wikimedia/mediawiki-extensions-AbuseFilter

mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter.git synced 2024-11-28 07:50:24 +00:00

Author	SHA1	Message	Date
Andrew Garrett	31dba52a94	AbuseFilter: Fix bug in `53aea9c` where two log entries would be produced, one of them broken. Change-Id: I075dce25756683ab4c04edab5f43ba451376ff6d	2012-07-24 10:55:58 -07:00
Reedy	fad1fe4c41	Call to a member function getVars() on a non-object in SpecialAbuseLog.php on line 284 Seen on wmf fatal log Change-Id: I50eb4f9d1b19c8c39ede07e1149baf475cccaaaf	2012-07-24 14:50:01 +01:00
Andrew Garrett	53aea9c0ce	AbuseFilter: Resolve bug 18374, bug 28633. * Store the revision ID associated with a log entry if the action is successful. * Expose this as a diff link in the UI. * Implicitly hide log entries if their corresponding revisions are also hidden. * Includes scope for expanding to log entries if desired. Change-Id: Ie2d43dd1bacf14289fdf0492bb22267590ee649d	2012-07-11 10:16:59 -04:00
Reedy	3da992692c	Add a few bits of method documentation De-indent a line Tidy up method returns Change-Id: I7aa93072c80a16eb27b7f7ac3d2f030ea63ebf60	2012-06-21 14:32:05 +01:00
Catrope	c2869a28fd	Merge "Abuse Filter: Allow filters to be split into "groups" for the purposes of operating them on different types of input."	2012-05-14 18:47:12 +00:00
Andrew Garrett	dc207d0cbd	Abuse Filter: Allow filters to be split into "groups" for the purposes of operating them on different types of input. The purpose of this change is to allow AFTv5 developers to run a separate list of filters against article feedback actions without issues of cross-contamination and bumping up against the condition limit. Change-Id: I758795f01eaf3ff56c5720d660cd989ef95764a7	2012-05-12 12:53:32 +10:00
Szymon Świerkosz	36257344f1	(bug 20272) AbuseFilter does not handle autocreation of accounts. This change depends on I92f57fc2c3189c42157478de14a8d48045a253b5. This change provides a handler for AbortAutoAccount hook and adds new action to the filter: autocreateaccount. Every time the AbortAutoAccount is invoked the filter is executed. This may create some issues with users which are affected by a filter, because it may be triggered on every page view. The AbuseFilter relies on CentralAuth session blacklisting - for each session the filter will be triggered only once and then the autocreationg of account will not be attempted. I don't know why AbortNewAccount hook takes as $message argument a text of message, however AbortAutoAccount takes a name of the message. This makes impossible to produce a user friendly message why account creation is not allowed. Change-Id: Ie3a7ee9210fd884d214ad3132a502a00332c3138	2012-05-10 10:08:48 +02:00
Szymon Świerkosz	fb01065583	Replace a deprecated wfGetIP() call with $wgRequest->getIP() Change-Id: Iad77e7e352afb0d7e065769048ed1d1da25cf867	2012-05-08 09:50:11 +02:00
Szymon Świerkosz	93b7990fa3	(bug 18080) Send filter hits and changes to irc.wikimedia.org. I have introduced a new option $wgAbuseFilterNotifications which allows to configure the extension to send hit notifications to Special:RecentChanges or UDP. It uses ManualLogEntry class: ManualLogEntry->publish( 0, $wgAbuseFilterNotifications ) Log entries are _not_ accessible using Special:Log, that's bug 19494. Change-Id: Ie4bda2f97aa295c0504ba869ef1a99c7a3d20f70	2012-05-04 16:45:19 +02:00
Sam Reed	8417c901f7	Few more types top flesh out the previous revisions Change-Id: I1215dcf92f1b64e744c9ab41e0c5c046114dd48c	2012-03-26 16:03:23 +02:00
