Commit graph

4412 commits

Author SHA1 Message Date
Daimona Eaytoy 32718888c0 Use noparams exception and correctly count function parameters
For the counting part I used this a relatively simple approach. It might
not be the best one, but should work without changing too much code. As
for the exception, I added it to every function which takes a single
parameter. Plus a couple of minor fixes: removed an unused function and
replaced "__METHOD__" with function names.

Bug: T198300
Change-Id: I484fe2994292970276150d2e417801453339e540
2018-07-15 15:32:26 +00:00
jenkins-bot 29c7f0f818 Merge "Update LogPage to ManualLogEntry" 2018-07-15 15:08:47 +00:00
jenkins-bot 32218a1391 Merge "Add the user action to warn key" 2018-07-15 15:08:42 +00:00
jenkins-bot 5281a158a9 Merge "Add phpunit tests for all exception thrown in the parser" 2018-07-15 15:08:41 +00:00
jenkins-bot c4ef80638e Merge "Add the log ID as API param for query abuselog" 2018-07-15 15:08:39 +00:00
Daimona Eaytoy adc06f409d Use isset instead of empty+strlen when checking disallow parameters
This line first used to be just an "strlen". Then we merged
Iaeae672dca66ffc745054daabd6f0eae7dfbc648 to clean input and this caused
some "undefined index" notices. These were in turn fixed in Ibebedb566da705e77ffb831ebda6476adba07c93 by adding an "empty". However, this slightly changed the range of accepted parameters, for instance refusing 0 and '0'. Those should never be used, so this is just a theoretical problem, but we'd better be consistent and simplify this line.

Change-Id: I4643d0632acf5926ac8de5da9bcb3e5dc715fdc1
2018-07-15 17:01:32 +02:00
Translation updater bot 20dc4301f8 Localisation updates from https://translatewiki.net.
Change-Id: I26e90ad47cb9e691406db27092f65c0153fe2841
2018-07-14 22:20:14 +02:00
Daimona Eaytoy 6a97133310 Add the user action to warn key
Otherwise, if the user is warned for e.g. trying to move a page, and
after the warning he tries to delete it, he won't be warned again. Since
filtered action (edit, move, delete...) can be really different, we
should repeat the warning if the action changed.

Bug: T199621
Change-Id: Ia481b2bf552e16de8485c246aa5612d5bb2cd6ca
2018-07-14 16:15:52 +02:00
Daimona Eaytoy d390144c69 Add the log ID as API param for query abuselog
The patch adds the logid parameter to the queryAbuseLog API, so that
users will be able to retrieve a single result with the given logid.

Bug: T36731
Change-Id: I9160c3690e86ea40560f6fa7721918965234c29e
2018-07-14 15:03:17 +02:00
Daimona Eaytoy 0e87c44c74 Show AF logs for a revdeled revision if the user can see the revision
The function used to determine if a row is hidden has three possible
return values: true, false and "implicit". While the first and the
second one refer to AF own suppressing system, 'implicit' means that the
revision associated with the log entry is deleted. However, we checked
for such return value with a boolean cast, which caused true and
'implicit' to be equally treated, thus hiding revdel'ed revisions to
sysops. Bonus: fixed a comment typo.

Bug: T191699
Change-Id: I87d3a6437bb966198175e4bfd063e30ed79c345f
2018-07-14 00:46:19 +02:00
jenkins-bot 0862148509 Merge "Warn the user to re-attempt save if edit token didn't match" 2018-07-13 19:50:07 +00:00
jenkins-bot 73d65876f5 Merge "Simplify how we convert builder values array for OOUI" 2018-07-13 19:49:27 +00:00
Daimona Eaytoy 0815fc6a8f Update LogPage to ManualLogEntry
We still had three entries of "LogPage", which is legacy and has some
problems (I7bb0e92b2906a2511fc4290bdc76fc39ec4617fe). This patch updates
two of them to ManualLogEntry. The last one is handled separately in
Ic23e724997e4748c8d0da8138aa73d31b17b7064.

Change-Id: I2a4f18ea6baebdc114078c57d8937ce4ca2aace5
2018-07-13 19:39:57 +00:00
Daimona Eaytoy b8a2225bb2 Warn the user to re-attempt save if edit token didn't match
I've been noticing this problem for a long time: sometimes, when the
filter editor stays open for a long time and you try to click "save filter",
the page is scrolled and the edit isn't save (while it is indeed saved
when clicking save again). I found out that this is due to edit token
not matching. If that happens and the request was posted, warn user to
re-save the edit.

Change-Id: Id0c5600bf22632f57d237a19b492cc9c297be736
2018-07-13 15:40:29 +02:00
Daimona Eaytoy 8cec6a06cf Simplify how we convert builder values array for OOUI
To generate an OOUI-friendly array with dropdown values, we need to
rearrange the array we already get from AbuseFilter::getBuilderValues().
Right now we do it in a pretty dirty way, which also causes errors if
external values (e.g. Flow variables) are in the list. With this patch,
such conversion is simplified, explained in a comment, and doesn't
output errors anymore.

