Commit graph

1706 commits

Author SHA1 Message Date
jenkins-bot 2ea783a385 Merge "Strike suppressed AbuseLog entries" 2019-01-31 21:51:58 +00:00
jenkins-bot 8d7361b590 Merge "Avoid PHP 7.3 Undeclared variable notice" 2019-01-31 21:51:56 +00:00
jenkins-bot 15a8340ee1 Merge "Reject empty warning and disallow messages when validating a filter" 2019-01-31 21:28:17 +00:00
Daimona Eaytoy 2a0246ddb5 Remove ancient permission checks
In both SpecialAbuseLog and ApiQueryAbuseLog, we use
Title::getUserPermissionsErrors to check if the user is allowed to
perform 'abusefilter-log' on the API page... However, this is a
completely redundant check (which is also pretty expensive and queries
the master): for the SpecialPage, we can specify the required right in
the constructor and use checkPermissions, and for the API we can simply use checkUserRightsAny.
If I'm not mistaken, there's no benefit in using
getUserPermissionsErrors.

Change-Id: I4c4dbace67b24cc1f45e50ab1c0d251522935513
2019-01-31 21:16:18 +00:00
Daimona Eaytoy 196a3ba7d5 Ensure the specified filter is valid in ViewHistory
We do not validate the param, and instead only check if it was
specified. In the specific case of ViewHistory, specifying as "filter"
something invalid for a title (e.g. with a + inside) will throw an
exception, seen in production.

Change-Id: I636b4e56f39282593c737ace1d6ff2d90900d997
2019-01-29 19:58:59 +01:00
Daimona Eaytoy 8f9b27d856 Fix MWException from AbuseFilterView
The case default was recently added, but didn't take into account that
"false" is valid too. Noticed by chance just before the train rolled
out.

Change-Id: I67ca475fa16ea449820f8c735531c2cc1b0ec975
2019-01-24 21:48:50 +01:00
Daimona Eaytoy fe03de6e4f Add help links for throttle groups
Several people have reported throttle groups being hard to use, mostly
because the field doesn't have options with the usable groups. This is
because users can combine valid groups in many ways, and thus we don't
provide options. However, let's add an help link pointing to mw.org.

Change-Id: I982d67aa62a899916a26452aceb9646df8c31232
2019-01-24 12:58:41 +01:00
Daimona Eaytoy ba1b27d7f6 Optionally pass the filter ID to checkConditions for error reporting
Now that Parser errors are on logstash, I noticed a huge spike of errors
on Wikimedia Commons, about 35000 per hour. They seem to be due to 2
broken filters, but id doesn't say which ones.

Change-Id: I8510319c075520f9a893cd7d56f2e30679e249ba
2019-01-24 10:03:52 +01:00
Daimona Eaytoy a207cf22f7 Unbreak tagging for createaccount actions
Tagging doesn't work for account creations, and probably never did. This
is because we used a wrong identifier for such actions. This patch fixes
the problem, although in the long term we should find a smarter way to
apply tags.
Also, clean AbuseFilter::$tagsToSet if the action will be prevented.

Depends-On: Ia8e38ba25d1989fe71714d2b76891c4587921466
Change-Id: I8edcca17ecdcf71397cc9b0d101e8b13ac112047
2019-01-23 21:25:47 +00:00
Daimona Eaytoy f3f8bd11b9 Re-execute checkAllFilters if the edit was stashed
This may solve several issues, see T176291#4105438 for further details.

Bug: T191430
Bug: T176291
Depends-On: Iebbdeac7898b35beea79aa3d0cdf9d0fb265d726
Change-Id: Ia8e38ba25d1989fe71714d2b76891c4587921466
2019-01-23 18:16:01 +00:00
Daimona Eaytoy bc875d8002 Fix SQL key
When updating the abuse_filter_history table, the sequence to use is the
one on afh_id... And we were using the af_id one since 2009.

Change-Id: I3e291c780119d74be5f47e745a8de13bda85486b
2019-01-23 16:24:02 +01:00
Daimona Eaytoy 4b33b2b5a7 Strike suppressed AbuseLog entries
Instead of adding a message, do like core does by striking and greying
out the row. Plus, don't show the AbuseLog page description when hiding
entries, as it doesn't fit.

Change-Id: I645a89dd8df79d45ca440e0ba62adcdee921b8e9
2019-01-23 11:34:43 +01:00
Daimona Eaytoy be08bd6d59 Avoid PHP 7.3 Undeclared variable notice
Starting from PHP 7.3, passing the name of an undefined variable to compact() raises a notice. Always define $querypattern and $searchmode, so that this won't happen, and makes showList behave more uniformly.

Bug: T214269
Change-Id: Ib179a7e0e4fdd7b9d81b6930000203478e7a1e38
2019-01-21 15:35:44 +01:00
Daimona Eaytoy fca80fa976 Remove usage of MakeGlobalVariablesScript hook
This is an old leftover, used to add global JS variables in a convoluted
way: using a hook and a total of 3 static properties. We can safely
remove all of this and just call OutputPage::addJsConfigVars, which BTW
is already called where we need it.

Change-Id: Ifad0618fa93b0c7a7e8b23f596234e622aa8846a
2019-01-21 14:27:57 +01:00
Daimona Eaytoy 0e6b783ed4 Reject empty warning and disallow messages when validating a filter
Right now, we allow empty messages, and when the "warn" action is
executed we use "abusefilter-warning" if no message is specified.
However, this also produces a PHP notice while editing a filter with
empty message (see Phab). With this patch, empty messages will be
rejected, and a follow-up will be discussed on Phab.

Update: added disallow message as follow-up of
Ic1de03a6944c43a346fa317ee0a217551f0d284a.

Bug: T203353
Depends-On: I8df247f61d9f3769e9580544f324dd174811e939
Change-Id: I71b1f81d10c02de4de141b1ab9b630d05cf4619c
2019-01-21 14:06:54 +01:00
jenkins-bot b9c697ef7c Merge "Don't send long patterns with GET" 2019-01-20 14:20:31 +00:00
jenkins-bot 1ed8fd0a5a Merge "Simplify filter editor generation and restore ltr attribute" 2019-01-19 13:28:50 +00:00
jenkins-bot 41f6a85a42 Merge "Rewrite the method for getting a global emergency value" 2019-01-19 13:25:41 +00:00
jenkins-bot 196272fbc1 Merge "Move changed field styles to TD for history pager" 2019-01-19 13:18:32 +00:00
jenkins-bot f8b5965ff9 Merge "Expand AbuseFilter::getFilter to select all fields and fix caching" 2019-01-19 13:17:16 +00:00
jenkins-bot b35ba5af45 Merge "Warn the user if they try to leave the page with unsaved changes" 2019-01-19 12:57:50 +00:00
jenkins-bot a7955a5142 Merge "Move a method out of AbuseFilter.php" 2019-01-19 12:22:39 +00:00
jenkins-bot b44984c50a Merge "Remove unused stuff" 2019-01-19 12:18:22 +00:00
jenkins-bot 91e1833bc0 Merge "Fix topnav links" 2019-01-19 12:11:07 +00:00
jenkins-bot 575646393b Merge "Improve code readability" 2019-01-19 12:11:06 +00:00
jenkins-bot a2bee3bcf3 Merge "Simplify parser methods" 2019-01-19 12:11:04 +00:00
jenkins-bot 7f62874658 Merge "Change method visibility for AbuseFilter class" 2019-01-19 12:02:51 +00:00
jenkins-bot 0d4e982069 Merge "Reduce code duplication" 2019-01-19 12:00:47 +00:00
Daimona Eaytoy 6217ffb928 Remove unused stuff
Variables declared but never used, redundant code, and old leftovers.

Change-Id: Ic51044a45a1b49ad6c7af06c646b11893411a7cd
2019-01-18 17:04:19 +01:00
Daimona Eaytoy 34d3f9acb2 Fix topnav links
*Don't reuse a message (which is bad), instead add a note for
translators. We can also move it on translatewiki.
*Don't show the AbuseLog link if the user cannot see the AbuseLog.

Change-Id: I4ce73b2160275fdc4b0b7bec722471696d8c6a4d
2019-01-17 15:09:29 +01:00
Daimona Eaytoy 93e8cb5ac5 Tune logging channel
As follow-up of I10b1fd2d9bdfe518089c053d77fef568170ecb65, use
'AbuseFilter' instead of 'AbuseFilterDeprecatedVars' as channel name.
Raise level for null-title filtering. Since with a null title
several things are likely to break, a warning is more appropriate here.
Tweaked the message as well, to include the bug number and to avoid
pointlessly including the title (which is null).
Lower the level for stashedit hit/miss (as it's really spammy and not
that useful right now).
Use 'abusefilter' instead of 'AbuseFilter' for statsd so that everything
has the same prefix.
Also raise the level for parser exceptions and unrecognized
consequences.

Change-Id: I1f9988155e924232b201281795cd322636da8082
2019-01-16 08:56:22 +00:00
jenkins-bot b1e8f38c64 Merge "Replace RecentChange::$mAttribs with getter functions" 2019-01-11 20:01:12 +00:00
addshore a6a93be530 Pass MCR AF text into newVariableHolderForEdit
Follow up to Idbb3a70d08a195dfa21422e07f593d1eeba4521d

This also fixes the fetching of text for the stash edit code path
which was missed by the previous patch.

This now also uses the full old text in the variable holder.

Bug: T213453
Change-Id: Ib80bc6385ebb5dd82bb1a384dd0e162608bfcbfa
2019-01-10 23:42:58 +00:00
addshore 3e93c06223 Use slot in onEditFilterMergedContent
Related to If3c4592eb6dade6960463abfda017af35d04f563
in Wikibase, needed for SDoC.

Bug: T213453
Change-Id: Idbb3a70d08a195dfa21422e07f593d1eeba4521d
2019-01-10 20:57:30 +00:00
Daimona Eaytoy f700139215 Remove the hacky 'context' variable
First step for removing meta-variables, the second one being removing
global_log_ids and local_log_ids.

Change-Id: I01cd79771c0ee0865abaef6757a930aacd8138d2
2019-01-05 18:30:37 +01:00
Daimona Eaytoy fda8f01431 Replace RecentChange::$mAttribs with getter functions
The RecentChange class has several getters and setters for the $mAttribs
property. Although the property is public, it's saner to use such
methods.

Change-Id: Ie8e37e80fdcf2917ee0e87b2a409f0afb91a4f92
2019-01-02 11:36:57 +01:00
jenkins-bot e6ca0f288d Merge "Really disable the minor_edit variable" 2018-12-31 02:21:56 +00:00
jenkins-bot 2539f6883e Merge "Remove workaround to complete phase 1 of variables migration" 2018-12-30 23:19:20 +00:00
jenkins-bot 90796123a8 Merge "Add a new method and hook for static variables" 2018-12-30 22:50:35 +00:00
Daimona Eaytoy 217b4b57ff Remove workaround to complete phase 1 of variables migration
When all the other patches will be merged, this workaround won't be
necessary, and by removing it we're finishing the first phase of
variables migration. Which could also be the only one if we decide not
to go on and remove the old ones.

Bug: T173889
Depends-On: I5c370b54e6516889624088e27928ad3a1f48a821
Depends-On: I6576497feaf6d2c475ee33a91feb6a640e2c20fe
Depends-On: I87a48fdc8b392b25eb02807e8d0f712d0a399ece
Depends-On: Ib29eb15c1a51c037d036be8dc1541d96ea4b174b
Depends-On: I909a99e80a895a9b009c33ea72e8e0a4ea0a1375
Change-Id: If5f238cddb41ef92b141e36b4f2f15fd4cc86476
2018-12-30 22:43:14 +00:00
Daimona Eaytoy b0c5b97b28 Add a new method and hook for static variables
This is for adding variables which can be computed even without an
ongoing action. Currently, we don't have any, except for timestamp (but
that's a bit special). Other extensions could. For instance, we'll be
able to expose the content of the spam blacklist.

Bug: T211680
Change-Id: Iba59fe8d190dd338ecc8cfd682205bce33c9738b
2018-12-30 18:15:33 +01:00
Daimona Eaytoy 7b3526e3b7 Simplify AbuseFilterVariableHolder::dumpAllVars
It's totally pointless to recreate all variable names, since we already
have them in builderValues. The only exception is for _restrictions
variables, although they should be handled in builderValues too.

Change-Id: I156ebb1e6e590d09ded093a23d19c0d635a503bf
2018-12-29 18:33:49 +01:00
Daimona Eaytoy 2fc56ce014 Use array_unique on the array of tags to add
Otherwise calling bufferTagsToSetByAction multiple times makes the list
grow, and IIRC the core doesn't call array_unique on the tags to apply.
Also clean the list after applying tags.

Change-Id: Iebbdeac7898b35beea79aa3d0cdf9d0fb265d726
2018-12-29 15:19:02 +01:00
Daimona Eaytoy 921db0397e Really disable the minor_edit variable
The variable was disabled with I7f13773766e12f3d4b86451fdf3ae23e067ac373
in 2016, but not in the same way as old_text and old_html were disabled
in 2009. This patch uses the methods introduced with
Ife168522e6b1d8eb94ebbb8a16ae8831ec1dc497 to disable minor_edit in a
standard way, so that it won't be showed in new AbuseLog entries, and
won't be usable when writing filter syntax.
A warning will be emitted if a pre-existing filter is using it, so that
we'll be able to completely disable it in the future.

Change-Id: I5ad5219ee19a5e6ba2bfdffb4e0aad63c8951491
2018-12-29 14:14:27 +01:00
Daimona Eaytoy 4950bf6664 Validate the abusefilter-blocker name
In T209565#4826952 I discovered that if the "abusefilter-blocker"
message is an invalid username, we silently end up without a system
user, thus risking to break something. Instead of silently failing, emit
a warning and use the default name. As I wrote in the code comment, we'd
better avoid throwing, because the message can be modified by anyone,
who could then break the site.

Change-Id: Ifa866bd9676945bf94e7e481adf6ad0d6cf4370c
2018-12-17 16:02:24 +01:00
jenkins-bot 102f6f7497 Merge "Fix big problems with normalizeThrottleParameters" 2018-12-17 03:34:34 +00:00
Daimona Eaytoy 3fa6e2d31c Expand AbuseFilter::getFilter to select all fields and fix caching
This partly reverts If72b18bedac5e580487406e696aea1fd172ae45b. While
it's true that we don't need every filter, that method is public and
other code may need fields that we don't need. This way we can encourage the
use of this function (which caches the result) instead of direct DB
access.
Also, the method can currently accept global filters passed as
"global-<integer>", but saves them to cache with the same key as local
filters (i.e. local filter 15 and external global filter "global-15" are
both saved in AbuseFilter::$filterCache[15], which could lead to subtle
bug).

Change-Id: Ieb04f019453033c275e211cfc9fd68d5d7c392ef
2018-12-16 14:23:45 +01:00
Daimona Eaytoy aa280998c0 Fix big problems with normalizeThrottleParameters
My final testing unveiled 4 problems, see T209565#4780868. Testing again
after this patch yields the expected outcome.

Update: A fifth problem is that we cannot disable throttling if throttle
groups are empty or fully invalid: that case is similar to the one with
invalid rate, the throttle limit is never reached and thus throttle just
doesn't work. Instead, ask users to fix it by hand.

Bug: T203336
Bug: T209565
Change-Id: Id03c9880f60764efc596ac40b8662087fdb30550
2018-12-15 18:36:16 +01:00
Daimona Eaytoy f49d4e5caa Emit debug logs when filtering without title
We have two situations where we try to execute filters without a title.
However, the code doesn't handle it correctly: some points expect $title
to actually be a Title object, and we also pass it around using a hook
which explicitly says it always pass a Title. This patch adds two debug
points to help understand why we end up with null titles, so that we can
fix it upstream.

Bug: T144265
Change-Id: I35bfc483a0c69a5cbd38eae8ba299189955fa1ec
2018-12-13 20:34:21 +00:00
Daimona Eaytoy db31c6dfea Rewrite the method for getting a global emergency value
Currently it barely has any reason to exist, as it's a single-line
method. This patch moves there the global state, and also changes the
signature to allow shorter calls.

Change-Id: I7851fa41cbd96912b3859319ba97a501b1cbaa57
2018-12-10 18:28:32 +01:00
Daimona Eaytoy 1dcf3fc98c Move a method out of AbuseFilter.php
AbuseFilter::buildFilterLoader is only used in ViewExamine and
ViewTestBatch, so this patch moves it to AbuseFilterView and makes it
non-static.

Change-Id: I7f11cfd7ac81e536492eb59c40da7c14771cee2b
2018-12-09 14:33:30 +01:00
daniel 688eccea47 Expose text from all slots to AbuseFilter
This is a first step towards MCR support in AbuseFilter. The textual
representation of all slots is concatenated. Since AbuseFilter uses
getTextForSearchIndex to determine the textual representation of
content, blind concatenation should not break any assumptions
made by AbsueFilter rules: this naive approach is no worse than
AbuseFilters handling of non-textual content in general, and should
work fine for textual content.

Bug: T209291
Change-Id: Ic141085cad2e11bfe106fe83dafcb35ac31206ba
2018-12-05 09:24:08 -08:00
jenkins-bot 1dd8f41d0d Merge "Use the updated TitleMove hook to filter move actions" 2018-12-04 19:32:04 +00:00
Daimona Eaytoy 206bdc1f6a Use the updated TitleMove hook to filter move actions
For several reasons:
*We're not really checking permissions (and the hook previously used is
meant to be used in such case)
*We'll show a cleaner error message (i.e. without the "You do not have
permission..." part)
*Filtering will happen closer to the actual move

Bug: T208907
Depends-On: I4733724075b7514e9db59e7be772d9409aa9da87
Change-Id: If88f736a446247f8b4b13c055c641d56f544d1ea
2018-12-04 18:58:04 +01:00
jenkins-bot 23a7aa69a5 Merge "Fix regex group counting for get_matches" 2018-12-04 13:58:06 +00:00
Daimona Eaytoy 38749b46bb Warn the user if they try to leave the page with unsaved changes
While editing filters, sometimes it happen that you make some change,
forget about it and then reload/close the page, and no warnings will be
issued. This patch makes use of the core module used for normal page
editing to display a warning if trying to leave a filter editing page
with any unsaved change (both to the filter pattern or other form
elements).

