Commit graph

5317 commits

Author SHA1 Message Date
Translation updater bot 137eb65cc2 Localisation updates from https://translatewiki.net.
Change-Id: I67312f485080df1cd1f5c604904419882aafdd68
2019-11-27 09:34:36 +01:00
jenkins-bot 1608ce9fc2 Merge "Raise Equivset composer dependency to 1.4+" 2019-11-26 17:43:15 +00:00
Translation updater bot 7ee59ea443 Localisation updates from https://translatewiki.net.
Change-Id: I12c1da1f12ac380ba9635b3deff7b576cf610b61
2019-11-26 09:14:55 +01:00
Translation updater bot 3054c08a80 Localisation updates from https://translatewiki.net.
Change-Id: Icb04f643575c31c3c3b0e6a68371d8c0408a62cf
2019-11-25 09:08:16 +01:00
Daimona Eaytoy fb4e98d0ec Clarify error message for non-literals passed to set/set_var
Bug: T238713
Change-Id: Iacf880e496f701dde38f1d216c3fce000973354a
2019-11-24 18:05:49 +01:00
Daimona Eaytoy a2354724c9 Raise Equivset composer dependency to 1.4+
Just released, see
https://gerrit.wikimedia.org/g/mediawiki/libs/Equivset/+/refs/tags/1.4.0.

Bug: T238995
Change-Id: I41cfb3b9bbfd145baea796e79078d19ac00ef523
2019-11-23 20:34:25 +00:00
Daimona Eaytoy 0672a8eb8a Ensure that a min/max arg count is available for all built-in functions
This is especially useful for old patches, created before the
introduction of FUNC_ARG_COUNT, where a rebase may break the parser.

Change-Id: Ib142438626a7305f102dc3e4cc9cb07ad33902b8
2019-11-22 17:59:00 +01:00
Daimona Eaytoy b44c9da561 Use af_deleted as secondary sorting for af_enabled
Otherwise deleted and disabled filters would be mixed. Needs dependency
in core, otherwise we'd use af_deleted as secondary sort for every other
sortable field.

Bug: T191694
Depends-On: I0e695f96f18c7a9229753b1225dd473feb936a31
Change-Id: I979849e66bdcc158b7a3d0793ee3196e20db37b6
2019-11-22 16:23:46 +00:00
jenkins-bot a8c50150d6 Merge "Convert static arrays to constants" 2019-11-22 13:39:39 +00:00
jenkins-bot 2d2e524dca Merge "Tokenizer: don't strip backslashes from \x" 2019-11-22 13:36:49 +00:00
Translation updater bot 8bed72cfd6 Localisation updates from https://translatewiki.net.
Change-Id: Id9cb9d30d31efd6fd30ecf9d25c8a57e0accf94f
2019-11-22 09:12:14 +01:00
jenkins-bot 9a7027fe64 Merge "SECURITY: Require view-private or modify for the evalexpression API" 2019-11-21 15:54:46 +00:00
Daimona Eaytoy cee8e14cf1 SECURITY: Require view-private or modify for the evalexpression API
This is consistent with the "anti-DoS" measures on other API modules.
Although this may not be a serious DoS vector, it makes sense to
restrict this module. Moreover, it's also consistent with
Special:AbuseFilter/tools (which is the corresponding web interface),
which requires the same user rights.

Bug: T238451
Change-Id: Id09fd57195d71884674ac0470f137ca30c56e13c
2019-11-21 16:33:04 +01:00
Translation updater bot 956eca36cb Localisation updates from https://translatewiki.net.
Change-Id: Ie63e3492a0790a9233dc29f07474e31c4e880448
2019-11-20 09:35:53 +01:00
jenkins-bot 89170711a8 Merge "Set the utf-8 flag for var dumps in the text table" 2019-11-19 15:28:52 +00:00
Translation updater bot adbeec5176 Localisation updates from https://translatewiki.net.
Change-Id: I80d0b3824b80819062f927145aa472608a17a1ca
2019-11-19 09:32:01 +01:00
Translation updater bot 29bd469e02 Localisation updates from https://translatewiki.net.
Change-Id: I80a2dbf283d50c4d3c63f59fa707449fb03d0161
2019-11-18 09:19:21 +01:00
Daimona Eaytoy b3e58067ac Set the utf-8 flag for var dumps in the text table
This is not retroactive; that will be handled as part of T213006.

Bug: T34478
Change-Id: I2c532da71719a9ace1279bbf67d6e6e30e9a986c
2019-11-16 16:00:45 +00:00
Daimona Eaytoy c03f0a3b08 Convert static arrays to constants
Beloved PHP7!

