mirror of
https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter.git
synced 2024-11-28 07:50:24 +00:00
6724227182
There's no point in repeating the action name, because it's already used as key. We can then flatten the array and just keep the parameters in the third nesting level. Change-Id: I54abcc49322f432cedd361abeedb72e067d3de41
1632 lines
48 KiB
PHP
1632 lines
48 KiB
PHP
<?php
|
|
|
|
use MediaWiki\Extension\AbuseFilter\AbuseFilterServices;
|
|
use MediaWiki\Extension\AbuseFilter\Hooks\AbuseFilterHookRunner;
|
|
use MediaWiki\Extension\AbuseFilter\VariableGenerator\VariableGenerator;
|
|
use MediaWiki\Logger\LoggerFactory;
|
|
use MediaWiki\MediaWikiServices;
|
|
use MediaWiki\Revision\RevisionRecord;
|
|
use Wikimedia\Rdbms\DBError;
|
|
use Wikimedia\Rdbms\IDatabase;
|
|
|
|
/**
|
|
* This class contains most of the business logic of AbuseFilter. It consists of
|
|
* static functions for generic use (mostly utility functions).
|
|
*/
|
|
class AbuseFilter {
|
|
/**
|
|
* @var int How long to keep profiling data in cache (in seconds)
|
|
*/
|
|
public static $statsStoragePeriod = 86400;
|
|
|
|
/**
|
|
* @var array [filter ID => stdClass|null] as retrieved from self::getFilter. ID could be either
|
|
* an integer or "<GLOBAL_FILTER_PREFIX><integer>"
|
|
*/
|
|
private static $filterCache = [];
|
|
|
|
/** @var string The prefix to use for global filters */
|
|
public const GLOBAL_FILTER_PREFIX = 'global-';
|
|
|
|
/**
|
|
* @var array IDs of logged filters like [ page title => [ 'local' => [ids], 'global' => [ids] ] ].
|
|
* @fixme avoid global state
|
|
*/
|
|
public static $logIds = [];
|
|
|
|
/**
|
|
* @var string[] The FULL list of fields in the abuse_filter table
|
|
* @internal
|
|
*/
|
|
public const ALL_ABUSE_FILTER_FIELDS = [
|
|
'af_id',
|
|
'af_pattern',
|
|
'af_user',
|
|
'af_user_text',
|
|
'af_timestamp',
|
|
'af_enabled',
|
|
'af_comments',
|
|
'af_public_comments',
|
|
'af_hidden',
|
|
'af_hit_count',
|
|
'af_throttled',
|
|
'af_deleted',
|
|
'af_actions',
|
|
'af_global',
|
|
'af_group'
|
|
];
|
|
|
|
/**
|
|
* @var array Actions which may harm the user. Only retrieve via self::getDangerousActions
|
|
* @internal
|
|
*/
|
|
public const DANGEROUS_ACTIONS = [
|
|
'block',
|
|
'blockautopromote',
|
|
'degroup',
|
|
'rangeblock'
|
|
];
|
|
|
|
public const HISTORY_MAPPINGS = [
|
|
'af_pattern' => 'afh_pattern',
|
|
'af_user' => 'afh_user',
|
|
'af_user_text' => 'afh_user_text',
|
|
'af_timestamp' => 'afh_timestamp',
|
|
'af_comments' => 'afh_comments',
|
|
'af_public_comments' => 'afh_public_comments',
|
|
'af_deleted' => 'afh_deleted',
|
|
'af_id' => 'afh_filter',
|
|
'af_group' => 'afh_group',
|
|
];
|
|
|
|
/**
|
|
* @deprecated Since 1.35 Use VariableGenerator::addUserVars()
|
|
* @param User $user
|
|
* @param RecentChange|null $entry
|
|
* @return AbuseFilterVariableHolder
|
|
*/
|
|
public static function generateUserVars( User $user, RecentChange $entry = null ) {
|
|
wfDeprecated( __METHOD__, '1.35' );
|
|
$vars = new AbuseFilterVariableHolder();
|
|
$generator = new VariableGenerator( $vars );
|
|
return $generator->addUserVars( $user, $entry )->getVariableHolder();
|
|
}
|
|
|
|
/**
|
|
* Get an array of action which harm the user.
|
|
*
|
|
* @return string[]
|
|
* @internal Temporary hack
|
|
*/
|
|
public static function getDangerousActions() : array {
|
|
static $actions = null;
|
|
|
|
if ( !$actions ) {
|
|
$extActions = [];
|
|
AbuseFilterHookRunner::getRunner()->onAbuseFilterGetDangerousActions( $extActions );
|
|
$actions = array_unique(
|
|
array_merge( $extActions, self::DANGEROUS_ACTIONS )
|
|
);
|
|
}
|
|
return $actions;
|
|
}
|
|
|
|
/**
|
|
* @param int $filterID The ID of the filter
|
|
* @param bool|int $global Whether the filter is global
|
|
* @return bool
|
|
*/
|
|
public static function filterHidden( $filterID, $global = false ) {
|
|
global $wgAbuseFilterCentralDB;
|
|
|
|
if ( $global ) {
|
|
if ( !$wgAbuseFilterCentralDB ) {
|
|
return false;
|
|
}
|
|
$dbr = self::getCentralDB( DB_REPLICA );
|
|
} else {
|
|
$dbr = wfGetDB( DB_REPLICA );
|
|
}
|
|
|
|
$hidden = $dbr->selectField(
|
|
'abuse_filter',
|
|
'af_hidden',
|
|
[ 'af_id' => $filterID ],
|
|
__METHOD__
|
|
);
|
|
|
|
return (bool)$hidden;
|
|
}
|
|
|
|
/**
|
|
* @deprecated Since 1.35 Use VariableGenerator::addTitleVars
|
|
* @param Title|null $title
|
|
* @param string $prefix
|
|
* @param RecentChange|null $entry
|
|
* @return AbuseFilterVariableHolder
|
|
*/
|
|
public static function generateTitleVars( $title, $prefix, RecentChange $entry = null ) {
|
|
wfDeprecated( __METHOD__, '1.35' );
|
|
$vars = new AbuseFilterVariableHolder();
|
|
if ( !( $title instanceof Title ) ) {
|
|
return $vars;
|
|
}
|
|
$generator = new VariableGenerator( $vars );
|
|
return $generator->addTitleVars( $title, $prefix, $entry )->getVariableHolder();
|
|
}
|
|
|
|
/**
|
|
* @deprecated Since 1.35 Use VariableGenerator::addGenericVars
|
|
* @return AbuseFilterVariableHolder
|
|
*/
|
|
public static function generateGenericVars() {
|
|
wfDeprecated( __METHOD__, '1.35' );
|
|
$vars = new AbuseFilterVariableHolder();
|
|
$generator = new VariableGenerator( $vars );
|
|
return $generator->addGenericVars()->getVariableHolder();
|
|
}
|
|
|
|
/**
|
|
* Returns an associative array of filters which were tripped
|
|
*
|
|
* @param AbuseFilterVariableHolder $vars
|
|
* @param Title $title
|
|
* @param string $group The filter's group (as defined in $wgAbuseFilterValidGroups)
|
|
* @param string $mode 'execute' for edits and logs, 'stash' for cached matches
|
|
* @return bool[] Map of (integer filter ID => bool)
|
|
* @deprecated Since 1.34 See comment on AbuseFilterRunner::checkAllFilters
|
|
*/
|
|
public static function checkAllFilters(
|
|
AbuseFilterVariableHolder $vars,
|
|
Title $title,
|
|
$group = 'default',
|
|
$mode = 'execute'
|
|
) {
|
|
$parser = self::getDefaultParser( $vars );
|
|
$user = RequestContext::getMain()->getUser();
|
|
|
|
$runner = new AbuseFilterRunner( $user, $title, $vars, $group );
|
|
$runner->parser = $parser;
|
|
return $runner->checkAllFilters();
|
|
}
|
|
|
|
/**
|
|
* Utility function to split "<GLOBAL_FILTER_PREFIX>$index" to an array [ $id, $global ], where
|
|
* $id is $index casted to int, and $global is a boolean: true if the filter is global,
|
|
* false otherwise (i.e. if the $filter === $index). Note that the $index
|
|
* is always casted to int. Passing anything which isn't an integer-like value or a string
|
|
* in the shape "<GLOBAL_FILTER_PREFIX>integer" will throw.