Sam Reed	69e582dc17	More documentation stubs Fix Html::inputLabel to Xml::inputLabel Fix up some deprecated code Change-Id: If6503b1794d89666206802591094949e5d715ac1	2012-03-26 16:03:23 +02:00
Sam Reed	bea9cb0874	A LOT of function level documentation Change-Id: I8b591be3c2da7cfb29d3be026772816d14037d37	2012-03-26 16:03:22 +02:00
Roan Kattouw	6c4bd57043	Revert r111217 (unreviewed rev in AbuseFilter) and its dependencies r113585, r113587, r113588, r113589. All of these revisions are tagged with 'gerritmigration' and will be resubmitted into Gerrit after the Gerrit switchover. See also http://lists.wikimedia.org/pipermail/wikitech-l/2012-March/059124.html	2012-03-21 19:41:11 +00:00
Sam Reed	06e4721b80	Few more types top flesh out the previous revisions	2012-03-11 21:01:29 +00:00
Sam Reed	05a9d4d061	More documentation stubs Fix Html::inputLabel to Xml::inputLabel Fix up some deprecated code	2012-03-11 20:51:54 +00:00
Sam Reed	0c99b2bc15	A LOT of function level documentation	2012-03-11 20:40:04 +00:00
Sam Reed	857ae7c546	Bug 35156 - Harmonise spelling of getArticleID() and getArticleId() Mass change ->getArticleId() to ->getArticleID()	2012-03-11 19:04:37 +00:00
Chad Horohoe	96e4807e08	Actually fix whitespace from r111202, only 83 characters => no need for silly indentation	2012-03-02 22:02:40 +00:00
Andrew Garrett	452ed4ed64	Armour page titles in MD5 when putting information about AbuseFilter warnings in the session. Resolves bug 26635.	2012-02-10 23:45:04 +00:00
Andrew Garrett	5e4289ce4e	AbuseFilter: Resolve bugs 18374, 28633. * Store the revision ID associated with a log entry if the action is successful. * Expose this as a diff link in the UI. * Implicitly hide log entries if their corresponding revisions are also hidden. * Includes scope for expanding to log entries if desired.	2012-02-10 23:41:05 +00:00
Andrew Garrett	9aa60b4ace	Fix whitespace	2012-02-10 21:36:31 +00:00
Andrew Garrett	fb41b28dbf	Revert formatting changes in r111131	2012-02-10 18:20:41 +00:00
Andrew Garrett	624426c490	AbuseFilter: Do not show the syntax checking / boxes / etc if the user cannot edit. * Resolves bug 20472. * Patch by EdoDodo with modifications.	2012-02-10 00:26:39 +00:00
Robin Pepermans	c103fac20f	It's better to set directionality in html than in css. Also fixes bug 34297, because the css only affected the edit form and not the test form. Also add a bit of docs.	2012-02-09 17:00:34 +00:00
Tim Weyer	c9c2a803ae	Use no message when removing rights because \n will be replaced by the 'rightsnone' message if nothing follows	2012-01-20 12:53:02 +00:00
Mark A. Hershberger	4e8be82722	Bug 33380 - Details of actions caught by a private filter should be private Author: Nikola Kovacs Hide private information from logs	2012-01-03 17:29:10 +00:00
Mark A. Hershberger	504d830106	Revert r107454 based on concerns raised by Prodego.	2011-12-28 00:48:15 +00:00
Mark A. Hershberger	8e81b37871	Fix Bug 33380 - Details of actions caught by a private filter should be private Author: Nikola Kovacs Related patch on r107451	2011-12-28 00:26:13 +00:00
John Du Hart	7cf809bb0e	Changes from r103817	2011-11-22 16:08:18 +00:00
John Du Hart	453af554b9	Added context where possible to main AbuseFilter class Most of the rest cannot get a context since it originates from hooks with no context sources. Instead of just getting the main context we might as well wait for a proper solution.	2011-11-17 00:55:53 +00:00