Change-Id: I78d79215565d5c82028b1a2a4276497ccbffdea2
2018-12-04 13:06:46 +01:00
jenkins-bot bb289862ff Merge "Remove code for old global variables" 2018-12-04 06:27:32 +00:00
Huji Lee b523194032 SECURITY: Remove private information from the API results
Later, we will add a new POST request which will allow retrieving
the private details; it will have a mandatory "reason" parameter,
and will result in a log entry in the private details access log,
just like the web interface.

Bug: T210329
Change-Id: Iaca492371f48fecf543268c179a651841ed12c3f
Signed-off-by: sbassett <sbassett@wikimedia.org>
2018-12-03 23:11:32 +00:00
Daimona Eaytoy 7ca0941d1f Remove code for old global variables
Those two global config variables were removed more than 2 years ago, in
I790d39c2849922d7daf7479f298cd90cf30af129. Nothing else in the code
references them, so we can just remove the warning.

Change-Id: I427d06a80131447ea64064f45e84349f93e72cca
2018-12-02 16:24:09 +01:00
Daimona Eaytoy 6aff37fb52 Further clarify docs for emergency disable
This is a follow-up to Ic3bc6e36506973b19a9b1bcecbc1a5080faed2ec. I
believe it's important to specify how many recent actions we're looking
at, and I also think it's not nice to rely on a variable amount of
actions to determine whether a filter should be throttled. Also, require
a $group parameter in filterUsedKey (we always pass one, and there's no
reason not to).

Change-Id: I0384d3f1913ead593f605248950606c81c8f8542
2018-11-28 19:29:15 +01:00
Daimona Eaytoy 235162e302 Change method visibility for AbuseFilter class
Some public/protected methods are actually meant to be private.
This patch is only a first step: other methods need to be made
protected/private.

Change-Id: I432c65d333b4dc497532679750f44b2c7e078bf0
2018-11-26 17:35:08 +01:00
Daimona Eaytoy 1f2b7474ed Clarify code and docs for automatic throttling
For the docs part: make it clear how things work there. For the code
part, these are mostly style changes: shorter variable names, no
unnecessary parameters, make the method private, use clearer variable
names.

Change-Id: Ic3bc6e36506973b19a9b1bcecbc1a5080faed2ec
2018-11-26 16:51:10 +01:00
Daimona Eaytoy 7427333ed5 Improve code readability
Simplify some logic constructs, reduce the amount of return statements
inside methods, explicitly declare variables before using them, reduce
code duplication, add names to JS anonymous function to produce clearer
stack traces.

Change-Id: Ife4546a91c30d4c519d09a712ba56a2f33abe579
2018-11-19 16:01:37 +01:00
Daimona Eaytoy e055ecc7c6 Reduce code duplication
Change-Id: I03bd56e4bf455865b27338ac39b3dcef20a88447
2018-11-19 15:50:36 +01:00
Daimona Eaytoy 4480c9493a Remove wgParser and wgRequest
As part of the deprecation process of non-config globals.

Change-Id: Ia84ddc20adbfda72347cf256601050b055b87ecf
2018-11-19 13:40:58 +01:00
jenkins-bot 0d58f78030 Merge "Revert "Revert "Add typehinting for every object-only parameter""" 2018-11-18 16:27:27 +00:00
jenkins-bot 6541d7c5cc Merge "Check that the user block is sitewide when determining permissions" 2018-11-15 17:26:21 +00:00
Daimona Eaytoy 346063eec0 Check that the user block is sitewide when determining permissions
And bump MediaWiki version.

Bug: T208621
Change-Id: Icfcf09c5d7c7498711cb000c3bb16480270efb9c
2018-11-15 17:59:22 +01:00
Daimona Eaytoy badde6ba75 Revert "Revert "Add typehinting for every object-only parameter""
This reverts commit 1ed75b4ae0.
Fixed the one which caused errors, by making articleFromTitle
only use WikiPage, instead of silently mixing WikiPage and Article.

Note for reviewers: this patch is identical to the one which was
previously +2ed, which was mostly correct. To see the actual change,
diff AFComputedVariable with 1..current.

Change-Id: I6747eaed861af6c40a3b1610aebcc1174296e9ed
2018-11-15 10:09:16 +01:00
jenkins-bot 213c2aa011 Merge "Change throttle selector to restore old functionality, overall improvement" 2018-11-15 00:58:11 +00:00
Daimona Eaytoy d3a8491c3f Change throttle selector to restore old functionality, overall improvement
Long (sigh) explanation in T203587#4569698. Also, simplified the way
TagMultiselect are generated, this one and the one for change tags.
This new selector is back-compat both with the old textarea and the OOUI
checkboxMultiselect; actually, this one is //fully// compatible with the
old textarea.
Add validation for throttle parameters and unit tests for validation
(split from I976c95658cddb2585910b6f8a5f047aadc4e4d47).
Added a trim when retrieving throttle identifier to allow syntax like
'ip, user'.
Improved the message shown on history.
Re-added the maintenance script to clean DB.

As I wrote in the task, a review by two other people would be great, at
least for the maintenance script (it could potentially break the DB).

Bug: T203587
Bug: T203336
Bug: T203584
Bug: T203585
Depends-On: I3b2e763bd8835207dc5df1db43d3e1881e6961c3
Change-Id: I7831dbb0bab55807392ac1f7915d6cb0cb713593
2018-11-14 12:51:36 +01:00
Brad Jorsch f6349e7a32 Update tests that fail with comment/actor migration
* AbuseFilterConsequencesTest is somehow leaving blocks behind. Mark
  ipblocks as being used to avoid that.
* AFComputedVariable::getLastPageAuthors() uses indeterminate order for
  multiple revisions with the same timestamp. Fall back to rev_id
  ordering like MySQL accidentally did before.
* AbuseFilterTest tries to create revisions attributed to users that
  don't exist. Switch to interwiki usernames.

Change-Id: I30f7cdcc3875f3f7af116c1e41e88f62ab9e91d0
2018-11-09 17:03:36 -05:00
jenkins-bot 58018ac7cc Merge "Use log channel 'AbuseFilter' instead of 'AbuseFilter<Suffix>'" 2018-11-08 14:32:58 +00:00
Timo Tijhof e7c0d5f238 Use log channel 'AbuseFilter' instead of 'AbuseFilter<Suffix>'
The channels are a fairly low-level primitive. Having multiple
in production for the same extension I think makes the logs
difficult to navigate and easy to miss things.

For the purpose of grouping, we have normalized_message instead,
which works by using the Monolog template string capabilities,
this is enabled in WMF Logstash (and in Beta).

Change-Id: I10b1fd2d9bdfe518089c053d77fef568170ecb65
2018-11-07 20:21:10 +00:00
Daimona Eaytoy 6658a24554 Remove typehint to avoid fatal error
Temporarily remove the typehint, as it causes some fatals. This doesn't
solve the underlying problem, for which we should first investigate with
I35bfc483a0c69a5cbd38eae8ba299189955fa1ec.

Bug: T208144
Change-Id: I0fdda51010243690ff3806c16d4e203c9ccd8e0a
2018-11-07 11:23:50 +01:00
Daimona Eaytoy 16475c0266 Fix regex group counting for get_matches
Adding the * as character to match after parentheses, since it may be
used with backtrack verbs (e.g. (*FAIL), (*SKIP)). I guess this is a
very, very rare use case, but since the fix is easy, let's include it.
Also, added a ToDo since we should probably find a better way to count
capturing groups, although I cannot figure out any.

Change-Id: Idcb303b4740530af9d3f009414d35d68f59effd0
2018-11-01 11:52:33 +01:00
C. Scott Ananian b73786df5c Replace deprecated OutputPage::parse/parseInline()
The OutputPage::parse/parseInline() methods emit untidy output and
are often used with the wrong user interface/content language
selection.  Replace with new methods added in 1.33 which are
tidy and consistent.

Bug: T198214
Depends-On: Ica79c2acbc542ef37f971c0be2582ae771a23bd0
Change-Id: Iec8071f4e50f169356e4f68ccb746c55f1606ea6
2018-10-26 13:33:20 -04:00
jenkins-bot c8d85e27b8 Merge "Use proper cache key construction for throttle, rules, and autoblock keys" 2018-10-24 10:10:51 +00:00
Daimona Eaytoy 103dfa3b66 Remove info leak
Oversighted/deleted edits and log actions were entirely accessible to
non-oversighters via AbuseFilter/examine for RC, and via AbuseFilter/test.
Now, we take into account the revision/log visibility and user permissions to
determine what to show.
Other changes in this patch:
*Show the examine link if and only if the user can examine the given row
*If a revision is hidden but the user can see it, don't hide its elements in
 ChangesList (only leave them striked/greyed)
*Make APIs better understand revision visibility.
*Make a clear distinction between deleted and suppressed edits/log
entries.

Co-authored with rxy <git@rxy.jp>

Bug: T207085
Change-Id: Icfa48e366a7e5e3abd5d2155ecfddfc09b378088
2018-10-23 10:53:39 +00:00
Daimona Eaytoy 4f7c9b6a45 Simplify filter editor generation and restore ltr attribute
Reduced code duplication, and restored the ltr attribute which got lost
for the case "CodeEditor installed + no JavaScript".

Change-Id: I69ac57b3c1c105f4e9bfe00cb654c63c2e351dc5
2018-10-21 13:02:13 +02:00
Aaron Schulz 5071c6574a Use proper cache key construction for throttle, rules, and autoblock keys
Change-Id: I72ab39048f955d4262fae81141cf97243e5cd184
2018-10-21 00:42:08 -07:00
jenkins-bot 97602b8a68 Merge "Remove useless array_filter" 2018-10-19 10:14:56 +00:00
jenkins-bot 7e151f5edc Merge "Unbreak short circuit for arrays" 2018-10-18 04:04:31 +00:00
jenkins-bot eb1303c8cd Merge "Revert "Add typehinting for every object-only parameter"" 2018-10-17 03:09:55 +00:00
Jforrester 1ed75b4ae0 Revert "Add typehinting for every object-only parameter"
This reverts commit 69d7669069.

Reason for revert: Causing UBN train blocker

Bug: T207220
Change-Id: I3445d9b3065149e2beb149e10fbbf5502b480f57
2018-10-17 01:22:23 +00:00
jenkins-bot 7a8a2fa3e1 Merge "Add typehinting for every object-only parameter" 2018-10-16 02:48:39 +00:00
Daimona Eaytoy 69d7669069 Add typehinting for every object-only parameter
This patch covers every object-only parameter, adding a typehint for it
to avoid errors.

Change-Id: Iebf700621b9dbff78c3bd8f3c136ed15ef4b8d4b
2018-10-15 09:56:09 +02:00
jenkins-bot fea08f45b8 Merge "Avoid useless error message for regexfailure exception" 2018-10-14 13:47:37 +00:00
Matěj Suchánek a3cc3dff75 Remove some $wgUser usage
Bug: T159299
Change-Id: I1613e2bb0c551cbadc0c57351fc40bd9e21abf52
Depends-On: I35adef06dfc799cddeddfa6c5eed53b8b1bb7282
Depends-On: Id19a6d883ac6e0cc9c26c923486bca0e414ecaa7
2018-10-14 11:24:52 +02:00
se4598 9d12e1b353 Allow selecting custom disallow message
You can now select a custom message to be displayed for disallowing a edit
the same way as for warn mode. This can be the same or a totally different
message.

This also solves the usecase, when a edit filter is set to warn AND disallow,
to be able to show the user a custom message, but the generic is shown
on the second try (disallow). Now it can be only set to disallow.

Bug: T27086
Change-Id: Ic1de03a6944c43a346fa317ee0a217551f0d284a
2018-10-11 10:35:01 +02:00
Daimona Eaytoy eafb4f56c7 Avoid useless error message for regexfailure exception
Users writing filters probably don't care about preg_match or whatever
happens in PHP. Also, it's not that useful to see "unspecified error".

Change-Id: I014742fa6f678126f55ac5ccff38e44b2c5a7d15
2018-10-08 19:19:01 +02:00
Daimona Eaytoy 6d54b83f2c Simplify parser methods
Use a single function to check parameters amount, avoid duplication
between keywordIn and keywordContains, use if...elseif instead of
if-else when statements have a return inside, simplify some other logic,
add typehinting, and change method visibility according to use of such
methods.

Change-Id: I22225a5cbbb93679a0e78bf6e15866829167fbf4
2018-10-03 17:19:40 +02:00
Daimona Eaytoy e60dacbbea Fix code comments
Fixed some comments adding explanations, fixing syntax, and parameter types
for docblocks. Also fixed some whitespace mess, and added a missing use
statement.

Change-Id: I3547c90bdaa2cab5443e8bf0c63b217fe6ba663f
2018-10-03 16:45:03 +02:00
Daimona Eaytoy d9d5af3890 Unbreak short circuit for arrays
This problem have been making filters potentially fail silently since
2009. Also add tests for arrays to make sure that no problems arise
when short circuit is used.

Bug: T204841
Change-Id: Ie4e2e06498c1202ba73afcc5d164a72427abbca5
2018-10-03 16:44:10 +02:00
jenkins-bot 3efc69960c Merge "Fix database schema for PostgreSQL" 2018-10-01 15:43:29 +00:00
Umherirrender 45e6fa932d Fix caller name in AbuseFilterHooks::fetchAllTags
Seeing {closure} in the logs as caller is not helpful

Change-Id: Id3bf5c7fd810d48dc04a167692b336b3ccba2eb4
2018-09-30 14:08:06 +02:00
Umherirrender 4fdd1bbf20 Fix caller name in AFComputedVariable::getLastPageAuthors
Seeing {closure} in the logs as caller is not helpful

Change-Id: I23ee52609510f8efefba8c1ee466d491f468f494
2018-09-30 14:06:04 +02:00
Matěj Suchánek db50bef21e Fix database schema for PostgreSQL
Bug: T62639
Change-Id: I5ddb781a2971677410f4cb96e5fc5964e53c862a
2018-09-29 12:12:52 +02:00
Daimona Eaytoy 50d5137880 Remove useless array_filter
Not only it's useless, but also removes the namespace if it's 0, thus
causing the query to only add a WHERE on rc_title, but the index is on
rc_title AND rc_namespace, so the query has bad performance.

Bug: T204228
Change-Id: I33694cfeddbc4eaf39e3e840b207dba433188834
2018-09-24 14:34:53 +02:00
Daimona Eaytoy 3ab1896dfb Don't send long patterns with GET
The testfilter parameter is useful, but don't use it for long patterns,
to avoid generating broken URLs.

Bug: T204128
Change-Id: If66d3e1704a9a8cc65a750153fc35ac27d24d8cf
2018-09-21 16:29:59 +02:00
Daimona Eaytoy 1634bd1b35 Move changed field styles to TD for history pager
This produces the following results:
*Fields are coloured with red even when empty, to make clear that the
field has been changed and emptied.
*The background color is applied to the whole cell, with no padding.
This is clearer to see, although I don't know if the visual effect is
acceptable (to me, it is).
The weight of CSS rule has to be increased too, since core classes are
loaded first.

Plus, improve a little bit the way changed fields are detected.

Bug: T204650
Change-Id: I1b107e47b3b8b2e23c6f135e0d6f26768c5f39b2
2018-09-21 16:17:36 +02:00
jenkins-bot eae59db542 Merge "Fix the block options on ViewEdit" 2018-09-20 11:25:00 +00:00
Daimona Eaytoy 9144dbf4a1 Remove unused parameter
Nothing uses it, plus it wouldn't work anyway: AbuseFilterParser
constructor only uses $vars if it's instanceof
AbuseFilterVariableHolder.

Change-Id: Idbf53f6058148e9f0e73beb949e1c028a81663ce
2018-09-19 19:58:30 +02:00
jenkins-bot a813140e44 Merge "Unbreak /examine for old log entries" 2018-09-16 12:00:34 +00:00
Daimona Eaytoy fc867a1c5c Allow testing account autocreation
Bug: T204231
Change-Id: If566cfdeb4cdbb78833077da09aeef33754f88d3
2018-09-14 13:09:07 +02:00
Daimona Eaytoy 31729b044e Unbreak /examine for old log entries
For the moment, this is a simple workaround to get them back working.
Ideally we'd also need a maintenance script to update var dumps as I
wrote in the task, but it needs more thinking (see Phab).

Bug: T204236
Change-Id: Ia20a2eb495557f46f789467a96e654ec6cd3f355
2018-09-13 18:42:47 +02:00
Matěj Suchánek 6eb5d9766b Use correct variable in AbuseFilter::addLogEntries
The data was inserted to the foreign database, so the id needs
to be fetch from that one.

Change-Id: I8eef8d74fc924829447e31f4445154b01b92aa7a
2018-09-13 11:57:55 +02:00
jenkins-bot a0a4755c59 Merge "Remove unused method from parser" 2018-09-09 12:32:56 +00:00
jenkins-bot 121df619da Merge "Improve coverage for AbuseFilterTokenizer" 2018-09-09 12:30:49 +00:00
jenkins-bot 151b1f6779 Merge "Make searched filters highlighting multibyte safe" 2018-09-09 12:25:17 +00:00
jenkins-bot dee934cd5a Merge "Partly unbreak throttle action" 2018-09-09 12:03:40 +00:00
jenkins-bot e4f986a661 Merge "Add full tests for deprecated variables" 2018-09-09 11:55:03 +00:00
jenkins-bot fb864408e3 Merge "Replace wfDebug and wfDebugLog with logger" 2018-09-09 11:55:02 +00:00
Daimona Eaytoy 8885a5983e Partly unbreak throttle action
This action have ALWAYS had this problem: when creating a new filter,
the temporary ID is 'new', and the throttle ID is then 'new'.
This is used when creating/checking throttle keys to determine if the
user should be throttled. However, the 'new' key is not unique and
(although it's not the only part of the key), it may lead to
unpredictable behaviours. I'm not sure if this solves the task below,
but can probably help.
Also added a FIXME that we should handle shortly.

