Commit graph

265 commits

Author SHA1 Message Date
Max Semenik 94f3bc67ca Use PHP7 ?? operator
Change-Id: I757b832ac86f52d8b70ffc42fdb60796ab81e7fe
2018-05-31 11:53:03 -07:00
jenkins-bot 7682a61786 Merge "Reset condCount when entering checkAllFilters" 2018-05-27 11:03:56 +00:00
libraryupgrader 99c212226d build: Updating mediawiki/mediawiki-codesniffer to 20.0.0
Change-Id: Ib1d0dfa76babc01c30f4e905e8f6fb80e1e9a0bc
2018-05-25 23:31:49 +00:00
jenkins-bot 424e5eab70 Merge "Simplify contentToString function" 2018-05-25 12:12:22 +00:00
jenkins-bot 96a91ac9b2 Merge "Allow IP addresses in user selectors" 2018-05-24 18:15:33 +00:00
Matěj Suchánek 45b8855754 Allow IP addresses in user selectors
Also unify username normalisation in Special:AbuseLog with /examine and /test.

Change-Id: I85e10ba9262c698b8c279b5cad9fae4a0ab3d7b0
2018-05-24 18:53:23 +02:00
Daimona Eaytoy ba9df944c8 Compare with null instead of using $config->has
With I91a9c5cca55e540a6c95b750579c1c369a760b15 we replaced some globals
with Config and, in doing this, we added "$config->has()" to check if a
variable was null. However, "has" will always return true even if the
value is null (it only checks if it exists), and thus we end up showing
a global abusefilter pager even if no central DB is set.

Bug: T195022
Change-Id: I751fdefd29b6af1361021d4343ba67f16c99a037
2018-05-21 12:11:45 +02:00
Daimona Eaytoy ef489d7ab5 Simplify contentToString function
Use TextContent::normalizeLineEndings instead of manually replacing
carriage returns, plus avoid the if with a simple string cast. This also
fixes some cases where a null edit isn't counted as such due to a "\n"
in new_wikitext which isn't trimmed.

Bug: T168736
Change-Id: Idfafab3fcf7912bf0aec22700d2c0137bdd6c3c8
2018-05-16 16:52:29 +02:00
Daimona Eaytoy 91c5f6d5b9 Improve the i18n message for throttling to show in history
With the introduction of custom block durations in Ib072433d19dabae48d8514e08be9893135b5d63c, the method which generates action display was enlarged in order to provide a more readable and complete message. However, for throttling we currently have an unreadable message like "Throttle: xx, yy, zzz". This is wrong for two reasons: first, those numbers need to be deciphered; second, the first number is the filter ID which is totally unuseful here.

Change-Id: I0ec6a27ff5f37aae864dfd91161bf44f0a217ef1
2018-05-13 13:29:45 +02:00
Daimona Eaytoy 38c46216db Explicitly declare title fields as optional
They were defaulted to false with
I93ad51ffe7bee597d2d127f4c5d6b2929ffc8f7e, which broke use cases where
the page field is NOT required, nor has a 'required' => false explicitly
declared.

Bug: T194425
Change-Id: I5ab768c02a30b6d053104e590729ef22bb4e0808
2018-05-10 22:20:05 +02:00
Daimona Eaytoy 69c8929468 Add an option to hide bots in /test
Pretty self-explanatory and straightforward, since recentchanges has a
dedicated column for bot edits.

Bug: T193994
Change-Id: I76d41e082aed262640e9fff856eeb97df49633d5
2018-05-07 17:25:40 +02:00
jenkins-bot d882f18e5f Merge "Prevent the user from overriding blacklisted variables" 2018-05-07 13:55:31 +00:00
Daimona Eaytoy 096bb4872b Fix flags checkboxes broken in recent patch
With If16975dd394cfdb3c57ff263366c2fc865de362a I broke flags checkboxes,
i.e. the one for enabling/deleting/etc. a filter. In fact, I
misunderstood the way cbReadOnlyAttribute was used (a dirty way,
actually) and this caused such checkboxes not to be disabled if the user
didn't have rights to edit the filter.

Change-Id: Ibf80b54e0f620734ad7767e4769a93bbf1feccff
2018-05-05 14:35:01 +02:00
Umherirrender 42769ce676 Replace wfGetLB
@deprecated since 1.27, extension.json required 1.31

Change-Id: I0467cde378c85095673fd39fed1924c330c27d7b
2018-05-04 21:35:11 +02:00
Daimona Eaytoy 5916910e25 Prevent the user from overriding blacklisted variables
Like we do for built-in values. If a blacklisted variable is overridden,
it still works, but there's no reason to allow it.

Bug: T191715
Change-Id: Ia4d42ec56dc4805454b96c52c2eace1924f6536c
2018-05-04 19:33:12 +02:00
jenkins-bot 4557b3961e Merge "Fix an undeclared variable in block options" 2018-05-04 02:03:20 +00:00
jenkins-bot 479cce9f58 Merge "Show "blocktalk" in AbuseFilter diff and improve message generation" 2018-05-03 23:22:44 +00:00
Daimona Eaytoy 80ef9d442a Show "blocktalk" in AbuseFilter diff and improve message generation
Quite self-explanatory. If the talk page is blocked, a sentence is
added, otherwise it remains as it is. Plus, improved the way messages
are generated and reduced their reuse.