|
|
* This reverses self::buildGlobalName
|
|
*
|
|
* @param string|int $filter
|
|
* @return array
|
|
* @throws InvalidArgumentException
|
|
*/
|
|
public static function splitGlobalName( $filter ) {
|
|
if ( preg_match( '/^' . self::GLOBAL_FILTER_PREFIX . '\d+$/', $filter ) === 1 ) {
|
|
$id = intval( substr( $filter, strlen( self::GLOBAL_FILTER_PREFIX ) ) );
|
|
return [ $id, true ];
|
|
} elseif ( is_numeric( $filter ) ) {
|
|
return [ (int)$filter, false ];
|
|
} else {
|
|
throw new InvalidArgumentException( "Invalid filter name: $filter" );
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Given a filter ID and a boolean indicating whether it's global, build a string like
|
|
* "<GLOBAL_FILTER_PREFIX>$ID". Note that, with global = false, $id is casted to string.
|
|
* This reverses self::splitGlobalName.
|
|
*
|
|
* @param int $id The filter ID
|
|
* @param bool $global Whether the filter is global
|
|
* @return string
|
|
* @todo Calling this method should be avoided wherever possible
|
|
*/
|
|
public static function buildGlobalName( $id, $global = true ) {
|
|
$prefix = $global ? self::GLOBAL_FILTER_PREFIX : '';
|
|
return "$prefix$id";
|
|
}
|
|
|
|
/**
|
|
* @param string[] $filters
|
|
* @param bool $legacy TEMPORARY whether to get data in legacy format
|
|
* @return (string|array)[][][]|array[][]
|
|
* @phan-return array<string,array<string,array{action:string,parameters:string[]}>>|array[][]
|
|
*/
|
|
public static function getConsequencesForFilters( $filters, $legacy = true ) {
|
|
$globalFilters = [];
|
|
$localFilters = [];
|
|
|
|
foreach ( $filters as $filter ) {
|
|
list( $filterID, $global ) = self::splitGlobalName( $filter );
|
|
|
|
if ( $global ) {
|
|
$globalFilters[] = $filterID;
|
|
} else {
|
|
$localFilters[] = $filter;
|
|
}
|
|
}
|
|
|
|
// Load local filter info
|
|
$dbr = wfGetDB( DB_REPLICA );
|
|
// Retrieve the consequences.
|
|
$consequences = [];
|
|
|
|
if ( count( $localFilters ) ) {
|
|
$consequences = self::loadConsequencesFromDB( $dbr, $localFilters, '', $legacy );
|
|
}
|
|
|
|
if ( count( $globalFilters ) ) {
|
|
$consequences += self::loadConsequencesFromDB(
|
|
self::getCentralDB( DB_REPLICA ),
|
|
$globalFilters,
|
|
self::GLOBAL_FILTER_PREFIX,
|
|
$legacy
|
|
);
|
|
}
|
|
|
|
return $consequences;
|
|
}
|
|
|
|
/**
|
|
* @param IDatabase $dbr
|
|
* @param string[] $filters
|
|
* @param string $prefix
|
|
* @param bool $legacy TEMPORARY whether to get data in legacy format
|
|
* @return (string|array)[][][]|array[][]
|
|
* @phan-return array<string,array<string,array{action:string,parameters:string[]}>>|array[][]
|
|
*/
|
|
private static function loadConsequencesFromDB(
|
|
IDatabase $dbr,
|
|
$filters,
|
|
$prefix = '',
|
|
$legacy = true
|
|
) {
|
|
$actionsByFilter = [];
|
|
foreach ( $filters as $filter ) {
|
|
$actionsByFilter[$prefix . $filter] = [];
|
|
}
|
|
|
|
$res = $dbr->select(
|
|
[ 'abuse_filter_action', 'abuse_filter' ],
|
|
'*',
|
|
[ 'af_id' => $filters ],
|
|
__METHOD__,
|
|
[],
|
|
[ 'abuse_filter_action' => [ 'LEFT JOIN', 'afa_filter=af_id' ] ]
|
|
);
|
|
|
|
// Categorise consequences by filter.
|
|
foreach ( $res as $row ) {
|
|
if ( $row->af_throttled
|
|
&& in_array( $row->afa_consequence, self::getDangerousActions() )
|
|
) {
|
|
// Don't do the action, just log
|
|
$logger = LoggerFactory::getInstance( 'AbuseFilter' );
|
|
$logger->info(
|
|
'Filter {filter_id} is throttled, skipping action: {action}',
|
|
[
|
|
'filter_id' => $row->af_id,
|
|
'action' => $row->afa_consequence
|
|
]
|
|
);
|
|
} elseif ( $row->afa_filter !== $row->af_id ) {
|
|
// We probably got a NULL, as it's a LEFT JOIN. Don't add it.
|
|
continue;
|
|
} else {
|
|
$params = array_filter( explode( "\n", $row->afa_parameters ) );
|
|
$actionsByFilter[$prefix . $row->afa_filter][$row->afa_consequence] = $legacy
|
|
? [ 'action' => $row->afa_consequence, 'parameters' => $params ]
|
|
: $params;
|
|
}
|
|
}
|
|
|
|
return $actionsByFilter;
|
|
}
|
|
|
|
/**
|
|
* @param AbuseFilterVariableHolder $vars
|
|
* @param Title $title
|
|
* @param string $group The filter's group (as defined in $wgAbuseFilterValidGroups)
|
|
* @param User $user The user performing the action
|
|
* @return Status
|
|
* @deprecated Since 1.34 Build an AbuseFilterRunner instance and call run() on that.
|
|
*/
|
|
public static function filterAction(
|
|
AbuseFilterVariableHolder $vars, Title $title, $group, User $user
|
|
) {
|
|
$runner = new AbuseFilterRunner( $user, $title, $vars, $group );
|
|
return $runner->run();
|
|
}
|
|
|
|
/**
|
|
* @param string $filter Filter ID (integer or "<GLOBAL_FILTER_PREFIX><integer>")
|
|
* @return stdClass|null DB row on success, null on failure
|
|
*/
|
|
public static function getFilter( $filter ) {
|
|
global $wgAbuseFilterCentralDB;
|
|
|
|
if ( !isset( self::$filterCache[$filter] ) ) {
|
|
list( $filterID, $global ) = self::splitGlobalName( $filter );
|
|
if ( $global ) {
|
|
// Global wiki filter
|
|
if ( !$wgAbuseFilterCentralDB ) {
|
|
return null;
|
|
}
|
|
$dbr = self::getCentralDB( DB_REPLICA );
|
|
} else {
|
|
// Local wiki filter
|
|
$dbr = wfGetDB( DB_REPLICA );
|
|
}
|
|
|
|
$row = $dbr->selectRow(
|
|
'abuse_filter',
|
|
self::ALL_ABUSE_FILTER_FIELDS,
|
|
[ 'af_id' => $filterID ],
|
|
__METHOD__
|
|
);
|
|
self::$filterCache[$filter] = $row ?: null;
|
|
}
|
|
|
|
return self::$filterCache[$filter];
|
|
}
|
|
|
|
/**
|
|
* Checks whether the given object represents a full abuse_filter DB row
|
|
* @param stdClass $row
|
|
* @return bool
|
|
*/
|
|
public static function isFullAbuseFilterRow( stdClass $row ) {
|
|
$actual = array_keys( get_object_vars( $row ) );
|
|
|
|
if (
|
|
count( $actual ) !== count( self::ALL_ABUSE_FILTER_FIELDS )
|
|
|| array_diff( self::ALL_ABUSE_FILTER_FIELDS, $actual )
|
|
) {
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Saves an abuse_filter row in cache
|
|
* @param string $id Filter ID (integer or "<GLOBAL_FILTER_PREFIX><integer>")
|
|
* @param stdClass $row A full abuse_filter row to save
|
|
* @throws UnexpectedValueException if the row is not full
|
|
*/
|
|
public static function cacheFilter( $id, $row ) {
|
|
// Check that all fields have been passed, otherwise using self::getFilter for this
|
|
// row will return partial data.
|
|
if ( !self::isFullAbuseFilterRow( $row ) ) {
|
|
throw new UnexpectedValueException( 'The specified row must be a full abuse_filter row.' );
|
|
}
|
|
self::$filterCache[$id] = $row;
|
|
}
|
|
|
|
/**
|
|
* Store a var dump to External Storage or the text table
|
|
* Some of this code is stolen from Revision::insertOn and friends
|
|
*
|
|
* @param AbuseFilterVariableHolder $vars
|
|
* @param bool $global
|
|
*
|
|
* @return int The insert ID.