Change-Id: I1063865aeff2dfb637e95d7b2ff30da39ceeab67
2018-07-13 15:36:12 +02:00
jenkins-bot 4462fd5eae Merge "Wrap error messages in Html::errorBox" 2018-07-13 09:46:00 +00:00
jenkins-bot 56c13b4d1d Merge "Unbreak reverting 'degroup' action" 2018-07-13 08:47:58 +00:00
Daimona Eaytoy f93134a4f7 Unbreak reverting 'degroup' action
This is something that hasn't been working since January 2009, when AF
didn't have arrays and all variables were computed non-lazily. In fact,
when reverting "degroup", we used to take old groups from edit vars, but
the variable may not have been computed for such edit. Plus, we treated
the var collection as an array instead of an AbuseFilterVariableHolder
object, and exploded user_groups since it was a string. With this patch
everything should start working as intended.

Change-Id: I76917b2e331291bd42daeef8d048507dc38048cb
2018-07-13 00:25:02 +02:00
Translation updater bot cb0c43133b Localisation updates from https://translatewiki.net.
Change-Id: If69916aa1aff6a6405c6047052cb8378a63b68d4
2018-07-12 22:38:17 +02:00
Translation updater bot 8adffed8af Localisation updates from https://translatewiki.net.
Change-Id: I623f5644d60c6e9fcd13cd882c439cdba55f8511
2018-07-11 22:39:28 +02:00
Daimona Eaytoy 9012848032 Wrap error messages in Html::errorBox
The message 'abusefilter-edit-notallowed' is used twice and outputted
as plain text. This makes it really, really hard to notice. Wrap it in a
block-level errorbox to make sure users see it.

Change-Id: I6e5579f9a5e33f05520001e10ffdde928ffdcff0
2018-07-11 15:37:20 +02:00
jenkins-bot cacc034d1a Merge "Fix minor issues around" 2018-07-11 00:28:50 +00:00
jenkins-bot a50e4d6b8c Merge "Revert "Change message transformation method"" 2018-07-11 00:24:00 +00:00
Translation updater bot d74e0baaa6 Localisation updates from https://translatewiki.net.
Change-Id: I4f63b1c8cb73f27b6a63a3751687e48b193bcd1c
2018-07-10 22:15:33 +02:00
Daimona Eaytoy 255e405957 Fix message key for reserved tag
Introduced in I75ce47d247cf6949117370c8c78ab7c6980538f3, the message name
was misspelled in the code and thus the message doesn't show.

Change-Id: Iad515c48035259340c4824d456a14010c977e7a8
2018-07-10 01:00:59 +02:00
Translation updater bot b066abef8c Localisation updates from https://translatewiki.net.
Change-Id: Ic1c38eae0bf0a6335a07b10429640017c8b4073a
2018-07-09 22:10:44 +02:00
Daimona Eaytoy da2a14ad39 Revert "Change message transformation method"
Html::warningBox makes use of Html::rawElement, where as noted in docblock the given html must *not* be escaped. Plus, bold text was broken due to escaping.

This reverts commit 7dfe4bfcfd.

Change-Id: I505be036291d4c6ff33c0c4fed4dd83a5bb56c54
2018-07-08 22:17:09 +00:00
Translation updater bot 5b7a5672de Localisation updates from https://translatewiki.net.
Change-Id: Ibe117886fec4fee42d64c05cef66f837262d7dbe
2018-07-07 22:52:24 +02:00
jenkins-bot 8965b2d95f Merge "Reserve abusefilter-condition-limit tag" 2018-07-07 19:07:43 +00:00
Daimona Eaytoy f016c6c95f Fix minor issues around
This fixes the following minor issues:
* In HistoryPager's getQueryInfo, afh_id was listed twice
* In AbuseFilter::translateFromHistory a field named "af_" was produced
if no actions were in use
* The topnav link "Recent filter changes" wasn't STRONGed on pages like
"Special:AbuseFilter/history/123"
* In checkAllFilters and AbuseFilter::getFilter, select from DB only the
fields that will be used.
* Simplify some inline comments and remove superfluous ones

Change-Id: If72b18bedac5e580487406e696aea1fd172ae45b
2018-07-07 12:11:39 +00:00
jenkins-bot 53eba666dc Merge "Two minor fixes to make code testable" 2018-07-06 19:56:47 +00:00
Daimona Eaytoy 33b1b12b92 Reserve abusefilter-condition-limit tag
Right now it can manually be added when creating filters. Since the
distinction is interal to AbuseFilter, we can't use hooks to achieve the
goal (the tag isn't already usable from outside AF). Also making
isAllowedTag public to make it testable.