Change-Id: Id5170662f7c5ceacfc0ac8d90787f2c92fd93464
2019-11-16 16:32:36 +01:00
Daimona Eaytoy c73381b6db Tokenizer: don't strip backslashes from \x
Bug: T238475
Change-Id: I8c2ea6ad369946df93440eece60d456dc1a3fd7a
2019-11-16 16:21:39 +01:00
Translation updater bot a0b349d4c3 Localisation updates from https://translatewiki.net.
Change-Id: Ib8d00edacae2b6bdb654ee247711c4f198bd72bb
2019-11-15 09:18:35 +01:00
Martin Urbanec 5fd861365f SECURITY: Make sure provided filter id match provided history ID in history view
AbuseFilterViewEdit does privilege checks based on filter ID,
and displays what is hidden under given history ID, but doesn't
make sure those two IDs actually belong to one filter.

That means user can easily change filter ID to a public
filter and view old versions of nowadays private filters.

Bug: T237887
Change-Id: Ic12790bd33982473f77551bde9599ed083a3e1f1
2019-11-14 15:53:14 -06:00
Translation updater bot af000125ac Localisation updates from https://translatewiki.net.
Change-Id: Iff2e73bd4dd691d14598c63c10dd06b9a9f18e34
2019-11-13 09:24:23 +01:00
jenkins-bot 80f4742416 Merge "When viewing old filter revisions, show abusefilter-view-oldwarning to users who cannot edit the filter" 2019-11-12 18:59:28 +00:00
Daimona Eaytoy 98bcad25c3 Also parse numbers with the new syntax and hard-deprecate the old one
This will allow people to switch their filters to the new syntax. The
deprecation warning is now more exhaustive, and the info() warning is
kept to ensure that everything proceeds smoothly.
The regex v2 has also been fixed to:
 - Consume all the digits/letters on the right (*)
 - Have named groups
 - Be created dynamically with other constants

(*) The previous version of v2 could complete the match and leave
digits/letters on the right when encountering numbers with the old
syntax, hence dropping support too early. We also cannot use a word
boundary (\b) because that would prevent matching numbers with trailing
dots (e.g. "5.").

Bug: T212730
Change-Id: Ibf6ac571f6b5c09149d69a19c38240ce6b024dff
2019-11-12 11:52:38 +00:00
Daimona Eaytoy a77a59b962 Hard-deprecate empty operands
This bumps the level to WARN, and makes it very clear that people should
fix the affected filters. It also removes the calling method, which was
mostly meant for debugging purposes, and changes the type to 'op_type'
to avoid conflicting with type:mediawiki in logstash.

Bug: T156096
Change-Id: Ie73f1604e8ed82bc2e1be9fc90fa065be37889a3
2019-11-12 11:39:25 +00:00
DannyS712 338341d097 When viewing old filter revisions, show abusefilter-view-oldwarning to users who cannot edit the filter
Currently, `abusefilter-edit-oldwarning` is shown to all users, but not all users are able to edit the filters, and thus the warning about editing isn't applicable to them.

Bug: T235590
Change-Id: I3717d06d4a757684fe6622961391ae06b5bd3c38
2019-11-12 11:36:44 +00:00
Translation updater bot c0a99d876b Localisation updates from https://translatewiki.net.
Change-Id: Ic6e345e2870282bc8083fc58a19d195f571cf8d5
2019-11-12 09:30:12 +01:00
jenkins-bot c4eb01186a Merge "Hard-deprecate too many params" 2019-11-11 23:38:31 +00:00
Translation updater bot 805cca30bc Localisation updates from https://translatewiki.net.
Change-Id: I8151efee17a589f15e2567b61f634f734fbf9186
2019-11-11 15:32:19 +01:00
Translation updater bot d23086323b Localisation updates from https://translatewiki.net.
Change-Id: Idc0c1d853e1c4f46e4abca6b41e630c1906e11fb
2019-11-11 14:44:48 +01:00
Daimona Eaytoy f7ac35d5c6 Hard-deprecate too many params
Bug: T230803
Change-Id: Icec8bcb8ab23956654857acc8b3d235889f587a9
2019-11-10 12:59:33 +00:00
jenkins-bot 91bc961712 Merge "Check for 0-like floats passed to the modulo operator" 2019-11-10 11:51:28 +00:00
jenkins-bot 77681bd67b Merge "Restrict viewing Special:Log/AbuseFilter, and remove from recent changes" 2019-11-10 11:48:15 +00:00
Daimona Eaytoy c0f8374624 Check for 0-like floats passed to the modulo operator
That throws an error in PHP.