Bug: T195699
Change-Id: Id3b0ff524c52fb57fdd72f9608f758f8383e4320
2018-09-09 07:09:14 +00:00
jenkins-bot a3882d8c4a Merge "Only select needed columns in queries" 2018-09-05 17:11:42 +00:00
jenkins-bot a9f9742b28 Merge "Remove the last PHPCS exclusion" 2018-09-05 17:07:51 +00:00
Daimona Eaytoy e65a69b6fe Only select needed columns in queries
Using '*' is handy, but we often end up selecting too much stuff.

Change-Id: I16d791ff8de6596de4fb65b1032b225f0bd65bf3
2018-09-03 14:12:41 +02:00
jenkins-bot 7cce6d1864 Merge "Remove _age variables from cache keys" 2018-09-03 12:08:29 +00:00
Daimona Eaytoy 63803568d6 Remove the last PHPCS exclusion
Bug: T178007
Change-Id: I5ddb811c2cb15040a859a63b64873f0fa53508ee
2018-09-03 10:42:30 +02:00
Daimona Eaytoy 48989ffcda Remove PHPCS exclusion and fix it
Again, we're left with only one exclusion that I don't know how to fix.
See phab for a longer explanation.

Bug: T178007
Change-Id: I017097abef755bc65c77a5658ad92320bc42d78b
2018-09-03 09:33:29 +02:00
libraryupgrader 5cdab14eb8 build: Updating mediawiki/mediawiki-codesniffer to 22.0.0
The following sniffs are failing and were disabled:
* Squiz.PHP.NonExecutableCode.Unreachable

Change-Id: Ic3f031974008776f272d1ee77093c6d170f27ae9
2018-09-02 22:05:58 +00:00
Daimona Eaytoy bffba28713 Add full tests for deprecated variables
This test checks every deprecated variable to be identical to the
newly-named one, and to emit a debug notice. It also changes such debug
to be emitted via logger instead of wfDebug.

Bug: T201193
Bug: T173889
Change-Id: Ie55746bb7731062ae2d46d84857af2a05d78cf4c
2018-08-29 11:00:28 +02:00
Daimona Eaytoy 2f0a0a0893 Replace wfDebug and wfDebugLog with logger
Per standard on
https://www.mediawiki.org/wiki/Manual:Structured_logging. The use inside
AbuseFilterParser is removed in
Ie55746bb7731062ae2d46d84857af2a05d78cf4c.

Change-Id: Ia62287c4ff5f904557cd6d43d47a9f4d9696b94b
2018-08-29 10:57:56 +02:00
Daimona Eaytoy 39f42caffc Make searched filters highlighting multibyte safe
Avoid using preg_match's offset since it is MB-unsafe. Also, remove 'UTF-8'
from mb_ functions (it's the default), reduce code duplication, and show
the right snippet for long search patterns.

Bug: T202310
Change-Id: Ieb06bdd80b0f915609afed7c7ad95e6318058ee9
2018-08-27 07:22:22 +00:00
Daimona Eaytoy 934399de45 Remove _age variables from cache keys
As we do for user_age, since these will always change. Also, rework the
method to avoid repetition of unset().

Change-Id: Ie5ceedd89cae3813bacf6680d588bc925362c2c2
2018-08-26 16:02:32 +02:00
jenkins-bot 10c147cb92 Merge "Use === operator with strpos" 2018-08-25 21:28:28 +00:00
Daimona Eaytoy 8094a49dcf Generate upload variables using new prefixes
This wasn't changed in I5c370b54e6516889624088e27928ad3a1f48a821 but
really needs to be merged, to avoid setting wrong variables. At the
moment this is still fine due to temporary overrides in
AbuseFilter::generateTitleVars, but this should be merged ASAP anyway.

Bug: T173889
Change-Id: I2e6058a6fa122470a30cd4a96c68eccc66e18ae4
2018-08-25 19:06:35 +02:00
Daimona Eaytoy ef51e7c253 Fix the block options on ViewEdit
Align the checkbox label on the left to conform with dropdowns, avoid
two if with the same conditions, and give variables a better name. Also,
remove an unused message: with OOUI, the old design can't be reproduced.
We could add a fieldset, but then it would be greatly different from
options for other actions.

Change-Id: Ibdc993c1457636215601eb22f5202d2f6ad57bd9
2018-08-25 18:56:44 +02:00
Daimona Eaytoy 66318915db Use === operator with strpos
The condition always evaluated to true: for global filters strpos
returned 0, otherwise it returned false, which is == 0. Fortunately, in
the second case the function returned false as it should. Anyway, be
safe and use === operator as it should always be for strpos.

Change-Id: I7ffc990b2b8b9c47ebfb64d5234f561faaff5e88
2018-08-25 17:35:15 +02:00
Daimona Eaytoy 775c736512 Improve coverage for AbuseFilterTokenizer
This will make tokenizer almost fully covered. The only uncovered parts
are the one with cache and an else condition which I think won't ever be
executed, and thus added a comment for that. Also, remove an obsolete
xxx comment from ComputedVariable (fixed in
I8e420f0259ef6c9e579f7a00beb58f28af9da37d)

Bug: T201193
Change-Id: I6e9a73aa9e437f096f6a1e20d53a7cb50e5ed85d
2018-08-25 10:25:16 +02:00
Daimona Eaytoy a8b62dc828 Remove unused method from parser
AbuseFilterParser::setVarsimply calls the setVar method in
VariableHolder and is currently unused. Its only call was removed in
I80cbc4033ff96f2fe8c1da263b1877bfb4c7c0c4. After this patch we'll only
have an uncovered line in the parser, which is likely due to a bug in
the coverage check.

Change-Id: Ic860b03b2d23fec073a9294e356e074ae1b14ae5
2018-08-24 12:30:47 +02:00
jenkins-bot 055cc7b5ff Merge "Filter AbuseLog by triggering action" 2018-08-23 14:48:57 +00:00
jenkins-bot ad69ea648e Merge "Remove unused function and improve unit test" 2018-08-23 13:46:41 +00:00
jenkins-bot 81a4fdc964 Merge "Improve Ace syntax highlight" 2018-08-23 10:14:57 +00:00
Matěj Suchánek 853936316f Filter AbuseLog by triggering action
For now, there is an "Other" field which will show all but hard-coded actions.

Bug: T187971
Change-Id: If564aced2e9cd933d8cfcf7cb96166aa279f2823
2018-08-23 11:40:15 +02:00
Daimona Eaytoy 03b52c2b37 Remove unused function and improve unit test
AbuseFilterParser::setVars is only used in a parser test. In the past it
was also used in the actual code (see for instance
https://phabricator.wikimedia.org/diffusion/EABF/browse/master/;5cc8dac63ca585c288ca4c8605db810774e39666?grep=setVars), but at the moment it's pretty unuseful.
This patch removes such function and makes the unit test use literals
instead of variables to avoid calling it.

Change-Id: I80cbc4033ff96f2fe8c1da263b1877bfb4c7c0c4
2018-08-23 11:00:16 +02:00
jenkins-bot 46d78623f4 Merge "Add page_age variable to AbuseFilter" 2018-08-22 16:17:36 +00:00
Daimona Eaytoy e8a4517d6b Improve Ace syntax highlight
Several improvements, this is the list:
*Added highlighting for disabled and deprecated variables
*Simplified a bit Ace's keyword mapper
*Added highlighting for ternary operator
*Added logic to retrieve operators from AF tokenizer
*Removed $ symbol since it's not usable in declaring stuff
*Customized highlighting via CSS

Depends-On: I5c370b54e6516889624088e27928ad3a1f48a821
Change-Id: If95e34fc7260413c4fb39c18a1ef44f5a93e1a68
2018-08-22 15:23:35 +00:00
rarohde e1865fca74 Add page_age variable to AbuseFilter
Adds page_age variable that reports the number of seconds since the
first edit to the current article (or 0 for new articles).

Bug: T30844
Change-Id: I0993cecc322806382a1b567b60c0a4af69054841
2018-08-22 17:10:39 +02:00
Daimona Eaytoy 4399be933d Use OOUI infusion for the change tags field in ViewEdit
Since this is what it's meant to be for. Better, cleaner, safer.

Change-Id: Ib5f632ac708aeff62b50c91ef60c547036481834
2018-08-22 15:27:06 +02:00
jenkins-bot a762c82fe7 Merge "Add aliases for "_text" and "article_" variables" 2018-08-22 12:44:20 +00:00
jenkins-bot 5561abe296 Merge "Add a placeholder for the no-js changetags input field" 2018-08-22 12:44:19 +00:00
jenkins-bot 777a86314e Merge "Improve code coverage for AbuseFilterParser" 2018-08-22 11:15:00 +00:00
Daimona Eaytoy e526295123 Add a placeholder for the no-js changetags input field
There is already one for the js field, but we can't reuse it since "one
by one" doesn't make any sense here.

Change-Id: Iaf01e19f4006b3d578bb2201cf9108fe46d56085
2018-08-22 11:02:51 +02:00
Daimona Eaytoy 66774b8d7a Show an extract of suppression log for Special:AbuseLog
Like we do in core for similar special pages. This is really helpful
when (un)hiding an entry.

Bug: T200645
Change-Id: I16450a2573e8987e31a83ec34f3dbb16fac94f81
2018-08-21 19:19:10 +02:00
Matěj Suchánek 10ad58a6f3 Migrate AbuseFilter suppress log
Also make entries in Special:Log/suppress filterable.

Change-Id: Ic23e724997e4748c8d0da8138aa73d31b17b7064
2018-08-21 16:05:54 +00:00
Daimona Eaytoy 6bc630cfef Add aliases for "_text" and "article_" variables
Variables regarding title (full list in task description) are quite
deceiving, since they use "text" instead of "title". As proposed in the
task, this is the first patch to add aliases for those variables and
slightly deprecate the old ones. In the future we may be able to replace
every occurrence (either with a search function or directly on the
database), but even a coexistence would be enough to avoid
confusion. A wfDebug log is generated whenever a deprecated variable is
parsed. The "article_" prefix is also changed to "title_", in the same
way as above.
Also, added a hook which other extension may use to specify their
deprecated variables, which will be handled the same as core ones.

Bug: T173889
Change-Id: I5c370b54e6516889624088e27928ad3a1f48a821
2018-08-21 16:59:56 +02:00
Umherirrender 2b615cfa29 Avoid variable reuse to pass taint-check
Also set param-taint for value of WebRequest::getText

Bug: T197002
Change-Id: I9e52d24f88789c99c726e32df20840707d1b47ae
2018-08-20 19:54:20 +02:00
Daimona Eaytoy 4f3b020f5d Improve code coverage for AbuseFilterParser
Add some tests and improve others to raise coverage percentage. This
should lead to almost 100% for the AbuseFilterParser class. Aside from
this, a couple of changes:
* Remove an unused function
* Let equals_to_any return a genuine result with empty strings
* Remove an if which will never be true in skipOverBraces, since the
function is called after checking the same conditions.

Bug: T201193
Change-Id: I7020b2ed996236c38c5784d161ad98ec44163406
2018-08-20 14:38:40 +02:00
jenkins-bot 50a295a6e7 Merge "Include CheckUser in phan config" 2018-08-20 01:52:54 +00:00
jenkins-bot 55f0cd2580 Merge "Change priority order for messages in hidden abuselog entries" 2018-08-19 19:21:41 +00:00
Daimona Eaytoy b8645753ca Remove deprecated method in AbuseFilterVariableHolder
It was soft-deprecated in 2013 and nothing is using it in MW code.

Change-Id: I1300bb18c518b61a2dbce9ad43beeb69c1b615e5
2018-08-19 19:02:45 +02:00
Daimona Eaytoy 9d21c7d03d Change priority order for messages in hidden abuselog entries
Check if the entry is deleted first, since it's the strongest deletion
here (oversight level). Bonus: don't use implicit conversion when
checking the return value of SpecialAbuseLog::isHidden.

Bug: T200644
Change-Id: Ie5c4575ad29fe3dcb85a26cc74f1c59207df2852
2018-08-19 18:22:07 +02:00
Umherirrender c954b412c6 Include CheckUser in phan config
Depends-On: I51421184485c3117bbab9ce3dd42f2dbb6c6180c
Change-Id: Ida17580b301ff4a6b0d3d0020c48f65eb1e21026
2018-08-17 17:38:01 +02:00
jenkins-bot f587230fea Merge "Use noparams exception and correctly count function parameters" 2018-08-02 08:16:12 +00:00
Huji Lee df21fb2b20 Remove HitCounters from AbuseFilter and use hooks instead
Goes with Ief573fb412d332bd4ad6ad8de3052dd85d534b82

Bug: T159069
Change-Id: I38cd7cbf3e595890b53624a477010bd49c9b8552
2018-07-31 03:56:20 +00:00
Kunal Mehta 404e098c3b Fix MediaWiki.Usage.InArrayUsage.Found issues
Change-Id: I1898d95d92cda279c1b9c8a452fb7d054ff263bf
2018-07-29 15:19:09 -07:00
tinajohnson.1234 c9003fe1fa Use HistoryPageToolLinks hook to add a log link to history pages
Add an AbuseFilter log link to the subtitle of history pages.

Bug: T28934
Co-authored-by: Matěj Suchánek
Depends-On: I2e0e9e92d3fc303135b0eb9acf06b5fd120178a5
Depends-On: I58a3039b3755648bb0c8aaf87db48ace96ce9344
Change-Id: Ib89c48f2b8f3121ead184844844acee436e2fdd6
2018-07-27 11:25:12 +00:00
jenkins-bot eee65af0ac Merge "build: Updating mediawiki/mediawiki-codesniffer to 21.0.0" 2018-07-27 01:21:01 +00:00
jenkins-bot 55d825c325 Merge "Use empty arrays instead of empty strings for diffs" 2018-07-27 00:55:40 +00:00
libraryupgrader 76c6d2caeb build: Updating mediawiki/mediawiki-codesniffer to 21.0.0
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionAnnotations.UnrecognizedAnnotation
* MediaWiki.Usage.InArrayUsage.Found

Change-Id: I46e414246c6597dd78b069f753d686c0d1c1c09d
2018-07-27 00:27:11 +00:00
jenkins-bot 78bd634f58 Merge "Add link to abusefilter-edit-lastmod-text" 2018-07-26 22:56:07 +00:00
Daimona Eaytoy 7992349789 Fix block durations dropdown
A month ago SpecialBlock::getSuggestedDurations has been
modified, and now it also returns an "other" key. Since we don't need it
and it would break thing up, add a parameter to avoid dealing with that.

Depends-On: Ic2dbc961f7eebad11da53724b9cce2f804ffad39
Change-Id: Ica37ba7015a04445c2cbafebcc85726368e23cb0
2018-07-24 15:41:57 +00:00
IoannisKydonis 2fa95e55e6 Add link to abusefilter-edit-lastmod-text
This adds a link to the diff of the edited filter.

Co-authored-by: Matěj Suchánek
Bug: T53382
Change-Id: I57104f592fc3961bb43ecea8442ef6666ed4a69c
2018-07-22 16:13:35 +02:00
jenkins-bot 84252213c0 Merge "Improve the check for block durations equality" 2018-07-22 14:02:22 +00:00
jenkins-bot 0979e116b4 Merge "Show AF logs for a revdeled revision if the user can see the revision" 2018-07-18 02:04:16 +00:00
jenkins-bot 9623421366 Merge "Switch editing interface to OOUI & improve NoJS usability" 2018-07-18 00:59:12 +00:00
Daimona Eaytoy cea1b0aec3 Compact some other comments
Remove unnecessary ones, make clear what the cryptic ones mean, and
inline them when possible.

Change-Id: I384859871a66ced8cb0d81260c06c5a5b278866f
2018-07-17 17:17:44 +02:00
Daimona Eaytoy b825e396b5 Switch editing interface to OOUI & improve NoJS usability
This settles almost everything, leaving the tags part ready to be
further improved in the follow-ups.
Also, replaced some fields with totally different ones, improved the
warn preview area and improved a bit nojs experience by hiding unusable
buttons.

Bug: T132284
Bug: T154749
Change-Id: I7a5caa862a32f9792140c6a4d9708a2d20472672
2018-07-17 14:49:50 +02:00
jenkins-bot 3e28ac176e Merge "Use isset instead of empty+strlen when checking disallow parameters" 2018-07-17 02:20:32 +00:00
jenkins-bot fed9ca759d Merge "Remove and replace an argument in AbuseFilter::addLogEntries" 2018-07-16 22:40:00 +00:00
jenkins-bot dc39c3b052 Merge "Simplify AbuseFilter::addLogEntries" 2018-07-16 21:59:47 +00:00
Matěj Suchánek 3e1a963614 Simplify AbuseFilter::addLogEntries
Change-Id: I54bcef8c69892d184ae2362282ed7477df2b4faa
2018-07-16 11:02:03 +02:00
Matěj Suchánek df346b3995 Remove and replace an argument in AbuseFilter::addLogEntries
Change-Id: Ib4613577d1b5ac5a5cc796716c95b99196259438
2018-07-16 10:59:05 +02:00
Daimona Eaytoy 32718888c0 Use noparams exception and correctly count function parameters
For the counting part I used this a relatively simple approach. It might
not be the best one, but should work without changing too much code. As
for the exception, I added it to every function which takes a single
parameter. Plus a couple of minor fixes: removed an unused function and
replaced "__METHOD__" with function names.