Change-Id: I75ce47d247cf6949117370c8c78ab7c6980538f3
2018-07-06 16:43:12 +02:00
jenkins-bot 0d8e27fed7 Merge "Don't use globals for filter validation" 2018-07-06 00:36:13 +00:00
Translation updater bot d7cd1de386 Localisation updates from https://translatewiki.net.
Change-Id: I63148d4fc20b5fc9920acecb15a0d885db961b4c
2018-07-05 22:43:28 +02:00
jenkins-bot 206ce51aac Merge "Minor escaping fixes" 2018-07-05 20:28:25 +00:00
Brian Wolff 5f73034c7a Minor escaping fixes
This will also fix some (not all) of phan-taint-check's warnings

Bug: T197002
Change-Id: I7fd1798030d83292ce46543e25c0c431ec345a11
2018-07-05 18:51:30 +00:00
Daimona Eaytoy 1ae14697b5 Don't use globals for filter validation
Some of them are available from the AbuseFilterViewEdit object, the
others from its config.

Change-Id: I8495c8cc03ef86919b325798a2c08ce7c4df277f
2018-07-05 19:57:30 +02:00
jenkins-bot b86208d381 Merge "Add phan seccheck to composer and remove deprecated module" 2018-07-05 17:34:38 +00:00
Daimona Eaytoy c8c66b55bc Two minor fixes to make code testable
Trying to write unit tests, there are some things in the code that make
it not well testable. Here, two of them are corrected:
1 - Use class constants instead of static variables inside a non-static
method. Otherwise such variables won't be reset between tests. The
change is made so that there'll be less impact on blame.
2 - Set af_enabled to true even in af_deleted is true as well. For three
reasons: the first is that we already perform validation for this, so no
need to secretly change the option to whatever we think would make
sense. Second, this redundant validation makes some tests fail. Third:
this way, if the user selects both enabled and deleted, when the warning
is shown he'll indeed see that both checkboxes are selected. Before, he
would only see wpFilterEnabled as selected.

Change-Id: Ib7a0335fa7fb3b8a21765438a720205656c1ea09
2018-07-05 00:07:46 +02:00
Translation updater bot 97904a38b7 Localisation updates from https://translatewiki.net.
Change-Id: I47dc7c15e4d2ed525bbd85246a3d2b06f4c0f1ac
2018-07-03 22:16:24 +02:00
jenkins-bot a85e8f5588 Merge "Abstract methods in ViewEdit related to filter saving" 2018-07-02 22:18:37 +00:00
Translation updater bot 735e8466b8 Localisation updates from https://translatewiki.net.
Change-Id: I82293aa87794c8a922f5d5a36131df250177800b
2018-07-02 22:10:17 +02:00
Daimona Eaytoy f9687ad678 Abstract methods in ViewEdit related to filter saving
Actually, it seems like I almost got it right at the first try. I tested
every validation scenario and it worked as espected, so ready for
review.

Bug: T193596
Change-Id: I7fd1798030d83292ce46543e25c0c431ec345a28
2018-07-02 20:27:05 +02:00
Daimona Eaytoy ca91e854ed Bump equivset to 1.3 to avoid PHP fatal error
While trying to fix the fatal error reported in the task, I first tried
to bump equivset to a more recent version, and it seems to have fixed
it. I'm not sure whether this could lead to regressions, further
investigation coming.

Bug: T189560
Change-Id: I92bf98157a2b656a892e1d05deb4868c42e27fcd
2018-07-02 13:51:31 +02:00
jenkins-bot 8d9a564aee Merge "Add colon to "Action type" field on Special:AbuseFilter/test" 2018-07-01 21:43:40 +00:00
Translation updater bot f1a661a132 Localisation updates from https://translatewiki.net.
Change-Id: I97ae16e57c087f7b2474aecbb3b7f0f2ea268b38
2018-07-01 22:06:01 +02:00
Daimona Eaytoy e9921bcda7 Add other phpunit test for AFPUserVisibleException
Follow-up of Iacb8f7a361079e3e117dc6845597c7bd8473e54a for exceptions
thrown outside the parser. With this patch all uses of AFPUserVisibleException
will be covered.

Depends-On: Iacb8f7a361079e3e117dc6845597c7bd8473e54a
Change-Id: Ia7ef6eb832d5725a804a60cb58bc110b06c8abe2
2018-07-01 18:34:01 +02:00
Daimona Eaytoy 7a64280893 Add phpunit tests for all exception thrown in the parser
All uses of "throw" inside AbuseFilterParser are now covered.
Bonus: added a standard suppresswarning when checking regex validity.

Change-Id: Iacb8f7a361079e3e117dc6845597c7bd8473e54a
2018-07-01 18:31:11 +02:00
Translation updater bot d0a00ce049 Localisation updates from https://translatewiki.net.
Change-Id: I039e2a4f8fa68d7c161ab63c27cfc568f860e19c
2018-06-30 22:30:08 +02:00
Daimona Eaytoy 7104c40518 Copy levels documentation on AbuseFilterParser
doLevel- functions are currently documented in AFPToken. This patch
copies such comments on docblocks in AbuseFilterParser, the place where
this docs can really be helpful.

Change-Id: I4e47e760a56800faa9b0a1146e0d79f8955dca9a
2018-06-30 20:35:49 +02:00