Commit graph

43 commits

Author SHA1 Message Date
Roan Kattouw 12ac8eeec6 Follow-up 804903b4a7: fix overlooked usage of removed $context var
Change-Id: Id4798364d4d6dc2153034c3a56d16b7cc8d89641
2015-04-02 18:23:03 -07:00
EBernhardson 804903b4a7 Revert "Getting rid of some globals"
This broke account creation for apps.

 <   anomie>bd808: Very likely $wgRequest !==
               $loginForm->getContext()->getRequest() in SimpleCaptcha::addNewAccountApiForm(), so when it
               uses $wgRequest to check later on it doesn't see the parameter renames made by that hook
               function.

This reverts commit 23c6f2f04f.

Change-Id: I793e7a987944d14c3be0eba4c4361793183a62b9
2015-04-02 16:36:13 -07:00
Florian 04903530a0 Fix passCaptcha() when using it twice in one session
The captchaId will be deleted, so a second call to SimpleCaptcha::passCaptcha() will
be always false, even if the User solved it correctly.

Bug: T94276
Change-Id: I2bc7766c023d7bd3a6c471f83b87ef0f09cbfaea
2015-04-02 18:42:33 +02:00
Erik Bernhardson f02b2c2c97 Allow previous revision text to be explicitly provided
Bug: T93956
Change-Id: Ifc93cbaaf900daa74dfe3ddbf22b4971449a8f40
2015-03-25 15:49:13 -07:00
Aaron Schulz 908ea3bf8c Avoid master queries on edit form views
Bug: T92357
Change-Id: I5e0e76d2d052a9769a3fb88ae7a34de878e06e48
2015-03-25 13:24:43 -07:00
Florianschmidtwelzow 23c6f2f04f Getting rid of some globals
wgUser/wgOut/wgRequest shouldn't be used, if there is a context available.

Change-Id: Ife4fca8ecf03780046634f5871192f6380291c10
2015-03-10 09:52:45 +01:00
Florianschmidtwelzow 7559502822 Add RateLimit check for false CAPTCHAs
Added a check for 'badcaptcha' ratelimit. This enables administrators
to limit users trying to solve captchas just by playing around.

By default there is no ratelimit set, it has to be set explicitly in
LocalSettings.php.

Bug: T48292
Change-Id: I8fc66f9884288c4596b8b4045010cdaa421a1412
2015-03-09 00:22:56 +00:00
Brad Jorsch 07b873532e Avoid parsing text for links in EditPageBeforeEditButtons hook
The code for the hook is passing in an empty new-text, so there's no
point in parsing that and the existing page text for links.

We pass false to shouldCheck's $isContent parameter (and an empty string
for $content) because getting a Content would break compatibility with
1.21, which we specifically preserved in I9529b7e8.

This also kills two entirely-unused parameters to the recently-added
SimpleCaptcha::editShowCaptcha().

Bug: T88661
Change-Id: Ie8a2d4da4c5bf0dcc8977172debbeb5913b56191
2015-03-05 19:24:08 +00:00
Florianschmidtwelzow db92340dbc Hygiene: Set action for createuser and badlogin
CAPTCHA classes should always be possible to detect the actual action,
which triggered the CAPTCHA. E.g. to add special fields in getForm().

Change-Id: Ie95305b2e6dcbf527a23c92613755092185e6a05
2015-01-21 08:19:04 +01:00
Sumit Asthana 2237e2c4ce Captcha.php: modified to add captcha to 'extrafields' in Userlogin and Usercreate
Captcha.php inserts captcha in the header of Userlogin and Usercreate template.
This leads to inconsistent view because js,if enabled, moves the captcha before
submit button. Now the captcha is inserted at the 'extrafields' parameter just
before submit button in both the templates,for uniformity of view.

JS functionality in
resources/src/mediawiki.special/mediawiki.special.userlogin.common.js migrated
to backed in FancyCaptcha.class.php, so that the FancyCaptch is already styled
and positioned before 'submit'.
Depends on I82c68814e79cbc5aa250a308862c59fcbb6fd527
Depends on Ie95305b2e6dcbf527a23c92613755092185e6a05

Bug: T85192
Bug: T87190
Change-Id: If9a68aaee2cf98d63647816ccc8fc0bad12ca3d3
2015-01-19 18:43:50 +00:00
florianschmidtwelzow 7e0651a3c4 Show Captcha after click on edit over buttons on EditPage
Insert Captcha direct after click on Edit over editpage buttons, instead of
show after click on save. If the captcha was incorrect or empty, show
error message at old captcha position.