Bug: T237459
Change-Id: Ia0b29d6a8b9f4aac6b5b72ce8f2f45afb03f4c99
2019-11-10 11:22:04 +00:00
jenkins-bot 7ff4b95aec Merge "Expand the list of types that can be cast to int" 2019-11-10 11:00:36 +00:00
jenkins-bot 398500121a Merge "Fix conditionals examples in i18n messages" 2019-11-10 10:41:39 +00:00
DannyS712 a137992900 Restrict viewing Special:Log/AbuseFilter, and remove from recent changes
Only allow users with `abusefilter-view` to see abuse filter log
entries. Note that this is different from the abuse log itself.

Bug: T34959
Change-Id: I587c2eb9bdc2e5ca2652aa338440cdc5b6eb9235
2019-11-10 10:41:17 +00:00
Daimona Eaytoy 585d6cdb24 Make to sure to report division by zero when the LHS is undefined
Bug: T234339
Change-Id: I1575ec013c1e7e321a8f13f40804ebc5ab076268
2019-11-08 14:08:52 +00:00
Daimona Eaytoy 1abaff1aac Better handling of keywords and functions
Always run the keyword/function handler, even if there are DUNDEFINED
arguments, so that the handler can perform further validation on the
input and report any error to the user. However, replace DUNDEFINED with
DNULL before running the handler, to avoid special-casing DUNDEFINED in
every handler. If any argument was a DUNDEFINED, we will return
DUNDEFINED anyway.

Also centralize the keyword handling logic to a new method, like it
happens for functions.

Bug: T234339
Change-Id: I875cb77418a39790e91fe5867c49917bfe406ed4
2019-11-08 15:07:20 +01:00
Daimona Eaytoy e98799a00a Centralize the code for calling keywords
This allows sharing the code between cachingparser and the old parser
(for DRY-ness), and even when the old parser will be killed, having the
logic outside of the generic parse method seems saner.

This copies what I446a307e5395ea8cc8ec5ca5d5390b074bea2f24 did for
functions.

Change-Id: Ie6290243a6c78661510a9b4cb713d6e7b2778248
2019-11-08 15:02:17 +01:00
Translation updater bot e1a2aa37a4 Localisation updates from https://translatewiki.net.
Change-Id: I958d7b361b4f1b26ed02714bdcf87cb602fd9239
2019-11-08 09:43:34 +01:00
Daimona Eaytoy b7c7ae168d Explicitly forbid negative indexes in arrays
This emits its own error because:
1- It's clearer to understand
2- It's easier to find where we're dealing with negative offsets, if
we'll ever want to allow that.

Note that trying to use a negative index already results in a hard PHP
error being thrown.

Bug: T237219
Change-Id: Ib11eaaca5e21f740269141c75e62bac48093e8d0
2019-11-08 05:55:56 +00:00
Daimona Eaytoy a7b28369ea Expand the list of types that can be cast to int
Bug: T237624
Change-Id: I2220cb8a8ec998a433a4469d7e0591ec0b4f2b12
2019-11-07 15:14:17 +01:00
Translation updater bot 6a1531b7d4 Localisation updates from https://translatewiki.net.
Change-Id: I3a38fd0004d7f4f48841c304cd2e2f2fa0ac207c
2019-11-07 09:39:33 +01:00
Translation updater bot 4bbb8911d5 Localisation updates from https://translatewiki.net.
Change-Id: I95dcc01683e3eb58ed5beb648514523975e81817
2019-11-05 09:42:51 +01:00
Translation updater bot 93dcea0043 Localisation updates from https://translatewiki.net.
Change-Id: I002d7a6729067b78855a708716a63d7cfbabac7c
2019-11-04 09:25:40 +01:00
Daimona Eaytoy cb15400f97 Fix conditionals examples in i18n messages
Bug: T237131
Change-Id: I68ca3906c64f3da43c7a4985c16f1ab031caebb5
2019-11-02 11:32:05 +01:00
jenkins-bot 5562aade87 Merge "Use PHP regexps instead of SQL to filter on Special:AbuseFilter" 2019-11-01 00:52:28 +00:00
Daimona Eaytoy 7bc70d116e Use PHP regexps instead of SQL to filter on Special:AbuseFilter
As the code comment says, and as it was suggested in
Iafe54285384bc28b3e8812b495166f2682d4571c, we were validating the
provided regexp as PCRE, but using it in SQL, which only supports POSIX.
Furthermore, we won't have to worry about cross-DBMS compat anymore.

Bug: T193068
Change-Id: If6d8717795b6c1dcf619a23363eb6144902cfaed
2019-11-01 11:26:17 +11:00