěj Suchánek a51b9bf903 Serialize all data for edit stash
Thanks to this, we will be able to provide more information
to consequences and watchers, which will open door for new
features and possibly cleaner code.

Change-Id: I7135509823ea84b2a2923d2c1831ce293b98a9f9
2021-02-11 15:09:50 +01:00
jenkins-bot 64cf6e2e7a Merge "Allow testing Flow edits" 2021-02-10 16:56:08 +00:00