mediawiki-extensions-AbuseF.../includes
STran 30227231f6 Disallow protected variable access on AbuseFilterViewTestBatch
A filter using a protected variable can be loaded via filter id
using testing tools even though the user might not have the right
to view protected variables. This can potentially leak PII and as
such, testing tools should check for the right before allowing
protected filters to be seen.

- Unload a filter asap if it uses protected variables and the
  requestor doesn't have viewing rights. This:
    + disallows loading of existing protected filters on page load
    + disallows testing against rules that use protected variables
    + disallows subsequent requests for protected filters (via API)

There is a known bug (see T369620) where no user feedback is
provided if an API request for a filter returns no result (typically
when no filter matches the requested id). This commit adds another
pathway to that bug (the filter exists but is protected and not
returned by the API) but does not update this UI/UX.

Bug: T364834
Change-Id: I6a572790edd743596d70c9c4a2ee52b4561e25f3
2024-07-10 05:31:03 -07:00
..
Api Miscellaneous minor fixes 2024-07-03 02:31:38 +02:00
ChangeTags Support more log actions in testing interface 2024-06-19 17:35:43 +02:00
Consequences Use StatusValue::getMessages() instead of deprecated methods 2024-05-28 21:04:59 +00:00
EditBox Use namespaced classes 2024-06-12 20:01:35 +02:00
Filter Miscellaneous minor fixes 2024-07-03 02:31:38 +02:00
Hooks Remove unused phan suppressions 2024-06-28 12:15:49 +02:00
LogFormatter Use namespaced classes 2024-06-12 20:01:35 +02:00
Pager Miscellaneous minor fixes 2024-07-03 02:31:38 +02:00
Parser Simplify FilterEvaluator::getUsedVars using ::checkSyntax 2024-07-05 11:32:09 +02:00
Special Merge "Only return filters visible to user in search" 2024-07-09 09:45:55 +00:00
VariableGenerator Support more log actions in testing interface 2024-06-19 17:35:43 +02:00
Variables Fix variable descriptions showing raw "($1)" 2024-06-16 22:11:08 +02:00
View Disallow protected variable access on AbuseFilterViewTestBatch 2024-07-10 05:31:03 -07:00
Watcher Migrate to IDatabase::newUpdateQueryBuilder 2024-04-15 23:07:44 +02:00
AbuseFilter.php Use actor table in AbuseFilter 2023-03-22 14:01:29 +01:00
AbuseFilterChangesList.php Use namespaced classes 2024-06-12 20:01:35 +02:00
AbuseFilterPermissionManager.php Merge "Add missing permission check to canSeeLogDetailsForFilter" 2024-07-05 10:09:47 +00:00
AbuseFilterPreAuthenticationProvider.php Use namespaced classes 2023-12-10 23:03:12 +01:00
AbuseFilterServices.php Remove AbuseFilterActorMigration 2024-06-15 09:42:27 +02:00
AbuseLogger.php Remove modification of wgCheckUserLogAdditionalRights 2024-06-27 16:43:25 +00:00
AbuseLoggerFactory.php Use namespaced classes 2023-12-10 23:03:12 +01:00
ActionSpecifier.php Use ActionSpecifier to load the IP address 2022-12-17 22:52:24 +01:00
BlockAutopromoteStore.php Use namespaced classes 2023-12-10 23:03:12 +01:00
BlockedDomainFilter.php Use namespaced classes 2024-06-12 20:01:35 +02:00
BlockedDomainStorage.php Use namespaced classes 2024-06-12 20:01:35 +02:00
CentralDBManager.php Fix various typos and documentation issues 2023-09-04 12:55:17 +02:00
CentralDBNotAvailableException.php Add a service to retrieve the central DB 2020-10-31 12:32:46 +00:00
EchoNotifier.php Use namespaced Title 2023-08-19 19:49:36 +02:00
EditRevUpdater.php Migrate to IDatabase::newUpdateQueryBuilder 2024-04-15 23:07:44 +02:00
EditStashCache.php Add new variable for last edit time 2024-04-10 23:12:45 +00:00
EmergencyCache.php build: Updating dependencies 2021-07-21 18:51:18 +00:00
FilterCompare.php Convert af_hidden into a bitmask 2024-05-28 00:59:08 -07:00
FilterImporter.php Use namespaced classes 2024-06-12 20:01:35 +02:00
FilterLookup.php Allow variables to be restricted by user right 2024-06-04 06:54:53 -07:00
FilterProfiler.php build: Updating mediawiki/mediawiki-codesniffer to 43.0.0 2024-03-16 18:53:05 +00:00
FilterRunner.php Use namespaced classes 2023-12-10 23:03:12 +01:00
FilterRunnerFactory.php Use namespaced classes 2023-12-10 23:03:12 +01:00
FilterStore.php Remove AbuseFilterActorMigration 2024-06-15 09:42:27 +02:00
FilterUser.php Don't attempt to steal or create the FilterUser in CheckUserHandler 2024-01-31 19:32:52 +00:00
FilterUtils.php Allow variables to be restricted by user right 2024-06-04 06:54:53 -07:00
FilterValidator.php Miscellaneous minor fixes 2024-07-03 02:31:38 +02:00
GlobalNameUtils.php build: Updating dependencies 2021-07-21 18:51:18 +00:00
InvalidImportDataException.php Adjust code coverage 2020-11-19 22:40:26 +00:00
KeywordsManager.php Add user_unnamed_ip variable 2024-05-23 07:19:48 -07:00
RunnerData.php Refactor ParserStatus 2021-09-17 11:25:54 +00:00
ServiceWiring.php Remove AbuseFilterActorMigration 2024-06-15 09:42:27 +02:00
SpecsFormatter.php Miscellaneous minor fixes 2024-07-03 02:31:38 +02:00
TableDiffFormatterFullContext.php Use the new Wikimedia\Diff namespace 2023-06-29 11:56:13 +10:00
TextExtractor.php Use namespaced classes 2024-06-12 20:01:35 +02:00
ThrottleFilterPresentationModel.php Use namespaced classes 2024-06-12 20:01:35 +02:00