We shouldn't try to set the attribute of a variable which isn't
actually an object as this will lead to the "Creating default
object from empty value" PHP error and it will trigger a further
fatal down the road. This gets triggered in Wikibase and probably
other extension unit tests.
Change-Id: I0f2e93657e5cfdb84ee351be371d421c11291b82
I've also added myself to the credits file as I'm the only
maintainer of this extension for a while now.
Change-Id: Id998172ea2abd70b8243de9db1a96cc2cfa47a64
Use the UploadVerifyFile hook instead of the UploadVerification
one as it provides more data about the upload.
This is the first step towards better upload filtering.
Change-Id: Ie535c7d20ed79a1e26d8d399a7c25d632c9c7fa0
lot of code was using ::merge() to create a new AbuseFilterVariableHolder
this is now simplified using a single addHolders method.
merge() still exists as its usful as a static function.
addHolder() is deprecated.
Change-Id: Ia4f6a56f642242a04cf2973b74ce44d91fce00eb
(bug 28633) With $wgUseAutomaticEditSummaries=true, the edit summary is
different between EditFilterMerged and ArticleSaveComplete. AbuseFilter
was using edit summary changes to attempt to detect whether the two
hooks refer to the same edit. If it really is possible for multiple
edits to be performed in the same request, with arbitrary patterns of
EditFilterMerged and ArticleSaveComplete calls, then some more robust
method would be needed to match the hook calls. But I don't think that
is necessary at present.
Change-Id: I94321905f38eafde8add00eff73745af255c1f15
AF is setting several lazy load variables for the currently editing user.
To do this it's passing along the user name extracted from a user object
and generating a new user object later from that name which is of course
pointless. With this patch I'll pass user objects directly to prevent that.
On top of that I've deprecated a method in AFComputedVariable::compute which
was redundant as there is a more generic one which can solve that task
just fine.
Furthermore I've changed the logging behaviour from serializing the whole
AbuseFilterVariableHolder object to only store the variables. That has two
major advantages:
* The amount of data that needs to be saved on a filter hit is reduced
to about 1/10 of what the old version needed.
* This is much more forward compatible as the old way of saving this
relied on the class structure to stay the same while this is a simple
array containing the vars.
On top of that we now only log variables already set by the time
a filter is hit. On top of the obvious performance increasement
that makes it easier for the user to spot the relevant data.
Another thing this change alters is the way the AbuseFilter internally
works with AbuseFilterVariableHolder objects. Right now we use one for
testing the filter(s) and later we use another one to compute the same
data again in case a filter was hit (for logging)!
This is not thoroughly tested yet, but way more sane than what we're
currently doing!
Change-Id: Ib15e7501bff32a54afe2d103ef5aedb950e58ef6
During testing the context does not always contain a valid
Title object. In those cases AbuseFilter will fail hard.
This changeset makes the filter survive some of those
failures.
Change-Id: I0b2247432619ddf15cc17ed41b4b7a6a11e910e0
This changes the AbuseFilter to use Status objects for internal
error handling. This allows for more flexibility in passing error
messages back from hooks and avoids double escaping.
Change-Id: I72e1a6dd7dee19f889fc13b60456e9bfebd5e22b
This makes AbuseFilter use EditFilterMergedContent if support for
the ContentHandler infrastructure is present. This means living
without some nice bits of context, because EditFilterMergedContent
doesn't provide an EditPage object.
This requires core change I99a19c93 to work correctly.
Change-Id: Ibb9d4c9a36b8a199213958b920902e8006c71fe8
The hook 'AbuseFilter-interceptVariable' can be used
for intercepting any request to recalculate a variable,
and if a handler is returning false the later code
will be skipped. That makes it possible to avoid using
content if the content model is wrong, as it could be
for a Wikibase entity.
The hook uses the same arguments as the hook
'AbuseFilter-computeVariable', thereby making it simple
to move handlers around.
The arguments to the hook are
@param string $method
@param AbuseFilterVariableHolder $vars
@param array $parameters
@param AFPData|array|int|mixed|null|string &$result
Patchset 2: Fix for arg 1 to the hook, it got $this
instead of $this->mMethod
Change-Id: I4944ea612369d6f96319e24c96d97cf9739358c7
Patchset 2: Handle more content types
Patchset 3: Change cover letter
Patchset 4: Make it b/c
Patchset 5: Refactor and use previous audience
Patchset 6: Fixed/ minor changes
Change-Id: Ib1d2f9803bc95bb9efd445e3778126d5c3090a71
* Replace deprecated methods.
* Remove no longer needed function fnmatch().
* Remove superfluous newlines.
* Remove unused and redundant local variables and globals.