Alexandre Emsenhuber	675e4c673a	* (bug 29092) Removed usage of $wgArticle from AbuseFilter extension Instead pass the Article object from the EditFilterMerged hook to the AFComputedVariable object and see whether the object is present to do a parse operation since other code paths won't pass an Article object Also simplified the fallback code in AFComputedVariable::compute() to simply continue instead of calling the function again.	2011-11-09 08:36:26 +00:00
Alexander K.	4e133035b8	Followup r102138 -- fixes according to Werdna's comment	2011-11-06 21:05:03 +00:00
Alexander K.	f128bd5931	Allow to define custom actions and their callback functions	2011-11-06 01:15:55 +00:00
Victor Vasiliev	9075e03709	* (bug 24109) Add regex escaping function to abuse filter	2011-10-18 17:54:25 +00:00
Roan Kattouw	49525acfc5	Switch to using canonical URLs where appropriate in various extensions * ActiveAbstract: output is stored XML, as I understand it, so use canonical URLs throughout * AbuseFilter: URLs go into log entries and need to be fully-qualified for the format to work * EmailCapture: URLs go into e-mails * SecurePoll: one URL goes to an XML file, make that one canonical. Made the URLs identifying users canonical too, because they would otherwise change when $wgServer is made protocol-relative and possibly break SecurePoll. Of course this means SP might still break if and when we change $wgCanonicalServer to point to HTTPS, but we'll worry about that later * DoubleWiki: the surrounding code looks scary, but from what I can tell it seems to assume the URL starts with a protocol, then derive some data from it and put it in memcached. That means a canonical URL is needed so the protocol assumption is still valid and the cache isn't polluted * OAI: use canonical URLs throughout * LiquidThreads: use canonical URL in e-mail	2011-08-29 12:33:53 +00:00
John Du Hart	b30697e94c	Adds ResourceLoader support to AbuseFilter Rewrote javascript to use jQuery Added API modules to replace sajax_* calls Solves bug 29714	2011-08-26 20:12:34 +00:00
Sam Reed	a9e738f099	More document Few minor code improvements	2011-08-24 22:11:52 +00:00
John Du Hart	0f274e5b32	(bug 30444) Add variables user_name and user_groups for action createaccount. Patch by Beau	2011-08-24 00:29:26 +00:00
Sam Reed	65981f0edb	Swap else if for elseif Trimming trailing whitespace also	2011-06-17 16:25:46 +00:00
Raimond Spekking	5dfc27d3c3	Show navigation bar as subtitle as all other navbars too for consistency	2011-04-29 14:48:33 +00:00
Happy-melon	9a2a9b919a	Blame hashar for this giant commit; he teased me for making so many smaller ones earlier... :D * Internalise $mAddress/$mUser, $mBy/$mByName, $mEnableAutoblock, $mId as getTarget(), getBlockers(), isAutoblocking(), getId(). * This required editing AbuseFilter and CheckUser backwards-incompatibly, so push the rest of the changes out to those extensions. * Attack the evil 14-parameter constructor and gratuitously-confusing newFromDB( $notVeryImportantParameter, $moreImportantParameter) * Reimplement the hack for bug 13611 in a slightly less fragile fashion; could still do with further cleanup, but then again the login frontend is its own can of worms... :S * Remove transitionary getTargetAndType() and newFromTargetAndType() methods * Some optimisation in parseTarget() * Fix the broken phpunit test mentioned in r84251	2011-03-21 19:12:41 +00:00