|
|
*/
|
|
public static function storeVarDump( AbuseFilterVariableHolder $vars, $global = false ) {
|
|
global $wgCompressRevisions;
|
|
|
|
// Get all variables yet set and compute old and new wikitext if not yet done
|
|
// as those are needed for the diff view on top of the abuse log pages
|
|
$vars = $vars->dumpAllVars( [ 'old_wikitext', 'new_wikitext' ] );
|
|
|
|
// Vars is an array with native PHP data types (non-objects) now
|
|
$text = FormatJson::encode( $vars );
|
|
$flags = [ 'utf-8' ];
|
|
|
|
if ( $wgCompressRevisions && function_exists( 'gzdeflate' ) ) {
|
|
$text = gzdeflate( $text );
|
|
$flags[] = 'gzip';
|
|
}
|
|
|
|
// Store to ExternalStore if applicable
|
|
global $wgDefaultExternalStore, $wgAbuseFilterCentralDB;
|
|
if ( $wgDefaultExternalStore ) {
|
|
if ( $global ) {
|
|
$text = ExternalStore::insertToForeignDefault( $text, $wgAbuseFilterCentralDB );
|
|
} else {
|
|
$text = ExternalStore::insertToDefault( $text );
|
|
}
|
|
|
|
$flags[] = 'external';
|
|
}
|
|
|
|
// Store to text table
|
|
if ( $global ) {
|
|
$dbw = self::getCentralDB( DB_MASTER );
|
|
} else {
|
|
$dbw = wfGetDB( DB_MASTER );
|
|
}
|
|
$dbw->insert( 'text',
|
|
[
|
|
'old_text' => $text,
|
|
'old_flags' => implode( ',', $flags ),
|
|
], __METHOD__
|
|
);
|
|
|
|
return $dbw->insertId();
|
|
}
|
|
|
|
/**
|
|
* Retrieve a var dump from External Storage or the text table
|
|
* Some of this code is stolen from Revision::loadText et al
|
|
*
|
|
* @param string $stored_dump
|
|
*
|
|
* @return AbuseFilterVariableHolder
|
|
*/
|
|
public static function loadVarDump( $stored_dump ) : AbuseFilterVariableHolder {
|
|
// Backward compatibility for (old) blobs stored in the abuse_filter_log table
|
|
if ( !is_numeric( $stored_dump ) &&
|
|
substr( $stored_dump, 0, strlen( 'stored-text:' ) ) !== 'stored-text:' &&
|
|
substr( $stored_dump, 0, strlen( 'tt:' ) ) !== 'tt:'
|
|
) {
|
|
$data = unserialize( $stored_dump );
|
|
return is_array( $data ) ? AbuseFilterVariableHolder::newFromArray( $data ) : $data;
|
|
}
|
|
|
|
if ( is_numeric( $stored_dump ) ) {
|
|
$text_id = (int)$stored_dump;
|
|
} elseif ( strpos( $stored_dump, 'stored-text:' ) !== false ) {
|
|
$text_id = (int)str_replace( 'stored-text:', '', $stored_dump );
|
|
} elseif ( strpos( $stored_dump, 'tt:' ) !== false ) {
|
|
$text_id = (int)str_replace( 'tt:', '', $stored_dump );
|
|
} else {
|
|
throw new LogicException( "Cannot understand format: $stored_dump" );
|
|
}
|
|
|
|
$dbr = wfGetDB( DB_REPLICA );
|
|
|
|
$text_row = $dbr->selectRow(
|
|
'text',
|
|
[ 'old_text', 'old_flags' ],
|
|
[ 'old_id' => $text_id ],
|
|
__METHOD__
|
|
);
|
|
|
|
if ( !$text_row ) {
|
|
$logger = LoggerFactory::getInstance( 'AbuseFilter' );
|
|
$logger->warning( __METHOD__ . ": no text row found for input $stored_dump." );
|
|
return new AbuseFilterVariableHolder;
|
|
}
|
|
|
|
$flags = $text_row->old_flags === '' ? [] : explode( ',', $text_row->old_flags );
|
|
$text = $text_row->old_text;
|
|
|
|
if ( in_array( 'external', $flags ) ) {
|
|
$text = ExternalStore::fetchFromURL( $text );
|
|
}
|
|
|
|
if ( in_array( 'gzip', $flags ) ) {
|
|
$text = gzinflate( $text );
|
|
}
|
|
|
|
$obj = FormatJson::decode( $text, true );
|
|
if ( $obj === null ) {
|
|
// Temporary code until all rows will be JSON-encoded
|
|
$obj = unserialize( $text );
|
|
}
|
|
|
|
if ( in_array( 'nativeDataArray', $flags ) ||
|
|
// Temporary condition: we don't add the flag anymore, but the updateVarDump
|
|
// script could be still running and we cannot assume that this branch is the default.
|
|
is_array( $obj )
|
|
) {
|
|
$vars = $obj;
|
|
$obj = AbuseFilterVariableHolder::newFromArray( $vars );
|
|
$obj->translateDeprecatedVars();
|
|
}
|
|
|
|
return $obj;
|
|
}
|
|
|
|
/**
|
|
* @param string $group The filter's group (as defined in $wgAbuseFilterValidGroups)
|
|
* @return string
|
|
*/
|
|
public static function getGlobalRulesKey( $group ) {
|
|
global $wgAbuseFilterIsCentral, $wgAbuseFilterCentralDB;
|
|
|
|
$cache = MediaWikiServices::getInstance()->getMainWANObjectCache();
|
|
if ( !$wgAbuseFilterIsCentral ) {
|
|
return $cache->makeGlobalKey( 'abusefilter', 'rules', $wgAbuseFilterCentralDB, $group );
|
|
}
|
|
|
|
return $cache->makeKey( 'abusefilter', 'rules', $group );
|
|
}
|
|
|
|
/**
|
|
* Gets the autopromotion block status for the given user
|
|
*
|
|
* @param User $target
|
|
* @return int
|
|
*/
|
|
public static function getAutoPromoteBlockStatus( User $target ) {
|
|
$store = ObjectCache::getInstance( 'db-replicated' );
|
|
|
|
return (int)$store->get( self::autoPromoteBlockKey( $store, $target ) );
|
|
}
|
|
|
|
/**
|
|
* Blocks autopromotion for the given user
|
|
*
|
|
* @param User $target
|
|
* @param string $msg The message to show in the log
|
|
* @param int $duration Duration for which autopromotion is blocked, in seconds
|
|
* @return bool True on success, false on failure
|
|
*/
|
|
public static function blockAutoPromote( User $target, $msg, int $duration ) {
|
|
$store = ObjectCache::getInstance( 'db-replicated' );
|
|
if ( !$store->set(
|
|
self::autoPromoteBlockKey( $store, $target ),
|
|
1,
|
|
$duration
|
|
) ) {
|
|
// Failed to set key
|
|
$logger = LoggerFactory::getInstance( 'AbuseFilter' );
|
|
$logger->warning(
|
|
"Failed to block autopromotion for $target. Error: " . $store->getLastError()
|
|
);
|
|
return false;
|
|
}
|
|
|
|
$logEntry = new ManualLogEntry( 'rights', 'blockautopromote' );
|
|
$performer = self::getFilterUser();
|
|
$logEntry->setPerformer( $performer );
|
|
$logEntry->setTarget( $target->getUserPage() );
|
|
|
|
$logEntry->setParameters( [
|
|
'7::duration' => $duration,
|
|
// These parameters are unused in our message, but some parts of the code check for them
|
|
'4::oldgroups' => [],
|
|
'5::newgroups' => []
|
|
] );
|
|
$logEntry->setComment( $msg );
|
|
$logEntry->publish( $logEntry->insert() );
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Unblocks autopromotion for the given user
|
|
*
|
|
* @param User $target
|
|
* @param User $performer
|
|
* @param string $msg The message to show in the log
|
|
* @return bool True on success, false on failure
|
|
*/
|
|
public static function unblockAutopromote( User $target, User $performer, $msg ) {
|
|
// Immediately expire (delete) the key, failing if it does not exist
|
|
$store = ObjectCache::getInstance( 'db-replicated' );
|
|
$expireAt = time() - $store::TTL_HOUR;
|
|
if ( !$store->changeTTL( self::autoPromoteBlockKey( $store, $target ), $expireAt ) ) {
|
|
// Key did not exist to begin with; nothing to do
|
|
return false;
|
|
}
|
|
|
|
$logEntry = new ManualLogEntry( 'rights', 'restoreautopromote' );
|
|
$logEntry->setTarget( Title::makeTitle( NS_USER, $target->getName() ) );
|
|
$logEntry->setComment( $msg );
|
|
// These parameters are unused in our message, but some parts of the code check for them
|
|
$logEntry->setParameters( [
|
|
'4::oldgroups' => [],
|
|
'5::newgroups' => []
|
|
] );
|
|
$logEntry->setPerformer( $performer );
|
|
$logEntry->publish( $logEntry->insert() );