Bug: 19648
Change-Id: Ia3bb66f98aa84bb6efb7a1e42fbc203b401e99b8
2014-12-24 17:44:07 +00:00
Tim Starling 40c7e9c9aa Use the shared parse on API edit
ConfirmEdit was tripling the API save time, because it was parsing the
entire content twice to evaluate whether the addurl trigger is hit.

While I was here, I stopped using the deprecated non-Content hooks. The
new hook, EditEditFilterMergedContent, does not pass an EditPage object,
which means that Title or WikiPage objects need to be passed around
instead. Also, since EditPage::showEditForm() cannot be called with no
EditPage object, use a EditPage::showEditForm:fields hook instead.

If non-wikitext content is edited, assume that the regex trigger is not
hit.

For further architectural details, see the associated core change:
I4b4270dd868a . MW_EDITFILTERMERGED_SUPPORTS_API is a constant
introduced to detect the presence of the associated core change.

Also, in APIGetAllowedParams, set the allowed parameters even if we are
not on the help screen. This allows API users to submit their CAPTCHA
answer without it failing with an "unrecognized parameter" error.

Compatibility with MediaWiki 1.21 is retained, compatibility before that
is dropped.

Change-Id: I9529b7e8d3fc9301c754b28fda185aa3ab36f13e
2014-12-08 10:56:17 +11:00
Jackmcbarn 333e065361 Support protocol-relative URLs in the whitelist
Bug: 61556
Change-Id: Icac9f8357ac08db0cf2f5be562e9ed1f8f13eba3
2014-10-22 10:10:37 -04:00
jdlrobson 5d6f684da3 Make captchas use mw-ui-input when available
Change-Id: I44453a2cc238721468565403b9625039cb8742ef
2014-07-29 18:40:56 -07:00
Bartosz Dziewoński 0f1be66bd3 SimpleCaptcha: Move the equals sign inside the <label/>
The old style does not cooperate well with the new pretty forms in
core MediaWiki, and arguably this should be done like this anyway.

Bug: 63606
Change-Id: Ifbe41ee5787bd4ed9e6144c06cd1d16f72354061
2014-04-20 20:04:37 +00:00
Max Semenik 8a336ddd9a Return captcha information via createaccount API only if no other errors
Bug: 61704
Change-Id: I707aab2c0accff8ab5a36666c49815106356b2c7
2014-03-13 02:37:17 +04:00
Brion Vibber fe6fe5410f Cleaner response for captcha-related createaccount API failure
Instead of a generic API error, you get back a non-Success-resulted
creataccount response, with result='NeedCaptcha'. There's also a warning
included with the message key, and of course the captcha key:

array (
  'createaccount' =>
  array (
    'result' => 'NeedCaptcha',
    'warnings' =>
    array (
      0 =>
      array (
        'type' => 'warning',
        'message' => 'captcha-createaccount-fail',
        'params' =>
        array (
        ),
      ),
    ),
    'captcha' =>
    array (
      'type' => 'simple',
      'mime' => 'text/plain',
      'id' => '91510936',
      'question' => '76−3',
    ),
  ),
)

Change-Id: Id1c9e387c592e6d51a5bd58d99ce3d644dfa300b
2014-02-28 14:50:50 -08:00
YuviPanda bfcd41732d Expect camelcase status codes from action=createaccount
Followup to efcf0a3f61b5bcdf5f9f6f716fa732b6afb9336e.
Bug: 61663

Change-Id: I1c8f1b7cd8cdf74b84869d6a58e5f5ca24b62184
2014-02-20 21:27:32 +05:30
Brion Vibber 19dcbb6fa2 Update ConfirmEdit to return Status object on AbortNewAccount hook
Requires core update I6ae34c0 to actually send the message key back
in the error response. On older MediaWiki versions, behavior should
remain unchanged.

