Commit graph

57 commits

Author SHA1 Message Date
Daimona Eaytoy e65a69b6fe Only select needed columns in queries
Using '*' is handy, but we often end up selecting too much stuff.

Change-Id: I16d791ff8de6596de4fb65b1032b225f0bd65bf3
2018-09-03 14:12:41 +02:00
Daimona Eaytoy 4399be933d Use OOUI infusion for the change tags field in ViewEdit
Since this is what it's meant to be for. Better, cleaner, safer.

Change-Id: Ib5f632ac708aeff62b50c91ef60c547036481834
2018-08-22 15:27:06 +02:00
Daimona Eaytoy e526295123 Add a placeholder for the no-js changetags input field
There is already one for the js field, but we can't reuse it since "one
by one" doesn't make any sense here.

Change-Id: Iaf01e19f4006b3d578bb2201cf9108fe46d56085
2018-08-22 11:02:51 +02:00
libraryupgrader 76c6d2caeb build: Updating mediawiki/mediawiki-codesniffer to 21.0.0
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionAnnotations.UnrecognizedAnnotation
* MediaWiki.Usage.InArrayUsage.Found

Change-Id: I46e414246c6597dd78b069f753d686c0d1c1c09d
2018-07-27 00:27:11 +00:00
jenkins-bot 78bd634f58 Merge "Add link to abusefilter-edit-lastmod-text" 2018-07-26 22:56:07 +00:00
Daimona Eaytoy 7992349789 Fix block durations dropdown
A month ago SpecialBlock::getSuggestedDurations has been
modified, and now it also returns an "other" key. Since we don't need it
and it would break thing up, add a parameter to avoid dealing with that.

Depends-On: Ic2dbc961f7eebad11da53724b9cce2f804ffad39
Change-Id: Ica37ba7015a04445c2cbafebcc85726368e23cb0
2018-07-24 15:41:57 +00:00
IoannisKydonis 2fa95e55e6 Add link to abusefilter-edit-lastmod-text
This adds a link to the diff of the edited filter.

Co-authored-by: Matěj Suchánek
Bug: T53382
Change-Id: I57104f592fc3961bb43ecea8442ef6666ed4a69c
2018-07-22 16:13:35 +02:00
jenkins-bot 84252213c0 Merge "Improve the check for block durations equality" 2018-07-22 14:02:22 +00:00
Daimona Eaytoy b825e396b5 Switch editing interface to OOUI & improve NoJS usability
This settles almost everything, leaving the tags part ready to be
further improved in the follow-ups.
Also, replaced some fields with totally different ones, improved the
warn preview area and improved a bit nojs experience by hiding unusable
buttons.

Bug: T132284
Bug: T154749
Change-Id: I7a5caa862a32f9792140c6a4d9708a2d20472672
2018-07-17 14:49:50 +02:00
Daimona Eaytoy b8a2225bb2 Warn the user to re-attempt save if edit token didn't match
I've been noticing this problem for a long time: sometimes, when the
filter editor stays open for a long time and you try to click "save filter",
the page is scrolled and the edit isn't save (while it is indeed saved
when clicking save again). I found out that this is due to edit token
not matching. If that happens and the request was posted, warn user to
re-save the edit.

Change-Id: Id0c5600bf22632f57d237a19b492cc9c297be736
2018-07-13 15:40:29 +02:00
Daimona Eaytoy 9012848032 Wrap error messages in Html::errorBox
The message 'abusefilter-edit-notallowed' is used twice and outputted
as plain text. This makes it really, really hard to notice. Wrap it in a
block-level errorbox to make sure users see it.

Change-Id: I6e5579f9a5e33f05520001e10ffdde928ffdcff0
2018-07-11 15:37:20 +02:00
jenkins-bot cacc034d1a Merge "Fix minor issues around" 2018-07-11 00:28:50 +00:00
Daimona Eaytoy da2a14ad39 Revert "Change message transformation method"
Html::warningBox makes use of Html::rawElement, where as noted in docblock the given html must *not* be escaped. Plus, bold text was broken due to escaping.

This reverts commit 7dfe4bfcfd.

