Insert Captcha direct after click on Edit over editpage buttons, instead of
show after click on save. If the captcha was incorrect or empty, show
error message at old captcha position.
Bug: 19648
Change-Id: Ia3bb66f98aa84bb6efb7a1e42fbc203b401e99b8
ConfirmEdit was tripling the API save time, because it was parsing the
entire content twice to evaluate whether the addurl trigger is hit.
While I was here, I stopped using the deprecated non-Content hooks. The
new hook, EditEditFilterMergedContent, does not pass an EditPage object,
which means that Title or WikiPage objects need to be passed around
instead. Also, since EditPage::showEditForm() cannot be called with no
EditPage object, use a EditPage::showEditForm:fields hook instead.
If non-wikitext content is edited, assume that the regex trigger is not
hit.
For further architectural details, see the associated core change:
I4b4270dd868a . MW_EDITFILTERMERGED_SUPPORTS_API is a constant
introduced to detect the presence of the associated core change.
Also, in APIGetAllowedParams, set the allowed parameters even if we are
not on the help screen. This allows API users to submit their CAPTCHA
answer without it failing with an "unrecognized parameter" error.
Compatibility with MediaWiki 1.21 is retained, compatibility before that
is dropped.
Change-Id: I9529b7e8d3fc9301c754b28fda185aa3ab36f13e
The old style does not cooperate well with the new pretty forms in
core MediaWiki, and arguably this should be done like this anyway.
Bug: 63606
Change-Id: Ifbe41ee5787bd4ed9e6144c06cd1d16f72354061
Requires core update I6ae34c0 to actually send the message key back
in the error response. On older MediaWiki versions, behavior should
remain unchanged.
Bug: 60008
Change-Id: If9cc08e44d1d2efacf817b8c6cbb2d71a4e8b692
Hooks used:
* AddNewAccountApiForm
* AddNewAccountApiResult
This adds a 'captcha' section to the results with the same format
as we provide for editing; you'll get this for instance at the
same time as you do a first-request that prompts for a token.
No modification to the result status is included; presence of
the 'captcha' section is assumed to be enough to prompt the client
to fetch and render the captcha prompt.
Failure to pass a captcha will return an API error message; a
subsequent commit fixes problems with that error message being
hard to machine-read.
Note that logic from inside Captcha::confirmUserCreate has been
pulled out to Captcha::needCreateAccountCaptcha so we don't
send captcha information to users who don't need it.
Requires core changes: If5b7dab8
Sample API client: https://github.com/brion/api-createaccount
Bug: 46072
Change-Id: Id628defaeab2bf5979ca8f4284d14fc42d9c3e46
ConfirmEdit triggers a captcha when users without the appropriate
userright add new external links. But sometimes there are links that
these users should be able to add without a captcha, e.g. other wikis in
the same farm, so MediaWiki:Captcha-addurl-whitelist allows wiki admins
to whitelist links matching regular expressions.
However, these whitelist entries are automatically prefixed with
"^https?:\/\/+[a-z0-9_\-.]*". While this is usually what is wanted, it
prevents wiki admins from whitelisting other types of links such as tel:
or urn:. Following the example of TitleBlacklist, this change adds
options delimited with <> to the whitelist lines, and adds an option
'noprotocol' that causes that line to be prefixed with only "^" instead.
Bug: 56485
Change-Id: Ia0d484f7a4670df2c7121d1284e4fcf969e818c3
It wasn't setting a size at all so defaults to 20. It only needs to be
3 characters wide, this sets size to 5. This fixes the layout of new
Login and Create account forms in Monobook and should be benign
elsewhere. I29672b63d12cd380d7b00cad3449807da76e4188 made a similar fix
to FancyCaptcha.
Bug: 50387
Change-Id: Ia3098d7c2e28072f52c1cd6615667a96389660dc
The ReCaptcha module was not injecting its parameters at all, so they
were not showing up in the auto-generated help. This is now fixed.
Also, the API recently added a new parameter to the APIGetAllowedParams hook
to differentiate between fetching the allowed parameter list for help
output and fetching it for processing within the module. ConfirmEdit
only needs to inject the parameters for the former, so it should check
this parameter if available.
Change-Id: Ia8c9a8b882ee3480b71bfb3f2345475506549819
* Removed unused globals and local variables.
* Use Message class.
* Remove PHP4-ism from recaptchalib.php.
* Remove superfluous newlines.
* Add missing semi-colon in ext.confirmedit.asirra.js.
* Fix up some documentation.
Change-Id: I8916003d083a8c00aeabc9e485cc9a50030f0982
Left setting of wpCaptchaId and wpCaptchaWord in core. Can't think of a sane way to check and set them via an extension (subclass and override, or a hook). Annoyingly APIEditBeforeSave doesn't pass the params array