Commit graph

73 commits

Author SHA1 Message Date
Umherirrender 1cfba87b23 Use namespaced classes
Changes to the use statements done automatically via script
Addition of missing use statement done manually

Change-Id: I60968f9b735b27eaef20e5d42af322a8c2ecd257
2024-10-19 23:34:41 +02:00
thiemowmde 50f533c9e9 A few very minor code cleanups
A bunch of very minor code cleanups I collected in my local dev
environment the past months:
* Remove dead code.
* Make use of the ??= operator where possible.
* Fix inconsistent @var syntax.

Change-Id: Ie8de34f15503eb2bf0f6df855af55c212235dff3
2024-09-13 13:04:53 +02:00
jenkins-bot a1047fd2f6 Merge "Replace gettype() with get_debug_type() in exception messages" 2024-08-20 21:49:50 +00:00
Umherirrender 29103eecde Add missing documentation to class properties
Change-Id: Ic7872cd2539dc79f88c70548cbd82d9de98f66b0
2024-08-19 21:36:23 +02:00
Bartosz Dziewoński 78b1492a04 Replace gettype() with get_debug_type() in exception messages
get_debug_type() does the same thing but better (spelling type names
in the same way as in type declarations, and including names of
object classes and resource types). It was added in PHP 8, but the
symfony/polyfill-php80 package provides it while we still support 7.4.

For reference:
https://www.php.net/manual/en/function.get-debug-type.php
https://www.php.net/manual/en/function.gettype.php

Change-Id: Ib07dccfe476adc203371a9082e52db56cba2e057
2024-08-12 23:05:31 +02:00
Kosta Harlan 6f78a3ac57 SimpleCaptcha: Show captcha-edit message if forceShowCaptcha is set
Why:

- forceShowCaptcha is set if another extension wants to ensure that a
  CAPTCHA is presented to the user. In this case, the 'captcha-edit'
  message is more appropriate than 'captcha-edit-fail' as
  'captcha-edit-fail' implies that the user already tried and failed to
  solve the CAPTCHA.

What:

- Use 'captcha-edit' message on confirm edit hook failure if
  'shouldForceShowCaptcha' is set
  - ... but use 'captcha-edit-fail' if the user submitted an attempt.
    Note that the updated message only works in the source editor,
	not in VisualEditor or DiscussionTools

Depends-On: I5a0698d84932a474800a68dba9b76b3433b19290
Bug: T20110
Change-Id: Ie13181b78b8e2903c6cc0f0f778689bcc8b8ce2e
2024-07-10 09:50:26 +00:00
Kosta Harlan 3b195090fe SimpleCaptcha: Allow invoking CAPTCHA display from other extensions
Why:

- In the production WMF deployment of AbuseFilter and ConfirmEdit, we
  load ConfirmEdit first, then AbuseFilter. That means that
  ConfirmEdit's onEditFilterMergedContent hook fires before
  AbuseFilter's. The problem is that AbuseFilter uses
  onEditFilterMergedContent to evaluate its rules and consequences, so
  an AbuseFilter rule that defines a "showcaptcha" consequence becomes a
  no-op, as it fires after ConfirmEdit has already decided to show or
  not show a CAPTCHA to a user.
 - All of that is to say: we need a way to tell ConfirmEdit to show a
   CAPTCHA at the time that AbuseFilter's consequences are invoked,
   which could be before or after ConfirmEdit's EditFilterMergedContent
   hook invocation, depending on how the wiki has decided to load the
   extensions

What:

- Define a flag for "shouldForceShowCaptcha", that other extensions can
  set on the SimpleCaptcha base class to indicate that ConfirmEdit must
  show a CAPTCHA (users with "skipcaptcha" right are still exempt)
- Check the isCaptchaSolved() and shouldForShowCaptcha() flags in
  ::triggersCaptcha, and also check if ConfirmEdit's
  EditFilterMergedContent hook already ran
- In CaptchaConsequence, set the forceShowCaptcha property on the
  SimpleCaptcha base class
- [misc] Add getter/setter for the captchaSolved property and the other
  new class properties

Depends-On: I7dd3a7c41606dcf5123518c2d3d0f4355f5edfd3
Bug: T20110
Change-Id: Idc47bdae8007da938f31e1c0f33e9be4813f41d7
2024-06-26 16:07:44 +00:00
Umherirrender 81d0c7bcd4 Use namespaced classes
Changes to the use statements done automatically via script
Addition of missing use statement done manually

Change-Id: I325f5bab163cddf76dbf8d5a6eca35a7ed7b6df7
2024-06-08 23:46:45 +02:00
Umherirrender b2ec6b2955 Replace isset() with null check in SimpleCaptcha
Found usage of isset() on expression $this->captchaSolved that appears
to be always set. isset() should only be used to suppress errors. Check
whether the expression is null instead.
See https://www.mediawiki.org/wiki/Manual:Coding_conventions/PHP#isset

Change-Id: I5520786060b2aa2fca81acd40924d84e94e8dff2
2024-04-01 13:38:44 +02:00
Dringsim f3cd5b0bc9
Replace usage of wfGetDB()
Bug: T357638
Change-Id: Ibb03f914f90e711d5b28fa24073428617fbaf955
2024-03-17 00:44:39 +08:00
Bartosz Dziewoński 1349c099c6 Use OutputPage::setPageTitleMsg() instead of ::setPageTitle()
Bug: T343994
Change-Id: I706a44af75c85bb8d1e4dd6b8e813e436fd8943b
2024-02-17 02:55:53 +01:00
gerritbot 8a42f0c0ea Remove indirect calls to IDBAccessObject::READ_* constants
We are getting rid of the schema of implementing this interface and
calling self::READ_* constants, it's confusing, inconsistent, prone to
clashes and isn't really useful for non-ORM systems (which we are not)

Bug: T354194
Change-Id: I03c893130aea133c7df3b1e81213f0cf9191ae3e
2024-01-26 14:27:20 +00:00
Bartosz Dziewoński 2c6fe24521
Move login attempt counting to a separate class
This has nothing to do with CAPTCHA generation, and the only thing it
needs from the SimpleCaptcha class is checking whether a CAPTCHA on
bad login is enabled at all.