Happy-melon	12e1428629	* Implement an extensible Block::prevents( <action> ) function to replace the plethora of direct member variable accesses This pushes the historic disable-createaccount-vs-allow usertalk-edit wierdness down to the database layer * Implement accessors for isHardblock() and getRangeStart()/getRangeEnd() in the same fashion. * Make the corresponding variables private, removing external accessors. This required updating AbuseFilter with non-B/C code, so I also implemented the rest of the changes I've made to the blocking backend in that extension. * Move the "get an IP range which encompasses the given IP/range" logic to Block.php; will be needed later... :D	2011-03-19 23:47:08 +00:00
Happy-melon	13facb1a2d	First forays into the swamp of the Block.php backend: * Move Block::parseExpiryInput() to the frontend SpecialBlock::parseExpiryInput() * consolidate the several implementations of the MediaWiki:Ipblockoptions parsing into SpecialBlock::getSuggestedDurations()	2011-03-18 16:35:22 +00:00
Sam Reed	6d548203f7	Parameter and Return Type hints	2011-02-10 17:32:57 +00:00
Sam Reed	6b782a96dd	while to foreach Remove unused variables Condense css	2011-02-10 17:25:25 +00:00
Sam Reed	6098610527	Another big cull on unused variables and such	2010-10-29 21:55:29 +00:00
Sam Reed	961f512452	More deprecated method call removals and updates	2010-10-29 15:32:44 +00:00
Sam Reed	cf800e4c18	Start removing/fixing calls to deprecated methods in WMF used extensions	2010-10-29 15:14:44 +00:00
Jack Phoenix	5e0330c6cc	AbuseFilter: coding style tweaks, changed some while loops to foreach (as per http://www.mediawiki.org/wiki/Manual:Coding_conventions#Assignment_expressions ) and added __METHOD__ to one DB query	2010-08-19 21:12:09 +00:00
Sam Reed	6981886b50	Nuke some more unused globals	2010-07-24 21:12:27 +00:00
Andrew Garrett	c7f1b42b9e	Fix bug 24167	2010-06-28 20:10:09 +00:00
Aryeh Gregor	ed5b83e6ac	Remove most named character references from output Recommit of r66254 to trunk. This was just find extensions phase3 -iname '.php' \! -iname '.i18n.php' \! -iname 'Messages.php' \! -iname '_Messages.php' -exec sed -i 's/ /\ /g;s/—/―/g;s/•/•/g;s/á/á/g;s/´/´/g;s/à/à/g;s/α/α/g;s/ä/ä/g;s/ç/ç/g;s/©/©/g;s/↓/↓/g;s/°/°/g;s/é/é/g;s/ê/ê/g;s/ë/ë/g;s/è/è/g;s/€/€/g;s/↔//g;s/…/…/g;s/í/í/g;s/ì/ì/g;s/←/←/g;s/“/“/g;s/·/·/g;s/−/−/g;s/–/–/g;s/ó/ó/g;s/ô/ô/g;s/&oelig;/œ/g;s/ò/ò/g;s/õ/õ/g;s/ö/ö/g;s/£/£/g;s/′/′/g;s/″/″/g;s/»/»/g;s/→/→/g;s/”/”/g;s/Σ/Σ/g;s/×/×/g;s/ú/ú/g;s/↑/↑/g;s/ü/ü/g;s/¥/¥/g' {} + followed by reading over every single line of the resulting diff and fixing a whole bunch of false positives. The reason for this change is given in <http://lists.wikimedia.org/pipermail/wikitech-l/2010-April/047617.html>. I cleared it with Tim and Brion on IRC before committing. It might cause a few problems, but I tried to be careful; please report any issues. I skipped all messages files. I plan to make a follow-up commit that alters wfMsgExt() with 'escapenoentities' to sanitize all the entities. That way, the only messages that will be problems will be ones that output raw HTML, and we want to get rid of those anyway. This should get rid of all named entities everywhere except messages. I skipped a few things like &nbsp that I noticed in manual inspection, because they weren't well-formed XML anyway. Also, to everyone who uses non-breaking spaces when they could use a normal space, or nothing at all, or CSS padding: I still hate you. Die.	2010-05-30 17:33:59 +00:00