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* @param BagOStuff $store
|
|
* @param User $target
|
|
* @return string
|
|
* @internal
|
|
*/
|
|
public static function autoPromoteBlockKey( BagOStuff $store, User $target ) {
|
|
return $store->makeKey( 'abusefilter', 'block-autopromote', $target->getId() );
|
|
}
|
|
|
|
/**
|
|
* @param string $type The value to get, either "threshold", "count" or "age"
|
|
* @param string $group The filter's group (as defined in $wgAbuseFilterValidGroups)
|
|
* @return mixed
|
|
*/
|
|
public static function getEmergencyValue( $type, $group ) {
|
|
switch ( $type ) {
|
|
case 'threshold':
|
|
global $wgAbuseFilterEmergencyDisableThreshold;
|
|
$value = $wgAbuseFilterEmergencyDisableThreshold;
|
|
break;
|
|
case 'count':
|
|
global $wgAbuseFilterEmergencyDisableCount;
|
|
$value = $wgAbuseFilterEmergencyDisableCount;
|
|
break;
|
|
case 'age':
|
|
global $wgAbuseFilterEmergencyDisableAge;
|
|
$value = $wgAbuseFilterEmergencyDisableAge;
|
|
break;
|
|
default:
|
|
throw new InvalidArgumentException( '$type must be either "threshold", "count" or "age"' );
|
|
}
|
|
|
|
return $value[$group] ?? $value['default'];
|
|
}
|
|
|
|
/**
|
|
* @return User
|
|
*/
|
|
public static function getFilterUser() : User {
|
|
$username = wfMessage( 'abusefilter-blocker' )->inContentLanguage()->text();
|
|
$user = User::newSystemUser( $username, [ 'steal' => true ] );
|
|
|
|
if ( !$user ) {
|
|
// User name is invalid. Don't throw because this is a system message, easy
|
|
// to change and make wrong either by mistake or intentionally to break the site.
|
|
wfWarn(
|
|
'The AbuseFilter user\'s name is invalid. Please change it in ' .
|
|
'MediaWiki:abusefilter-blocker'
|
|
);
|
|
// Use the default name to avoid breaking other stuff. This should have no harm,
|
|
// aside from blocks temporarily attributed to another user.
|
|
$defaultName = wfMessage( 'abusefilter-blocker' )->inLanguage( 'en' )->text();
|
|
$user = User::newSystemUser( $defaultName, [ 'steal' => true ] );
|
|
}
|
|
'@phan-var User $user';
|
|
|
|
// Promote user to 'sysop' so it doesn't look
|
|
// like an unprivileged account is blocking users
|
|
if ( !in_array( 'sysop', $user->getGroups() ) ) {
|
|
$user->addGroup( 'sysop' );
|
|
}
|
|
|
|
return $user;
|
|
}
|
|
|
|
/**
|
|
* Extract values for syntax highlight
|
|
*
|
|
* @param bool $canEdit
|
|
* @return array
|
|
*/
|
|
public static function getAceConfig( bool $canEdit ): array {
|
|
$keywordsManager = AbuseFilterServices::getKeywordsManager();
|
|
$values = $keywordsManager->getBuilderValues();
|
|
$deprecatedVars = $keywordsManager->getDeprecatedVariables();
|
|
|
|
$builderVariables = implode( '|', array_keys( $values['vars'] ) );
|
|
$builderFunctions = implode( '|', array_keys( AbuseFilterParser::FUNCTIONS ) );
|
|
// AbuseFilterTokenizer::KEYWORDS also includes constants (true, false and null),
|
|
// but Ace redefines these constants afterwards so this will not be an issue
|
|
$builderKeywords = implode( '|', AbuseFilterTokenizer::KEYWORDS );
|
|
// Extract operators from tokenizer like we do in AbuseFilterParserTest
|
|
$operators = implode( '|', array_map( function ( $op ) {
|
|
return preg_quote( $op, '/' );
|
|
}, AbuseFilterTokenizer::OPERATORS ) );
|
|
$deprecatedVariables = implode( '|', array_keys( $deprecatedVars ) );
|
|
$disabledVariables = implode( '|', array_keys( $keywordsManager->getDisabledVariables() ) );
|
|
|
|
return [
|
|
'variables' => $builderVariables,
|
|
'functions' => $builderFunctions,
|
|
'keywords' => $builderKeywords,
|
|
'operators' => $operators,
|
|
'deprecated' => $deprecatedVariables,
|
|
'disabled' => $disabledVariables,
|
|
'aceReadOnly' => !$canEdit
|
|
];
|
|
}
|
|
|
|
/**
|
|
* Check whether a filter is allowed to use a tag
|
|
*
|
|
* @param string $tag Tag name
|
|
* @return Status
|
|
*/
|
|
public static function isAllowedTag( $tag ) {
|
|
$tagNameStatus = ChangeTags::isTagNameValid( $tag );
|
|
|
|
if ( !$tagNameStatus->isGood() ) {
|
|
return $tagNameStatus;
|
|
}
|
|
|
|
$finalStatus = Status::newGood();
|
|
|
|
$canAddStatus =
|
|
ChangeTags::canAddTagsAccompanyingChange(
|
|
[ $tag ]
|
|
);
|
|
|
|
if ( $canAddStatus->isGood() ) {
|
|
return $finalStatus;
|
|
}
|
|
|
|
if ( $tag === 'abusefilter-condition-limit' ) {
|
|
$finalStatus->fatal( 'abusefilter-tag-reserved' );
|
|
return $finalStatus;
|
|
}
|
|
|
|
// note: these are both local and global
|
|
$alreadyDefinedTags = AbuseFilterServices::getChangeTagsManager()
|
|
->getTagsDefinedByFilters();
|
|
|
|
if ( in_array( $tag, $alreadyDefinedTags, true ) ) {
|
|
return $finalStatus;
|
|
}
|
|
|
|
$canCreateTagStatus = ChangeTags::canCreateTag( $tag );
|
|
if ( $canCreateTagStatus->isGood() ) {
|
|
return $finalStatus;
|
|
}
|
|
|
|
$finalStatus->fatal( 'abusefilter-edit-bad-tags' );
|
|
return $finalStatus;
|
|
}
|
|
|
|
/**
|
|
* Validate throttle parameters
|
|
*
|
|
* @param array $params Throttle parameters
|
|
* @return null|string Null on success, a string with the error message on failure
|
|
*/
|
|
public static function checkThrottleParameters( $params ) {
|
|
list( $throttleCount, $throttlePeriod ) = explode( ',', $params[1], 2 );
|
|
$throttleGroups = array_slice( $params, 2 );
|
|
$validGroups = [
|
|
'ip',
|
|
'user',
|
|
'range',
|
|
'creationdate',
|
|
'editcount',
|
|
'site',
|
|
'page'
|
|
];
|
|
|
|
$error = null;
|
|
if ( preg_match( '/^[1-9][0-9]*$/', $throttleCount ) === 0 ) {
|
|
$error = 'abusefilter-edit-invalid-throttlecount';
|
|
} elseif ( preg_match( '/^[1-9][0-9]*$/', $throttlePeriod ) === 0 ) {
|
|
$error = 'abusefilter-edit-invalid-throttleperiod';
|
|
} elseif ( !$throttleGroups ) {
|
|
$error = 'abusefilter-edit-empty-throttlegroups';
|
|
} else {
|
|
$valid = true;
|
|
// Groups should be unique in three ways: no direct duplicates like 'user' and 'user',
|
|
// no duplicated subgroups, not even shuffled ('ip,user' and 'user,ip') and no duplicates
|
|
// within subgroups ('user,ip,user')
|
|
$uniqueGroups = [];
|
|
$uniqueSubGroups = true;
|
|
// Every group should be valid, and subgroups should have valid groups inside
|
|
foreach ( $throttleGroups as $group ) {
|
|
if ( strpos( $group, ',' ) !== false ) {
|
|
$subGroups = explode( ',', $group );
|
|
if ( $subGroups !== array_unique( $subGroups ) ) {
|
|
$uniqueSubGroups = false;
|
|
break;
|
|
}
|
|
foreach ( $subGroups as $subGroup ) {
|
|
if ( !in_array( $subGroup, $validGroups ) ) {
|
|
$valid = false;
|
|
break 2;
|
|
}
|
|
}
|
|
sort( $subGroups );
|
|
$uniqueGroups[] = implode( ',', $subGroups );
|
|
} else {
|
|
if ( !in_array( $group, $validGroups ) ) {
|
|
$valid = false;
|
|
break;
|
|
}
|
|
$uniqueGroups[] = $group;
|
|
}
|
|
}
|
|
|
|
if ( !$valid ) {
|
|
$error = 'abusefilter-edit-invalid-throttlegroups';
|
|
} elseif ( !$uniqueSubGroups || $uniqueGroups !== array_unique( $uniqueGroups ) ) {
|
|
$error = 'abusefilter-edit-duplicated-throttlegroups';
|
|
}
|
|
}
|
|
|
|
return $error;
|
|
}
|
|
|
|
/**
|
|
* Checks whether user input for the filter editing form is valid and if so saves the filter.
