Daimona Eaytoy
3413d15b68
Apply proper visibility checks for recentchanges queries
...
Follow-up: I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2
Bug: T274152
Bug: T274158
Change-Id: I71a6d521bd12931ce60eec4d2dc35af19146000f
2021-03-11 11:52:48 +01:00
Translation updater bot
e28d15c55e
Localisation updates from https://translatewiki.net .
...
Change-Id: I762b4898d206f735e307f551027119213b0ec8d1
2021-03-11 08:35:48 +01:00
libraryupgrader
aeccd5b8b9
build: Updating eslint-config-wikimedia to 0.19.0
...
Additional changes:
* eslint: Renamed `wikimedia/client` profile to `client-es5` (T277085).
Change-Id: I2ef2da7d95f8f40fe9ccfa9c9a5aff34bef42ef3
2021-03-10 23:05:48 +00:00
Translation updater bot
105471ccb5
Localisation updates from https://translatewiki.net .
...
Change-Id: I0ca04a44d19720cd3520ee38deb0a8cc41393c6f
2021-03-10 08:31:25 +01:00
jenkins-bot
12f230b94b
Merge "SECURITY: Remove deleted rows from /examine and /test"
2021-03-09 23:03:42 +00:00
jenkins-bot
577aa83309
Merge "SECURITY: Avoid deleted usernames leak in page_recent_contributors"
2021-03-09 22:50:20 +00:00
jenkins-bot
01d9cb2a89
Merge "SECURITY: Skip deleted RCs in /test if we're only showing matches"
2021-03-09 22:50:17 +00:00
jenkins-bot
ecd84180c7
Merge "SECURITY: Avoid info leaks in ApiAbuseFilterCheckMatch"
2021-03-09 22:41:37 +00:00
jenkins-bot
b9bd4b9492
Merge "SECURITY: Don't filter suppressions"
2021-03-09 22:41:35 +00:00
Daimona Eaytoy
33445addff
SECURITY: Remove deleted rows from /examine and /test
...
This is kind of a nuclear option, if anything in a row is hidden, we
hide the whole row. This is just to keep this patch slim. A public
follow-up will adjust the visibility
Bug: T274152
Change-Id: I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2
2021-03-09 16:10:16 -06:00
Daimona Eaytoy
f25c96f472
SECURITY: Avoid deleted usernames leak in page_recent_contributors
...
Bug: T71367
Change-Id: I8d5ed9ca84282ee50832035af86123633fc88293
2021-03-09 15:56:09 -06:00
Daimona Eaytoy
18f439053e
SECURITY: Skip deleted RCs in /test if we're only showing matches
...
Otherwise we'd be telling whether the filter matches or not the edit. If
we're showing all edits regardless of whether they match the filter, we
can keep showing the row: it will be redacted (and the filter result
hidden) by AbuseFilterChangesList.
Bug: T223654
Change-Id: I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d
2021-03-09 15:46:21 -06:00
sbassett
64f3f7e6c5
SECURITY: Avoid info leaks in ApiAbuseFilterCheckMatch
...
There are various info leaks for both deleted rc rows, and suppressed
AbuseLog entries.
Bug: T223654
Change-Id: I4900b1be73323599d74e3164447f81eded094d75
2021-03-09 15:41:31 -06:00
Daimona Eaytoy
59e45409a6
SECURITY: Don't filter suppressions
...
Bug: T71617
Change-Id: I38a0a24fa32ca7a052b6940864a32b3856e84553
2021-03-09 15:38:55 -06:00
Daimona Eaytoy
c5d19577a4
Fix method names of hook interfaces
...
The hook names contain a dash, which is mapped to an underscore by the
hook runner (see Ie8c8fb603b33ff95c8f8d52f392227f147c528d8), and the
previous method names weren't matching this.