Bug: 60008
Change-Id: If9cc08e44d1d2efacf817b8c6cbb2d71a4e8b692
2014-01-17 13:38:51 -08:00
Brion Vibber 78e6f5ec79 Use new hooks in API action=createaccount for Captcha
Hooks used:
* AddNewAccountApiForm
* AddNewAccountApiResult

This adds a 'captcha' section to the results with the same format
as we provide for editing; you'll get this for instance at the
same time as you do a first-request that prompts for a token.

No modification to the result status is included; presence of
the 'captcha' section is assumed to be enough to prompt the client
to fetch and render the captcha prompt.

Failure to pass a captcha will return an API error message; a
subsequent commit fixes problems with that error message being
hard to machine-read.

Note that logic from inside Captcha::confirmUserCreate has been
pulled out to Captcha::needCreateAccountCaptcha so we don't
send captcha information to users who don't need it.

Requires core changes: If5b7dab8

Sample API client: https://github.com/brion/api-createaccount

Bug: 46072

Change-Id: Id628defaeab2bf5979ca8f4284d14fc42d9c3e46
2014-01-17 12:49:23 -08:00
Brad Jorsch 4b7f1eac40 Allow 'noprotocol' option in captcha-addurl-whitelist
ConfirmEdit triggers a captcha when users without the appropriate
userright add new external links. But sometimes there are links that
these users should be able to add without a captcha, e.g. other wikis in
the same farm, so MediaWiki:Captcha-addurl-whitelist allows wiki admins
to whitelist links matching regular expressions.

However, these whitelist entries are automatically prefixed with
"^https?:\/\/+[a-z0-9_\-.]*". While this is usually what is wanted, it
prevents wiki admins from whitelisting other types of links such as tel:
or urn:. Following the example of TitleBlacklist, this change adds
options delimited with <> to the whitelist lines, and adds an option
'noprotocol' that causes that line to be prefixed with only "^" instead.

Bug: 56485
Change-Id: Ia0d484f7a4670df2c7121d1284e4fcf969e818c3
2013-11-23 13:19:13 -05:00
S Page f1e688e6b5 Reduce size of SimpleCaptcha input field
It wasn't setting a size at all so defaults to 20.  It only needs to be
3 characters wide, this sets size to 5.  This fixes the layout of new
Login and Create account forms in Monobook and should be benign
elsewhere.  I29672b63d12cd380d7b00cad3449807da76e4188 made a similar fix
to FancyCaptcha.

Bug: 50387
Change-Id: Ia3098d7c2e28072f52c1cd6615667a96389660dc
2013-06-28 11:59:20 -07:00
Matthew Flaschen 8765b88fbf Disable autocomplete for Simple, Fancy, Math, and Questy.
Bug: 48030
Change-Id: Id0eed4797ab5649fc5bb965b5d94fba21f120d9f
2013-05-02 21:09:51 -04:00
Brad Jorsch c9f99cca38 Update API parameter injection
The ReCaptcha module was not injecting its parameters at all, so they
were not showing up in the auto-generated help. This is now fixed.

Also, the API recently added a new parameter to the APIGetAllowedParams hook
to differentiate between fetching the allowed parameter list for help
output and fetching it for processing within the module. ConfirmEdit
only needs to inject the parameters for the former, so it should check
this parameter if available.

Change-Id: Ia8c9a8b882ee3480b71bfb3f2345475506549819
2013-03-16 11:51:25 -04:00
Aaron Schulz cb4cc4695d Set READ_LATEST for Revision query.
Change-Id: I3946e2e7bbc7ce1099412dd14b4b38b7f12e7954
2012-09-26 14:15:39 -07:00
Siebrand Mazeland 3ef1ab740a More maintenance for ConfirmEdit extension.
* Replace dirname( __FILE__ ) by __DIR__.
* Replace deprecated method calls. Now requires MediaWiki 1.19 or later.
* Fix some documentation.
* Remove commented out code.
* Remove superfluous newlines.

Change-Id: Ib73e1619aa331c83e375224b6adae4c1e5db3bb9
2012-09-02 14:26:45 +02:00
Siebrand Mazeland 55c17aa367 Maintenance for ConfirmEdit extension.
* Removed unused globals and local variables.
* Use Message class.
* Remove PHP4-ism from recaptchalib.php.
* Remove superfluous newlines.
* Add missing semi-colon in ext.confirmedit.asirra.js.
* Fix up some documentation.

