Commit graph

97 commits

Author SHA1 Message Date
Max Semenik 94f3bc67ca Use PHP7 ?? operator
Change-Id: I757b832ac86f52d8b70ffc42fdb60796ab81e7fe
2018-05-31 11:53:03 -07:00
libraryupgrader 99c212226d build: Updating mediawiki/mediawiki-codesniffer to 20.0.0
Change-Id: Ib1d0dfa76babc01c30f4e905e8f6fb80e1e9a0bc
2018-05-25 23:31:49 +00:00
jenkins-bot 96a91ac9b2 Merge "Allow IP addresses in user selectors" 2018-05-24 18:15:33 +00:00
Matěj Suchánek 45b8855754 Allow IP addresses in user selectors
Also unify username normalisation in Special:AbuseLog with /examine and /test.

Change-Id: I85e10ba9262c698b8c279b5cad9fae4a0ab3d7b0
2018-05-24 18:53:23 +02:00
Daimona Eaytoy ba9df944c8 Compare with null instead of using $config->has
With I91a9c5cca55e540a6c95b750579c1c369a760b15 we replaced some globals
with Config and, in doing this, we added "$config->has()" to check if a
variable was null. However, "has" will always return true even if the
value is null (it only checks if it exists), and thus we end up showing
a global abusefilter pager even if no central DB is set.

Bug: T195022
Change-Id: I751fdefd29b6af1361021d4343ba67f16c99a037
2018-05-21 12:11:45 +02:00
Daimona Eaytoy 38c46216db Explicitly declare title fields as optional
They were defaulted to false with
I93ad51ffe7bee597d2d127f4c5d6b2929ffc8f7e, which broke use cases where
the page field is NOT required, nor has a 'required' => false explicitly
declared.

Bug: T194425
Change-Id: I5ab768c02a30b6d053104e590729ef22bb4e0808
2018-05-10 22:20:05 +02:00
Daimona Eaytoy 69c8929468 Add an option to hide bots in /test
Pretty self-explanatory and straightforward, since recentchanges has a
dedicated column for bot edits.

Bug: T193994
Change-Id: I76d41e082aed262640e9fff856eeb97df49633d5
2018-05-07 17:25:40 +02:00
Daimona Eaytoy 096bb4872b Fix flags checkboxes broken in recent patch
With If16975dd394cfdb3c57ff263366c2fc865de362a I broke flags checkboxes,
i.e. the one for enabling/deleting/etc. a filter. In fact, I
misunderstood the way cbReadOnlyAttribute was used (a dirty way,
actually) and this caused such checkboxes not to be disabled if the user
didn't have rights to edit the filter.

Change-Id: Ibf80b54e0f620734ad7767e4769a93bbf1feccff
2018-05-05 14:35:01 +02:00
jenkins-bot 4557b3961e Merge "Fix an undeclared variable in block options" 2018-05-04 02:03:20 +00:00
Daimona Eaytoy 9c01724053 Remove unused code
The $deadActions array is populated but never used. At first I thought
it was about actions which aren't available, but this isn't right.
Instead, it's only used to keep track of available actions which aren't
used in the current filter. Which is some data that we don't need, nor
there's nothing we may do with that.

Bug: T188181
Change-Id: Ibdfeb92ccd790c0b1a4d79b382b053b9361459f8
2018-05-03 19:36:27 +02:00
Daimona Eaytoy 69c0fd9e7c Fix an undeclared variable in block options
We used to display the checkbox to block talk without checking if
it was defined. This caused a warning and an empty space with
wgBlockAllowsUTEdit set to false.

Change-Id: I97f82633e932de7e325615473c85245a406a55ef
2018-05-03 19:14:03 +02:00
jenkins-bot 9387a4fb88 Merge "Use OOUI buttons instead of plain links and Html::errorbox for errors" 2018-05-03 00:41:21 +00:00
jenkins-bot 0366cc7f55 Merge "Show only changed sections in diffs" 2018-05-03 00:34:36 +00:00
jenkins-bot b70b53216f Merge "Re-apply fix to show textarea when JS is disabled" 2018-05-02 23:59:56 +00:00
Daimona Eaytoy 632c8e77e2 Don't let enabled filters be marked as deleted
Adds both client-side and server-side validation.

Bug: T156619
Change-Id: If16975dd394cfdb3c57ff263366c2fc865de362a
2018-05-02 22:20:53 +00:00
Daimona Eaytoy f9be4226b8 Re-apply fix to show textarea when JS is disabled
After Id4dc1debf0240d5b336f4d9ab5b363c240f08807, the method has been
moved, and in doing that I forgot to change this line.

Change-Id: I20caf06f2c568605bd6a90c9cf2b425cd51512e7
2018-05-02 19:31:35 +02:00
Daimona Eaytoy 2d876d08bd Use OOUI buttons instead of plain links and Html::errorbox for errors
Like we did for other links in /diff and /histories, there are some
links that we'd better display as OOUI buttons. Also, use the Html
class' specific method to show errorboxes.

