Commit graph

140 commits

Author SHA1 Message Date
Daimona Eaytoy e526295123 Add a placeholder for the no-js changetags input field
There is already one for the js field, but we can't reuse it since "one
by one" doesn't make any sense here.

Change-Id: Iaf01e19f4006b3d578bb2201cf9108fe46d56085
2018-08-22 11:02:51 +02:00
Umherirrender 2b615cfa29 Avoid variable reuse to pass taint-check
Also set param-taint for value of WebRequest::getText

Bug: T197002
Change-Id: I9e52d24f88789c99c726e32df20840707d1b47ae
2018-08-20 19:54:20 +02:00
Daimona Eaytoy 9d21c7d03d Change priority order for messages in hidden abuselog entries
Check if the entry is deleted first, since it's the strongest deletion
here (oversight level). Bonus: don't use implicit conversion when
checking the return value of SpecialAbuseLog::isHidden.

Bug: T200644
Change-Id: Ie5c4575ad29fe3dcb85a26cc74f1c59207df2852
2018-08-19 18:22:07 +02:00
libraryupgrader 76c6d2caeb build: Updating mediawiki/mediawiki-codesniffer to 21.0.0
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionAnnotations.UnrecognizedAnnotation
* MediaWiki.Usage.InArrayUsage.Found

Change-Id: I46e414246c6597dd78b069f753d686c0d1c1c09d
2018-07-27 00:27:11 +00:00
jenkins-bot 78bd634f58 Merge "Add link to abusefilter-edit-lastmod-text" 2018-07-26 22:56:07 +00:00
Daimona Eaytoy 7992349789 Fix block durations dropdown
A month ago SpecialBlock::getSuggestedDurations has been
modified, and now it also returns an "other" key. Since we don't need it
and it would break thing up, add a parameter to avoid dealing with that.

Depends-On: Ic2dbc961f7eebad11da53724b9cce2f804ffad39
Change-Id: Ica37ba7015a04445c2cbafebcc85726368e23cb0
2018-07-24 15:41:57 +00:00
IoannisKydonis 2fa95e55e6 Add link to abusefilter-edit-lastmod-text
This adds a link to the diff of the edited filter.

Co-authored-by: Matěj Suchánek
Bug: T53382
Change-Id: I57104f592fc3961bb43ecea8442ef6666ed4a69c
2018-07-22 16:13:35 +02:00
jenkins-bot 84252213c0 Merge "Improve the check for block durations equality" 2018-07-22 14:02:22 +00:00
jenkins-bot 0979e116b4 Merge "Show AF logs for a revdeled revision if the user can see the revision" 2018-07-18 02:04:16 +00:00
jenkins-bot 9623421366 Merge "Switch editing interface to OOUI & improve NoJS usability" 2018-07-18 00:59:12 +00:00
Daimona Eaytoy cea1b0aec3 Compact some other comments
Remove unnecessary ones, make clear what the cryptic ones mean, and
inline them when possible.

Change-Id: I384859871a66ced8cb0d81260c06c5a5b278866f
2018-07-17 17:17:44 +02:00
Daimona Eaytoy b825e396b5 Switch editing interface to OOUI & improve NoJS usability
This settles almost everything, leaving the tags part ready to be
further improved in the follow-ups.
Also, replaced some fields with totally different ones, improved the
warn preview area and improved a bit nojs experience by hiding unusable
buttons.

Bug: T132284
Bug: T154749
Change-Id: I7a5caa862a32f9792140c6a4d9708a2d20472672
2018-07-17 14:49:50 +02:00
jenkins-bot 29c7f0f818 Merge "Update LogPage to ManualLogEntry" 2018-07-15 15:08:47 +00:00
Daimona Eaytoy 0e87c44c74 Show AF logs for a revdeled revision if the user can see the revision
The function used to determine if a row is hidden has three possible
return values: true, false and "implicit". While the first and the
second one refer to AF own suppressing system, 'implicit' means that the
revision associated with the log entry is deleted. However, we checked
for such return value with a boolean cast, which caused true and
'implicit' to be equally treated, thus hiding revdel'ed revisions to
sysops. Bonus: fixed a comment typo.