Change-Id: I8916003d083a8c00aeabc9e485cc9a50030f0982
2012-08-16 23:21:50 +02:00
Jeroen De Dauw 734bbe46f1 fix < 1.19 compat, or at least some of it :) 2012-03-18 16:07:21 +00:00
Sam Reed d0da7806b9 Bug 35156 - Harmonise spelling of getArticleID() and getArticleId()
Mass change ->getArticleId() to ->getArticleID()
2012-03-11 19:04:37 +00:00
Siebrand Mazeland f6d4ab758c stylize.php, some indentation fixes and some brackets added. 2012-01-12 08:58:40 +00:00
Platonides c7b3019852 Don't check badlogin attempts in memcached if we are not configured to show captchas on bad login.
Solves problem reported in http://www.mediawiki.org/w/index.php?title=Extension_talk:ConfirmEdit&offset=20111218172150#Banned_user_got_banned_until_he_logs_in_9982
where "$wgCaptchaTriggers['badlogin'] = false was set to disable that captcha, but as the user had already passed the threshold, it still was shown.
2011-12-21 23:39:53 +00:00
Jeroen De Dauw 485ae0e303 kill wfGetIP 2011-12-13 21:24:03 +00:00
Amir E. Aharoni 5dfbdb2fb7 Followup to r102105. Removed dir="ltr" from the math expression so as not to force LTR direction, because in some contexts it can be right-to-left, for example with Eastern Arabic digits. Instead, I removed the spaces before and after the operator so that the Unicode algorithm will set the direction automatically. 2011-12-08 14:22:41 +00:00
Sam Reed 9e4951f262 Fix hook copy paste fail
Move rest of captcha params out of api/ApiEditPage.php
2011-11-23 20:37:13 +00:00
Sam Reed 80e9b337ee Kill the abstract Captcha class
Not used anywhere, everything else uses the SimpleCaptcha class as the base
2011-11-23 19:21:12 +00:00
Sam Reed 0a66fd76f1 MW_SUPPORTS_EDITFILTERMERGED has been in since r27416
Kill the alternate EditFilter hook usage (underlying code still used, probably wants refactoring at somepoint)

Simplify a boolean return
2011-11-23 19:18:30 +00:00
Sam Reed 64b6239348 * (bug 32609) API: Move captchaid/captchaword of action=edit from core to Captcha extension(s)
Left setting of wpCaptchaId and wpCaptchaWord in core. Can't think of a sane way to check and set them via an extension (subclass and override, or a hook). Annoyingly APIEditBeforeSave doesn't pass the params array
2011-11-23 19:09:57 +00:00
Amir E. Aharoni beb6a182eb FU r102105, escaped the quotes. 2011-11-05 16:54:21 +00:00
Amir E. Aharoni 3c9daa44ab Adding dir="ltr" to the label, to prevent wrong appearance of the arithmetic expression. 2011-11-05 16:50:55 +00:00
Happy-melon f856872f83 File missing from r86820. Actually these changes should have been committed in r86813... 2011-04-24 17:33:41 +00:00
Happy-melon 86f875a58a Beginnings of a rewrite of the captcha system in a more object-oriented fashion; currently although there are classes for different types of captcha, they don't actually represent a single captcha object, they're just confused frontend/backend messes. With the places captchas are inserted increasingly using HTMLForm, it makes eminent sense to introduce a HTMLCaptchaField, but that needs a more OOP implementation of the actual captcha, which I've started here. This is not finished and isn't actually implemented anywhere, but a) it's harmless, b) I don't want it to bitrot, and c) some feedback would always be appreciated, so here it is. 2011-04-24 11:47:03 +00:00
Happy-melon 54fa154b40 Introduce a CaptchaStore abstract class that CaptchaSessionStore and CaptchaCacheStore can extend. Some tidying, documentation and type hinting. 2011-04-24 11:41:49 +00:00
Happy-melon 1bbd72e5fd Reorganise files in ConfirmEdit 2011-04-23 11:44:47 +00:00
Renamed from ConfirmEdit_body.php (Browse further)