Bug: T132284
Change-Id: If67035991a0835ec3edc13be4543e6b40c76c3ea
2018-05-02 13:13:01 +02:00
Matěj Suchánek 45d1d71def Reduce use of globals in favor of Config
I'd like to have this reviewed by more than one user before merging, to avoid regressions of annoying typos.

Change-Id: I91a9c5cca55e540a6c95b750579c1c369a760b15
2018-05-02 02:27:26 +00:00
Daimona Eaytoy 354e75f681 Show only changed sections in diffs
In order to have a less clogged diff and spot the real changes more
easily.

Bug: T21716
Change-Id: I60ab88d47716186fd0af289081033a8e274d9d85
2018-05-01 21:05:01 +02:00
Daimona Eaytoy 9b1f1b263e Fix XSS vulnerabilities
I found these vulnerabilities while trying to setup seccheck. Although
I'm not sure whether seccheck recognised them, I'm sure that they exist
since I did manual tests, and it's possible to inject custom scripts
with these.

Change-Id: I97804be8352a1b784d483195edb29e363a0c616e
2018-05-01 16:55:46 +02:00
Daimona Eaytoy 99f32a1408 Fix undeclared variable
The variable was declared in the "if" branch but also used in the "else"
one. This caused the rules textarea to not have the readonly attribute
if the user wasn't allowed and CodeEditor wasn't installed.

Change-Id: I2bf69dc0f2d24efac41d1ac6100ed7e286e3afa4
2018-04-30 15:55:10 +02:00
Daimona Eaytoy caa4b1c763 Add phan configuration
This is taken from I6a57a28f22600aafb2e529587ecce6083e9f7da4 and makes
all the needed changes to make phan pass. Seccheck will instead fail,
but since it's not clear how to fix it (and it is non-voting), for the
moment we may merge this and enable phan on IC.

Bug: T192325
Change-Id: I77648b6f8e146114fd43bb0f4dfccdb36b7ac1ac
2018-04-30 08:32:58 +00:00
jenkins-bot 2e116e5c6d Merge "Don't use an empty string for block parameters" 2018-04-26 14:20:09 +00:00
jenkins-bot 13141ebe3e Merge "Convert Special:AbuseFilter/tools to use OOUI" 2018-04-26 14:20:05 +00:00
jenkins-bot fce4b4c305 Merge "Switch plain links to OOUI buttons in /history and diffs" 2018-04-26 13:45:08 +00:00
jenkins-bot 51591b9fb8 Merge "Move AbuseFilter::buildEditBox static method to AbuseFilterView class" 2018-04-26 13:45:07 +00:00
Daimona Eaytoy 30d1eac47f Show the search error on a new line
By wrapping it in a P element. Plus, use Html class to build the error
box.

Bug: T193109
Change-Id: If753a7a7c56ea041a80b7efd6bee5a175a001221
2018-04-26 09:38:44 +02:00
Daimona Eaytoy d9fc90c281 Move AbuseFilter::buildEditBox static method to AbuseFilterView class
Make it non static, plus a couple of minor stylistic fixes to such method.

Bug: T190180
Change-Id: I54dd1f785d33908a0481aa2db997aa085776fc2d
2018-04-26 09:24:04 +02:00
Daimona Eaytoy 26ef911517 Switch plain links to OOUI buttons in /history and diffs
Like we did for the button to create a new filter on
Special:AbuseFilter.

Bug: T132284
Change-Id: Ie4e43b74893b00b88dd5e7fd627a2572d3157acc
2018-04-26 09:21:59 +02:00
Daimona Eaytoy 7008de80e6 Don't use an empty string for block parameters
Follow-up of Iaeae672dca66ffc745054daabd6f0eae7dfbc648. Some actions
were still marked with red, specifically the ones with block inside. The
reason is that we stored the 'blocktalk' parameter as an emtpy string if
false, which wasn't filtered when loading request. Changing the empty
string to something different is enough to fix the problem, hopefully
without regressions. Note that this isn't retroactive and needs an edit
to become effective.

Bug: T189681
Change-Id: I7d7f0606fc23bad5ba342076066ab0e935680b3f
2018-04-26 09:13:02 +02:00
Daimona Eaytoy c2302385c1 Add missing parameter and suppress warnings for regex errors
I added searchEnabled in I0771fa048d21031ed1e0f8a6909213bdb869a5ed, but
forgot to pass it as parameter when there's an error with the regex.
This means that, if you try to make a search with a wrong regex, when
the page is reloaded the fields for searching aren't shown and you get a
PHP warning. Here I also added warning suppressions as usually done when
checking regex validity to avoid unnecessary PHP warnings.

Change-Id: Ibc3110c30959c99d0825e1e3d7edb1e96dd9d536
2018-04-25 08:06:15 +00:00
Daimona Eaytoy 392f37d516 Filter parameters when loading/editing them
Re-opening of I8eb50d38c81b4e446c0f1dc03abc27122b8fa025 by Thiemo Kreuz.

Bug: T189681
Change-Id: Iaeae672dca66ffc745054daabd6f0eae7dfbc648
2018-04-23 23:43:05 +00:00
Daimona Eaytoy 3c3a521fec Fix coding conventions exclusion rules
This should fix every error with excluded rules, leaving only the one
for $wgTitle. A double check would be nice in order to avoid regressions
due to stupid mistakes.

