2005-09-30 09:21:02 +00:00
|
|
|
<?php
|
2007-04-09 16:42:18 +00:00
|
|
|
|
2006-01-27 08:00:32 +00:00
|
|
|
/**
|
2011-01-31 05:30:34 +00:00
|
|
|
* ConfirmEdit MediaWiki extension.
|
|
|
|
*
|
|
|
|
* This is a framework that holds a variety of CAPTCHA tools. The
|
|
|
|
* default one, 'SimpleCaptcha', is not intended as a production-
|
|
|
|
* level CAPTCHA system, and another one of the options provided
|
|
|
|
* should be used in its place for any real usages.
|
2006-01-27 08:00:32 +00:00
|
|
|
*
|
2007-06-14 16:41:57 +00:00
|
|
|
* Copyright (C) 2005-2007 Brion Vibber <brion@wikimedia.org>
|
2006-01-27 08:00:32 +00:00
|
|
|
* http://www.mediawiki.org/
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License along
|
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
2010-06-21 13:45:17 +00:00
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
2006-01-27 08:00:32 +00:00
|
|
|
* http://www.gnu.org/copyleft/gpl.html
|
|
|
|
*
|
2010-06-06 15:12:22 +00:00
|
|
|
* @file
|
|
|
|
* @ingroup Extensions
|
2006-01-27 08:00:32 +00:00
|
|
|
*/
|
2005-09-30 09:21:02 +00:00
|
|
|
|
2007-11-12 07:42:25 +00:00
|
|
|
if ( !defined( 'MEDIAWIKI' ) ) {
|
|
|
|
exit;
|
|
|
|
}
|
Use the shared parse on API edit
ConfirmEdit was tripling the API save time, because it was parsing the
entire content twice to evaluate whether the addurl trigger is hit.
While I was here, I stopped using the deprecated non-Content hooks. The
new hook, EditEditFilterMergedContent, does not pass an EditPage object,
which means that Title or WikiPage objects need to be passed around
instead. Also, since EditPage::showEditForm() cannot be called with no
EditPage object, use a EditPage::showEditForm:fields hook instead.
If non-wikitext content is edited, assume that the regex trigger is not
hit.
For further architectural details, see the associated core change:
I4b4270dd868a . MW_EDITFILTERMERGED_SUPPORTS_API is a constant
introduced to detect the presence of the associated core change.
Also, in APIGetAllowedParams, set the allowed parameters even if we are
not on the help screen. This allows API users to submit their CAPTCHA
answer without it failing with an "unrecognized parameter" error.
Compatibility with MediaWiki 1.21 is retained, compatibility before that
is dropped.
Change-Id: I9529b7e8d3fc9301c754b28fda185aa3ab36f13e
2014-12-05 04:48:13 +00:00
|
|
|
if ( !defined( 'MW_SUPPORTS_CONTENTHANDLER' ) ) {
|
|
|
|
throw Exception( 'This version of ConfirmEdit requires MediaWiki 1.21 or later' );
|
|
|
|
}
|
2005-09-30 09:21:02 +00:00
|
|
|
|
2007-11-12 07:42:25 +00:00
|
|
|
$wgExtensionFunctions[] = 'confirmEditSetup';
|
2012-02-13 14:08:07 +00:00
|
|
|
$wgExtensionCredits['antispam'][] = array(
|
2009-04-27 03:15:19 +00:00
|
|
|
'path' => __FILE__,
|
2007-01-11 05:36:48 +00:00
|
|
|
'name' => 'ConfirmEdit',
|
2011-02-05 00:58:07 +00:00
|
|
|
'author' => array( 'Brion Vibber', '...' ),
|
2011-12-13 23:49:33 +00:00
|
|
|
'url' => 'https://www.mediawiki.org/wiki/Extension:ConfirmEdit',
|
2014-03-26 11:55:44 +00:00
|
|
|
'version' => '1.3',
|
2008-02-04 15:04:47 +00:00
|
|
|
'descriptionmsg' => 'captcha-desc',
|
2015-01-28 22:49:46 +00:00
|
|
|
'license-name' => 'GPL-2.0+',
|
2007-01-11 05:36:48 +00:00
|
|
|
);
|
2005-09-30 09:21:02 +00:00
|
|
|
|
2006-01-27 08:00:32 +00:00
|
|
|
/**
|
|
|
|
* The 'skipcaptcha' permission key can be given out to
|
|
|
|
* let known-good users perform triggering actions without
|
|
|
|
* having to go through the captcha.