|
|
* Returns a Status object which can be:
|
|
* - Good with [ new_filter_id, history_id ] as value if the filter was successfully saved
|
|
* - Good with value = false if everything went fine but the filter is unchanged
|
|
* - OK with errors if a validation error occurred
|
|
* - Fatal in case of a permission-related error
|
|
*
|
|
* @param User $user
|
|
* @param int|null $filter
|
|
* @param stdClass $newRow
|
|
* @param array $actions
|
|
* @param stdClass $originalRow
|
|
* @param array $originalActions
|
|
* @param IDatabase $dbw DB_MASTER Where the filter should be saved
|
|
* @param Config $config
|
|
* @return Status
|
|
* @internal
|
|
*/
|
|
public static function saveFilter(
|
|
User $user,
|
|
?int $filter,
|
|
stdClass $newRow,
|
|
array $actions,
|
|
stdClass $originalRow,
|
|
array $originalActions,
|
|
IDatabase $dbw,
|
|
Config $config
|
|
) {
|
|
$afPermManager = AbuseFilterServices::getPermissionManager();
|
|
$validationStatus = Status::newGood();
|
|
|
|
// Check the syntax
|
|
$syntaxerr = self::getDefaultParser()->checkSyntax( $newRow->af_pattern );
|
|
if ( $syntaxerr !== true ) {
|
|
$validationStatus->error( 'abusefilter-edit-badsyntax', $syntaxerr[0] );
|
|
return $validationStatus;
|
|
}
|
|
// Check for missing required fields (title and pattern)
|
|
$missing = [];
|
|
if ( !$newRow->af_pattern || trim( $newRow->af_pattern ) === '' ) {
|
|
$missing[] = new Message( 'abusefilter-edit-field-conditions' );
|
|
}
|
|
if ( !$newRow->af_public_comments ) {
|
|
$missing[] = new Message( 'abusefilter-edit-field-description' );
|
|
}
|
|
if ( count( $missing ) !== 0 ) {
|
|
$validationStatus->error(
|
|
'abusefilter-edit-missingfields',
|
|
Message::listParam( $missing, 'comma' )
|
|
);
|
|
return $validationStatus;
|
|
}
|
|
|
|
// Don't allow setting as deleted an active filter
|
|
if ( $newRow->af_enabled && $newRow->af_deleted ) {
|
|
$validationStatus->error( 'abusefilter-edit-deleting-enabled' );
|
|
return $validationStatus;
|
|
}
|
|
|
|
// If we've activated the 'tag' option, check the arguments for validity.
|
|
if ( isset( $actions['tag'] ) ) {
|
|
if ( count( $actions['tag'] ) === 0 ) {
|
|
$validationStatus->error( 'tags-create-no-name' );
|
|
return $validationStatus;
|
|
}
|
|
foreach ( $actions['tag'] as $tag ) {
|
|
$status = self::isAllowedTag( $tag );
|
|
|
|
if ( !$status->isGood() ) {
|
|
$err = $status->getErrors();
|
|
$msg = $err[0]['message'];
|
|
$validationStatus->error( $msg );
|
|
return $validationStatus;
|
|
}
|
|
}
|
|
}
|
|
|
|
// Warning and disallow message cannot be empty
|
|
if ( isset( $actions['warn'] ) && $actions['warn'][0] === '' ) {
|
|
$validationStatus->error( 'abusefilter-edit-invalid-warn-message' );
|
|
return $validationStatus;
|
|
} elseif ( isset( $actions['disallow'] ) && $actions['disallow'][0] === '' ) {
|
|
$validationStatus->error( 'abusefilter-edit-invalid-disallow-message' );
|
|
return $validationStatus;
|
|
}
|
|
|
|
// If 'throttle' is selected, check its parameters
|
|
if ( isset( $actions['throttle'] ) ) {
|
|
$throttleCheck = self::checkThrottleParameters( $actions['throttle'] );
|
|
if ( $throttleCheck !== null ) {
|
|
$validationStatus->error( $throttleCheck );
|
|
return $validationStatus;
|
|
}
|
|
}
|
|
|
|
$availableActions = array_keys(
|
|
array_filter( $config->get( 'AbuseFilterActions' ) )
|
|
);
|
|
$differences = self::compareVersions(
|
|
[ $newRow, $actions ],
|
|
[ $originalRow, $originalActions ],
|
|
$availableActions
|
|
);
|
|
|
|
// Don't allow adding a new global rule, or updating a
|
|
// rule that is currently global, without permissions.
|
|
if (
|
|
!$afPermManager->canEditFilter( $user, $newRow ) ||
|
|
!$afPermManager->canEditFilter( $user, $originalRow )
|
|
) {
|
|
$validationStatus->fatal( 'abusefilter-edit-notallowed-global' );
|
|
return $validationStatus;
|
|
}
|
|
|
|
// Don't allow custom messages on global rules
|
|
if ( $newRow->af_global == 1 && (
|
|
( isset( $actions['warn'] ) && $actions['warn'][0] !== 'abusefilter-warning' ) ||
|
|
( isset( $actions['disallow'] ) && $actions['disallow'][0] !== 'abusefilter-disallowed' )
|
|
) ) {
|
|
$validationStatus->fatal( 'abusefilter-edit-notallowed-global-custom-msg' );
|
|
return $validationStatus;
|
|
}
|
|
|
|
$wasGlobal = (bool)$originalRow->af_global;
|
|
|
|
// Check for non-changes
|
|
if ( !count( $differences ) ) {
|
|
$validationStatus->setResult( true, false );
|
|
return $validationStatus;
|
|
}
|
|
|
|
// Check for restricted actions
|
|
$restrictions = $config->get( 'AbuseFilterActionRestrictions' );
|
|
if ( count( array_intersect_key(
|
|
array_filter( $restrictions ),
|
|
array_merge( $actions, $originalActions )
|
|
) )
|
|
&& !$afPermManager->canEditFilterWithRestrictedActions( $user )
|
|
) {
|
|
$validationStatus->error( 'abusefilter-edit-restricted' );
|
|
return $validationStatus;
|
|
}
|
|
|
|
// Everything went fine, so let's save the filter
|
|
list( $new_id, $history_id ) =
|
|
self::doSaveFilter( $user, $newRow, $differences, $filter, $actions, $wasGlobal, $dbw, $config );
|
|
$validationStatus->setResult( true, [ $new_id, $history_id ] );
|
|
return $validationStatus;
|
|
}
|
|
|
|
/**
|
|
* Saves new filter's info to DB
|
|
*
|
|
* @param User $user
|
|
* @param stdClass $newRow
|
|
* @param array $differences
|
|
* @param int|null $filter
|
|
* @param array $actions
|
|
* @param bool $wasGlobal
|
|
* @param IDatabase $dbw DB_MASTER where the filter will be saved
|
|
* @param Config $config
|
|
* @return int[] first element is new ID, second is history ID
|
|
*/
|
|
private static function doSaveFilter(
|
|
User $user,
|
|
$newRow,
|
|
$differences,
|
|
?int $filter,
|
|
$actions,
|
|
$wasGlobal,
|
|
IDatabase $dbw,
|
|
Config $config
|
|
) {
|
|
// Convert from object to array
|
|
$newRow = get_object_vars( $newRow );
|
|
|
|
// Set last modifier.