* Deglobalization.
* Update documentation.
* Fix incorrect return values or add FIXMEs when in doubt.
* Escape output in a few places where needed.
* Remove unneeded MEDIAWIKI constant checks.
* Fix various JSHint/JSLint issues.
Patch Set 11: Merged https://gerrit.wikimedia.org/r/24701 into
this one per Siebrand's request
Change-Id: I02ba4ce31b6aca5b7324114093f8ece143abc295
* Update rules list view to show global rules toggle, global rules
* Update rule processing to get global rules from memcache, if no
rule exists, get them from the central database and store them in
memcache
* Delete global rule key whenever global rules are updated
* Add filtering for log by wiki on the central database, updated
table definitions to add index on afl_wiki
* Add global $wgAbuseFilterDisallowGlobalLocalBlocks so local wikis
can prevent global rules from locally blocking, removing or revoking
permissions.
* patchset 13: Include recommendations from Tim. Add db updates to
LoadExtensionSchemaUpdates hook.
* patchset 14: forgot to add new files
Change-Id: Id69a9d603f9679f838e8691c651a3e9d8461b422
* Store the revision ID associated with a log entry
if the action is successful.
* Expose this as a diff link in the UI.
* Implicitly hide log entries if their
corresponding revisions are also hidden.
* Includes scope for expanding to log entries if desired.
Change-Id: Ie2d43dd1bacf14289fdf0492bb22267590ee649d
The purpose of this change is to allow AFTv5 developers to run a separate list of filters against article feedback actions without issues of cross-contamination and bumping up against the condition limit.
Change-Id: I758795f01eaf3ff56c5720d660cd989ef95764a7
This change depends on I92f57fc2c3189c42157478de14a8d48045a253b5.
This change provides a handler for AbortAutoAccount hook and adds new
action to the filter: autocreateaccount. Every time the AbortAutoAccount
is invoked the filter is executed. This may create some issues with
users which are affected by a filter, because it may be triggered on
every page view. The AbuseFilter relies on CentralAuth session
blacklisting - for each session the filter will be triggered only
once and then the autocreationg of account will not be attempted.
I don't know why AbortNewAccount hook takes as $message argument
a text of message, however AbortAutoAccount takes a name of the
message. This makes impossible to produce a user friendly message
why account creation is not allowed.
Change-Id: Ie3a7ee9210fd884d214ad3132a502a00332c3138
PHP Fatal error: Call to a member function getRawText() on a non-object in /usr/local/apache/common-local/php-1.20wmf1/extensions/AbuseFilter/AbuseFilter.hooks.php on line 29
Change-Id: I4ce74e641cc10371ef75dc872add23aa052022d2
This change makes EditFilterMerged handler replace all \r\n with \n.
Parser::preSaveTransform replaces \r\n with \n for all texts, so
there are no \r in the database. The hook EditFilterMerged is run
before the text is processed by Parser::preSaveTransform, so the
diff will be useless if the client sends content with \r\n as line
endings.
Change-Id: If81fe7cc5e3af51a6564f86597d3afaefc7ad4b7
The fourth parameter to "changeField" call was not present resulting in
"Warning: Missing argument 4 for PostgresUpdater::changeField()" and
"Notice: Undefined variable: default"
($default is the fourth parameter of PostgresUpdater::changeField()).
Change-Id: I271be91e5ba248692dcd9d48c5a5e97f938003aa
* Store the revision ID associated with a log entry if the action is successful.
* Expose this as a diff link in the UI.
* Implicitly hide log entries if their corresponding revisions are also hidden.
* Includes scope for expanding to log entries if desired.
Instead pass the Article object from the EditFilterMerged hook to the AFComputedVariable object and see whether the object is present to do a parse operation since other code paths won't pass an Article object
Also simplified the fallback code in AFComputedVariable::compute() to simply continue instead of calling the function again.
with MaxSem about the desired course of action. Perhaps later these
can be merged back, but this seemed to be the quickest way to get
AbuseFilter working with SQLite working for now.
That bug is triggering when a user submit an old revision unchanged.
The previous Article->getContent() would fetch the old revision which is
then compared to the user submitted text. Since they are identical, filtering
is skipped entirely.
Any editor can then reinstate an old "bad" revision.
Fix:
* Get latest stored revision to compare user submitted text against. This is
done by using: Article->getRevision()->getRawText().
* Move caching related calls after that.
Follow up r52740.
Redo r100687 I had reverted.
This bug is triggering when a user submit an old revision again. AbuseFilter
considered it to be a null edit although the old revision is certainly
a different text than the current one in the database.
This patch make sure we skip filtering only if we will be comparing with the
lastest content.
Follow up r52740