Chad Horohoe	5fce797b18	Revert r66934 (Removing wfLoadExtensionMessages() from everything). I disagree on principle...we branch extensions for this very reason. But people want trunk extensions compatible for several versions back, meh.	2010-05-27 15:56:53 +00:00
Chad Horohoe	3283b90f01	Large commit. Removed 800+ references to no-op wfLoadExtensionMessages()	2010-05-26 22:25:32 +00:00
X!	0884d56521	Adding irlike function: case-insensitive regex	2010-03-28 00:50:51 +00:00
Siebrand Mazeland	b274606879	Update code formatting, run stylize.php, whitespace updates	2010-02-13 14:10:36 +00:00
Greg Sabino Mullane	ef71cac5a9	Use the new sequence name	2009-11-27 15:36:30 +00:00
Raimond Spekking	3e003e0856	* Move parentheses into tt styled section. From a typographical point of view standard parentheses around tt styled text look ugly.	2009-10-09 16:36:56 +00:00
Jack Phoenix	e2a16fe755	AbuseFilter: big commit - coding style & spacing cleanup; also marked SpecialPages' construct() and execute() functions as public and capitalized some SQL keywords	2009-10-07 13:57:06 +00:00
Andrew Garrett	6fc1b1ca79	Don't show navigation links (import, tools) where the user has no rights to view them. Fixes bug 19714.	2009-07-17 16:59:14 +00:00
Andrew Garrett	5c08223f77	Fix bug 18176, hard-coded JS strings needed localisation.	2009-07-17 13:52:40 +00:00
Andrew Garrett	fb9d1978cf	Change disabled to readonly for textboxes on uneditable filters	2009-07-03 13:54:08 +00:00
Andrew Garrett	3c51c81c93	Add condition limit profiling as well as time profiling to the abuse filter (bug 19256)	2009-07-03 13:46:51 +00:00
Andrew Garrett	f176a96fa7	(bug 18659) Allow setting AbuseFilter block duration with $wgAbuseFilterBlockDuration	2009-06-03 15:52:53 +00:00
Andrew Garrett	4a0ce9e562	(bug 18642) Supply filter ID as a parameter to the AbuseFilter warning messages	2009-06-03 15:41:45 +00:00
Andrew Garrett	3b7d6574e6	(bug 18095) Trigger AbuseFilter on file upload. Presently, the only metadata is SHA1, but we'll see what we can do for other stuff on request.	2009-06-03 15:10:44 +00:00
Andrew Garrett	48bfcc35ee	Various code quality fixes for AbuseFilter suggested by Tim Starling in a private email, including bugfixes, memory safeguards, performance improvements, removal of redundant code, consolidation of similar functionaality.	2009-05-26 13:08:15 +00:00
Tim Starling	da372fdec0	Reverted r49855, r49656, r49401, r49399, r49397. The language converter cannot be used outside the parser at present without generating a large number of bugs, due to global lifetime state variables, inappropriate $wgParser references, etc. Some refactoring needs to be done before it can be used in this way.	2009-05-26 07:46:29 +00:00
Siebrand Mazeland	e454269bfc	Proper casing for getDBkey()	2009-05-24 08:33:57 +00:00
Andrew Garrett	32aedf1644	(bug 18077) PostgreSQL compatibility issues in AbuseFilter, patch contributed by Brad Jorsch	2009-04-24 03:27:14 +00:00
Andrew Garrett	1a0fc0fea9	Add import/export interface for filters so that filters can be copied across wikis	2009-04-23 04:23:56 +00:00
Aaron Schulz	865d597620	profiling fix	2009-04-17 08:08:35 +00:00
Philip Tzou	28202160b8	Add a new function named 'convert()', allow user to convert a string to specified variant in Abuse Filter. With the support of LanguageConverter which updated on r49397.	2009-04-11 10:59:38 +00:00