Bug: T178007
Change-Id: I22c179f3a01d652640304b59e43fcb5b5a9abac3
2018-04-20 08:40:18 +00:00
Reedy f990b07bec Update at-ease calls
Bug: T187037
Change-Id: I6448e581a14c468ac2ea8f1752ded6be550d0592
2018-04-18 14:29:37 +00:00
jenkins-bot f241eede4c Merge "Make sure blocks from ipboptions have the same wording as globals" 2018-04-10 23:29:53 +00:00
Daimona Eaytoy 17c51445db Disable search for global filters
It solves a bug and other problems, especially related to permissions.
Tested as much as I could but with an imperfect global filters system,
so there may still be something wrong.

Bug: T191539
Change-Id: I0771fa048d21031ed1e0f8a6909213bdb869a5ed
2018-04-06 12:25:35 +02:00
Daimona Eaytoy ddf707656e Make sure blocks from ipboptions have the same wording as globals
This is the long-term solution for the problem. The ToDo may be
unnecessary, but leaving it there as a caveat.

Bug: T190602
Change-Id: I5e3764dbec8ac21f20c460181ae78ed73eca92f6
2018-04-06 08:15:17 +00:00
Daimona Eaytoy 714735ff6b Remove superfluous line
That line isn't needed anymore and totally prevents from changing page.

Bug: T191512
Change-Id: Ib29719d6eb3155318b3db0f60d9c9d55e944b4a4
2018-04-05 17:58:16 +02:00
Max Semenik a4ed4db34e Fix field visibility warnings
Yes, this is a sniff bug - however, ideally every variable should
be on its own line with documentation anyway.

Change-Id: Ic8a96d9ea4dd20d8f689aac0a7dece01a4208929
2018-04-03 02:16:41 +00:00
Daimona Eaytoy e53811ecb3 Add requirement for title and pattern fields
Currently users can save filters without title or pattern. This
shouldn't be allowed since it leads to lack of clarity. The check is
only performed server-side, since when implementing Ace editor we won't
be able to (easily) add a pure HTML requirement for the pattern field.

Bug: T173947
Change-Id: I1a0418b87cdb1ff423238fcdf1c743930500e605
2018-04-02 16:37:51 +02:00
Huji Lee 26c72c1cd9 Convert Special:AbuseFilter/tools to use OOUI
Bug: T132284
Change-Id: I139b30399f83d43c4da565b25726d8786d02d1ef
2018-04-02 16:31:19 +02:00
Daimona Eaytoy 7450fb1d62 Switch /test and /examine/# to OOUI
Standardized Special:AbuseFilter/test and /examine/# to OOUI. They need
to be updated together, since they share the same load filter button
(now centralized) which needs to be handled in a different way.

Bug: T132284
Bug: T58367
Bug: T58368
Depends-On: If3d6a994142e34686bb7fc9f09093f751b599485
Change-Id: Ib935e8c9706e987468e52ec2ad1c7219b35fb9d5
2018-03-30 13:12:36 -04:00
jenkins-bot ef65bf62c9 Merge "Convert /revert to use OOUI" 2018-03-30 14:02:12 +00:00
Daimona Eaytoy 90436c9e59 Convert /revert to use OOUI
This one was left out, probably because it's not well documented.
Together with the simple conversion, I also added a cap to time
selectors (otherwise users may create huge breaking queries) and wrapped
in a class=success P the success message, like we do when saving
filters.

Bug: T132284
Change-Id: I2ba0a54e27608949cd28b9ac0447d1f2157b0ea2
2018-03-30 09:12:59 +02:00
jenkins-bot da3342e398 Merge "Add search for filter patterns" 2018-03-30 01:32:03 +00:00
jenkins-bot 17e56ff23a Merge "Convert Special:AbuseFilter to OOUI" 2018-03-30 01:16:16 +00:00
Daimona Eaytoy 3bc4bfc4d5 Add search for filter patterns
Adds an option for searching filters with a
specific pattern in the main page, together with already existing options.
Plain search and regex are available, only for users with the
view-private right. The search is performed directly on the database.
If the user actually searched for something, it is also added a column to
Special:AbuseFilter showing a snippet of the pattern from each filter, with the query match highlighted.

Depends on: I8144062b1f273d0d8932203ffcb7a71aca60bba9

Bug: T87455
Change-Id: Ibcd84ff84edca481328210ee857b0ab723028632
2018-03-17 14:54:48 +00:00
jenkins-bot 6d32b24d16 Merge "Update for the actor table change" 2018-03-17 09:36:59 +00:00
Matěj Suchánek 729ff73c10 Convert Special:AbuseFilter to OOUI
Bug: T132284
Change-Id: I8144062b1f273d0d8932203ffcb7a71aca60bba9
2018-03-16 14:57:52 +01:00
Matěj Suchánek 3a0f6a48ba Use OOUI datetime selectors on Special:AbuseFilter/examine
Bug: T58367
Bug: T58368
Change-Id: Ic7882e86c1cadd2501eca9a63623f0db3a0c614a
2018-03-10 10:39:43 +00:00