Bug: T198300
Change-Id: I484fe2994292970276150d2e417801453339e540
2018-07-15 15:32:26 +00:00
jenkins-bot 29c7f0f818 Merge "Update LogPage to ManualLogEntry" 2018-07-15 15:08:47 +00:00
jenkins-bot 32218a1391 Merge "Add the user action to warn key" 2018-07-15 15:08:42 +00:00
jenkins-bot 5281a158a9 Merge "Add phpunit tests for all exception thrown in the parser" 2018-07-15 15:08:41 +00:00
Daimona Eaytoy adc06f409d Use isset instead of empty+strlen when checking disallow parameters
This line first used to be just an "strlen". Then we merged
Iaeae672dca66ffc745054daabd6f0eae7dfbc648 to clean input and this caused
some "undefined index" notices. These were in turn fixed in Ibebedb566da705e77ffb831ebda6476adba07c93 by adding an "empty". However, this slightly changed the range of accepted parameters, for instance refusing 0 and '0'. Those should never be used, so this is just a theoretical problem, but we'd better be consistent and simplify this line.

Change-Id: I4643d0632acf5926ac8de5da9bcb3e5dc715fdc1
2018-07-15 17:01:32 +02:00
Daimona Eaytoy 6a97133310 Add the user action to warn key
Otherwise, if the user is warned for e.g. trying to move a page, and
after the warning he tries to delete it, he won't be warned again. Since
filtered action (edit, move, delete...) can be really different, we
should repeat the warning if the action changed.

Bug: T199621
Change-Id: Ia481b2bf552e16de8485c246aa5612d5bb2cd6ca
2018-07-14 16:15:52 +02:00
Daimona Eaytoy d390144c69 Add the log ID as API param for query abuselog
The patch adds the logid parameter to the queryAbuseLog API, so that
users will be able to retrieve a single result with the given logid.

Bug: T36731
Change-Id: I9160c3690e86ea40560f6fa7721918965234c29e
2018-07-14 15:03:17 +02:00
Daimona Eaytoy 0e87c44c74 Show AF logs for a revdeled revision if the user can see the revision
The function used to determine if a row is hidden has three possible
return values: true, false and "implicit". While the first and the
second one refer to AF own suppressing system, 'implicit' means that the
revision associated with the log entry is deleted. However, we checked
for such return value with a boolean cast, which caused true and
'implicit' to be equally treated, thus hiding revdel'ed revisions to
sysops. Bonus: fixed a comment typo.

Bug: T191699
Change-Id: I87d3a6437bb966198175e4bfd063e30ed79c345f
2018-07-14 00:46:19 +02:00
jenkins-bot 0862148509 Merge "Warn the user to re-attempt save if edit token didn't match" 2018-07-13 19:50:07 +00:00
jenkins-bot 73d65876f5 Merge "Simplify how we convert builder values array for OOUI" 2018-07-13 19:49:27 +00:00
Daimona Eaytoy 0815fc6a8f Update LogPage to ManualLogEntry
We still had three entries of "LogPage", which is legacy and has some
problems (I7bb0e92b2906a2511fc4290bdc76fc39ec4617fe). This patch updates
two of them to ManualLogEntry. The last one is handled separately in
Ic23e724997e4748c8d0da8138aa73d31b17b7064.

Change-Id: I2a4f18ea6baebdc114078c57d8937ce4ca2aace5
2018-07-13 19:39:57 +00:00
Daimona Eaytoy b8a2225bb2 Warn the user to re-attempt save if edit token didn't match
I've been noticing this problem for a long time: sometimes, when the
filter editor stays open for a long time and you try to click "save filter",
the page is scrolled and the edit isn't save (while it is indeed saved
when clicking save again). I found out that this is due to edit token
not matching. If that happens and the request was posted, warn user to
re-save the edit.

Change-Id: Id0c5600bf22632f57d237a19b492cc9c297be736
2018-07-13 15:40:29 +02:00
Daimona Eaytoy 8cec6a06cf Simplify how we convert builder values array for OOUI
To generate an OOUI-friendly array with dropdown values, we need to
rearrange the array we already get from AbuseFilter::getBuilderValues().
Right now we do it in a pretty dirty way, which also causes errors if
external values (e.g. Flow variables) are in the list. With this patch,
such conversion is simplified, explained in a comment, and doesn't
output errors anymore.

Change-Id: I1063865aeff2dfb637e95d7b2ff30da39ceeab67
2018-07-13 15:36:12 +02:00
jenkins-bot 4462fd5eae Merge "Wrap error messages in Html::errorBox" 2018-07-13 09:46:00 +00:00
Daimona Eaytoy f93134a4f7 Unbreak reverting 'degroup' action
This is something that hasn't been working since January 2009, when AF
didn't have arrays and all variables were computed non-lazily. In fact,
when reverting "degroup", we used to take old groups from edit vars, but
the variable may not have been computed for such edit. Plus, we treated
the var collection as an array instead of an AbuseFilterVariableHolder
object, and exploded user_groups since it was a string. With this patch
everything should start working as intended.

Change-Id: I76917b2e331291bd42daeef8d048507dc38048cb
2018-07-13 00:25:02 +02:00
Daimona Eaytoy 9012848032 Wrap error messages in Html::errorBox
The message 'abusefilter-edit-notallowed' is used twice and outputted
as plain text. This makes it really, really hard to notice. Wrap it in a
block-level errorbox to make sure users see it.

Change-Id: I6e5579f9a5e33f05520001e10ffdde928ffdcff0
2018-07-11 15:37:20 +02:00
jenkins-bot cacc034d1a Merge "Fix minor issues around" 2018-07-11 00:28:50 +00:00
jenkins-bot a50e4d6b8c Merge "Revert "Change message transformation method"" 2018-07-11 00:24:00 +00:00
Daimona Eaytoy 255e405957 Fix message key for reserved tag
Introduced in I75ce47d247cf6949117370c8c78ab7c6980538f3, the message name
was misspelled in the code and thus the message doesn't show.

Change-Id: Iad515c48035259340c4824d456a14010c977e7a8
2018-07-10 01:00:59 +02:00
Daimona Eaytoy da2a14ad39 Revert "Change message transformation method"
Html::warningBox makes use of Html::rawElement, where as noted in docblock the given html must *not* be escaped. Plus, bold text was broken due to escaping.

This reverts commit 7dfe4bfcfd.

Change-Id: I505be036291d4c6ff33c0c4fed4dd83a5bb56c54
2018-07-08 22:17:09 +00:00
jenkins-bot 8965b2d95f Merge "Reserve abusefilter-condition-limit tag" 2018-07-07 19:07:43 +00:00
Daimona Eaytoy f016c6c95f Fix minor issues around
This fixes the following minor issues:
* In HistoryPager's getQueryInfo, afh_id was listed twice
* In AbuseFilter::translateFromHistory a field named "af_" was produced
if no actions were in use
* The topnav link "Recent filter changes" wasn't STRONGed on pages like
"Special:AbuseFilter/history/123"
* In checkAllFilters and AbuseFilter::getFilter, select from DB only the
fields that will be used.
* Simplify some inline comments and remove superfluous ones

Change-Id: If72b18bedac5e580487406e696aea1fd172ae45b
2018-07-07 12:11:39 +00:00
jenkins-bot 53eba666dc Merge "Two minor fixes to make code testable" 2018-07-06 19:56:47 +00:00
Daimona Eaytoy 33b1b12b92 Reserve abusefilter-condition-limit tag
Right now it can manually be added when creating filters. Since the
distinction is interal to AbuseFilter, we can't use hooks to achieve the
goal (the tag isn't already usable from outside AF). Also making
isAllowedTag public to make it testable.

Change-Id: I75ce47d247cf6949117370c8c78ab7c6980538f3
2018-07-06 16:43:12 +02:00
jenkins-bot 0d8e27fed7 Merge "Don't use globals for filter validation" 2018-07-06 00:36:13 +00:00
Brian Wolff 5f73034c7a Minor escaping fixes
This will also fix some (not all) of phan-taint-check's warnings

Bug: T197002
Change-Id: I7fd1798030d83292ce46543e25c0c431ec345a11
2018-07-05 18:51:30 +00:00
Daimona Eaytoy 1ae14697b5 Don't use globals for filter validation
Some of them are available from the AbuseFilterViewEdit object, the
others from its config.

Change-Id: I8495c8cc03ef86919b325798a2c08ce7c4df277f
2018-07-05 19:57:30 +02:00
Daimona Eaytoy c8c66b55bc Two minor fixes to make code testable
Trying to write unit tests, there are some things in the code that make
it not well testable. Here, two of them are corrected:
1 - Use class constants instead of static variables inside a non-static
method. Otherwise such variables won't be reset between tests. The
change is made so that there'll be less impact on blame.
2 - Set af_enabled to true even in af_deleted is true as well. For three
reasons: the first is that we already perform validation for this, so no
need to secretly change the option to whatever we think would make
sense. Second, this redundant validation makes some tests fail. Third:
this way, if the user selects both enabled and deleted, when the warning
is shown he'll indeed see that both checkboxes are selected. Before, he
would only see wpFilterEnabled as selected.

Change-Id: Ib7a0335fa7fb3b8a21765438a720205656c1ea09
2018-07-05 00:07:46 +02:00
jenkins-bot a85e8f5588 Merge "Abstract methods in ViewEdit related to filter saving" 2018-07-02 22:18:37 +00:00
Daimona Eaytoy f9687ad678 Abstract methods in ViewEdit related to filter saving
Actually, it seems like I almost got it right at the first try. I tested
every validation scenario and it worked as espected, so ready for
review.

Bug: T193596
Change-Id: I7fd1798030d83292ce46543e25c0c431ec345a28
2018-07-02 20:27:05 +02:00
Daimona Eaytoy 7a64280893 Add phpunit tests for all exception thrown in the parser
All uses of "throw" inside AbuseFilterParser are now covered.
Bonus: added a standard suppresswarning when checking regex validity.

Change-Id: Iacb8f7a361079e3e117dc6845597c7bd8473e54a
2018-07-01 18:31:11 +02:00
Daimona Eaytoy 7104c40518 Copy levels documentation on AbuseFilterParser
doLevel- functions are currently documented in AFPToken. This patch
copies such comments on docblocks in AbuseFilterParser, the place where
this docs can really be helpful.

Change-Id: I4e47e760a56800faa9b0a1146e0d79f8955dca9a
2018-06-30 20:35:49 +02:00
Daimona Eaytoy d6d3169754 Use empty arrays instead of empty strings for diffs
Otherwise, a blank page will be considered as having a newline inside,
which won't be marked as added (or removed) in the diff. This requires
introducing a new method and leaving the old one for backward
compatibility, and may cause regressions.

Bug: T74329
Change-Id: I9a2397fd849544b499cad97a383e5331471e9d73
2018-06-30 10:28:56 +00:00
jenkins-bot cda8e588be Merge "Add min and max date selectors to AbuseLog" 2018-06-29 12:41:03 +00:00
Daimona Eaytoy f6eaba0822 Add min and max date selectors to AbuseLog
Reused code from ViewExamine and ViewTestBatch where we do the same
thing.

Bug: T99650
Change-Id: Ib33071aed69626cfa4a15435b4aef71096deba8b
2018-06-29 11:52:14 +02:00
Daimona Eaytoy ce83417068 Make disabled variables not overridable
Disabled vars can currently be overwritten by assigning them custom
values (e.g. old_text := 'foo'). However, this shouldn't be allowed to
avoid confusion.

Change-Id: I49136bf19371aee1e8068a9ae621310e1ab97c86
2018-06-28 22:40:09 +02:00
jenkins-bot 8b0f289e10 Merge "Stop computing removed variables and show custom error message" 2018-06-27 00:20:38 +00:00
jenkins-bot 4fb0cff163 Merge "Use content language for the revdel dropdown" 2018-06-26 18:41:13 +00:00
Daimona Eaytoy 79ec4ebf8b Stop computing removed variables and show custom error message
Old_text and old_html were disabled a long time ago. With this patch,
the user will get a custom error message if trying to use them (instead
of the unrecognisedvar one), plus they'll stop appearing in /examine and
/details, unless they were computed for the examined edit (and in that case, their description message is now restored). Lastly, added a precisation to their messages.

Bug: T190698
Change-Id: Ife168522e6b1d8eb94ebbb8a16ae8831ec1dc497
2018-06-26 20:02:31 +02:00
Daimona Eaytoy c75bc35f7d Rename lists to arrays
Arrays were introduced with the name "lists". While it **may** look
user-friendlier and so on, it actually uses a wrong name: lists are
different from arrays. I ran a grep and I should've replaced
every occurrence, plus everything seems to work, however a double check
wouldn't be bad.

Change-Id: I6a858f02f5dd9250ba7e1abf9c6422fd98758c9e
2018-06-26 14:42:23 +02:00
Daimona Eaytoy 40d9c5b027 Use content language for the revdel dropdown
Instead of the language set in user preferences.

Bug: T198182
Change-Id: I9f105cc3c926c51686ebb65ffbfffbbc161f9868
2018-06-26 14:37:13 +02:00
jenkins-bot 240e264833 Merge "Make /test filterable by action type" 2018-06-26 01:24:16 +00:00
jenkins-bot 1481b40b5d Merge "Make buildTestConditions more flexible" 2018-06-26 01:22:35 +00:00
jenkins-bot 625f1b92cd Merge "Reduce form whitespace on Special:AbuseFilter and compact variables" 2018-06-26 01:18:04 +00:00
Daimona Eaytoy 1394da924f Make /test filterable by action type
Bug: T20288
Depends-On: I2c51b695262b132a5c7cdfab20d56e36f43c7448
Change-Id: I9887c586955c1a1b34dbe641a8f9ad34de7a2e1d
2018-06-26 00:48:09 +00:00
Daimona Eaytoy c5da9cc6df Make buildTestConditions more flexible
This way, we can specify an action and it'll return only conditions for
that specific action. This is especially thought to make results
filterable by action type.

Change-Id: I2c51b695262b132a5c7cdfab20d56e36f43c7448
2018-06-26 00:45:33 +00:00
Daimona Eaytoy 3c1dae9e14 Allow users with abusefilter-view-private to use testing interface
Now the required need will be abusefilter-modify OR
abusefilter-view-private for /tools, /test and /examine.

Bug: T193903
Change-Id: I3f1a91a2cc1df2272e5d4099cefd7c649a0683d5
2018-06-24 14:10:38 +00:00
jenkins-bot c34eda8936 Merge "Introduce sanitize() function" 2018-06-24 13:53:46 +00:00
Daimona Eaytoy fcc07db95c Reduce form whitespace on Special:AbuseFilter and compact variables
The conversion to OOUI brought some extra whitespace that creates some
problems while viewing the page, especially with specific skins. This
patch compacts four different form fields in a single one, having the
side benefit of reducing the amount of used variables.

Bug: T189425
Change-Id: I75aa83e36d12db65d8b54c76b3ea14c8c797215e
2018-06-19 12:13:29 +02:00
jenkins-bot 9eb736d63d Merge "Enable OOUI and add unused button to the output" 2018-06-10 03:13:20 +00:00
jenkins-bot a4a6511972 Merge "Don't allow invalid IP ranges to be entered in ip_in_range()" 2018-06-10 00:33:27 +00:00
jenkins-bot 8fa73341cf Merge "Remove all not needed & from hook handler signatures" 2018-06-09 09:22:29 +00:00
jenkins-bot 075ccac1a2 Merge "Show throttled filters in Special:AbuseFilter" 2018-06-08 20:21:53 +00:00
Max Semenik 5c8a8da1f2 Fix some Doxygen problems
Change-Id: I04ce5564ec73e45a6d94c51be94bd1423a86780a
2018-06-08 13:02:40 -07:00
Daimona Eaytoy cf4ac34420 Show throttled filters in Special:AbuseFilter
With this patch, filters which are both enabled and throttled have an
"actions automatically disabled" label together with "enabled" and the
row is displayed in red. Plus, some minor changes like removing unused
fields from sortable ones and added a comment to getQueryInfo about used
columns (the idea is that it'll be easy to understand if a given column
is already there, plus if we'll need the missing one we may just replace
it with '*').

Bug: T154206
Change-Id: Iab157d094cbf2d50e9db537535fd48243e74af0b
2018-06-08 21:54:58 +02:00
jenkins-bot 1981c9f8b8 Merge "Add an option to hide private filters on Special:AbuseFilter" 2018-06-08 19:46:53 +00:00
jenkins-bot 5820b21ae3 Merge "Remove all default "return true" from hook handlers" 2018-06-08 19:42:02 +00:00
jenkins-bot 617e045483 Merge "Get rid of call_user_func_array()" 2018-06-08 19:32:31 +00:00
Thiemo Kreuz 9a185042b8 Update \AbuseFilter::checkSyntax documentation
Change-Id: I5c5caefab8d46773a459809d956a91fda7471863
2018-06-08 19:18:39 +00:00
Max Semenik 4c312a2693 Get rid of call_user_func_array()
Yay PHP7!

Change-Id: I2ec13d1a51981c6922949bed0c7dd2525c48f591
2018-06-07 23:01:27 -07:00
Thiemo Kreuz 7f600d2ebe Remove all not needed & from hook handler signatures
Most of these are accidential, obsolete from a time when PHP4 required
these & to enforce passing by reference. This is the default since PHP5.
The issue with this & is that is (in theory) allows hook handlers to
replace the object with an entirely different one. Luckily this does
not work in all cases I'm aware of. But it is confusing, semantically.

Change-Id: If1e9e2723ef96308f9b4b27377398a5e497bfe70
2018-06-07 13:29:22 +02:00
Thiemo Kreuz 7ec9725c42 Remove all default "return true" from hook handlers
This is the default for many years now. Returning true is not different
from returning nothing.

I'm not touching functions that can either return true or false.