|
|
$newRow['af_timestamp'] = $dbw->timestamp();
|
|
$newRow['af_user'] = $user->getId();
|
|
$newRow['af_user_text'] = $user->getName();
|
|
|
|
$dbw->startAtomic( __METHOD__ );
|
|
|
|
// Insert MAIN row.
|
|
$is_new = $filter === null;
|
|
$new_id = $filter;
|
|
|
|
// Reset throttled marker, if we're re-enabling it.
|
|
$newRow['af_throttled'] = $newRow['af_throttled'] && !$newRow['af_enabled'];
|
|
$newRow['af_id'] = $new_id;
|
|
|
|
// T67807: integer 1's & 0's might be better understood than booleans
|
|
$newRow['af_enabled'] = (int)$newRow['af_enabled'];
|
|
$newRow['af_hidden'] = (int)$newRow['af_hidden'];
|
|
$newRow['af_throttled'] = (int)$newRow['af_throttled'];
|
|
$newRow['af_deleted'] = (int)$newRow['af_deleted'];
|
|
$newRow['af_global'] = (int)$newRow['af_global'];
|
|
|
|
$dbw->replace( 'abuse_filter', 'af_id', $newRow, __METHOD__ );
|
|
|
|
if ( $is_new ) {
|
|
$new_id = $dbw->insertId();
|
|
}
|
|
'@phan-var int $new_id';
|
|
|
|
$availableActions = $config->get( 'AbuseFilterActions' );
|
|
$actionsRows = [];
|
|
foreach ( array_filter( $availableActions ) as $action => $_ ) {
|
|
// Check if it's set
|
|
$enabled = isset( $actions[$action] );
|
|
|
|
if ( $enabled ) {
|
|
$parameters = $actions[$action];
|
|
if ( $action === 'throttle' && $parameters[0] === null ) {
|
|
// FIXME: Do we really need to keep the filter ID inside throttle parameters?
|
|
// We'd save space, keep things simpler and avoid this hack. Note: if removing
|
|
// it, a maintenance script will be necessary to clean up the table.
|
|
$parameters[0] = $new_id;
|
|
}
|
|
|
|
$thisRow = [
|
|
'afa_filter' => $new_id,
|
|
'afa_consequence' => $action,
|
|
'afa_parameters' => implode( "\n", $parameters )
|
|
];
|
|
$actionsRows[] = $thisRow;
|
|
}
|
|
}
|
|
|
|
// Create a history row
|
|
$afh_row = [];
|
|
|
|
foreach ( self::HISTORY_MAPPINGS as $af_col => $afh_col ) {
|
|
$afh_row[$afh_col] = $newRow[$af_col];
|
|
}
|
|
|
|
$afh_row['afh_actions'] = serialize( $actions );
|
|
|
|
$afh_row['afh_changed_fields'] = implode( ',', $differences );
|
|
|
|
$flags = [];
|
|
if ( $newRow['af_hidden'] ) {
|
|
$flags[] = 'hidden';
|
|
}
|
|
if ( $newRow['af_enabled'] ) {
|
|
$flags[] = 'enabled';
|
|
}
|
|
if ( $newRow['af_deleted'] ) {
|
|
$flags[] = 'deleted';
|
|
}
|
|
if ( $newRow['af_global'] ) {
|
|
$flags[] = 'global';
|
|
}
|
|
|
|
$afh_row['afh_flags'] = implode( ',', $flags );
|
|
|
|
$afh_row['afh_filter'] = $new_id;
|
|
|
|
// Do the update
|
|
$dbw->insert( 'abuse_filter_history', $afh_row, __METHOD__ );
|
|
$history_id = $dbw->insertId();
|
|
if ( $filter !== null ) {
|
|
$dbw->delete(
|
|
'abuse_filter_action',
|
|
[ 'afa_filter' => $filter ],
|
|
__METHOD__
|
|
);
|
|
}
|
|
$dbw->insert( 'abuse_filter_action', $actionsRows, __METHOD__ );
|
|
|
|
$dbw->endAtomic( __METHOD__ );
|
|
|
|
// Invalidate cache if this was a global rule
|
|
if ( $wasGlobal || $newRow['af_global'] ) {
|
|
$group = 'default';
|
|
if ( isset( $newRow['af_group'] ) && $newRow['af_group'] !== '' ) {
|
|
$group = $newRow['af_group'];
|
|
}
|
|
|
|
$globalRulesKey = self::getGlobalRulesKey( $group );
|
|
MediaWikiServices::getInstance()->getMainWANObjectCache()->touchCheckKey( $globalRulesKey );
|
|
}
|
|
|
|
// Logging
|
|
$subtype = $filter === null ? 'create' : 'modify';
|
|
$logEntry = new ManualLogEntry( 'abusefilter', $subtype );
|
|
$logEntry->setPerformer( $user );
|
|
$logEntry->setTarget( SpecialAbuseFilter::getTitleForSubpage( (string)$new_id ) );
|
|
$logEntry->setParameters( [
|
|
'historyId' => $history_id,
|
|
'newId' => $new_id
|
|
] );
|
|
$logid = $logEntry->insert( $dbw );
|
|
$logEntry->publish( $logid );
|
|
|
|
if ( isset( $actions['tag'] ) ) {
|
|
AbuseFilterServices::getChangeTagsManager()->purgeTagCache();
|
|
}
|
|
|
|
AbuseFilterServices::getFilterProfiler()->resetFilterProfile( $new_id );
|
|
return [ $new_id, $history_id ];
|
|
}
|
|
|
|
/**
|
|
* Each version is expected to be an array( $row, $actions )
|
|
* Returns an array of fields that are different.
|
|
*
|
|
* @param array $version_1
|
|
* @param array $version_2
|
|
* @param string[] $availableActions All actions enabled in the AF config
|
|
*
|
|
* @return array
|
|
*/
|
|
public static function compareVersions(
|
|
array $version_1,
|
|
array $version_2,
|
|
array $availableActions
|
|
) {
|
|
$compareFields = [
|
|
'af_public_comments',
|
|
'af_pattern',
|
|
'af_comments',
|
|
'af_deleted',
|
|
'af_enabled',
|
|
'af_hidden',
|
|
'af_global',
|
|
'af_group',
|
|
];
|
|
$differences = [];
|
|
|
|
list( $row1, $actions1 ) = $version_1;
|
|
list( $row2, $actions2 ) = $version_2;
|
|
|
|
foreach ( $compareFields as $field ) {
|
|
if ( !isset( $row2->$field ) || $row1->$field != $row2->$field ) {
|
|
$differences[] = $field;
|
|
}
|
|
}
|
|
|
|
foreach ( $availableActions as $action ) {
|
|
if ( !isset( $actions1[$action] ) && !isset( $actions2[$action] ) ) {
|
|
// They're both unset
|
|
} elseif ( isset( $actions1[$action] ) && isset( $actions2[$action] ) ) {
|
|
// They're both set. Double check needed, e.g. per T180194
|
|
if ( array_diff( $actions1[$action], $actions2[$action] ) ||
|
|
array_diff( $actions2[$action], $actions1[$action] ) ) {
|
|
// Different parameters
|
|
$differences[] = 'actions';
|
|
}
|
|
} else {
|
|
// One's unset, one's set.
|
|
$differences[] = 'actions';
|
|
}
|
|
}
|
|
|
|
return array_unique( $differences );
|
|
}
|
|
|
|
/**
|
|
* @param stdClass $row
|
|
* @return array
|
|
*/
|
|
public static function translateFromHistory( $row ) {
|
|
// Manually translate into an abuse_filter row.