Follow-up: Ic5c82a367e34135bbc0f00ece5aeef4f2d92881b
Change-Id: Ie80b62c49b2f4aaea49d5a1883f513348689d16a
2021-03-09 17:03:14 +00:00
jenkins-bot
5c355d3acb
Merge "Use Language::userTimeAndDate"
2021-03-09 12:22:38 +00:00
Translation updater bot
be4f6a387b
Localisation updates from https://translatewiki.net .
...
Change-Id: I0bad8181ddf6f22ad959285994ca0df254204713
2021-03-09 08:31:31 +01:00
Umherirrender
5e12102b6d
Use Language::userTimeAndDate
...
Avoid use of global user
Change-Id: Ic30cfe705dfe39fca7dd45c6c2e1248dd37f08ff
2021-03-09 00:54:03 +01:00
Daimona Eaytoy
25d1abde0b
Fix hook name
...
Dashes are mapped to underscores, but following the "modern" convention,
the hook name should be pure PascalCase.
Bug: T275798
Change-Id: I77909b3ee772b983c7933f3b82230476772bd3b5
2021-03-08 16:15:23 +00:00
Vadim Kovalenko
62376f437e
Replace UserIdentity::getUserId with ::getId
...
Bug: T275482
Change-Id: Ie9fd52005ca1eb264dc791a2f87d7308a9e8810e
2021-03-08 09:18:49 -05:00
Daimona Eaytoy
6ba8e93537
Create distinct builders for plain and ace editor
...
Change-Id: I9d2b7572fed6e0b3660d3b0d5dad324d6b75fde9
2021-03-08 09:44:58 +00:00
Translation updater bot
7356f87082
Localisation updates from https://translatewiki.net .
...
Change-Id: Ia323cd056d4ce166fe00253d34ddc2ab1b741dac
2021-03-08 08:44:51 +01:00
jenkins-bot
12f4e81964
Merge "Simplify AbuseFilterBlockTest"
2021-03-06 09:23:26 +00:00
Daimona Eaytoy
92ecccbdc7
Simplify AbuseFilterBlockTest
...
Requires injecting a temporary block factory, and excluding
ManualLogEntry::insert from the test, but it's now much cleaner and
quicker.
It still cannot be a unit test due to the usage of User.
Change-Id: Iba9732d6d79733b31b45eb4d0187b1c8a82499dc
2021-03-05 14:18:01 +00:00
Translation updater bot
51f37697dc
Localisation updates from https://translatewiki.net .
...
Change-Id: I89853907ba659a8b715622e386db41c97eeef3bd
2021-03-05 08:54:53 +01:00
libraryupgrader
ebea8cd3de
build: Updating eslint-config-wikimedia to 0.18.2
...
Change-Id: I83981fb720ee219230f9f6094c18fdf29d7f4ba0
2021-03-05 04:35:46 +00:00
Translation updater bot
17cf903cd4
Localisation updates from https://translatewiki.net .
...
Change-Id: Iffa9ae7a3620ef16f6de04cf38ce13d9d711429f
2021-03-04 08:37:05 +01:00
Translation updater bot
507e3fb0c5
Localisation updates from https://translatewiki.net .
...
Change-Id: Id111612a538f205ac19d9bad761cc94e6f1110d2
2021-03-02 08:48:17 +01:00
Daimona Eaytoy
124031fe09
Stop using deprecated User::addGroup in tests
...
Bug: T276094
Change-Id: I299f89fbb4a4f6ba36ef4b77987bda9f2159d311
2021-03-01 15:28:08 +01:00
Translation updater bot
d518c0f60c
Localisation updates from https://translatewiki.net .
...
Change-Id: Id543fd03b70ef4d3ef6639dd1510c10bffc0e9fa
2021-03-01 08:49:36 +01:00
jenkins-bot
50334c27ce
Merge "Use a different message for unprivileged users"
2021-02-28 14:05:08 +00:00
jenkins-bot
ef4a5c4115
Merge "Make FilterProfiler independent of DeferredUpdate"
2021-02-28 13:18:51 +00:00
Matěj Suchánek
709803eb46
Make FilterProfiler independent of DeferredUpdate
...