Change-Id: I6c70b8ef44f17271201a69a85301a631b32763c0
2018-06-07 13:26:13 +02:00
Daimona Eaytoy 9fe281e704 Enable OOUI and add unused button to the output
In If67035991a0835ec3edc13be4543e6b40c76c3ea I changed a couple of links
to OOUI buttons, but forgot to add one of these to the output (and to
enable OOUI as well).

Change-Id: I7dd4b554bae406bc0c8326867298302ee10b47f2
2018-06-04 11:21:41 +00:00
Daimona Eaytoy 74569e20a7 Improve the check for block durations equality
With I5e3764dbec8ac21f20c460181ae78ed73eca92f6 I introduced a function
to check that two blocks with different wordings refer to the same
duration. While that functions works good 99.9% of the time, there's a
highly unlikely but actual problem: if one of the operand is parsed at
time x and the other at time x+1 (in seconds, and this may happen even
if it gets parsed 1 ms later), the 2 durations will be considered
different and this may be annoying. With this patch I introduce another
tiny function which uses strtotime to parse a duration, but uses the
second parameter (=0) to avoid relativeness to the current time. Again,
this isn't likely to occurr, but since the fix is straightforward we'd
better do it. Also, now global durations aren't parsed at every
iteration (previously they were due to the same problem, amplified by
time distance between the first and the last iteration).

Change-Id: I11a078f298aaed9631d7f422c6b9b722d28e73cc
2018-06-04 11:21:37 +00:00
Daimona Eaytoy 43ec6cf830 Add an option to hide private filters on Special:AbuseFilter
While the change itself is simple, the only problem here is the desing,
since we're adding even more vertical space with this.

Bug: T164108
Change-Id: Ic5373dd4f0b85dc1311d90ac165d4520ac956e68
2018-06-04 11:21:18 +00:00
Huji Lee 2792fce41e Introduce sanitize() function
Normalizes HTML entities into unicode characters

Bug: T169122
Change-Id: Ic916a6f8976e486d62d65156fa2dab56a55cf22a
2018-06-03 16:37:23 -04:00
Max Semenik 94f3bc67ca Use PHP7 ?? operator
Change-Id: I757b832ac86f52d8b70ffc42fdb60796ab81e7fe
2018-05-31 11:53:03 -07:00
jenkins-bot 7682a61786 Merge "Reset condCount when entering checkAllFilters" 2018-05-27 11:03:56 +00:00
libraryupgrader 99c212226d build: Updating mediawiki/mediawiki-codesniffer to 20.0.0
Change-Id: Ib1d0dfa76babc01c30f4e905e8f6fb80e1e9a0bc
2018-05-25 23:31:49 +00:00
jenkins-bot 424e5eab70 Merge "Simplify contentToString function" 2018-05-25 12:12:22 +00:00
jenkins-bot 96a91ac9b2 Merge "Allow IP addresses in user selectors" 2018-05-24 18:15:33 +00:00
Matěj Suchánek 45b8855754 Allow IP addresses in user selectors
Also unify username normalisation in Special:AbuseLog with /examine and /test.

Change-Id: I85e10ba9262c698b8c279b5cad9fae4a0ab3d7b0
2018-05-24 18:53:23 +02:00
Daimona Eaytoy ba9df944c8 Compare with null instead of using $config->has
With I91a9c5cca55e540a6c95b750579c1c369a760b15 we replaced some globals
with Config and, in doing this, we added "$config->has()" to check if a
variable was null. However, "has" will always return true even if the
value is null (it only checks if it exists), and thus we end up showing
a global abusefilter pager even if no central DB is set.

Bug: T195022
Change-Id: I751fdefd29b6af1361021d4343ba67f16c99a037
2018-05-21 12:11:45 +02:00
Daimona Eaytoy ef489d7ab5 Simplify contentToString function
Use TextContent::normalizeLineEndings instead of manually replacing
carriage returns, plus avoid the if with a simple string cast. This also
fixes some cases where a null edit isn't counted as such due to a "\n"
in new_wikitext which isn't trimmed.

Bug: T168736
Change-Id: Idfafab3fcf7912bf0aec22700d2c0137bdd6c3c8
2018-05-16 16:52:29 +02:00
Daimona Eaytoy 91c5f6d5b9 Improve the i18n message for throttling to show in history
With the introduction of custom block durations in Ib072433d19dabae48d8514e08be9893135b5d63c, the method which generates action display was enlarged in order to provide a more readable and complete message. However, for throttling we currently have an unreadable message like "Throttle: xx, yy, zzz". This is wrong for two reasons: first, those numbers need to be deciphered; second, the first number is the filter ID which is totally unuseful here.

Change-Id: I0ec6a27ff5f37aae864dfd91161bf44f0a217ef1
2018-05-13 13:29:45 +02:00
Daimona Eaytoy 38c46216db Explicitly declare title fields as optional
They were defaulted to false with
I93ad51ffe7bee597d2d127f4c5d6b2929ffc8f7e, which broke use cases where
the page field is NOT required, nor has a 'required' => false explicitly
declared.

Bug: T194425
Change-Id: I5ab768c02a30b6d053104e590729ef22bb4e0808
2018-05-10 22:20:05 +02:00
Daimona Eaytoy 69c8929468 Add an option to hide bots in /test
Pretty self-explanatory and straightforward, since recentchanges has a
dedicated column for bot edits.

Bug: T193994
Change-Id: I76d41e082aed262640e9fff856eeb97df49633d5
2018-05-07 17:25:40 +02:00
jenkins-bot d882f18e5f Merge "Prevent the user from overriding blacklisted variables" 2018-05-07 13:55:31 +00:00
Daimona Eaytoy 096bb4872b Fix flags checkboxes broken in recent patch
With If16975dd394cfdb3c57ff263366c2fc865de362a I broke flags checkboxes,
i.e. the one for enabling/deleting/etc. a filter. In fact, I
misunderstood the way cbReadOnlyAttribute was used (a dirty way,
actually) and this caused such checkboxes not to be disabled if the user
didn't have rights to edit the filter.

Change-Id: Ibf80b54e0f620734ad7767e4769a93bbf1feccff
2018-05-05 14:35:01 +02:00
Umherirrender 42769ce676 Replace wfGetLB
@deprecated since 1.27, extension.json required 1.31

Change-Id: I0467cde378c85095673fd39fed1924c330c27d7b
2018-05-04 21:35:11 +02:00
Daimona Eaytoy 5916910e25 Prevent the user from overriding blacklisted variables
Like we do for built-in values. If a blacklisted variable is overridden,
it still works, but there's no reason to allow it.

Bug: T191715
Change-Id: Ia4d42ec56dc4805454b96c52c2eace1924f6536c
2018-05-04 19:33:12 +02:00
jenkins-bot 4557b3961e Merge "Fix an undeclared variable in block options" 2018-05-04 02:03:20 +00:00
jenkins-bot 479cce9f58 Merge "Show "blocktalk" in AbuseFilter diff and improve message generation" 2018-05-03 23:22:44 +00:00
Daimona Eaytoy 80ef9d442a Show "blocktalk" in AbuseFilter diff and improve message generation
Quite self-explanatory. If the talk page is blocked, a sentence is
added, otherwise it remains as it is. Plus, improved the way messages
are generated and reduced their reuse.

Bug: T193692
Change-Id: I01f5113ca586b94c25e1102c73d158ebb01c5a4b
2018-05-03 21:11:13 +02:00
Daimona Eaytoy 9c01724053 Remove unused code
The $deadActions array is populated but never used. At first I thought
it was about actions which aren't available, but this isn't right.
Instead, it's only used to keep track of available actions which aren't
used in the current filter. Which is some data that we don't need, nor
there's nothing we may do with that.

Bug: T188181
Change-Id: Ibdfeb92ccd790c0b1a4d79b382b053b9361459f8
2018-05-03 19:36:27 +02:00
Daimona Eaytoy 69c0fd9e7c Fix an undeclared variable in block options
We used to display the checkbox to block talk without checking if
it was defined. This caused a warning and an empty space with
wgBlockAllowsUTEdit set to false.

Change-Id: I97f82633e932de7e325615473c85245a406a55ef
2018-05-03 19:14:03 +02:00
jenkins-bot 9387a4fb88 Merge "Use OOUI buttons instead of plain links and Html::errorbox for errors" 2018-05-03 00:41:21 +00:00
jenkins-bot 0366cc7f55 Merge "Show only changed sections in diffs" 2018-05-03 00:34:36 +00:00
jenkins-bot b70b53216f Merge "Re-apply fix to show textarea when JS is disabled" 2018-05-02 23:59:56 +00:00
Daimona Eaytoy 632c8e77e2 Don't let enabled filters be marked as deleted
Adds both client-side and server-side validation.

Bug: T156619
Change-Id: If16975dd394cfdb3c57ff263366c2fc865de362a
2018-05-02 22:20:53 +00:00
Daimona Eaytoy f9be4226b8 Re-apply fix to show textarea when JS is disabled
After Id4dc1debf0240d5b336f4d9ab5b363c240f08807, the method has been
moved, and in doing that I forgot to change this line.

Change-Id: I20caf06f2c568605bd6a90c9cf2b425cd51512e7
2018-05-02 19:31:35 +02:00
Daimona Eaytoy 2d876d08bd Use OOUI buttons instead of plain links and Html::errorbox for errors
Like we did for other links in /diff and /histories, there are some
links that we'd better display as OOUI buttons. Also, use the Html
class' specific method to show errorboxes.

Bug: T132284
Change-Id: If67035991a0835ec3edc13be4543e6b40c76c3ea
2018-05-02 13:13:01 +02:00
Matěj Suchánek 45d1d71def Reduce use of globals in favor of Config
I'd like to have this reviewed by more than one user before merging, to avoid regressions of annoying typos.

Change-Id: I91a9c5cca55e540a6c95b750579c1c369a760b15
2018-05-02 02:27:26 +00:00
Daimona Eaytoy 354e75f681 Show only changed sections in diffs
In order to have a less clogged diff and spot the real changes more
easily.

Bug: T21716
Change-Id: I60ab88d47716186fd0af289081033a8e274d9d85
2018-05-01 21:05:01 +02:00
Daimona Eaytoy 9b1f1b263e Fix XSS vulnerabilities
I found these vulnerabilities while trying to setup seccheck. Although
I'm not sure whether seccheck recognised them, I'm sure that they exist
since I did manual tests, and it's possible to inject custom scripts
with these.

Change-Id: I97804be8352a1b784d483195edb29e363a0c616e
2018-05-01 16:55:46 +02:00
Roan Kattouw cbabcf1276 Follow-up 392f37d516: fix undefined index notice
'disallow' rules with a missing first parameters are perfectly fine (and
quite common), so don't throw notices when that happens.

This broke Flow's unit tests, and caused exceptions for all api.php
edits that triggered a 'disallow' rule.

Change-Id: Ibebedb566da705e77ffb831ebda6476adba07c93
2018-04-30 15:24:25 -07:00
Daimona Eaytoy 04b15a1b75 Reset condCount when entering checkAllFilters
This seems like the logical way to be sure that multiple mass actions
won't be counted as one, thus reaching the conditions limit. I tried to
test this locally, but I actually had troubles to simply replicate the
issue of the reached limit in a stable manner, so I'm not totally sure.
Anyway, this shouldn't do any harm.

Bug: T193374
Change-Id: Icdc172f76705870ee502339a53e912e15a3bd31d
2018-04-30 18:42:24 +02:00
Daimona Eaytoy 99f32a1408 Fix undeclared variable
The variable was declared in the "if" branch but also used in the "else"
one. This caused the rules textarea to not have the readonly attribute
if the user wasn't allowed and CodeEditor wasn't installed.

Change-Id: I2bf69dc0f2d24efac41d1ac6100ed7e286e3afa4
2018-04-30 15:55:10 +02:00
Daimona Eaytoy caa4b1c763 Add phan configuration
This is taken from I6a57a28f22600aafb2e529587ecce6083e9f7da4 and makes
all the needed changes to make phan pass. Seccheck will instead fail,
but since it's not clear how to fix it (and it is non-voting), for the
moment we may merge this and enable phan on IC.

Bug: T192325
Change-Id: I77648b6f8e146114fd43bb0f4dfccdb36b7ac1ac
2018-04-30 08:32:58 +00:00
jenkins-bot 2e116e5c6d Merge "Don't use an empty string for block parameters" 2018-04-26 14:20:09 +00:00
jenkins-bot 13141ebe3e Merge "Convert Special:AbuseFilter/tools to use OOUI" 2018-04-26 14:20:05 +00:00
jenkins-bot fce4b4c305 Merge "Switch plain links to OOUI buttons in /history and diffs" 2018-04-26 13:45:08 +00:00
jenkins-bot 51591b9fb8 Merge "Move AbuseFilter::buildEditBox static method to AbuseFilterView class" 2018-04-26 13:45:07 +00:00
jenkins-bot 9a696727f7 Merge "Show the search error on a new line" 2018-04-26 13:41:08 +00:00
jenkins-bot 6aa6b8fc13 Merge "Add the remaining equality checks" 2018-04-26 13:25:56 +00:00
Daimona Eaytoy 30d1eac47f Show the search error on a new line
By wrapping it in a P element. Plus, use Html class to build the error
box.

Bug: T193109
Change-Id: If753a7a7c56ea041a80b7efd6bee5a175a001221
2018-04-26 09:38:44 +02:00
Daimona Eaytoy d9fc90c281 Move AbuseFilter::buildEditBox static method to AbuseFilterView class
Make it non static, plus a couple of minor stylistic fixes to such method.

Bug: T190180
Change-Id: I54dd1f785d33908a0481aa2db997aa085776fc2d
2018-04-26 09:24:04 +02:00
Daimona Eaytoy 26ef911517 Switch plain links to OOUI buttons in /history and diffs
Like we did for the button to create a new filter on
Special:AbuseFilter.

Bug: T132284
Change-Id: Ie4e43b74893b00b88dd5e7fd627a2572d3157acc
2018-04-26 09:21:59 +02:00
Daimona Eaytoy 7008de80e6 Don't use an empty string for block parameters
Follow-up of Iaeae672dca66ffc745054daabd6f0eae7dfbc648. Some actions
were still marked with red, specifically the ones with block inside. The
reason is that we stored the 'blocktalk' parameter as an emtpy string if
false, which wasn't filtered when loading request. Changing the empty
string to something different is enough to fix the problem, hopefully
without regressions. Note that this isn't retroactive and needs an edit
to become effective.

Bug: T189681
Change-Id: I7d7f0606fc23bad5ba342076066ab0e935680b3f
2018-04-26 09:13:02 +02:00
jenkins-bot 0b35bdcae9 Merge "Add missing parameter and suppress warnings for regex errors" 2018-04-26 02:28:20 +00:00
Daimona Eaytoy 71f375f19a Add equals_to_any function
Introduce a new function which can be used to group multiple comparisons
in a single condition. In particular, equals_to_any(S, A, B) is the
equivalent of S === A || S === B. This is especially useful in checking
for multiple namespaces, as proposed in the Community health initiative.

Change-Id: I9dcfe303eb5e51e1882fe4a65fa876aa93db7686
2018-04-25 23:12:19 +00:00
Daimona Eaytoy 24c8d7d54e Add the remaining equality checks
I left as ToDo the checks between an array and something else. With this
patch, it'll work like PHP: the result will be true iff the comparison
is loose, the array is empty and the other operand is either false or
null.

Change-Id: Idc5cadb697ed4fc7f4856967274169f77495ed9f
2018-04-25 10:16:50 +02:00
Daimona Eaytoy c2302385c1 Add missing parameter and suppress warnings for regex errors
I added searchEnabled in I0771fa048d21031ed1e0f8a6909213bdb869a5ed, but
forgot to pass it as parameter when there's an error with the regex.
This means that, if you try to make a search with a wrong regex, when
the page is reloaded the fields for searching aren't shown and you get a
PHP warning. Here I also added warning suppressions as usually done when
checking regex validity to avoid unnecessary PHP warnings.

Change-Id: Ibc3110c30959c99d0825e1e3d7edb1e96dd9d536
2018-04-25 08:06:15 +00:00
jenkins-bot 913d37eba6 Merge "Filter parameters when loading/editing them" 2018-04-24 00:24:57 +00:00
Daimona Eaytoy fa413d431e Use the old textarea if JavaScript is disabled
Basically, with this we always start with a functioning textarea. If JS
is enabled (and CodeEditor installed), it gets then replaced by the Ace
editor.

Bug: T192241
Change-Id: Id4dc1debf0240d5b336f4d9ab5b363c240f08807
2018-04-23 23:43:23 +00:00
Daimona Eaytoy 392f37d516 Filter parameters when loading/editing them
Re-opening of I8eb50d38c81b4e446c0f1dc03abc27122b8fa025 by Thiemo Kreuz.

Bug: T189681
Change-Id: Iaeae672dca66ffc745054daabd6f0eae7dfbc648
2018-04-23 23:43:05 +00:00
Daimona Eaytoy f84b7f7158 Remove unused wgTitle + remove exception from PHPCS
As discussed in the task, wgTitle was used (overridden) since it was null in API
calls. However, the problem has been fixed in api.php in 2009, so we
don't need to deal with it anymore. This also means that we may remove
anything else that was added to restore the original title at the end of
the function. At last, this was the only remaining exception for PHPCS.

Bug: T178007
Change-Id: Id043c74ec8d57c5fb0ab22f54acf6a31fe6b6f06
2018-04-21 10:03:49 +02:00
Daimona Eaytoy 3c3a521fec Fix coding conventions exclusion rules
This should fix every error with excluded rules, leaving only the one
for $wgTitle. A double check would be nice in order to avoid regressions
due to stupid mistakes.