Change-Id: I505be036291d4c6ff33c0c4fed4dd83a5bb56c54
2018-07-08 22:17:09 +00:00
Daimona Eaytoy f016c6c95f Fix minor issues around
This fixes the following minor issues:
* In HistoryPager's getQueryInfo, afh_id was listed twice
* In AbuseFilter::translateFromHistory a field named "af_" was produced
if no actions were in use
* The topnav link "Recent filter changes" wasn't STRONGed on pages like
"Special:AbuseFilter/history/123"
* In checkAllFilters and AbuseFilter::getFilter, select from DB only the
fields that will be used.
* Simplify some inline comments and remove superfluous ones

Change-Id: If72b18bedac5e580487406e696aea1fd172ae45b
2018-07-07 12:11:39 +00:00
jenkins-bot 53eba666dc Merge "Two minor fixes to make code testable" 2018-07-06 19:56:47 +00:00
Brian Wolff 5f73034c7a Minor escaping fixes
This will also fix some (not all) of phan-taint-check's warnings

Bug: T197002
Change-Id: I7fd1798030d83292ce46543e25c0c431ec345a11
2018-07-05 18:51:30 +00:00
Daimona Eaytoy c8c66b55bc Two minor fixes to make code testable
Trying to write unit tests, there are some things in the code that make
it not well testable. Here, two of them are corrected:
1 - Use class constants instead of static variables inside a non-static
method. Otherwise such variables won't be reset between tests. The
change is made so that there'll be less impact on blame.
2 - Set af_enabled to true even in af_deleted is true as well. For three
reasons: the first is that we already perform validation for this, so no
need to secretly change the option to whatever we think would make
sense. Second, this redundant validation makes some tests fail. Third:
this way, if the user selects both enabled and deleted, when the warning
is shown he'll indeed see that both checkboxes are selected. Before, he
would only see wpFilterEnabled as selected.

Change-Id: Ib7a0335fa7fb3b8a21765438a720205656c1ea09
2018-07-05 00:07:46 +02:00
Daimona Eaytoy f9687ad678 Abstract methods in ViewEdit related to filter saving
Actually, it seems like I almost got it right at the first try. I tested
every validation scenario and it worked as espected, so ready for
review.

Bug: T193596
Change-Id: I7fd1798030d83292ce46543e25c0c431ec345a28
2018-07-02 20:27:05 +02:00
jenkins-bot 9eb736d63d Merge "Enable OOUI and add unused button to the output" 2018-06-10 03:13:20 +00:00
Max Semenik 5c8a8da1f2 Fix some Doxygen problems
Change-Id: I04ce5564ec73e45a6d94c51be94bd1423a86780a
2018-06-08 13:02:40 -07:00
Daimona Eaytoy 9fe281e704 Enable OOUI and add unused button to the output
In If67035991a0835ec3edc13be4543e6b40c76c3ea I changed a couple of links
to OOUI buttons, but forgot to add one of these to the output (and to
enable OOUI as well).

Change-Id: I7dd4b554bae406bc0c8326867298302ee10b47f2
2018-06-04 11:21:41 +00:00
Daimona Eaytoy 74569e20a7 Improve the check for block durations equality
With I5e3764dbec8ac21f20c460181ae78ed73eca92f6 I introduced a function
to check that two blocks with different wordings refer to the same
duration. While that functions works good 99.9% of the time, there's a
highly unlikely but actual problem: if one of the operand is parsed at
time x and the other at time x+1 (in seconds, and this may happen even
if it gets parsed 1 ms later), the 2 durations will be considered
different and this may be annoying. With this patch I introduce another
tiny function which uses strtotime to parse a duration, but uses the
second parameter (=0) to avoid relativeness to the current time. Again,
this isn't likely to occurr, but since the fix is straightforward we'd
better do it. Also, now global durations aren't parsed at every
iteration (previously they were due to the same problem, amplified by
time distance between the first and the last iteration).

Change-Id: I11a078f298aaed9631d7f422c6b9b722d28e73cc
2018-06-04 11:21:37 +00:00
Max Semenik 94f3bc67ca Use PHP7 ?? operator
Change-Id: I757b832ac86f52d8b70ffc42fdb60796ab81e7fe
2018-05-31 11:53:03 -07:00
libraryupgrader 99c212226d build: Updating mediawiki/mediawiki-codesniffer to 20.0.0
Change-Id: Ib1d0dfa76babc01c30f4e905e8f6fb80e1e9a0bc
2018-05-25 23:31:49 +00:00
Daimona Eaytoy 096bb4872b Fix flags checkboxes broken in recent patch
With If16975dd394cfdb3c57ff263366c2fc865de362a I broke flags checkboxes,
i.e. the one for enabling/deleting/etc. a filter. In fact, I
misunderstood the way cbReadOnlyAttribute was used (a dirty way,
actually) and this caused such checkboxes not to be disabled if the user
didn't have rights to edit the filter.