|
|
|
|
*
|
|
|
|
* By default, sysops and registered bot accounts will be
|
|
|
|
* able to skip, while others have to go through it.
|
|
|
|
*/
|
2005-12-29 17:19:28 +00:00
|
|
|
$wgGroupPermissions['*' ]['skipcaptcha'] = false;
|
|
|
|
$wgGroupPermissions['user' ]['skipcaptcha'] = false;
|
|
|
|
$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = false;
|
|
|
|
$wgGroupPermissions['bot' ]['skipcaptcha'] = true; // registered bots
|
|
|
|
$wgGroupPermissions['sysop' ]['skipcaptcha'] = true;
|
2008-05-14 00:38:28 +00:00
|
|
|
$wgAvailableRights[] = 'skipcaptcha';
|
2005-09-30 09:21:02 +00:00
|
|
|
|
2007-07-05 19:48:53 +00:00
|
|
|
/**
|
|
|
|
* List of IP ranges to allow to skip the captcha, similar to the group setting:
|
|
|
|
* "$wgGroupPermission[...]['skipcaptcha'] = true"
|
|
|
|
*
|
|
|
|
* Specific IP addresses or CIDR-style ranges may be used,
|
|
|
|
* for instance:
|
|
|
|
* $wgCaptchaWhitelistIP = array('192.168.1.0/24', '10.1.0.0/16');
|
|
|
|
*/
|
|
|
|
$wgCaptchaWhitelistIP = false;
|
|
|
|
|
2005-10-14 05:07:24 +00:00
|
|
|
$wgCaptcha = null;
|
|
|
|
$wgCaptchaClass = 'SimpleCaptcha';
|
|
|
|
|
2006-01-27 08:00:32 +00:00
|
|
|
/**
|
2007-04-09 16:42:18 +00:00
|
|
|
* Actions which can trigger a captcha
|
2006-01-27 08:00:32 +00:00
|
|
|
*
|
|
|
|
* If the 'edit' trigger is on, *every* edit will trigger the captcha.
|
|
|
|
* This may be useful for protecting against vandalbot attacks.
|
|
|
|
*
|
|
|
|
* If using the default 'addurl' trigger, the captcha will trigger on
|
|
|
|
* edits that include URLs that aren't in the current version of the page.
|
|
|
|
* This should catch automated linkspammers without annoying people when
|
|
|
|
* they make more typical edits.
|
2007-03-29 02:13:34 +00:00
|
|
|
*
|
|
|
|
* The captcha code should not use $wgCaptchaTriggers, but CaptchaTriggers()
|
|
|
|
* which also takes into account per namespace triggering.
|
2006-01-27 08:00:32 +00:00
|
|
|
*/
|
2005-10-14 05:07:24 +00:00
|
|
|
$wgCaptchaTriggers = array();
|
2006-01-29 07:37:33 +00:00
|
|
|
$wgCaptchaTriggers['edit'] = false; // Would check on every edit
|
2011-09-01 16:54:59 +00:00
|
|
|
$wgCaptchaTriggers['create'] = false; // Check on page creation.
|
2010-04-10 21:26:03 +00:00
|
|
|
$wgCaptchaTriggers['sendemail'] = false; // Special:Emailuser
|
2006-01-29 07:37:33 +00:00
|
|
|
$wgCaptchaTriggers['addurl'] = true; // Check on edits that add URLs
|
|
|
|
$wgCaptchaTriggers['createaccount'] = true; // Special:Userlogin&type=signup
|
2007-05-07 21:54:06 +00:00
|
|
|
$wgCaptchaTriggers['badlogin'] = true; // Special:Userlogin after failure
|
2006-01-29 07:37:33 +00:00
|
|
|
|
2007-03-29 02:13:34 +00:00
|
|
|
/**
|
|
|
|
* You may wish to apply special rules for captcha triggering on some namespaces.