|
|
$af_row = new stdClass;
|
|
|
|
foreach ( self::HISTORY_MAPPINGS as $af_col => $afh_col ) {
|
|
$af_row->$af_col = $row->$afh_col;
|
|
}
|
|
|
|
// Process flags
|
|
$af_row->af_deleted = 0;
|
|
$af_row->af_hidden = 0;
|
|
$af_row->af_enabled = 0;
|
|
|
|
if ( $row->afh_flags !== '' ) {
|
|
$flags = explode( ',', $row->afh_flags );
|
|
foreach ( $flags as $flag ) {
|
|
$col_name = "af_$flag";
|
|
$af_row->$col_name = 1;
|
|
}
|
|
}
|
|
|
|
// Process actions
|
|
$actionsRaw = unserialize( $row->afh_actions );
|
|
$actionsOutput = is_array( $actionsRaw ) ? $actionsRaw : [];
|
|
|
|
return [ $af_row, $actionsOutput ];
|
|
}
|
|
|
|
/**
|
|
* @param string $action
|
|
* @param MessageLocalizer|null $localizer
|
|
* @return string HTML
|
|
*/
|
|
public static function getActionDisplay( $action, MessageLocalizer $localizer = null ) {
|
|
$msgCallback = $localizer != null ? [ $localizer, 'msg' ] : 'wfMessage';
|
|
// Give grep a chance to find the usages:
|
|
// abusefilter-action-tag, abusefilter-action-throttle, abusefilter-action-warn,
|
|
// abusefilter-action-blockautopromote, abusefilter-action-block, abusefilter-action-degroup,
|
|
// abusefilter-action-rangeblock, abusefilter-action-disallow
|
|
$msg = $msgCallback( "abusefilter-action-$action" );
|
|
return $msg->isDisabled() ? htmlspecialchars( $action ) : $msg->escaped();
|
|
}
|
|
|
|
/**
|
|
* @param mixed $var
|
|
* @param string $indent
|
|
* @return string
|
|
*/
|
|
public static function formatVar( $var, string $indent = '' ) {
|
|
if ( $var === [] ) {
|
|
return '[]';
|
|
} elseif ( is_array( $var ) ) {
|
|
$ret = '[';
|
|
$indent .= "\t";
|
|
foreach ( $var as $key => $val ) {
|
|
$ret .= "\n$indent" . self::formatVar( $key, $indent ) .
|
|
' => ' . self::formatVar( $val, $indent ) . ',';
|
|
}
|
|
// Strip trailing commas
|
|
return substr( $ret, 0, -1 ) . "\n" . substr( $indent, 0, -1 ) . ']';
|
|
} elseif ( is_string( $var ) ) {
|
|
// Don't escape the string (specifically backslashes) to avoid displaying wrong stuff
|
|
return "'$var'";
|
|
} elseif ( $var === null ) {
|
|
return 'null';
|
|
} elseif ( is_float( $var ) ) {
|
|
// Don't let float precision produce weirdness
|
|
return (string)$var;
|
|
}
|
|
return var_export( $var, true );
|
|
}
|
|
|
|
/**
|
|
* @param AbuseFilterVariableHolder|array $vars
|
|
* @param IContextSource $context
|
|
* @return string
|
|
*/
|
|
public static function buildVarDumpTable( $vars, IContextSource $context ) {
|
|
// Export all values
|
|
if ( $vars instanceof AbuseFilterVariableHolder ) {
|
|
$vars = $vars->exportAllVars();
|
|
}
|
|
|
|
$output = '';
|
|
|
|
$output .=
|
|
Xml::openElement( 'table', [ 'class' => 'mw-abuselog-details' ] ) .
|
|
Xml::openElement( 'tbody' ) .
|
|
"\n";
|
|
|
|
$header =
|
|
Xml::element( 'th', null, $context->msg( 'abusefilter-log-details-var' )->text() ) .
|
|
Xml::element( 'th', null, $context->msg( 'abusefilter-log-details-val' )->text() );
|
|
$output .= Xml::tags( 'tr', null, $header ) . "\n";
|
|
|
|
if ( !count( $vars ) ) {
|
|
$output .= Xml::closeElement( 'tbody' ) . Xml::closeElement( 'table' );
|
|
|
|
return $output;
|
|
}
|
|
|
|
$keywordsManager = AbuseFilterServices::getKeywordsManager();
|
|
// Now, build the body of the table.
|
|
foreach ( $vars as $key => $value ) {
|
|
$key = strtolower( $key );
|
|
|
|
$varMsgKey = $keywordsManager->getMessageKeyForVar( $key );
|
|
if ( $varMsgKey ) {
|
|
$keyDisplay = $context->msg( $varMsgKey )->parse() .
|
|
' ' . Html::element( 'code', [], $context->msg( 'parentheses' )->rawParams( $key )->text() );
|
|
} else {
|
|
$keyDisplay = Html::element( 'code', [], $key );
|
|
}
|
|
|
|
if ( $value === null ) {
|
|
$value = '';
|
|
}
|
|
$value = Html::element(
|
|
'div',
|
|
[ 'class' => 'mw-abuselog-var-value' ],
|
|
self::formatVar( $value )
|
|
);
|
|
|
|
$trow =
|
|
Xml::tags( 'td', [ 'class' => 'mw-abuselog-var' ], $keyDisplay ) .
|
|
Xml::tags( 'td', [ 'class' => 'mw-abuselog-var-value' ], $value );
|
|
$output .=
|
|
Xml::tags( 'tr',
|
|
[ 'class' => "mw-abuselog-details-$key mw-abuselog-value" ], $trow
|
|
) . "\n";
|
|
}
|
|
|
|
$output .= Xml::closeElement( 'tbody' ) . Xml::closeElement( 'table' );
|
|
|
|
return $output;
|
|
}
|
|
|
|
/**
|
|
* @param string $action
|
|
* @param string[] $parameters
|
|
* @param Language $lang
|
|
* @return string
|
|
*/
|
|
public static function formatAction( $action, $parameters, $lang ) {
|
|
if ( count( $parameters ) === 0 ||
|
|
( $action === 'block' && count( $parameters ) !== 3 ) ) {
|
|
$displayAction = self::getActionDisplay( $action );
|
|
} else {
|
|
if ( $action === 'block' ) {
|
|
// Needs to be treated separately since the message is more complex
|
|
$messages = [
|
|
wfMessage( 'abusefilter-block-anon' )->escaped() .
|
|
wfMessage( 'colon-separator' )->escaped() .
|
|
$lang->translateBlockExpiry( $parameters[1] ),
|
|
wfMessage( 'abusefilter-block-user' )->escaped() .
|
|
wfMessage( 'colon-separator' )->escaped() .
|
|
$lang->translateBlockExpiry( $parameters[2] )
|
|
];
|
|
if ( $parameters[0] === 'blocktalk' ) {
|
|
$messages[] = wfMessage( 'abusefilter-block-talk' )->escaped();
|
|
}
|
|
$displayAction = $lang->commaList( $messages );
|
|
} elseif ( $action === 'throttle' ) {
|
|
array_shift( $parameters );
|
|
list( $actions, $time ) = explode( ',', array_shift( $parameters ) );
|
|
|
|
// Join comma-separated groups in a commaList with a final "and", and convert to messages.
|
|
// Messages used here: abusefilter-throttle-ip, abusefilter-throttle-user,
|
|
// abusefilter-throttle-site, abusefilter-throttle-creationdate, abusefilter-throttle-editcount
|
|
// abusefilter-throttle-range, abusefilter-throttle-page, abusefilter-throttle-none
|
|
foreach ( $parameters as &$val ) {
|
|
if ( strpos( $val, ',' ) !== false ) {
|
|
$subGroups = explode( ',', $val );
|
|
foreach ( $subGroups as &$group ) {
|
|
$msg = wfMessage( "abusefilter-throttle-$group" );
|
|
// We previously accepted literally everything in this field, so old entries
|
|
// may have weird stuff.
|
|
$group = $msg->exists() ? $msg->text() : $group;
|
|
}
|
|
unset( $group );
|
|
$val = $lang->listToText( $subGroups );
|
|
} else {
|
|
$msg = wfMessage( "abusefilter-throttle-$val" );
|
|
$val = $msg->exists() ? $msg->text() : $val;
|
|
}
|
|
}
|
|
unset( $val );
|
|
$groups = $lang->semicolonList( $parameters );
|
|
|
|
$displayAction = self::getActionDisplay( $action ) .
|
|
wfMessage( 'colon-separator' )->escaped() .
|
|
wfMessage( 'abusefilter-throttle-details' )->params( $actions, $time, $groups )->escaped();
|
|
} else {
|
|
$displayAction = self::getActionDisplay( $action ) .
|
|
wfMessage( 'colon-separator' )->escaped() .