Schedule the deferred update from FilterRunner, just like
we do with EmergencyCache.
Change-Id: I121211bb02a77c191001d11d4af3796e8572967e
2021-02-28 12:03:05 +01:00
jenkins-bot
66f8e44295
Merge "Reject filters with invalid groups"
2021-02-27 20:07:29 +00:00
Daimona Eaytoy
3365a648f2
Reject filters with invalid groups
...
It is currently possible to save a filter with an invalid group, if you
manually change the form data. So prevent this by validating the group
before saving.
Change-Id: I03f80b8c6ab583a357273f7b2679a424ac784db7
2021-02-27 16:01:09 +00:00
jenkins-bot
34a2660ad2
Merge "Use independent stats for emergency disable"
2021-02-26 18:06:16 +00:00
Matěj Suchánek
b8ac52c51c
Use independent stats for emergency disable
...
Bug: T264629
Change-Id: I64b611243b6a4c136b82b09f2ccf588d1c3e3426
2021-02-26 18:10:49 +01:00
Translation updater bot
9f1ef6bf3d
Localisation updates from https://translatewiki.net .
...
Change-Id: I894ae8afb29415e07f34955fe39c07add4de643e
2021-02-25 08:37:48 +01:00
Translation updater bot
550a0936fc
Localisation updates from https://translatewiki.net .
...
Change-Id: Ia4e98950c04acb33189bf5fa695261402fa2ab8d
2021-02-24 08:50:35 +01:00
Translation updater bot
d224021c89
Localisation updates from https://translatewiki.net .
...
Change-Id: Ic69954193f63b65e14ec1d00e7a6af8194b685a4
2021-02-23 08:47:00 +01:00
jenkins-bot
1f3597f925
Merge "Update hit counts in a DeferredUpdate"
2021-02-23 06:34:17 +00:00
jenkins-bot
1b6e209ce6
Merge "Create a new method for authorizing access to test tools"
2021-02-22 18:00:06 +00:00
jenkins-bot
63a9c86607
Merge "Improve test coverage metrics"
2021-02-22 17:00:23 +00:00
jenkins-bot
54c56139a9
Merge "Avoid using User ::getCanonicalName"
2021-02-22 16:56:12 +00:00
jenkins-bot
ea6a6ab4fc
Merge "Fix StatsdDataFactory injection"
2021-02-22 16:56:09 +00:00
daniel
63a497fb56
Don't set actor on UserIdentityValue in tests.
...
The actor ID is being removed from UserIdentityValue. Non-zero values
are triggering a deprecation warning now.
Needed-By: I9925906d11e47efaec3c1f48d5cb3f9896a982c1
Change-Id: Id60e56e70f6e4b44f49887d9e5ae5a23b1fd19a2
2021-02-22 11:30:54 +00:00
Matěj Suchánek
569c02f3ae
Fix StatsdDataFactory injection
...
This was an obvious mistake and contradiction to
what the above comment stated.
Bug: T275369
Change-Id: Idf0c012151738fd842101586ab5c3e2656a86db2
2021-02-22 12:08:50 +01:00
Translation updater bot
cc3dbe149d
Localisation updates from https://translatewiki.net .
...
Change-Id: I1f5f9b45ad3d7f2e80fc5d0b4e90e2b15e6e58b0
2021-02-22 08:49:55 +01:00
vladshapik
dcd038e613
Avoid using User ::getCanonicalName
...
Remove using of User::getCanonicalName since this method will be hard-deprecated. Now it is soft-deprecated
Bug: T275030
Change-Id: I3ce1199f18276096279ce3c80f63e53d023a0f5a
2021-02-21 23:16:40 +02:00
Matěj Suchánek
c2376efddc
Improve test coverage metrics
...
Change-Id: I1618883e3ade7dde538242fb51a36c22999df76d
2021-02-21 09:59:52 +01:00