Bug: T193692
Change-Id: I01f5113ca586b94c25e1102c73d158ebb01c5a4b
2018-05-03 21:11:13 +02:00
Daimona Eaytoy 9c01724053 Remove unused code
The $deadActions array is populated but never used. At first I thought
it was about actions which aren't available, but this isn't right.
Instead, it's only used to keep track of available actions which aren't
used in the current filter. Which is some data that we don't need, nor
there's nothing we may do with that.

Bug: T188181
Change-Id: Ibdfeb92ccd790c0b1a4d79b382b053b9361459f8
2018-05-03 19:36:27 +02:00
Daimona Eaytoy 69c0fd9e7c Fix an undeclared variable in block options
We used to display the checkbox to block talk without checking if
it was defined. This caused a warning and an empty space with
wgBlockAllowsUTEdit set to false.

Change-Id: I97f82633e932de7e325615473c85245a406a55ef
2018-05-03 19:14:03 +02:00
jenkins-bot 9387a4fb88 Merge "Use OOUI buttons instead of plain links and Html::errorbox for errors" 2018-05-03 00:41:21 +00:00
jenkins-bot 0366cc7f55 Merge "Show only changed sections in diffs" 2018-05-03 00:34:36 +00:00
jenkins-bot b70b53216f Merge "Re-apply fix to show textarea when JS is disabled" 2018-05-02 23:59:56 +00:00
Daimona Eaytoy 632c8e77e2 Don't let enabled filters be marked as deleted
Adds both client-side and server-side validation.

Bug: T156619
Change-Id: If16975dd394cfdb3c57ff263366c2fc865de362a
2018-05-02 22:20:53 +00:00
Daimona Eaytoy f9be4226b8 Re-apply fix to show textarea when JS is disabled
After Id4dc1debf0240d5b336f4d9ab5b363c240f08807, the method has been
moved, and in doing that I forgot to change this line.

Change-Id: I20caf06f2c568605bd6a90c9cf2b425cd51512e7
2018-05-02 19:31:35 +02:00
Daimona Eaytoy 2d876d08bd Use OOUI buttons instead of plain links and Html::errorbox for errors
Like we did for other links in /diff and /histories, there are some
links that we'd better display as OOUI buttons. Also, use the Html
class' specific method to show errorboxes.

Bug: T132284
Change-Id: If67035991a0835ec3edc13be4543e6b40c76c3ea
2018-05-02 13:13:01 +02:00
Matěj Suchánek 45d1d71def Reduce use of globals in favor of Config
I'd like to have this reviewed by more than one user before merging, to avoid regressions of annoying typos.

Change-Id: I91a9c5cca55e540a6c95b750579c1c369a760b15
2018-05-02 02:27:26 +00:00
Daimona Eaytoy 354e75f681 Show only changed sections in diffs
In order to have a less clogged diff and spot the real changes more
easily.

Bug: T21716
Change-Id: I60ab88d47716186fd0af289081033a8e274d9d85
2018-05-01 21:05:01 +02:00
Daimona Eaytoy 9b1f1b263e Fix XSS vulnerabilities
I found these vulnerabilities while trying to setup seccheck. Although
I'm not sure whether seccheck recognised them, I'm sure that they exist
since I did manual tests, and it's possible to inject custom scripts
with these.

Change-Id: I97804be8352a1b784d483195edb29e363a0c616e
2018-05-01 16:55:46 +02:00
Roan Kattouw cbabcf1276 Follow-up 392f37d516: fix undefined index notice
'disallow' rules with a missing first parameters are perfectly fine (and
quite common), so don't throw notices when that happens.

This broke Flow's unit tests, and caused exceptions for all api.php
edits that triggered a 'disallow' rule.

Change-Id: Ibebedb566da705e77ffb831ebda6476adba07c93
2018-04-30 15:24:25 -07:00
Daimona Eaytoy 04b15a1b75 Reset condCount when entering checkAllFilters
This seems like the logical way to be sure that multiple mass actions
won't be counted as one, thus reaching the conditions limit. I tried to
test this locally, but I actually had troubles to simply replicate the
issue of the reached limit in a stable manner, so I'm not totally sure.
Anyway, this shouldn't do any harm.

Bug: T193374
Change-Id: Icdc172f76705870ee502339a53e912e15a3bd31d
2018-04-30 18:42:24 +02:00
Daimona Eaytoy 99f32a1408 Fix undeclared variable
The variable was declared in the "if" branch but also used in the "else"
one. This caused the rules textarea to not have the readonly attribute
if the user wasn't allowed and CodeEditor wasn't installed.

Change-Id: I2bf69dc0f2d24efac41d1ac6100ed7e286e3afa4
2018-04-30 15:55:10 +02:00
Daimona Eaytoy caa4b1c763 Add phan configuration
This is taken from I6a57a28f22600aafb2e529587ecce6083e9f7da4 and makes
all the needed changes to make phan pass. Seccheck will instead fail,
but since it's not clear how to fix it (and it is non-voting), for the
moment we may merge this and enable phan on IC.