Bug: T178007
Change-Id: I22c179f3a01d652640304b59e43fcb5b5a9abac3
2018-04-20 08:40:18 +00:00
Reedy f990b07bec Update at-ease calls
Bug: T187037
Change-Id: I6448e581a14c468ac2ea8f1752ded6be550d0592
2018-04-18 14:29:37 +00:00
jenkins-bot 0c47bb5574 Merge "Fix parameter order for AbuseFilterParser::contains" 2018-04-16 23:32:50 +00:00
Glaisher 7fade990d2 Don't allow invalid IP ranges to be entered in ip_in_range()
IP::isInRange() can return true for invalid IPs so this can
cause false positives. Instead of letting this happen, don't
allow it in the first place.

See also Ibfe55c2ebac0fccfa8329436

Bug: T124117
Change-Id: Id10552e117ce2b231504e41627b44f8cfb0d4329
2018-04-13 10:59:08 +02:00
jenkins-bot c10f61f623 Merge "Properly detect unclosed comments" 2018-04-11 00:02:35 +00:00
jenkins-bot 77129eed4d Merge "Properly use integers in exponentiation" 2018-04-10 23:37:32 +00:00
jenkins-bot 078ff05bc7 Merge "Convert division/multiplication/modulo results after calculation" 2018-04-10 23:37:30 +00:00
jenkins-bot 7a015add39 Merge "Use integers in addition and subtractions" 2018-04-10 23:34:09 +00:00
jenkins-bot f241eede4c Merge "Make sure blocks from ipboptions have the same wording as globals" 2018-04-10 23:29:53 +00:00
Daimona Eaytoy 73ec0d7896 Properly detect unclosed comments
Right now we don't have a specific exception for that, plus we don't
really check if they're closed. In fact, we use the result of strpos
without checking if it evaluates to false; if so, in some particular
cases like the one reported on phab, the while loop will never end.

Bug: T134124
Change-Id: I3b6000f197502a4832a53465b6617b4217080739
2018-04-10 19:26:02 +02:00
Daimona Eaytoy aeeac22490 Fix parameter order for AbuseFilterParser::contains
Move optional parameters after required ones.

Change-Id: Ice243bc5c793ffe6323931e45f36939d4b428b30
2018-04-10 13:28:34 +02:00
Daimona Eaytoy 3e9a2dfd33 Properly use integers in exponentiation
Right now they're always float.

Bug: T191688
Depends-On: I398c9a972b7e9fcb27d055d23939be2b8bb68244
Change-Id: I0bb1ed0109af66997e238b532d342d82d4c4ae19
2018-04-09 16:17:54 +02:00
Daimona Eaytoy 2dda2e381c Convert division/multiplication/modulo results after calculation
So that type and value will be identical to PHP's ones.

Bug: T191688
Depends-On: I1140900cdda63eed292d9f20aefd721ef9247fcd
Change-Id: I398c9a972b7e9fcb27d055d23939be2b8bb68244
2018-04-09 16:16:04 +02:00
Daimona Eaytoy be076eb97e Use integers in addition and subtractions
Right now they're always returned as float values, even stuff like 1+1.
With these patch the results will have the same type as they would with
pure PHP calculation. Added a method to convert numbers to int/float
depending on their type.

Bug: T191688
Change-Id: I1140900cdda63eed292d9f20aefd721ef9247fcd
2018-04-09 16:11:16 +02:00
jenkins-bot 4c3e66324f Merge "Restore 'subtract' method for backward compatibility" 2018-04-09 02:55:37 +00:00
Daimona Eaytoy 572cd1df2b Restore 'subtract' method for backward compatibility
Otherwise old filters try to use it and return an error. I restored it
at the old version, like in PS1 of Ib23c418ded6ffdae7311809bf5fcbbfb2093e752

Bug: T191696
Change-Id: Ib23c418ded6ffdae7311809bf5fcbbfb2093e752
2018-04-07 17:32:23 +02:00
Daimona Eaytoy 1f5fc1b26e Ace: retrieve keywords directly from tokenizer
We already do it for variables and functions, so that any new feature
won't need the ace files to be edited. I originally didn't implement it
for keywords too, but it's actually much better this way.

Change-Id: I1ee81feace2ea90d5dbb2e443f01bc0f6cf74eb7
2018-04-07 17:21:45 +02:00
jenkins-bot efde52e4b6 Merge "Allow comparing two lists" 2018-04-06 21:09:53 +00:00
jenkins-bot 1df058238a Merge "Disable search for global filters" 2018-04-06 16:48:57 +00:00
Daimona Eaytoy 284ab234fd Allow comparing two lists
This feature was never implemented. I'm not sure whether we need a way to compare array and other types of variables (left as ToDo), since e.g. in PHP it's always false.

Bug: T179238
Change-Id: I5d2c33fd117e69cbc84c0b04b6cb82edbdcadf16
2018-04-06 11:44:28 +00:00
jenkins-bot ec9732aac4 Merge "Fix typo in class name AFPData" 2018-04-06 11:26:25 +00:00
Daimona Eaytoy 17c51445db Disable search for global filters
It solves a bug and other problems, especially related to permissions.
Tested as much as I could but with an imperfect global filters system,
so there may still be something wrong.

Bug: T191539
Change-Id: I0771fa048d21031ed1e0f8a6909213bdb869a5ed
2018-04-06 12:25:35 +02:00
Umherirrender 0aafdb9b2f Fix typo in class name AFPData
Change-Id: I32987ebc6b9fefab41b1bbc419140805502c6b7b
2018-04-06 10:45:15 +02:00
Daimona Eaytoy ddf707656e Make sure blocks from ipboptions have the same wording as globals
This is the long-term solution for the problem. The ToDo may be
unnecessary, but leaving it there as a caveat.

Bug: T190602
Change-Id: I5e3764dbec8ac21f20c460181ae78ed73eca92f6
2018-04-06 08:15:17 +00:00
jenkins-bot eb066b4f6f Merge "Add missing messages for existing vars decriptions" 2018-04-06 01:25:27 +00:00
Umherirrender c23d715c33 Add missing use for namespace Wikimedia\Rdbms
Change-Id: I262ff68fb923ae43f191e167d1b1de3e70c2e236
2018-04-05 22:09:15 +00:00
Daimona Eaytoy 714735ff6b Remove superfluous line
That line isn't needed anymore and totally prevents from changing page.

Bug: T191512
Change-Id: Ib29719d6eb3155318b3db0f60d9c9d55e944b4a4
2018-04-05 17:58:16 +02:00
Matěj Suchánek 60f4777c8c Add missing messages for existing vars decriptions
Change-Id: Ifd418c0efbcf7c21b4013d6b8a7454950d15def6
2018-04-05 11:24:49 +02:00
jenkins-bot d885b34574 Merge "Add reasons dropdown to hidelog form and convert it to OOUI" 2018-04-05 00:19:21 +00:00
jenkins-bot f0a8219666 Merge "Move actions limit to a global variable" 2018-04-05 00:15:24 +00:00
Daimona Eaytoy bc99694d07 Add reasons dropdown to hidelog form and convert it to OOUI
Bug: T153018
Bug: T132284
Change-Id: Idf74765d9f5c475d2e0d48d546cdf7c1aaa99104
2018-04-05 00:08:49 +00:00
Daimona Eaytoy 55cac6f1b0 Move actions limit to a global variable
This opens the door to further customization and allows every wiki to
set its own value.

Bug: T132925
Change-Id: I63985f2809c3253b07b33caef30fcd8d4c62dfd4
2018-04-05 00:06:40 +00:00
Daimona Eaytoy 5f1926534b Make $mode optional for checkAllFilters
Otherwise ContentTranslation will break. Also, that way the order was
wrong (mandatory parameter after optional ones).

Bug: T191468
Change-Id: I4558aba48782e83b73023061e8f213bf6a785a18
2018-04-04 23:35:03 +02:00
jenkins-bot 78817be019 Merge "Fix cap for pattern search" 2018-04-04 02:17:38 +00:00
Daimona Eaytoy e830f31ccc Fix param documentation
I made a little misunderstanding with I243605b26fe310488dc7419edf31f652ccda0094

Change-Id: I43888278483646eeb1e9da5d44471838c20fc18b
2018-04-03 17:34:03 +02:00
Max Semenik a4ed4db34e Fix field visibility warnings
Yes, this is a sniff bug - however, ideally every variable should
be on its own line with documentation anyway.

Change-Id: Ic8a96d9ea4dd20d8f689aac0a7dece01a4208929
2018-04-03 02:16:41 +00:00
Max Semenik 5c89246fce Rename files to match class name
Change-Id: Ia19bfec6c2289912699b6c90261afda311afb56e
2018-04-02 22:08:13 -04:00
jenkins-bot 9cf6a4b407 Merge "Add missing comparisons to builderValues" 2018-04-02 21:34:32 +00:00
jenkins-bot 3ffa6f6c81 Merge "Add requirement for title and pattern fields" 2018-04-02 18:06:26 +00:00
jenkins-bot 846e9d095c Merge "Record stats only when the action is executed" 2018-04-02 18:01:32 +00:00
Daimona Eaytoy 17e444918b Fix cap for pattern search
Currently, due to a tiny math error, the cap is variable (although
limited). This way it's really fixed and produces uniform results.

Bug: T191222
Change-Id: I8102db7894e5481a77e1a5771d9981258000731e
2018-04-02 19:49:59 +02:00
Daimona Eaytoy fc5aeeaaeb Convert Special:AbuseLog/# to OOUI
Hopefully this is really the last one: the tiny form at the bottom of
Special:AbuseLog/# to access private details.

Bug: T132284
Change-Id: I3f91beb482b3b85e12b65464914b0ac57ec983df
2018-04-02 18:58:43 +02:00
Daimona Eaytoy fbde96cac6 Add missing comparisons to builderValues
Currently, strict comparisons aren't listed. This way they don't appear
in the dropdown and users may not be aware of their existence.

Change-Id: I93185781de3b698096130c673156a67823375c6b
2018-04-02 17:12:32 +02:00
Daimona Eaytoy e53811ecb3 Add requirement for title and pattern fields
Currently users can save filters without title or pattern. This
shouldn't be allowed since it leads to lack of clarity. The check is
only performed server-side, since when implementing Ace editor we won't
be able to (easily) add a pure HTML requirement for the pattern field.

Bug: T173947
Change-Id: I1a0418b87cdb1ff423238fcdf1c743930500e605
2018-04-02 16:37:51 +02:00
Huji Lee 26c72c1cd9 Convert Special:AbuseFilter/tools to use OOUI
Bug: T132284
Change-Id: I139b30399f83d43c4da565b25726d8786d02d1ef
2018-04-02 16:31:19 +02:00
Daimona Eaytoy 6255b04eca Record stats only when the action is executed
Otherwise it will return wrong stats and waste resources. This seems to
fix the problem, while a more long-term solution isn't that clear. I
hope that this won't introduce regressions, which as far as I could see
shouldn't happen.

Bug: T191032
Change-Id: I243605b26fe310488dc7419edf31f652ccda0094
2018-04-02 16:21:43 +02:00
Daimona Eaytoy 7450fb1d62 Switch /test and /examine/# to OOUI
Standardized Special:AbuseFilter/test and /examine/# to OOUI. They need
to be updated together, since they share the same load filter button
(now centralized) which needs to be handled in a different way.

Bug: T132284
Bug: T58367
Bug: T58368
Depends-On: If3d6a994142e34686bb7fc9f09093f751b599485
Change-Id: Ib935e8c9706e987468e52ec2ad1c7219b35fb9d5
2018-03-30 13:12:36 -04:00
Daimona Eaytoy 520ebea2cb Switch footer of editor to OOUI
Conversion of the builder dropdown, the syntax checker button and also
the button for switching editor coming from ace.

Bug: T132284
Depends-On: If3d6a994142e34686bb7fc9f09093f751b599485
Change-Id: Ic7f17437f4f0dcc0ea0edbab24eb976e2f76bdbd
2018-03-30 12:58:45 -04:00
jenkins-bot c67ab4a061 Merge "Revert "Revert "Switch editor to Ace and provide syntax highlight""" 2018-03-30 15:29:01 +00:00
Daimona Eaytoy 3350183fe3 Revert "Revert "Switch editor to Ace and provide syntax highlight""
Make Ace use a fixed size in em.

This reverts commit 272775ff81.

Change-Id: I9b439b20df91eb367bcef4b6f33ff087aded0b62
2018-03-30 11:10:16 -04:00
jenkins-bot ef65bf62c9 Merge "Convert /revert to use OOUI" 2018-03-30 14:02:12 +00:00
Daimona Eaytoy 90436c9e59 Convert /revert to use OOUI
This one was left out, probably because it's not well documented.
Together with the simple conversion, I also added a cap to time
selectors (otherwise users may create huge breaking queries) and wrapped
in a class=success P the success message, like we do when saving
filters.

Bug: T132284
Change-Id: I2ba0a54e27608949cd28b9ac0447d1f2157b0ea2
2018-03-30 09:12:59 +02:00
jenkins-bot 899fd5783b Merge "Revert "Switch editor to Ace and provide syntax highlight"" 2018-03-30 02:14:15 +00:00
Huji 272775ff81 Revert "Switch editor to Ace and provide syntax highlight"
This reverts commit 89e6778793.

Change-Id: I41aee10fdd5633d56692334696fb750f41b15433
2018-03-30 02:07:00 +00:00
jenkins-bot f903aa92d4 Merge "Switch editor to Ace and provide syntax highlight" 2018-03-30 02:02:00 +00:00
jenkins-bot da3342e398 Merge "Add search for filter patterns" 2018-03-30 01:32:03 +00:00
jenkins-bot 17e56ff23a Merge "Convert Special:AbuseFilter to OOUI" 2018-03-30 01:16:16 +00:00
jenkins-bot baa0cd082a Merge "Always show abuse filter public comments as plain text" 2018-03-29 16:13:27 +00:00
jenkins-bot e268f6b3e1 Merge "Avoid calls to deprecated wfSetupSession, $_SESSION, and session_id" 2018-03-27 02:36:26 +00:00
Daimona Eaytoy 1de8740df7 Use integers when calculating edit_delta
Since it'll always be a subtraction of integer numbers. Otherwise, if
calculated as float, values won't triple-compare.

Bug: T190652
Change-Id: Ia58a4e3429a012a94a43ffadb190154fcdb9bcaa
2018-03-26 13:15:13 +02:00
Daimona Eaytoy 89e6778793 Switch editor to Ace and provide syntax highlight
Replace the conditions textarea with Ace editor for editing and testing
filter. This uses a soft dependency on CodeEditor; if the latter isn't
installed, the classic textarea is used. The user is still able to
switch between the editors on the go; the new buttons may look a bit
ugly now, but after switching to OOUI they should get much better.
Finally, added a custom syntax highlight for AbuseFilter rules.

Bug: T39192
Change-Id: If3d6a994142e34686bb7fc9f09093f751b599485
2018-03-23 12:39:22 +01:00
Daimona Eaytoy 3bc4bfc4d5 Add search for filter patterns
Adds an option for searching filters with a
specific pattern in the main page, together with already existing options.
Plain search and regex are available, only for users with the
view-private right. The search is performed directly on the database.
If the user actually searched for something, it is also added a column to
Special:AbuseFilter showing a snippet of the pattern from each filter, with the query match highlighted.

Depends on: I8144062b1f273d0d8932203ffcb7a71aca60bba9

Bug: T87455
Change-Id: Ibcd84ff84edca481328210ee857b0ab723028632
2018-03-17 14:54:48 +00:00
jenkins-bot 6d32b24d16 Merge "Update for the actor table change" 2018-03-17 09:36:59 +00:00
Matěj Suchánek e5db4b47f9 Use LIKE to filter AbuseLog by action taken
Bug: T187971
Change-Id: Id2a9feb395077c5391a4145284d667101dedfa7b
2018-03-16 15:03:38 +00:00
Matěj Suchánek 729ff73c10 Convert Special:AbuseFilter to OOUI
Bug: T132284
Change-Id: I8144062b1f273d0d8932203ffcb7a71aca60bba9
2018-03-16 14:57:52 +01:00
Daimona Eaytoy 981338ae45 Avoid double processing block actions
Otherwise it'll be logged twice, with some related malfunctioning.

Bug: T189857
Change-Id: Ie640793661d824a99fa726843245f99a2ff64f20
2018-03-16 10:01:33 +01:00
Melos 799a2fb1ed Always show abuse filter public comments as plain text
Public comments are parsed in some places and they are
shown as plain text in others. Always show them as
plain text instead of parse them.

Bug: T173249
Bug: T141670
Change-Id: I173ffab1a99c1536cca260b76be0d95a4966b139
2018-03-15 20:14:00 -04:00
Reedy 844af9b1ff Add missing global statements
Bug: T189827
Change-Id: Ib806ca14b84f8f8d2124580f80901e4ad10a67ba
2018-03-15 22:44:45 +00:00
Daimona Eaytoy 3b63127624 Fix messages displayed in history
With https://gerrit.wikimedia.org/r/#/c/412892/ I introduced an error
with action display in history: every action except for block would have
been displayed without parameters.

Change-Id: I273cd908b698c49056c176de9ead5a78d818c7be
2018-03-14 17:50:58 +01:00
Reedy 16d599c1b8 Merge "Add missing use in hooks" 2018-03-12 15:27:02 +00:00
WMDE-Fisch 9af25447a0 Add missing use in hooks
Change-Id: I8e6fa3211868b984248d9414bdbc6970392b2189
2018-03-12 15:00:58 +01:00
Matěj Suchánek 3a0f6a48ba Use OOUI datetime selectors on Special:AbuseFilter/examine
Bug: T58367
Bug: T58368
Change-Id: Ic7882e86c1cadd2501eca9a63623f0db3a0c614a
2018-03-10 10:39:43 +00:00
Daimona Eaytoy e0d7f6a388 Fix issue with custom blocks patch
I had unwillingly substed a variable with a string in the wrong case. It
needs to be fixed before .25 is deployed, otherwise in history there
might be actions != block which'll be displayed as 'block'.