|
2009-07-19 15:13:01 +00:00
|
|
|
* $wgCaptchaTriggersOnNamespace[<namespace id>][<trigger>] forces an always on /
|
2007-03-29 02:13:34 +00:00
|
|
|
* always off configuration with that trigger for the given namespace.
|
|
|
|
* Leave unset to use the global options ($wgCaptchaTriggers).
|
|
|
|
*
|
|
|
|
* Shall not be used with 'createaccount' (it is not checked).
|
|
|
|
*/
|
|
|
|
$wgCaptchaTriggersOnNamespace = array();
|
|
|
|
|
2009-07-19 15:13:01 +00:00
|
|
|
# Example:
|
|
|
|
# $wgCaptchaTriggersOnNamespace[NS_TALK]['create'] = false; //Allow creation of talk pages without captchas.
|
|
|
|
# $wgCaptchaTriggersOnNamespace[NS_PROJECT]['edit'] = true; //Show captcha whenever editing Project pages.
|
2007-03-29 02:13:34 +00:00
|
|
|
|
2007-02-19 21:32:16 +00:00
|
|
|
/**
|
|
|
|
* Indicate how to store per-session data required to match up the
|
|
|
|
* internal captcha data with the editor.
|
|
|
|
*
|
|
|
|
* 'CaptchaSessionStore' uses PHP's session storage, which is cookie-based
|
|
|
|
* and may fail for anons with cookies disabled.
|
|
|
|
*
|
|
|
|
* 'CaptchaCacheStore' uses $wgMemc, which avoids the cookie dependency
|
|
|
|
* but may be fragile depending on cache configuration.
|
|
|
|
*/
|
|
|
|
$wgCaptchaStorageClass = 'CaptchaSessionStore';
|
|
|
|
|
|
|
|
/**
|
2007-05-07 21:54:06 +00:00
|
|
|
* Number of seconds a captcha session should last in the data cache
|
2007-02-19 21:32:16 +00:00
|
|
|
* before expiring when managing through CaptchaCacheStore class.
|
|
|
|
*
|
|
|
|
* Default is a half hour.
|
|
|
|
*/
|
|
|
|
$wgCaptchaSessionExpiration = 30 * 60;
|
2005-10-14 05:07:24 +00:00
|
|
|
|
2007-05-07 21:54:06 +00:00
|
|
|
/**
|
|
|
|
* Number of seconds after a bad login that a captcha will be shown to
|
|
|
|
* that client on the login form to slow down password-guessing bots.
|
|
|
|
*
|
|
|
|
* Has no effect if 'badlogin' is disabled in $wgCaptchaTriggers or
|
|
|
|
* if there is not a caching engine enabled.
|
|
|
|
*
|
|
|
|
* Default is five minutes.
|
|
|
|
*/
|
|
|
|
$wgCaptchaBadLoginExpiration = 5 * 60;
|
|
|
|
|
2005-09-30 09:21:02 +00:00
|
|
|
/**
|
2013-02-27 11:35:40 +00:00
|
|
|
* Allow users who have confirmed their email addresses to post
|
2005-09-30 09:21:02 +00:00
|
|
|
* URL links without being harassed by the captcha.
|
|
|
|
*/
|
|
|
|
$ceAllowConfirmedEmail = false;
|
|
|
|
|
2009-07-19 15:13:01 +00:00
|
|
|
/**
|
2008-07-02 23:09:26 +00:00
|
|
|
* Number of bad login attempts before triggering the captcha. 0 means the
|
|
|
|
* captcha is presented on the first login.
|
2008-07-02 15:00:30 +00:00
|
|
|
*/
|
2008-07-02 23:09:26 +00:00
|
|
|
$wgCaptchaBadLoginAttempts = 3;
|
2008-07-02 15:00:30 +00:00
|
|
|
|
2006-01-27 11:05:50 +00:00
|
|
|
/**
|
|
|
|
* Regex to whitelist URLs to known-good sites...