Bug: T192325
Change-Id: I77648b6f8e146114fd43bb0f4dfccdb36b7ac1ac
2018-04-30 08:32:58 +00:00
jenkins-bot 2e116e5c6d Merge "Don't use an empty string for block parameters" 2018-04-26 14:20:09 +00:00
jenkins-bot 13141ebe3e Merge "Convert Special:AbuseFilter/tools to use OOUI" 2018-04-26 14:20:05 +00:00
jenkins-bot fce4b4c305 Merge "Switch plain links to OOUI buttons in /history and diffs" 2018-04-26 13:45:08 +00:00
jenkins-bot 51591b9fb8 Merge "Move AbuseFilter::buildEditBox static method to AbuseFilterView class" 2018-04-26 13:45:07 +00:00
jenkins-bot 9a696727f7 Merge "Show the search error on a new line" 2018-04-26 13:41:08 +00:00
jenkins-bot 6aa6b8fc13 Merge "Add the remaining equality checks" 2018-04-26 13:25:56 +00:00
Daimona Eaytoy 30d1eac47f Show the search error on a new line
By wrapping it in a P element. Plus, use Html class to build the error
box.

Bug: T193109
Change-Id: If753a7a7c56ea041a80b7efd6bee5a175a001221
2018-04-26 09:38:44 +02:00
Daimona Eaytoy d9fc90c281 Move AbuseFilter::buildEditBox static method to AbuseFilterView class
Make it non static, plus a couple of minor stylistic fixes to such method.

Bug: T190180
Change-Id: I54dd1f785d33908a0481aa2db997aa085776fc2d
2018-04-26 09:24:04 +02:00
Daimona Eaytoy 26ef911517 Switch plain links to OOUI buttons in /history and diffs
Like we did for the button to create a new filter on
Special:AbuseFilter.

Bug: T132284
Change-Id: Ie4e43b74893b00b88dd5e7fd627a2572d3157acc
2018-04-26 09:21:59 +02:00
Daimona Eaytoy 7008de80e6 Don't use an empty string for block parameters
Follow-up of Iaeae672dca66ffc745054daabd6f0eae7dfbc648. Some actions
were still marked with red, specifically the ones with block inside. The
reason is that we stored the 'blocktalk' parameter as an emtpy string if
false, which wasn't filtered when loading request. Changing the empty
string to something different is enough to fix the problem, hopefully
without regressions. Note that this isn't retroactive and needs an edit
to become effective.

Bug: T189681
Change-Id: I7d7f0606fc23bad5ba342076066ab0e935680b3f
2018-04-26 09:13:02 +02:00
jenkins-bot 0b35bdcae9 Merge "Add missing parameter and suppress warnings for regex errors" 2018-04-26 02:28:20 +00:00
Daimona Eaytoy 71f375f19a Add equals_to_any function
Introduce a new function which can be used to group multiple comparisons
in a single condition. In particular, equals_to_any(S, A, B) is the
equivalent of S === A || S === B. This is especially useful in checking
for multiple namespaces, as proposed in the Community health initiative.

Change-Id: I9dcfe303eb5e51e1882fe4a65fa876aa93db7686
2018-04-25 23:12:19 +00:00
Daimona Eaytoy 24c8d7d54e Add the remaining equality checks
I left as ToDo the checks between an array and something else. With this
patch, it'll work like PHP: the result will be true iff the comparison
is loose, the array is empty and the other operand is either false or
null.

Change-Id: Idc5cadb697ed4fc7f4856967274169f77495ed9f
2018-04-25 10:16:50 +02:00
Daimona Eaytoy c2302385c1 Add missing parameter and suppress warnings for regex errors
I added searchEnabled in I0771fa048d21031ed1e0f8a6909213bdb869a5ed, but
forgot to pass it as parameter when there's an error with the regex.
This means that, if you try to make a search with a wrong regex, when
the page is reloaded the fields for searching aren't shown and you get a
PHP warning. Here I also added warning suppressions as usually done when
checking regex validity to avoid unnecessary PHP warnings.

Change-Id: Ibc3110c30959c99d0825e1e3d7edb1e96dd9d536
2018-04-25 08:06:15 +00:00
jenkins-bot 913d37eba6 Merge "Filter parameters when loading/editing them" 2018-04-24 00:24:57 +00:00
Daimona Eaytoy fa413d431e Use the old textarea if JavaScript is disabled
Basically, with this we always start with a functioning textarea. If JS
is enabled (and CodeEditor installed), it gets then replaced by the Ace
editor.

Bug: T192241
Change-Id: Id4dc1debf0240d5b336f4d9ab5b363c240f08807
2018-04-23 23:43:23 +00:00
Daimona Eaytoy 392f37d516 Filter parameters when loading/editing them
Re-opening of I8eb50d38c81b4e446c0f1dc03abc27122b8fa025 by Thiemo Kreuz.

Bug: T189681
Change-Id: Iaeae672dca66ffc745054daabd6f0eae7dfbc648
2018-04-23 23:43:05 +00:00