Change-Id: I6d251fa011238509a8fdf264e865573140e7a20d
2018-03-10 10:02:11 +01:00
jenkins-bot 2fe3b18dea Merge "Convert Special:AbuseFilter/history and /examine to use OOUI" 2018-03-10 01:11:57 +00:00
Brad Jorsch 3014871cb5 Update for the actor table change
Core change I8d825eb0 begins the process of changing core database
tables from using xx_user and xx_user_text fields to using xx_actor.
This updates the extension to continue to function during and after the
transition.

Bug: T167246
Change-Id: I4065716022aa60c0fa1a258659db22be2b7f43de
2018-03-09 16:34:24 -05:00
Brad Jorsch 7399cd4348 Update CommentStore usage
CommentStore's calling conventions changed in I3abb62a5c.

Change-Id: I80012f82b39e5054ee40a44b5a8e92dec46c2962
2018-03-09 16:22:32 -05:00
jenkins-bot c02133ac08 Merge "Fix supposedly nullable argument" 2018-03-09 15:55:26 +00:00
Matěj Suchánek 5ae26bb5c6 Fix supposedly nullable argument
Change-Id: I81c467ce3483096c98041412a664b3a26735118a
2018-03-09 16:16:12 +01:00
jenkins-bot f86ef894b6 Merge "Fix typo in wgAbuseFilterActions" 2018-03-09 14:41:47 +00:00
Matěj Suchánek ff281fa2e3 Fix typo in wgAbuseFilterActions
Bug: T189299
Change-Id: Ie87d6f31e00408a2226547ee810cfbab27a439ed
2018-03-09 15:20:53 +01:00
jenkins-bot cd7e6541ac Merge "Fix Special:AbuseLog::getUserLinks call" 2018-03-09 14:19:25 +00:00
Matěj Suchánek 38f56d1dd2 Convert Special:AbuseFilter/history and /examine to use OOUI
Bug: T132284
Change-Id: Ib61e0ce8f3f8481cdaf9ee7f521f73f314fcded2
2018-03-09 11:35:47 +00:00
Matěj Suchánek 4637d19f69 Fix Special:AbuseLog::getUserLinks call
IP addresses have no user id, reusing af_user for them was a complete nonsense.

Change-Id: Iaebf5e57c445452896dce6b3edf0018ebbb6e3dc
2018-03-09 09:26:58 +01:00
jenkins-bot e24c025670 Merge "Allow customizing block durations for each filter" 2018-03-09 03:27:15 +00:00
Daimona Eaytoy 2dd8d27c34 Allow customizing block durations for each filter
This is part of a project to enchance blocking in AF. With this patch,
users are allowed to specify two block durations for each filter, one
for anonymous and one for registered users. For backward compatibility,
default values are set to the global variables.

Bug: T32024
Change-Id: Ib072433d19dabae48d8514e08be9893135b5d63c
2018-03-08 14:57:16 +01:00
Daimona Eaytoy 21c268e2f0 Add logging for preventEditOwnTalk blocks
Blocks preventing edit of own talk currently don't show "cannot edit own
talk page". Added it to the flags to make it display properly.

Bug: T188970
Change-Id: Ia8d1c2b93038c3c43bb224a8cae073b694d74cbe
2018-03-06 17:07:49 +01:00
jenkins-bot 04b1d121c9 Merge "Tag actions which hit the condition limit" 2018-03-06 02:08:08 +00:00
jenkins-bot 0afe787935 Merge "Allow preloading text areas using URL parameter" 2018-03-05 16:08:56 +00:00
jenkins-bot 7f4b69df1e Merge "Add userLinks in private details page" 2018-03-05 16:03:25 +00:00
Daimona Eaytoy 6e42340af9 Add userLinks in private details page
The IP is currently displayed as plain text. Add instead userLinks in
the usual way to provide some handy links for CUs.

Bug: T188600
Change-Id: I47ee007f450f06a1a19b4c7598373a952efbe06a
2018-03-05 11:52:41 +01:00
Matěj Suchánek 8f812a72e7 Allow preloading text areas using URL parameter
Bug: T58784
Change-Id: I5c4f870ad5653011453360d3a44b10820292f488
2018-03-05 08:40:59 +01:00
Daimona Eaytoy 603b020239 Duplicate check for array_diff
Currently, array_diff is only performed in one direction. This way, some
edits to tags (and, in future, to custom block durations) aren't catched
and the filter isn't saved.

Bug: T180194
Change-Id: I22fb9368208380c1a8205a566ac5ff07bbb6e05b
2018-03-04 19:26:50 +01:00
Matěj Suchánek d138b2877c Add form field to filter history by filter
So that users have no longer to modify the URL.
Links like "Special:AbuseFilter/history/1" will still
work but request parameters have higher priority.

Bug: T27897
Change-Id: I2d8c26d3350fdd4052b68c7bced10e3fae859d18
2018-03-04 18:11:21 +00:00
jenkins-bot cdad5f2a28 Merge "Add option to turn off logging IPs" 2018-03-03 23:33:15 +00:00
Dan Mattern fd3987baee Add option to turn off logging IPs
Adds option to stop logging IPs in afl_ip in the abuse_filter_log table.
Introduces a new global variable: $wgAbuseFilterLogIP

Bug: T187169
Change-Id: I1615ba6949c9f8bcdd6ee6aef580c87a05f43e6a
2018-03-03 23:16:24 +00:00
jenkins-bot 3a86dff502 Merge "Do not attempt to process tags if tagging is disabled" 2018-03-03 15:52:15 +00:00
rosalieper b1e2e158c8 Do not attempt to process tags if tagging is disabled
added a check for $wgAbusefilterActions['tag']

Bug: T179249
Change-Id: I03cf318d63e70c8c7cc7c91d7d9347f3f6cbbea0
2018-03-03 14:42:17 +01:00
Matěj Suchánek 7dfe4bfcfd Change message transformation method
The argument needs to be HTML safe.

Change-Id: Ifb0009feb9fdb40679bede917a53d52171a22166
2018-03-02 19:23:28 +00:00
jenkins-bot dda156d5e6 Merge "Wrap the throttled warning in a warningbox div" 2018-03-02 15:58:00 +00:00
James D. Forrester 1d348e148e Avoid calls to deprecated wfSetupSession, $_SESSION, and session_id
Bug: T124371
Bug: T162909
Change-Id: I3ac6a858f39282392631474b29251f090eff9040
2018-03-01 14:44:46 -08:00
jenkins-bot 030de289f4 Merge "Add option to block a user from editing their own talk page" 2018-02-27 20:12:30 +00:00
Huji Lee 43530957e7 Better order of form elements (dropdowns together, filter ID last)
Bug: T159061
Change-Id: I7ea1d30f4ed57f014b7df43fa04957b1348428e6
2018-02-27 17:09:17 +00:00
Huji Lee a83b10c5ed Add option to block a user from editing their own talk page
Bug: T170014
Change-Id: I74b7fd2e036111583e8b69c355e7fb0c51fe67fc
2018-02-27 17:07:51 +00:00
Matěj Suchánek d19ced4cef Filter AbuseLog by the "impact" of the change
Users can choose whether they want to see entries
that changed the wiki or didn't (or they can apply
no filter).

Bug: T159061
Change-Id: I6cee9b001c26c4bbc837131781deef27d5e3ef1a
2018-02-24 15:25:50 -05:00
Matěj Suchánek 6f1e15c5ff Filter Special:AbuseLog by action taken by filters
Bug: T187971
Change-Id: I4c786ac312b9095f3055622677b78c2ce7be6b0c
2018-02-24 14:49:39 +01:00
Matěj Suchánek 2ec2868ffd Remove unused argument
Change-Id: I0429f8227293790195d314fc4560f0aa6af7ba7f
2018-02-24 11:33:10 +00:00
Daimona Eaytoy c7d87182b4 Wrap the throttled warning in a warningbox div
Currently, the message informing that some actions have been disabled is
quite impossible to notice at a first glance, since it's a bit confused
with other form elements. However it actually is a warning and needs to
be treated as that.

Change-Id: I0d851333f8da200fb0b9b0c7d05ccd1f63e9e948
2018-02-21 18:30:49 +01:00
Jeff Janes d7fccb57ed PostgreSQL: Add missing columns for AbuseFilter
Change I758795f01eaf3ff56c5720d660cd989ef95764a7, first released
in 1.20, added columns to AbuseFilter tables for MySQL, but not for
PostgreSQL.

This adds those columns for PostgreSQL, both for the installer and
for the updater.

Combined with already-merged change 192002, this change closes
bug T89514.

Bug: T89514
Change-Id: Ie33a5a932ffd85fa8a4111b949bd0a4d07a2af91
2018-02-16 19:26:34 +01:00
Aaron Schulz 8d40f43a50 Fix some minor IDEA code warnings
Change-Id: Ia7855906c8993ccea6127f2144b308179e669b3a
2018-02-15 22:54:25 +00:00
Matěj Suchánek 3f34308f96 Tag actions which hit the condition limit
When an action reaches the limit, the remaining filters are not executed.
But there is no way find out which one it was.

Bug: T71492
Change-Id: I28fac76d4e9ca341bed25cd35e1249b19586b773
2018-02-15 10:06:08 +01:00
Jayprakash12345 4f176dad83 Up at-ease calls in extensions
Bug: T187037
Change-Id: I4efbbbd1929baeb0410d820eb2a91c3d3c027e9c
2018-02-12 10:31:55 +00:00
Matěj Suchánek 35373155a1 Select only needed columns in queries
Change-Id: I6338906eede533fda76ce96fe10b9c4de314135c
2018-02-10 20:35:05 +00:00
jenkins-bot b74c12ecc0 Merge "API: Fix "Undefined index: wiki" warnings" 2018-02-09 20:13:52 +00:00
Kunal Mehta 2633839630 API: Fix "Undefined index: wiki" warnings
Bug: T186914
Change-Id: I7e9d5524302f5f90d0e82f0f4d41a542e2990ed5
2018-02-09 12:00:07 -08:00
jenkins-bot ac83ad1d90 Merge "Add contains_all and ccnorm_contains_all functions" 2018-02-09 18:08:35 +00:00
Daimona Eaytoy a0de056299 Add contains_all and ccnorm_contains_all functions
Added the contains_all function, with basically the same role as
contains_any but using logic AND instead of OR. Also added
ccnorm_contains_all, that is the same of ccnorm_contains_any but with
AND mode. Finally, fixed three wrong task IDs.
Co-authored with Valerio Bozzolan.

Bug: T21176
Change-Id: Ib0a8b783db6ce0d5db64771c8e0c70f0f8d13d36
2018-02-09 17:33:24 +01:00
Huji Lee 146820185c Log accessing private information in abuse filter logs
Bug: T152934
Change-Id: I8049df3b2b9343a6877e9a306d2781d3f27ec657
2018-02-07 18:35:36 +00:00
Matěj Suchánek 767d450f73 Don't show link to AbuseLog for IP ranges
Bug: T175915
Change-Id: I16fe71ad3eb37eefb5c710026e4de2ce1a976f30
2018-02-05 10:19:06 +01:00
jenkins-bot 8015489986 Merge "Normalize IPv6 addresses in Special:AbuseFilter/examine" 2018-02-05 05:10:02 +00:00
Matěj Suchánek 10aea65219 Allow filtering AbuseLog in API by wiki
Bug: T113414
Change-Id: I833f223b160810d69f084ae4b060adbdd956aa83
2018-02-03 17:45:37 +00:00
jenkins-bot 0475b02bec Merge "Use ExtensionRegistry to check if CheckUser is installed" 2018-02-03 14:17:55 +00:00
jenkins-bot b43a042fb0 Merge "Compatible with PHP 7.2, avoid passing null to count()" 2018-02-03 14:12:56 +00:00
Huji Lee 8beedb2544 Use ExtensionRegistry to check if CheckUser is installed
Bug: T183096
Change-Id: If52fa24e5fb50033092e0c15f08aa7b28c16261a
2018-02-03 14:02:24 +00:00
RazeSoldier 088ca53685 Compatible with PHP 7.2, avoid passing null to count()
Bug: T185981
Change-Id: I2ee2f79124935426ee06b6e0bcb987d1676fdba1
2018-01-31 15:30:23 +00:00
Reedy 459673c9c7 Set default when changing afl_namespace on pg
Bug: T185335
Change-Id: I91fa0bf316a920b21b541eed1d2a837d34ad5683
2018-01-19 20:13:58 +00:00
MarcoAurelio 59ff4aed5d Actually mark abusefilter creations as such in the AbuseFilter log
Bug: T178283
Co-Authored-By: Matěj Suchánek <matejsuchanek97@gmail.com>
Change-Id: I89776eff2fc420b1fe3e2c3b88671749fadb57b4
2018-01-12 17:03:13 +00:00
Umherirrender 80418b1f93 Move classes to own files
Makes MediaWiki.Files.OneClassPerFile.MultipleFound pass

Change-Id: I3b08a69fe7990d6fe5f71cda51d6ac01f11aad2d
2017-12-23 13:43:37 +00:00
Umherirrender cbb7415c5a Change doc type from DatabaseBase to IDatabase
Change-Id: I2657188040aacb758ae5b7048b477776eacf4a2e
2017-12-22 22:09:52 +00:00
jenkins-bot 76cc8802ee Merge "Add PageContentSaveComplete WikiPage typehint" 2017-12-10 01:25:46 +00:00
addshore 142350bde2 Add PageContentSaveComplete WikiPage typehint
Change-Id: If7d3a72cec935de0f54063a1c375962a45eea34e
2017-12-10 00:51:58 +00:00
jenkins-bot 2085dafb5f Merge "Format filter IDs as numbers" 2017-12-03 21:29:20 +00:00
Reedy 7316825155 Replace MimeMagic::singleton() call
Change-Id: Ib01a23b909cb3e19c6d5ea9a8cf03d06ff8dab99
2017-11-27 01:46:00 +00:00
Matěj Suchánek a7ac1f2b3f Normalize IPv6 addresses in Special:AbuseFilter/examine
This is re-application of I0b4a5468c.

Change-Id: Ifad191f460717e70203f1740103f3af77b21b03d
2017-11-17 16:24:42 +01:00
jenkins-bot 94c7a1ea82 Merge "Add get_matches function" 2017-11-13 16:52:13 +00:00
Daimona Eaytoy 4e20c933f4 Add get_matches function
Added the get_matches function to store a regex match.

Bug: T179957
Change-Id: I19366ebcaa4d0f007dd675a61c91457dde57f604
2017-11-13 17:32:45 +01:00
Matěj Suchánek f29c053378 Remove unused parameter from the message
This parameter was never documented. It was just
a leftover from migrating to the current message API
in Id69a9d603. Note that the same message pair further up
in this file does not use it.

Change-Id: I38caa1611d78b6cb182861c8f5d731b27379f62a
2017-11-11 13:35:21 +01:00
Matěj Suchánek 957598261c Format filter IDs as numbers
Follows up I2bd833c35.

Change-Id: I3f2241fe791e9918750ef06805f9c4e5d52ee3b4
2017-11-11 12:38:12 +01:00
jenkins-bot f7fe5834dc Merge "AbuseFilter block range should not exceed $wgBlockCIDRLimit" 2017-11-05 05:36:10 +00:00
jenkins-bot b7b04cb830 Merge "Avoid Call Stack warning when there is an error in the regex pattern" 2017-11-03 20:01:30 +00:00
Huji Lee 7b7be07957 AbuseFilter block range should not exceed $wgBlockCIDRLimit
This patch introduces a config variable for the range block sizes.
It changes the default IPv6 block size from /16 to /19 using the
same reasoning as  Ia25e156fd8234519c4d74f1d41d93f94a313ce14

Using a config var (as opposed to hardcoded range size) allows
future changes proposed in T179454 to make the range size vary
for different IPs, based on the actual subnet they belong to.

Bug: T179455
Bug: T179456
Change-Id: I8dfa17f553a7af524f0a11c0fd51c48773e27be5
2017-11-02 12:08:49 +00:00
Huji Lee 0f7f4ad917 Add missing documentation for protected functions
Bug: T178007
Change-Id: Ia1ae78b30b889b7a8965354ae0a404bf9a520917
2017-11-02 03:20:34 +00:00
Huji Lee ace1822575 Filter ID should always go through formatNum()
Change-Id: I2bd833c35128b3c39c7882321747837184095bef
2017-10-31 22:11:55 -04:00
jenkins-bot 689b7abaff Merge "Remove back-compat code paths" 2017-10-31 16:12:40 +00:00
jenkins-bot f5536f964e Merge "Update for deprecation of selectFields() methods" 2017-10-31 16:08:46 +00:00
Brad Jorsch 6071e7a43f Remove back-compat code paths
Per T178092, AbuseFilter now maintains compatibility with older versions
of MediaWiki using release branches. Thus, various back-compat code
paths may be removed from the master branch.

Change-Id: Ia1b5eade30d7486e3b1b386b15a7db4e5c8cfead
2017-10-31 09:37:54 -04:00
Brad Jorsch 7ed9160ea9 Update for deprecation of selectFields() methods
Various selectFields() methods were deprecated in MediaWiki core change
Idcfd1556, replaced with getQueryInfo() methods.

Change-Id: If75d2e76c2f166bc40a544dd502da43171ce1e7b
Depends-On: Idcfd15568489d9f03a7ba4460e96610d33bc4089
2017-10-31 09:27:27 -04:00
Max Semenik 32598c18bb Drop FastStringSearch support
This PHP extension doesn't have any speed benefits over our minimum
required PHP and so isn't used in WMF production anymore.

Change-Id: I4883643908f765eee5db6b3ca88eed179264e93f
2017-10-26 00:51:07 +00:00
David Barratt 5335b6c811 Use Equivset library intead of AntiSpoof
Use the new equivset library instead of AntiSpoof.