|
|
$lang->semicolonList( array_map( 'htmlspecialchars', $parameters ) );
|
|
}
|
|
}
|
|
|
|
return $displayAction;
|
|
}
|
|
|
|
/**
|
|
* @param string $value
|
|
* @param Language $lang
|
|
* @return string
|
|
*/
|
|
public static function formatFlags( $value, $lang ) {
|
|
$flags = array_filter( explode( ',', $value ) );
|
|
$flags_display = [];
|
|
foreach ( $flags as $flag ) {
|
|
$flags_display[] = wfMessage( "abusefilter-history-$flag" )->escaped();
|
|
}
|
|
|
|
return $lang->commaList( $flags_display );
|
|
}
|
|
|
|
/**
|
|
* @param int $filterID
|
|
* @return string|null
|
|
*/
|
|
public static function getGlobalFilterDescription( $filterID ) : ?string {
|
|
global $wgAbuseFilterCentralDB;
|
|
|
|
if ( !$wgAbuseFilterCentralDB ) {
|
|
return null;
|
|
}
|
|
|
|
static $cache = [];
|
|
if ( isset( $cache[$filterID] ) ) {
|
|
return $cache[$filterID];
|
|
}
|
|
|
|
$fdb = self::getCentralDB( DB_REPLICA );
|
|
|
|
$cache[$filterID] = (string)$fdb->selectField(
|
|
'abuse_filter',
|
|
'af_public_comments',
|
|
[ 'af_id' => $filterID ],
|
|
__METHOD__
|
|
);
|
|
|
|
return $cache[$filterID];
|
|
}
|
|
|
|
/**
|
|
* Gives either the user-specified name for a group,
|
|
* or spits the input back out
|
|
* @param string $group The filter's group (as defined in $wgAbuseFilterValidGroups)
|
|
* @return string A name for that filter group, or the input.
|
|
*/
|
|
public static function nameGroup( $group ) {
|
|
// Give grep a chance to find the usages: abusefilter-group-default
|
|
$msg = "abusefilter-group-$group";
|
|
|
|
return wfMessage( $msg )->exists() ? wfMessage( $msg )->escaped() : $group;
|
|
}
|
|
|
|
/**
|
|
* Look up some text of a revision from its revision id
|
|
*
|
|
* Note that this is really *some* text, we do not make *any* guarantee
|
|
* that this text will be even close to what the user actually sees, or
|
|
* that the form is fit for any intended purpose.
|
|
*
|
|
* Note also that if the revision for any reason is not an Revision
|
|
* the function returns with an empty string.
|
|
*
|
|
* For now, this returns all the revision's slots, concatenated together.
|
|
* In future, this will be replaced by a better solution. See T208769 for
|
|
* discussion.
|
|
*
|
|
* @internal
|
|
* @todo Move elsewhere. VariableGenerator is a good candidate
|
|
*
|
|
* @param RevisionRecord|null $revision a valid revision
|
|
* @param User $user the user instance to check for privileged access
|
|
* @return string the content of the revision as some kind of string,
|
|
* or an empty string if it can not be found
|
|
*/
|
|
public static function revisionToString( ?RevisionRecord $revision, User $user ) {
|
|
if ( !$revision ) {
|
|
return '';
|
|
}
|
|
|
|
$strings = [];
|
|
|
|
foreach ( $revision->getSlotRoles() as $role ) {
|
|
$content = $revision->getContent( $role, RevisionRecord::FOR_THIS_USER, $user );
|
|
if ( $content === null ) {
|
|
continue;
|
|
}
|
|
$strings[$role] = self::contentToString( $content );
|
|
}
|
|
|
|
$result = implode( "\n\n", $strings );
|
|
return $result;
|
|
}
|
|
|
|
/**
|
|
* Converts the given Content object to a string.
|
|
*
|
|
* This uses Content::getNativeData() if $content is an instance of TextContent,
|
|
* or Content::getTextForSearchIndex() otherwise.
|
|
*
|
|
* The hook 'AbuseFilter::contentToString' can be used to override this
|
|
* behavior.
|
|
*
|
|
* @internal
|
|
* @todo Move elsewhere. VariableGenerator is a good candidate
|
|
*
|
|
* @param Content $content
|
|
*
|
|
* @return string a suitable string representation of the content.
|
|
*/
|
|
public static function contentToString( Content $content ) {
|
|
$text = null;
|
|
|
|
$hookRunner = AbuseFilterHookRunner::getRunner();
|
|
if ( $hookRunner->onAbuseFilterContentToString(
|
|
$content,
|
|
$text
|
|
) ) {
|
|
$text = $content instanceof TextContent
|
|
? $content->getText()
|
|
: $content->getTextForSearchIndex();
|
|
}
|
|
|
|
// T22310
|
|
$text = TextContent::normalizeLineEndings( (string)$text );
|
|
return $text;
|
|
}
|
|
|
|
/**
|
|
* Get the history ID of the first change to a given filter
|
|
*
|
|
* @param int $filterID Filter id
|
|
* @return string
|
|
*/
|
|
public static function getFirstFilterChange( $filterID ) {
|
|
static $firstChanges = [];
|
|
|
|
if ( !isset( $firstChanges[$filterID] ) ) {
|
|
$dbr = wfGetDB( DB_REPLICA );
|
|
$historyID = $dbr->selectField(
|
|
'abuse_filter_history',
|
|
'afh_id',
|
|
[
|
|
'afh_filter' => $filterID,
|
|
],
|
|
__METHOD__,
|
|
[ 'ORDER BY' => 'afh_timestamp ASC' ]
|
|
);
|
|
$firstChanges[$filterID] = $historyID;
|
|
}
|
|
|
|
return $firstChanges[$filterID];
|
|
}
|
|
|
|
/**
|
|
* @param int $index DB_MASTER/DB_REPLICA
|
|
* @return IDatabase
|
|
* @throws DBerror
|
|
* @throws RuntimeException
|
|
*/
|
|
public static function getCentralDB( $index ) {
|
|
global $wgAbuseFilterCentralDB;
|
|
|
|
if ( !is_string( $wgAbuseFilterCentralDB ) ) {
|
|
throw new RuntimeException( '$wgAbuseFilterCentralDB is not configured' );
|
|
}
|
|
|
|
return MediaWikiServices::getInstance()
|
|
->getDBLoadBalancerFactory()
|
|
->getMainLB( $wgAbuseFilterCentralDB )
|
|
->getConnectionRef( $index, [], $wgAbuseFilterCentralDB );
|
|
}
|
|
|
|
/**
|
|
* Get a parser instance using default options. This should mostly be intended as a wrapper
|
|
* around $wgAbuseFilterParserClass and for choosing the right type of cache. It also has the
|
|
* benefit of typehinting the return value, thus making IDEs and static analysis tools happier.
|
|
*
|
|
* @param AbuseFilterVariableHolder|null $vars
|
|
* @return AbuseFilterParser
|
|
* @throws InvalidArgumentException if $wgAbuseFilterParserClass is not valid
|
|
*/
|
|
public static function getDefaultParser(
|
|
AbuseFilterVariableHolder $vars = null
|
|
) : AbuseFilterParser {
|
|
global $wgAbuseFilterParserClass;
|
|
|
|
$allowedValues = [ AbuseFilterParser::class, AbuseFilterCachingParser::class ];
|
|
if ( !in_array( $wgAbuseFilterParserClass, $allowedValues ) ) {
|
|
throw new InvalidArgumentException(
|
|
"Invalid value $wgAbuseFilterParserClass for \$wgAbuseFilterParserClass."
|
|
);
|
|
}
|
|
|
|
$contLang = MediaWikiServices::getInstance()->getContentLanguage();
|
|
$cache = ObjectCache::getLocalServerInstance( 'hash' );
|
|
$logger = LoggerFactory::getInstance( 'AbuseFilter' );
|
|
$keywordsManager = AbuseFilterServices::getKeywordsManager();
|
|
return new $wgAbuseFilterParserClass( $contLang, $cache, $logger, $keywordsManager, $vars );
|
|
}
|
|
|
|
/**
|
|
* Shortcut for checking whether $user can view the given revision, with mask
|
|
* SUPPRESSED_ALL.
|
|
*
|
|
* @note This assumes that a revision with the given ID exists
|
|
*
|
|
* @param RevisionRecord $revRec
|
|
* @param User $user
|
|
* @return bool
|
|
*/
|
|
public static function userCanViewRev( RevisionRecord $revRec, User $user ) : bool {
|
|
return $revRec->audienceCan(
|
|
RevisionRecord::SUPPRESSED_ALL,
|
|
RevisionRecord::FOR_THIS_USER,
|
|
$user
|
|
);
|
|
}
|
|
}
|