Change-Id: Ibf80b54e0f620734ad7767e4769a93bbf1feccff
2018-05-05 14:35:01 +02:00
jenkins-bot 4557b3961e Merge "Fix an undeclared variable in block options" 2018-05-04 02:03:20 +00:00
Daimona Eaytoy 9c01724053 Remove unused code
The $deadActions array is populated but never used. At first I thought
it was about actions which aren't available, but this isn't right.
Instead, it's only used to keep track of available actions which aren't
used in the current filter. Which is some data that we don't need, nor
there's nothing we may do with that.

Bug: T188181
Change-Id: Ibdfeb92ccd790c0b1a4d79b382b053b9361459f8
2018-05-03 19:36:27 +02:00
Daimona Eaytoy 69c0fd9e7c Fix an undeclared variable in block options
We used to display the checkbox to block talk without checking if
it was defined. This caused a warning and an empty space with
wgBlockAllowsUTEdit set to false.

Change-Id: I97f82633e932de7e325615473c85245a406a55ef
2018-05-03 19:14:03 +02:00
jenkins-bot 9387a4fb88 Merge "Use OOUI buttons instead of plain links and Html::errorbox for errors" 2018-05-03 00:41:21 +00:00
Daimona Eaytoy 632c8e77e2 Don't let enabled filters be marked as deleted
Adds both client-side and server-side validation.

Bug: T156619
Change-Id: If16975dd394cfdb3c57ff263366c2fc865de362a
2018-05-02 22:20:53 +00:00
Daimona Eaytoy 2d876d08bd Use OOUI buttons instead of plain links and Html::errorbox for errors
Like we did for other links in /diff and /histories, there are some
links that we'd better display as OOUI buttons. Also, use the Html
class' specific method to show errorboxes.

Bug: T132284
Change-Id: If67035991a0835ec3edc13be4543e6b40c76c3ea
2018-05-02 13:13:01 +02:00
Matěj Suchánek 45d1d71def Reduce use of globals in favor of Config
I'd like to have this reviewed by more than one user before merging, to avoid regressions of annoying typos.

Change-Id: I91a9c5cca55e540a6c95b750579c1c369a760b15
2018-05-02 02:27:26 +00:00
Daimona Eaytoy 9b1f1b263e Fix XSS vulnerabilities
I found these vulnerabilities while trying to setup seccheck. Although
I'm not sure whether seccheck recognised them, I'm sure that they exist
since I did manual tests, and it's possible to inject custom scripts
with these.

Change-Id: I97804be8352a1b784d483195edb29e363a0c616e
2018-05-01 16:55:46 +02:00
Daimona Eaytoy caa4b1c763 Add phan configuration
This is taken from I6a57a28f22600aafb2e529587ecce6083e9f7da4 and makes
all the needed changes to make phan pass. Seccheck will instead fail,
but since it's not clear how to fix it (and it is non-voting), for the
moment we may merge this and enable phan on IC.

Bug: T192325
Change-Id: I77648b6f8e146114fd43bb0f4dfccdb36b7ac1ac
2018-04-30 08:32:58 +00:00
jenkins-bot 2e116e5c6d Merge "Don't use an empty string for block parameters" 2018-04-26 14:20:09 +00:00
Daimona Eaytoy d9fc90c281 Move AbuseFilter::buildEditBox static method to AbuseFilterView class
Make it non static, plus a couple of minor stylistic fixes to such method.

Bug: T190180
Change-Id: I54dd1f785d33908a0481aa2db997aa085776fc2d
2018-04-26 09:24:04 +02:00
Daimona Eaytoy 7008de80e6 Don't use an empty string for block parameters
Follow-up of Iaeae672dca66ffc745054daabd6f0eae7dfbc648. Some actions
were still marked with red, specifically the ones with block inside. The
reason is that we stored the 'blocktalk' parameter as an emtpy string if
false, which wasn't filtered when loading request. Changing the empty
string to something different is enough to fix the problem, hopefully
without regressions. Note that this isn't retroactive and needs an edit
to become effective.