Bug: T191699
Change-Id: I87d3a6437bb966198175e4bfd063e30ed79c345f
2018-07-14 00:46:19 +02:00
jenkins-bot 0862148509 Merge "Warn the user to re-attempt save if edit token didn't match" 2018-07-13 19:50:07 +00:00
jenkins-bot 73d65876f5 Merge "Simplify how we convert builder values array for OOUI" 2018-07-13 19:49:27 +00:00
Daimona Eaytoy 0815fc6a8f Update LogPage to ManualLogEntry
We still had three entries of "LogPage", which is legacy and has some
problems (I7bb0e92b2906a2511fc4290bdc76fc39ec4617fe). This patch updates
two of them to ManualLogEntry. The last one is handled separately in
Ic23e724997e4748c8d0da8138aa73d31b17b7064.

Change-Id: I2a4f18ea6baebdc114078c57d8937ce4ca2aace5
2018-07-13 19:39:57 +00:00
Daimona Eaytoy b8a2225bb2 Warn the user to re-attempt save if edit token didn't match
I've been noticing this problem for a long time: sometimes, when the
filter editor stays open for a long time and you try to click "save filter",
the page is scrolled and the edit isn't save (while it is indeed saved
when clicking save again). I found out that this is due to edit token
not matching. If that happens and the request was posted, warn user to
re-save the edit.

Change-Id: Id0c5600bf22632f57d237a19b492cc9c297be736
2018-07-13 15:40:29 +02:00
Daimona Eaytoy 8cec6a06cf Simplify how we convert builder values array for OOUI
To generate an OOUI-friendly array with dropdown values, we need to
rearrange the array we already get from AbuseFilter::getBuilderValues().
Right now we do it in a pretty dirty way, which also causes errors if
external values (e.g. Flow variables) are in the list. With this patch,
such conversion is simplified, explained in a comment, and doesn't
output errors anymore.

Change-Id: I1063865aeff2dfb637e95d7b2ff30da39ceeab67
2018-07-13 15:36:12 +02:00
jenkins-bot 4462fd5eae Merge "Wrap error messages in Html::errorBox" 2018-07-13 09:46:00 +00:00
Daimona Eaytoy f93134a4f7 Unbreak reverting 'degroup' action
This is something that hasn't been working since January 2009, when AF
didn't have arrays and all variables were computed non-lazily. In fact,
when reverting "degroup", we used to take old groups from edit vars, but
the variable may not have been computed for such edit. Plus, we treated
the var collection as an array instead of an AbuseFilterVariableHolder
object, and exploded user_groups since it was a string. With this patch
everything should start working as intended.

Change-Id: I76917b2e331291bd42daeef8d048507dc38048cb
2018-07-13 00:25:02 +02:00
Daimona Eaytoy 9012848032 Wrap error messages in Html::errorBox
The message 'abusefilter-edit-notallowed' is used twice and outputted
as plain text. This makes it really, really hard to notice. Wrap it in a
block-level errorbox to make sure users see it.

Change-Id: I6e5579f9a5e33f05520001e10ffdde928ffdcff0
2018-07-11 15:37:20 +02:00
jenkins-bot cacc034d1a Merge "Fix minor issues around" 2018-07-11 00:28:50 +00:00
Daimona Eaytoy da2a14ad39 Revert "Change message transformation method"
Html::warningBox makes use of Html::rawElement, where as noted in docblock the given html must *not* be escaped. Plus, bold text was broken due to escaping.

This reverts commit 7dfe4bfcfd.