|
|
|
|
* For instance:
|
|
|
|
* $wgCaptchaWhitelist = '#^https?://([a-z0-9-]+\\.)?(wikimedia|wikipedia)\.org/#i';
|
2007-06-20 10:00:47 +00:00
|
|
|
* Local admins can define a whitelist under [[MediaWiki:captcha-addurl-whitelist]]
|
2006-01-27 11:05:50 +00:00
|
|
|
*/
|
|
|
|
$wgCaptchaWhitelist = false;
|
|
|
|
|
2006-06-24 21:26:48 +00:00
|
|
|
/**
|
|
|
|
* Additional regexes to check for. Use full regexes; can match things
|
|
|
|
* other than URLs such as junk edits.
|
|
|
|
*
|
|
|
|
* If the new version matches one and the old version doesn't,
|
|
|
|
* toss up the captcha screen.
|
|
|
|
*
|
|
|
|
* @fixme Add a message for local admins to add items as well.
|
|
|
|
*/
|
|
|
|
$wgCaptchaRegexes = array();
|
|
|
|
|
2006-07-03 15:56:15 +00:00
|
|
|
/** Register special page */
|
2011-04-14 14:39:57 +00:00
|
|
|
$wgSpecialPages['Captcha'] = 'CaptchaSpecialPage';
|
2006-07-03 15:56:15 +00:00
|
|
|
|
2012-09-02 12:26:25 +00:00
|
|
|
$wgConfirmEditIP = __DIR__;
|
2014-03-26 11:55:44 +00:00
|
|
|
$wgMessagesDirs['ConfirmEdit'] = __DIR__ . '/i18n/core';
|
2007-11-12 07:42:25 +00:00
|
|
|
$wgExtensionMessagesFiles['ConfirmEdit'] = "$wgConfirmEditIP/ConfirmEdit.i18n.php";
|
2011-12-25 23:09:26 +00:00
|
|
|
$wgExtensionMessagesFiles['ConfirmEditAlias'] = "$wgConfirmEditIP/ConfirmEdit.alias.php";
|
2007-01-11 05:36:48 +00:00
|
|
|
|
2014-05-30 14:33:05 +00:00
|
|
|
$wgHooks['EditPageBeforeEditButtons'][] = 'ConfirmEditHooks::confirmEditPage';
|
2007-11-12 07:42:25 +00:00
|
|
|
$wgHooks['UserCreateForm'][] = 'ConfirmEditHooks::injectUserCreate';
|
|
|
|
$wgHooks['AbortNewAccount'][] = 'ConfirmEditHooks::confirmUserCreate';
|
|
|
|
$wgHooks['LoginAuthenticateAudit'][] = 'ConfirmEditHooks::triggerUserLogin';
|
|
|
|
$wgHooks['UserLoginForm'][] = 'ConfirmEditHooks::injectUserLogin';
|
|
|
|
$wgHooks['AbortLogin'][] = 'ConfirmEditHooks::confirmUserLogin';
|
2010-04-10 21:26:03 +00:00
|
|
|
$wgHooks['EmailUserForm'][] = 'ConfirmEditHooks::injectEmailUser';
|
|
|
|
$wgHooks['EmailUser'][] = 'ConfirmEditHooks::confirmEmailUser';
|
Use the shared parse on API edit
ConfirmEdit was tripling the API save time, because it was parsing the
entire content twice to evaluate whether the addurl trigger is hit.
While I was here, I stopped using the deprecated non-Content hooks. The
new hook, EditEditFilterMergedContent, does not pass an EditPage object,
which means that Title or WikiPage objects need to be passed around
instead. Also, since EditPage::showEditForm() cannot be called with no
EditPage object, use a EditPage::showEditForm:fields hook instead.
If non-wikitext content is edited, assume that the regex trigger is not
hit.
For further architectural details, see the associated core change:
I4b4270dd868a . MW_EDITFILTERMERGED_SUPPORTS_API is a constant
introduced to detect the presence of the associated core change.
Also, in APIGetAllowedParams, set the allowed parameters even if we are
not on the help screen. This allows API users to submit their CAPTCHA
answer without it failing with an "unrecognized parameter" error.
Compatibility with MediaWiki 1.21 is retained, compatibility before that
is dropped.