Bug: T175413
Change-Id: I439387deeba99543e194c210953ac73ff98bc5b7
Depends-On: I977d3498b2084a426e2ab4d85c000d1b9dcfe824
2017-10-21 21:55:18 -07:00
jenkins-bot 83d67e4a12 Merge "Restore accidentally deleted code" 2017-10-22 04:09:59 +00:00
jenkins-bot 82ce683000 Merge "Pass LinkRenderer instance to AbuseFilter::addNavigationLinks" 2017-10-22 04:09:59 +00:00
jenkins-bot 610cfa8662 Merge "Normalize IPv6 addresses in Special:AbuseFilter/test" 2017-10-22 04:09:14 +00:00
Matěj Suchánek 5839b7c412 Restore accidentally deleted code
I have noticed I accidentally dropped this code during
Iec237b288 (apologize!).

Change-Id: Ifbd53575ddf8dd1014de19afea395d0eb537c6ee
2017-10-21 08:09:36 +02:00
Simeon Dahl 4c0636bc0a Cleanup, added spaces
Added spaces in some classes so it follow the same style as the others.
Edit is pure cleanup.

Change-Id: If5d5e6e4e99eed83aa69dfb4a224fbcc7c077d43
2017-10-19 09:40:22 +02:00
jenkins-bot 22e68a61ca Merge "Add slow filters debug data to the logs." 2017-10-12 23:11:50 +00:00
Dayllan Maza 3e1c5b9099 Add slow filters debug data to the logs.
When $wgAbuseFilterRuntimeProfile is true, all filters taking
longer than $wgAbuseFilterRuntimeLimit will be logged for
later analysis

Bug: T174205
Change-Id: Id81833afa8421476a6cee47eb3393acdb3a38d65
2017-10-12 17:41:49 -04:00
melos 9eb99b1dc9 Avoid Call Stack warning when there is an error in the regex pattern
When you are in Specia:AbuseFilter/test and you test a filter
against RC if the filter has a regex with a rlike condition
you receive a Call Stack warning for a wrong regex.

Bug: T177744

Change-Id: I2bc62b5709d2863eb355a249610b3e80fab55448
2017-10-09 10:48:20 +02:00
Umherirrender a2ebd0c70a Improve some parameter docs
Change-Id: Ibac10a20243a4eedd826485d56eddd5234da6fec
2017-10-07 00:54:58 +02:00
Dayllan Maza 2bc8873c30 Add ccnorm_contains_any function
Normalize and search a string for multiple substrings

Bug: T65242
Change-Id: I4034c0054a6849babbf2d96ea13dc97d3660d5b4
2017-10-06 11:32:45 -04:00
Matěj Suchánek 08899056d2 Normalize IPv6 addresses in Special:AbuseFilter/test
Forcing user namespace will handle IPv6 correctly as well
as possible "User:" prefix supported by the former code.

Bug: T176045
Change-Id: I0b4a5468ca44799cade0b0774d749e05d4ff5865
2017-09-29 21:02:52 +02:00
libraryupgrader 781f6c2554 build: Updating mediawiki/mediawiki-codesniffer to 13.0.0
The following sniffs are failing and were disabled:
* MediaWiki.VariableAnalysis.ForbiddenGlobalVariables.ForbiddenGlobal$wgTitle

Change-Id: I7163cd8f97a7d2fe5b4410245a72eb416302f4f6
2017-09-24 05:19:01 +00:00
jenkins-bot f00de10b24 Merge "Fix confusing warning message on throtthled filters" 2017-09-14 21:10:47 +00:00
Dayllan Maza 539884f428 Fix confusing warning message on throtthled filters
A confusing warning message was displayed when filters
have af_throttled = true. That message was replaced with a
new one reflecting the behavior that is actually ocurring and
how to solve it

Bug: T54525
Change-Id: I5c6e434249d5c9649eb2d7c5b16b9ecb1f530c8a
2017-09-10 01:26:24 -03:00
Antoine Musso 3efdc518da Select proper db fields in AbuseFilterExaminePager
It queried the 'recentchanges' table with the fields from the 'revision'
table.

Bug: T175338
Change-Id: Ib232e49e3f59285c7f66cdb48c51fe4c97b53e15
2017-09-08 14:41:19 +02:00
Chad Horohoe 3f4ba191f6 Avoid CommentStore errors by selecting correct set of columns
Change-Id: I7d83a45fbf86dc0144d50e8b6258b97f1b0c7188
2017-09-07 17:21:50 -07:00
jenkins-bot f238148fec Merge "Use CommentStore to access core comment fields when available" 2017-09-05 19:02:26 +00:00
Matěj Suchánek d59e62a7b2 Get LinkRenderer instance from special page
Just use SpecialPage::getLinkRenderer().

Change-Id: I7c6e839ed8005e666e7c3c1c08dada8aaadbd28f
2017-09-02 19:04:20 +02:00
Brad Jorsch cfa98448c3 Use CommentStore to access core comment fields when available
See core change Ic3a434c0.

Bug: T166732
Change-Id: I130510381ef97d8a2d29686843e2710cb5f72195
2017-08-30 13:27:46 -04:00
Max Semenik 0686f99653 DB_SLAVE -> DB_REPLICA
Change-Id: I371e092b3cd7f0af3770bf4e64b01a630e23ff92
2017-08-29 19:51:39 -07:00
jenkins-bot 13b60c5e35 Merge "Support delete action in retrospective testing" 2017-08-29 18:02:55 +00:00
jenkins-bot d95b5dcb76 Merge "Improve queries for testing on recent changes" 2017-08-29 18:02:54 +00:00
Matěj Suchánek 2c9af794fd Support delete action in retrospective testing
Bug: T170576
Change-Id: Ied9b6446ea5edccd902d6a88b2601b545d4a6910
2017-08-29 17:48:58 +00:00
jenkins-bot 8dc5c6427c Merge "Add runtime metrics to statsd" 2017-08-24 21:08:14 +00:00
Dayllan Maza c07294cc9c Add runtime metrics to statsd
Metrics per edit:
    - Execution time of all filters
    - Number of filters executed
    - Number of conditions executed

Due to the current structure of abuse filter there was not
a clean way to include filter actions and abuselog creation
as part of the runtime metrics.

Bug: T161059
Change-Id: I6208b620453863133c6623aa419775f63c7d3eb1
2017-08-24 15:58:52 -04:00
Matěj Suchánek 174be6dc9c Restore specific submit message on Special:AbuseLog
This line was dropped in Ifad07bac45eadc4ed377967aa4ab3e3b9e14aa8b.

Bug: T173995
Change-Id: I84982620abbda38c86159b3aa7ed408c44d447ad
2017-08-24 09:46:27 +02:00
Matěj Suchánek 1e5a5539b2 Remove unused message parameters
It should have been deleted in I02ba4ce31b6aca5b7324114093f8ece143abc295
but accidentally survived.

Change-Id: Icdbe8fb0154513d643905f7f8bd6391780cd44a7
2017-08-20 14:48:51 +02:00
Matěj Suchánek 748978fda5 Pass LinkRenderer instance to AbuseFilter::addNavigationLinks
Change-Id: I1de60955344d06e5b55f4d2cfdfa8f2d13df831a
2017-08-20 14:38:40 +02:00
Matěj Suchánek efaae31263 Improve queries for testing on recent changes
- Use rc_source with values that we know we support. In
  particular, this drops categorization changes.
- Filter on rc_log_type and rc_log_action (which itself
  may be shared across types).
- Use the same query on both Special:AbuseFilter/test
  and Special:AbuseFilter/examine.

Bug: T170574
Change-Id: I79b903b4424d3c15095a1e0491d35f6e005db0b8
2017-08-20 14:00:39 +02:00
Rendann 8ff80d0134 Convert Special:AbuseFilter/import to OOjs
Based on https://gerrit.wikimedia.org/r/#/c/370150/
Bug: T132284

Change-Id: Iab2a24926c6b547e34f516149ff94953fb0da634
2017-08-18 13:35:30 +00:00
jenkins-bot 3318bf1570 Merge "Remove manual implementation of AntiSpoof::equivString" 2017-08-14 23:11:45 +00:00
Dayllan Maza 22a7f6e912 Remove manual implementation of AntiSpoof::equivString
Cleaned ccnorm method to use AntiSpoof::normalizeString instead going
after AntiSpoof extension files and doing a manual implementation of it.
Also removed composer requirement for AntiSpoof extension.

Bug: T172766
Depends-On: I731733671b650b6bb2f480c41c4f6f2d2f5c62e8
Change-Id: Ib38ba0b06918e81e8af03032eef95e3942773bc1
2017-08-14 16:25:25 -04:00
jenkins-bot 391966dec4 Merge "Fix the order of conditions when choosing the correct method" 2017-08-14 20:04:42 +00:00
Rendann 51924f3a92 Convert Special:AbuseLog to OOjs
Bug: T132284
Change-Id: Ifad07bac45eadc4ed377967aa4ab3e3b9e14aa8b
2017-08-14 17:19:28 +02:00
matejsuchanek 3b29498f21 Migrate abusefilter/modify log
Bug: T32553
Change-Id: I7e33d1064329124755c77ffe6efbd5d572f43cb9
2017-08-12 10:00:42 +02:00
Matěj Suchánek 79c25e5583 Improve documentation of methods
Change-Id: I231d6a3e095324ae1509fdf028bcc352148a0dbe
2017-08-11 23:26:29 +00:00
Kunal Mehta 72427ec974 build: Updating mediawiki/mediawiki-codesniffer to 0.11.0
Change-Id: I26adebde9fcb2894804ab705402d05d9de745cb1
2017-08-10 22:57:33 -04:00
jenkins-bot 3e9efb90f7 Merge "Require MediaWiki 1.29" 2017-08-10 18:06:06 +00:00
NoRandom 389995916c Allow searching for visible-only/hidden-only/both on abuselog entries
Bug: T153065
Change-Id: I44ca86ff8564328ae932ccad9675298b686dc6ab
2017-08-10 11:46:57 +02:00
Matěj Suchánek 55c27a8f6b Require MediaWiki 1.29
After I544cdfa75c7472f2d98b2561bc6f6f9c2d2ad639 (dieWithError
and checkUserRightsAny), this is the oldest MediaWiki version
AbuseFilter can be run on.

AbortMove was removed from MediaWiki in 1.25, UploadVerifyFile
is only relevant for 1.27 and older.

(Replaces I1e962217c3b20d901a5742cf76339a3f488a6e97.)

Change-Id: Iec237b2887f72b115fdcef78d2d7a944ba82c784
2017-08-10 11:01:34 +02:00
jenkins-bot 7b67f903e0 Merge "Completely disable Special:AbuseFilter/tools for non-maintaners" 2017-08-09 17:12:35 +00:00
Umherirrender eaa1e9fb25 Improve some parameter docs
Change-Id: I03fa9b58c72bcd28985c5a3467b82d8b98f3a0fc
2017-08-08 15:05:06 +02:00
Matěj Suchánek 020517dbe2 Completely disable Special:AbuseFilter/tools for non-maintaners
As described in the task, anyone can view the page but do nothing
with it. It doesn't make sense, it should either work or be disabled.
I chose the latter.

Bug: T124096
Change-Id: I7271cd5a0d00d5fdba28ce3974c50ea5dfd0ad9b
2017-08-08 10:38:25 +02:00
Max Semenik b67cb42c09 Fix some deprecated function usage
Change-Id: I544cdfa75c7472f2d98b2561bc6f6f9c2d2ad639
2017-08-07 16:35:21 -07:00
Max Semenik de7389e19a Fix class and function name case
Change-Id: I55ed3b26ee457863372ec063b7c3ff27bc849b8b
2017-08-07 16:22:48 -07:00
Max Semenik 7e62f23242 Rm unused locals
Change-Id: Ieb77c089645b858290a15c5804de636c5a7b53cc
2017-08-07 16:19:45 -07:00
Max Semenik a6c87eca7a Get rid of deprecated manual profiling
Change-Id: Iefbfb4b9937ed265156fb1b644889fd9e2b29a2e
2017-08-07 16:14:31 -07:00
Max Semenik 2f250127b4 Normalize file layout
Aka move all code into includes/.

Change-Id: I21f7b80bb6df04abbed6bfccb94f92100dc8f071
2017-08-07 16:11:38 -07:00
Kunal Mehta 3a58875637 build: Updating mediawiki/mediawiki-codesniffer to 0.10.1
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected
* MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic
* MediaWiki.Commenting.FunctionComment.MissingParamComment
* MediaWiki.Commenting.FunctionComment.MissingParamName
* MediaWiki.Commenting.FunctionComment.MissingParamTag
* MediaWiki.Commenting.FunctionComment.MissingReturn
* MediaWiki.Commenting.FunctionComment.ParamNameNoMatch
* MediaWiki.Commenting.FunctionComment.WrongStyle

The following sniffs now pass and were enabled:
* MediaWiki.Commenting.FunctionComment

Change-Id: I0874c547ef2bc8a7c3fa4ca72738aa3320f2bdbe
2017-07-23 00:03:40 -07:00
Matěj Suchánek 014f0adda1 Fix the order of conditions when choosing the correct method
It seems that move actions have rc_this_oldid set. rc_log_type
should have higher priority.

Bug: T170586
Change-Id: I9bb4ea599f12ef01fad823ac3232330966b0d281
2017-07-13 17:31:19 +02:00
Umherirrender 1a58507870 build: Updating mediawiki/mediawiki-codesniffer to 0.10.0
Change-Id: I5f37c45d748d5f0da21aceaef32cc89367e312ff
2017-07-08 20:49:30 +02:00
Matěj Suchánek a1aa09d31c Cache global filter names
AbuseLog fetches the names in an additional query for each line but the
result is always same.

Change-Id: Ie12f909727ae82ab60781ccedfdf1b241c105388
2017-06-17 20:50:18 +02:00
Umherirrender a063e33ee8 Use short array syntax
Done by phpcbf over composer fix

Change-Id: I53fd1fc8d056b9b60194d2d630852cfca37aadea
2017-06-15 17:02:57 +02:00
Umherirrender d4b50be650 Update mediawiki/codesniffer to 0.7.2
Also move --ignore to phpcs.xml for use by phpcbf
Short array syntax will be used in follow ups
to keep this patch set small

Change-Id: Ib91f3768cc7cdccdc26a4d5200178ceb8e61e098
2017-06-13 11:59:10 +02:00
Tim Starling 525b6c064c Fix usage of $db->nextSequenceValue()
The return value from the method is only suitable for passing to
$db->insert(). To get the inserted ID, you need to call $db->insertId()
even if $db->nextSequenceValue() returned non-null.

Change-Id: Id5a0df17c77445e9f29564a55fb850c3ecad2630
2017-05-11 10:03:49 +10:00
jenkins-bot 6b70225281 Merge "Only add 'sysop' group to filter user if not in it" 2017-05-09 16:46:08 +00:00
jenkins-bot 7f02b8f0cc Merge "Remove usage of RequestContext::getStats()" 2017-04-26 20:51:14 +00:00
Florian Schmidt 0c663b50e9 Remove usage of RequestContext::getStats()
Bug: T156810
Change-Id: I795080cf431d396337a1ba6fa42e82ffb1b9c145
2017-04-26 20:38:21 +00:00
Jcrespo 848a9ff6f5 Add FORCE INDEX to AFComputedVariable::{closure}
We add FORCE INDEX to revision because probably we have hit a MariaDB
bug that can potentially create an outage on pages with thousands of
revisions due to extreme resource usage by this query when using the
wrong index page_user_timestamp, instead of page_timestamp.

This is considered to be a hack, and once we are in the clear, I promise
to review this an try to get a saner execution path (both in MySQL and
in PHP.

Bug: T116557
Change-Id: I41853da5c0e1a15efad5594eff0cee62be1ad9a4
2017-04-24 19:34:41 +00:00
Kunal Mehta 1392aa05d6 Only add 'sysop' group to filter user if not in it
This should avoid repeated, unnecessary calls to User::addGroup().

Bug: T163032
Change-Id: I010e6eb45c4fbf984a3b5e5df2671117ca4e0136
2017-04-17 10:34:47 -07:00
Timo Tijhof f95e5dd086 Update getStashKey() to use $cache parameter
Follows-up e4ac1ef. A lot of this class gets its own cache object
in key-generation methods because of legacy compat with public
methods and because of how wfMemcKey used to be.

However where possible, we should encourage passing $cache
so that makeKey() can be used on the same instance that uses
the key.

This is a no-op since it's exactly the same object.

Change-Id: Ib3c31110176659a9175679eb716369e7f0a1d3b2
2017-03-09 14:08:04 -08:00
Matěj Suchánek e4ac1efb7a Remove unused argument from a private method
Change-Id: I2f34bb04a90c2535fbeb0e515714aa4a71779f50
2017-03-02 16:34:23 +00:00
Huji Lee 630ef7f2ce Don't use wfDiff() in AbuseFilter
Bug: T158850
Change-Id: Ib5bd4eacc3dd26dc2abdf4eedce66ed228b326d8
2017-02-28 00:29:33 +00:00
Matěj Suchánek de1c2af0e1 Unify global filters decoding across AbuseFilter
Change-Id: I3c97c24b5d0e4818b36e233a8bb3b205cbb2c7d0
2017-01-02 12:14:02 +00:00
Matěj Suchánek 9379a0c767 Add GENDER to the message logentry-abusefilter-hit
As far as I can see, this parameter is already supported.

Bug: T153607
Change-Id: If3eed341ef2f2e7bbad103c2738a7eae59886faa
2016-12-26 09:32:31 +00:00
Aaron Schulz 2d57141600 Move AbuseFilterVariableHolder up to /includes
This class is not for parsing logic or tree nodes

Change-Id: I07a499cc972c30fc249ec4de3250900a3b703443
2016-12-18 17:13:06 -08:00
Aaron Schulz 9b1021b055 Move various classes to their own files
Change-Id: I5d418b3fa27aa6e04b9a680922e5eab2439ffb20
2016-12-17 11:40:10 -08:00