Change-Id: I505be036291d4c6ff33c0c4fed4dd83a5bb56c54
2018-07-08 22:17:09 +00:00
Daimona Eaytoy f016c6c95f Fix minor issues around
This fixes the following minor issues:
* In HistoryPager's getQueryInfo, afh_id was listed twice
* In AbuseFilter::translateFromHistory a field named "af_" was produced
if no actions were in use
* The topnav link "Recent filter changes" wasn't STRONGed on pages like
"Special:AbuseFilter/history/123"
* In checkAllFilters and AbuseFilter::getFilter, select from DB only the
fields that will be used.
* Simplify some inline comments and remove superfluous ones

Change-Id: If72b18bedac5e580487406e696aea1fd172ae45b
2018-07-07 12:11:39 +00:00
jenkins-bot 53eba666dc Merge "Two minor fixes to make code testable" 2018-07-06 19:56:47 +00:00
Brian Wolff 5f73034c7a Minor escaping fixes
This will also fix some (not all) of phan-taint-check's warnings

Bug: T197002
Change-Id: I7fd1798030d83292ce46543e25c0c431ec345a11
2018-07-05 18:51:30 +00:00
Daimona Eaytoy c8c66b55bc Two minor fixes to make code testable
Trying to write unit tests, there are some things in the code that make
it not well testable. Here, two of them are corrected:
1 - Use class constants instead of static variables inside a non-static
method. Otherwise such variables won't be reset between tests. The
change is made so that there'll be less impact on blame.
2 - Set af_enabled to true even in af_deleted is true as well. For three
reasons: the first is that we already perform validation for this, so no
need to secretly change the option to whatever we think would make
sense. Second, this redundant validation makes some tests fail. Third:
this way, if the user selects both enabled and deleted, when the warning
is shown he'll indeed see that both checkboxes are selected. Before, he
would only see wpFilterEnabled as selected.

Change-Id: Ib7a0335fa7fb3b8a21765438a720205656c1ea09
2018-07-05 00:07:46 +02:00
jenkins-bot a85e8f5588 Merge "Abstract methods in ViewEdit related to filter saving" 2018-07-02 22:18:37 +00:00
Daimona Eaytoy f9687ad678 Abstract methods in ViewEdit related to filter saving
Actually, it seems like I almost got it right at the first try. I tested
every validation scenario and it worked as espected, so ready for
review.

Bug: T193596
Change-Id: I7fd1798030d83292ce46543e25c0c431ec345a28
2018-07-02 20:27:05 +02:00
Daimona Eaytoy f6eaba0822 Add min and max date selectors to AbuseLog
Reused code from ViewExamine and ViewTestBatch where we do the same
thing.

Bug: T99650
Change-Id: Ib33071aed69626cfa4a15435b4aef71096deba8b
2018-06-29 11:52:14 +02:00
jenkins-bot 240e264833 Merge "Make /test filterable by action type" 2018-06-26 01:24:16 +00:00
jenkins-bot 1481b40b5d Merge "Make buildTestConditions more flexible" 2018-06-26 01:22:35 +00:00
jenkins-bot 625f1b92cd Merge "Reduce form whitespace on Special:AbuseFilter and compact variables" 2018-06-26 01:18:04 +00:00
Daimona Eaytoy 1394da924f Make /test filterable by action type
Bug: T20288
Depends-On: I2c51b695262b132a5c7cdfab20d56e36f43c7448
Change-Id: I9887c586955c1a1b34dbe641a8f9ad34de7a2e1d
2018-06-26 00:48:09 +00:00
Daimona Eaytoy c5da9cc6df Make buildTestConditions more flexible
This way, we can specify an action and it'll return only conditions for
that specific action. This is especially thought to make results
filterable by action type.

Change-Id: I2c51b695262b132a5c7cdfab20d56e36f43c7448
2018-06-26 00:45:33 +00:00
Daimona Eaytoy 3c1dae9e14 Allow users with abusefilter-view-private to use testing interface
Now the required need will be abusefilter-modify OR
abusefilter-view-private for /tools, /test and /examine.

Bug: T193903
Change-Id: I3f1a91a2cc1df2272e5d4099cefd7c649a0683d5
2018-06-24 14:10:38 +00:00
Daimona Eaytoy fcc07db95c Reduce form whitespace on Special:AbuseFilter and compact variables
The conversion to OOUI brought some extra whitespace that creates some
problems while viewing the page, especially with specific skins. This
patch compacts four different form fields in a single one, having the
side benefit of reducing the amount of used variables.