Change-Id: I9529b7e8d3fc9301c754b28fda185aa3ab36f13e
2014-12-05 04:48:13 +00:00
|
|
|
$wgHooks['EditPage::showEditForm:fields'][] = 'ConfirmEditHooks::showEditFormFields';
|
|
|
|
$wgHooks['EditFilterMergedContent'][] = 'ConfirmEditHooks::confirmEditMerged';
|
|
|
|
|
|
|
|
if ( !defined( 'MW_EDITFILTERMERGED_SUPPORTS_API' ) ) {
|
|
|
|
$wgHooks['APIEditBeforeSave'][] = 'ConfirmEditHooks::confirmEditAPI';
|
|
|
|
}
|
|
|
|
|
2011-11-23 19:09:57 +00:00
|
|
|
$wgHooks['APIGetAllowedParams'][] = 'ConfirmEditHooks::APIGetAllowedParams';
|
2011-11-23 20:37:13 +00:00
|
|
|
$wgHooks['APIGetParamDescription'][] = 'ConfirmEditHooks::APIGetParamDescription';
|
2014-01-10 23:16:34 +00:00
|
|
|
$wgHooks['AddNewAccountApiForm'][] = 'ConfirmEditHooks::addNewAccountApiForm';
|
|
|
|
$wgHooks['AddNewAccountApiResult'][] = 'ConfirmEditHooks::addNewAccountApiResult';
|
2014-12-30 19:15:48 +00:00
|
|
|
$wgHooks['UnitTestsList'][] = 'ConfirmEditHooks::onUnitTestsList';
|
2007-11-12 07:42:25 +00:00
|
|
|
|
2011-04-23 11:44:47 +00:00
|
|
|
$wgAutoloadClasses['ConfirmEditHooks'] = "$wgConfirmEditIP/ConfirmEditHooks.php";
|
2012-01-12 08:58:40 +00:00
|
|
|
$wgAutoloadClasses['SimpleCaptcha'] = "$wgConfirmEditIP/Captcha.php";
|
|
|
|
$wgAutoloadClasses['CaptchaStore'] = "$wgConfirmEditIP/CaptchaStore.php";
|
|
|
|
$wgAutoloadClasses['CaptchaSessionStore'] = "$wgConfirmEditIP/CaptchaStore.php";
|
|
|
|
$wgAutoloadClasses['CaptchaCacheStore'] = "$wgConfirmEditIP/CaptchaStore.php";
|
2011-04-23 11:44:47 +00:00
|
|
|
$wgAutoloadClasses['CaptchaSpecialPage'] = "$wgConfirmEditIP/ConfirmEditHooks.php";
|
2007-01-11 05:36:48 +00:00
|
|
|
|
2007-11-12 07:42:25 +00:00
|
|
|
/**
|
|
|
|
* Set up $wgWhitelistRead
|
|
|
|
*/
|
|
|
|
function confirmEditSetup() {
|
2015-01-02 21:25:42 +00:00
|
|
|
global $wgGroupPermissions, $wgCaptchaTriggers, $wgWikimediaJenkinsCI;
|
|
|
|
|
|
|
|
// There is no need to run (core) tests with enabled ConfirmEdit - bug T44145
|
|
|
|
if ( isset( $wgWikimediaJenkinsCI ) && $wgWikimediaJenkinsCI === true ) {
|
|
|
|
$wgCaptchaTriggers = false;
|
|
|
|
}
|
|
|
|
|
2009-07-19 15:13:01 +00:00
|
|
|
if ( !$wgGroupPermissions['*']['read'] && $wgCaptchaTriggers['badlogin'] ) {
|
2007-05-14 14:23:25 +00:00
|
|
|
// We need to ensure that the captcha interface is accessible
|
|
|
|
// so that unauthenticated users can actually get in after a
|
|
|
|
// mistaken password typing.
|
|
|
|
global $wgWhitelistRead;
|
2010-06-08 19:30:48 +00:00
|
|
|
$image = SpecialPage::getTitleFor( 'Captcha', 'image' );
|
|
|
|
$help = SpecialPage::getTitleFor( 'Captcha', 'help' );
|
2007-05-14 14:23:25 +00:00
|
|
|
$wgWhitelistRead[] = $image->getPrefixedText();
|
|
|
|
$wgWhitelistRead[] = $help->getPrefixedText();
|
|
|
|
}
|
2005-09-30 09:21:02 +00:00
|
|
|
}
|