Bug: T189681
Change-Id: I7d7f0606fc23bad5ba342076066ab0e935680b3f
2018-04-26 09:13:02 +02:00
Daimona Eaytoy 392f37d516 Filter parameters when loading/editing them
Re-opening of I8eb50d38c81b4e446c0f1dc03abc27122b8fa025 by Thiemo Kreuz.

Bug: T189681
Change-Id: Iaeae672dca66ffc745054daabd6f0eae7dfbc648
2018-04-23 23:43:05 +00:00
Daimona Eaytoy 3c3a521fec Fix coding conventions exclusion rules
This should fix every error with excluded rules, leaving only the one
for $wgTitle. A double check would be nice in order to avoid regressions
due to stupid mistakes.

Bug: T178007
Change-Id: I22c179f3a01d652640304b59e43fcb5b5a9abac3
2018-04-20 08:40:18 +00:00
Reedy f990b07bec Update at-ease calls
Bug: T187037
Change-Id: I6448e581a14c468ac2ea8f1752ded6be550d0592
2018-04-18 14:29:37 +00:00
Daimona Eaytoy ddf707656e Make sure blocks from ipboptions have the same wording as globals
This is the long-term solution for the problem. The ToDo may be
unnecessary, but leaving it there as a caveat.

Bug: T190602
Change-Id: I5e3764dbec8ac21f20c460181ae78ed73eca92f6
2018-04-06 08:15:17 +00:00
Daimona Eaytoy e53811ecb3 Add requirement for title and pattern fields
Currently users can save filters without title or pattern. This
shouldn't be allowed since it leads to lack of clarity. The check is
only performed server-side, since when implementing Ace editor we won't
be able to (easily) add a pure HTML requirement for the pattern field.

Bug: T173947
Change-Id: I1a0418b87cdb1ff423238fcdf1c743930500e605
2018-04-02 16:37:51 +02:00
Daimona Eaytoy 2dd8d27c34 Allow customizing block durations for each filter
This is part of a project to enchance blocking in AF. With this patch,
users are allowed to specify two block durations for each filter, one
for anonymous and one for registered users. For backward compatibility,
default values are set to the global variables.

Bug: T32024
Change-Id: Ib072433d19dabae48d8514e08be9893135b5d63c
2018-03-08 14:57:16 +01:00
Matěj Suchánek 7dfe4bfcfd Change message transformation method
The argument needs to be HTML safe.

Change-Id: Ifb0009feb9fdb40679bede917a53d52171a22166
2018-03-02 19:23:28 +00:00
jenkins-bot dda156d5e6 Merge "Wrap the throttled warning in a warningbox div" 2018-03-02 15:58:00 +00:00
Huji Lee a83b10c5ed Add option to block a user from editing their own talk page
Bug: T170014
Change-Id: I74b7fd2e036111583e8b69c355e7fb0c51fe67fc
2018-02-27 17:07:51 +00:00
Daimona Eaytoy c7d87182b4 Wrap the throttled warning in a warningbox div
Currently, the message informing that some actions have been disabled is
quite impossible to notice at a first glance, since it's a bit confused
with other form elements. However it actually is a warning and needs to
be treated as that.

Change-Id: I0d851333f8da200fb0b9b0c7d05ccd1f63e9e948
2018-02-21 18:30:49 +01:00
MarcoAurelio 59ff4aed5d Actually mark abusefilter creations as such in the AbuseFilter log
Bug: T178283
Co-Authored-By: Matěj Suchánek <matejsuchanek97@gmail.com>
Change-Id: I89776eff2fc420b1fe3e2c3b88671749fadb57b4
2018-01-12 17:03:13 +00:00
Huji Lee 0f7f4ad917 Add missing documentation for protected functions
Bug: T178007
Change-Id: Ia1ae78b30b889b7a8965354ae0a404bf9a520917
2017-11-02 03:20:34 +00:00
Brad Jorsch 6071e7a43f Remove back-compat code paths
Per T178092, AbuseFilter now maintains compatibility with older versions
of MediaWiki using release branches. Thus, various back-compat code
paths may be removed from the master branch.

Change-Id: Ia1b5eade30d7486e3b1b386b15a7db4e5c8cfead
2017-10-31 09:37:54 -04:00