Bug: T189425
Change-Id: I75aa83e36d12db65d8b54c76b3ea14c8c797215e
2018-06-19 12:13:29 +02:00
jenkins-bot 9eb736d63d Merge "Enable OOUI and add unused button to the output" 2018-06-10 03:13:20 +00:00
Max Semenik 5c8a8da1f2 Fix some Doxygen problems
Change-Id: I04ce5564ec73e45a6d94c51be94bd1423a86780a
2018-06-08 13:02:40 -07:00
Daimona Eaytoy 9fe281e704 Enable OOUI and add unused button to the output
In If67035991a0835ec3edc13be4543e6b40c76c3ea I changed a couple of links
to OOUI buttons, but forgot to add one of these to the output (and to
enable OOUI as well).

Change-Id: I7dd4b554bae406bc0c8326867298302ee10b47f2
2018-06-04 11:21:41 +00:00
Daimona Eaytoy 74569e20a7 Improve the check for block durations equality
With I5e3764dbec8ac21f20c460181ae78ed73eca92f6 I introduced a function
to check that two blocks with different wordings refer to the same
duration. While that functions works good 99.9% of the time, there's a
highly unlikely but actual problem: if one of the operand is parsed at
time x and the other at time x+1 (in seconds, and this may happen even
if it gets parsed 1 ms later), the 2 durations will be considered
different and this may be annoying. With this patch I introduce another
tiny function which uses strtotime to parse a duration, but uses the
second parameter (=0) to avoid relativeness to the current time. Again,
this isn't likely to occurr, but since the fix is straightforward we'd
better do it. Also, now global durations aren't parsed at every
iteration (previously they were due to the same problem, amplified by
time distance between the first and the last iteration).

Change-Id: I11a078f298aaed9631d7f422c6b9b722d28e73cc
2018-06-04 11:21:37 +00:00
Daimona Eaytoy 43ec6cf830 Add an option to hide private filters on Special:AbuseFilter
While the change itself is simple, the only problem here is the desing,
since we're adding even more vertical space with this.

Bug: T164108
Change-Id: Ic5373dd4f0b85dc1311d90ac165d4520ac956e68
2018-06-04 11:21:18 +00:00
Max Semenik 94f3bc67ca Use PHP7 ?? operator
Change-Id: I757b832ac86f52d8b70ffc42fdb60796ab81e7fe
2018-05-31 11:53:03 -07:00
libraryupgrader 99c212226d build: Updating mediawiki/mediawiki-codesniffer to 20.0.0
Change-Id: Ib1d0dfa76babc01c30f4e905e8f6fb80e1e9a0bc
2018-05-25 23:31:49 +00:00
jenkins-bot 96a91ac9b2 Merge "Allow IP addresses in user selectors" 2018-05-24 18:15:33 +00:00
Matěj Suchánek 45b8855754 Allow IP addresses in user selectors
Also unify username normalisation in Special:AbuseLog with /examine and /test.

Change-Id: I85e10ba9262c698b8c279b5cad9fae4a0ab3d7b0
2018-05-24 18:53:23 +02:00
Daimona Eaytoy ba9df944c8 Compare with null instead of using $config->has
With I91a9c5cca55e540a6c95b750579c1c369a760b15 we replaced some globals
with Config and, in doing this, we added "$config->has()" to check if a
variable was null. However, "has" will always return true even if the
value is null (it only checks if it exists), and thus we end up showing
a global abusefilter pager even if no central DB is set.

Bug: T195022
Change-Id: I751fdefd29b6af1361021d4343ba67f16c99a037
2018-05-21 12:11:45 +02:00
Daimona Eaytoy 38c46216db Explicitly declare title fields as optional
They were defaulted to false with
I93ad51ffe7bee597d2d127f4c5d6b2929ffc8f7e, which broke use cases where
the page field is NOT required, nor has a 'required' => false explicitly
declared.

Bug: T194425
Change-Id: I5ab768c02a30b6d053104e590729ef22bb4e0808
2018-05-10 22:20:05 +02:00
Daimona Eaytoy 69c8929468 Add an option to hide bots in /test
Pretty self-explanatory and straightforward, since recentchanges has a
dedicated column for bot edits.

Bug: T193994
Change-Id: I76d41e082aed262640e9fff856eeb97df49633d5
2018-05-07 17:25:40 +02:00