Andrew Garrett	7c2a7a2fe0	Support for variable setting with the set_var function, and multiple expressions separated by semicolons (;). In evaluation, the result of the LAST expression will be the return value.	2009-04-01 06:53:18 +00:00
Andrew Garrett	3f62707206	String manipulation functions substr, str_replace and strpos for AbuseFilter	2009-04-01 05:05:23 +00:00
Andrew Garrett	7c3f048fff	Usability work, making abuse filter forms readonly (rather than just lacking a submit button and rejecting submissions) for users without permission.	2009-04-01 04:34:21 +00:00
Andrew Garrett	57d1a0b16e	Add timestamp variable	2009-04-01 03:59:58 +00:00
Andrew Garrett	186fc67373	Crackdown on filter evaluation by users unable to modify filters. This is a DoS vector which I thought I'd already plugged.	2009-03-31 15:13:26 +00:00
Andrew Garrett	14b850f891	Implementation of global filters, including a major i18n change for abusefilter-log-detailedentry message (rename and split). Needs further testing before deployment	2009-03-30 06:12:12 +00:00
Andrew Garrett	920f04d4fa	Fix batch-testing (follow-up to r48855)	2009-03-26 04:41:05 +00:00
Andrew Garrett	3458bf1a7a	(bug 18165) Keep the same parser object between filter runs	2009-03-26 04:09:07 +00:00
Andrew Garrett	c597c1915f	Add contains_any function, for searching a single haystack for multiple needles. Implemented with FSS with a fallback to a for loop, so it should be really fast.	2009-03-26 02:03:32 +00:00
Andrew Garrett	cf6f2899f6	Follow-up to r48674.	2009-03-22 10:34:54 +00:00
Andrew Garrett	f672c4cee3	Fix batch testing interface, there was old code using the old variable API	2009-03-22 02:46:05 +00:00
Andrew Garrett	4e6754e082	Prevent leaking of filters through diffs	2009-03-22 02:12:51 +00:00
Andrew Garrett	31c6e1d519	Fix bug in testing interface introduced by rsomething	2009-03-19 06:18:41 +00:00
Andrew Garrett	82c958e434	Document contains, ternery operator and conditionals	2009-03-19 05:11:55 +00:00
Andrew Garrett	966b020e6b	Document rmspecials, rmwhitespace, ip_in_range	2009-03-19 05:06:39 +00:00
Andrew Garrett	f234bcf66d	Add basic filter profiling to AbuseFilter -- display on the edit filter page the average time taken to run the filter. Currently sampling at 1/50	2009-03-19 02:40:48 +00:00
Andrew Garrett	ce47bca4a8	Load link vars from DB on edit. Includes some tracking of context, so it knows whether to check the DB or the parser.	2009-03-19 02:05:58 +00:00
Andrew Garrett	7b3abbc7c3	Report createaccounts as 'user creating own accounts', rather than as 'IP creating user'	2009-03-18 23:24:10 +00:00
Victor Vasiliev	d400dc6763	Fix an XSS bug in AbuseFilter	2009-03-18 19:57:25 +00:00
Andrew Garrett	34cb78e156	Increase threshold for resetting counters.	2009-03-18 04:50:55 +00:00
Andrew Garrett	0ce853e093	Prevent leaking of hidden filters through history interface.	2009-03-17 13:18:33 +00:00
Andrew Garrett	00b468285a	Duuuuuh	2009-03-16 23:47:10 +00:00
Andrew Garrett	c7f2cb2488	Fix boundary condition for prevention of double-warnings	2009-03-16 23:42:04 +00:00
Andrew Garrett	357c4f030e	Workaround for empty $wgTitle in API calls.	2009-03-16 23:02:18 +00:00
Andrew Garrett	0e070fac7f	Fix problems with prevention of double warnings	2009-03-13 08:02:05 +00:00
Andrew Garrett	5493b2a690	Add diffs to AbuseFilter. Includes a related pare-down of history, under the assumption that diffs will take up the slack	2009-03-12 05:04:39 +00:00
Andrew Garrett	dd0cf2a650	Fix logging where no skin is given	2009-03-11 08:03:25 +00:00

1 2 3 4 5

240 commits