Also improve comments in CaptchaPreAuthenticationProvider. I found the
session flag business really difficult to understand.

Change-Id: I8200531718aaa11effcb07539204e1a05ed432e0
2023-12-13 15:18:39 -08:00
Umherirrender 92bc1f3d2f Use namespaced classes
Changes to the use statements done automatically via script
Addition of missing use statements done manually

Change-Id: Id44f211320e56bc83e4c8f243369dc4eb562cf37
2023-12-11 00:07:55 +01:00
Ammarpad 0ae3137ead Fix dynamic property usage
Status now provides declared $statusData property for holding
arbitrary data that can be used instead.

Bug: T326479
Depends-On: Ibe3f1f8b81bcfcb18551d3ca4cda464e4bdbcbce
Change-Id: I1342a8a8ca64b4040ed2b2d101d4574aedd888af
2023-11-28 14:10:40 +01:00
jenkins-bot ea6dafd412 Merge "OutputPage::setPageTitle() can take a Message directly" 2023-09-07 17:05:19 +00:00
Bartosz Dziewoński 2dfc290c57 Remove incorrect documentation comment
isBadLoginPerUserTriggered() can never return null. This comment was
added in 2016 in 31c59374a4 and it was
already incorrect then. I don't know where this idea came from.

Change-Id: Ib919999fe83562cb4fa80246ae7c6b4707da775c
2023-08-24 00:12:19 +02:00
gerritbot 4bc5e7ed8f Replace some moved Title class uses, now MediaWiki\Title\Title
Bug: T321681
Change-Id: I639a03a5f828d7036e29a11a8a45d8d1e8923590
2023-08-19 04:14:21 +00:00
Umherirrender 5740fcf8c4 docs: Use IContextSource for EditFilterMergedContent hook handler
Use narrow interface IContextSource instead of class RequestContext

Change-Id: Ibe2c9101f40ac28a0c65eade35af896f9a54c285
2023-08-15 12:20:42 +02:00
C. Scott Ananian 6bc6f1ef87 OutputPage::setPageTitle() can take a Message directly
Bug: T343849
Change-Id: Ib519fbcb47cbe8d0af9ec495c7c91cb2ec8a736e
2023-08-10 11:44:44 -04:00
Amir Sarabadani 59a654711b Allow aggregation of captcha logs
without it, the normalized and non-normalized log entry would be the
same. As seen in:
https://logstash.wikimedia.org/app/dashboards#/doc/logstash-*/logstash-mediawiki-1-7.0.0-1-2023.08.03?id=UKIRu4kB6U_kV85AiHjE

Change-Id: I2eaca27b8c494b1b9749c2e9ad3770029c90b114
2023-08-03 13:10:17 +02:00
Amir Sarabadani 209db3647a Improve support for read-new wikis with externallinks
Depends-On: I921728974cde0a095fb3034fc80f7f4bb046f380
Bug: T337149
Change-Id: I996f99acb2a0f26b177fff097406b1d935467f80
2023-05-25 11:50:34 +02:00
Umherirrender c9511bb825 Replace $wgOut with RequestContext::getMain()
Bug: T252978
Change-Id: I5e677fde89accfa6363824ef4cbd8808097e00f3
2023-05-15 22:32:44 +02:00
gerritbot b8c790cd14 Update moved class EditPage
See T321882. Moved in Ibefc44eb64aed

Bug: T321681
Change-Id: Ifa1c20cd4e6ef6856194d4228dd542a9e2fda43f
2023-05-07 01:08:19 +02:00
gerritbot b3faf4d28b Update moved class ContentSecurityPolicy
See T321882. Moved in Ic809656a31

Bug: T321681
Change-Id: Ifee5e52ff0f67269fda4d90cd3dec1b6f89b7e8a
2023-05-06 21:18:56 +00:00
Amir Sarabadani 70a398c036 Use core's externallinks lookup
Depends-On: I8ae9ef388957b0c04efa281f3bc3b5796bec17fe
Bug: T326251
Change-Id: Ibb0f01bdb7a7286389732d45ed0177ca4dfbf2a5
2023-04-24 19:55:10 +02:00
Umherirrender 65d54c1a27 Replace deprecated HTMLForm::addFooterText
Bug: T325474
Change-Id: I32197ab82558b6aba9b535614f129dc06b51d0eb
2022-12-27 12:48:17 +01:00
Reedy 30cd1d8a23 Namespace base classes
Change-Id: I3fa9747e0ea970c5de39e2da8603e1bba9388a69
2022-07-30 18:13:03 +00:00
Alexander Vorwerk 607452ef05 Add new ConfirmEditTriggersCaptchaHook
This allows the dynamic activation of CAPTCHAS triggering without the
need to change the configuration.

This lays the foundation for stewards to later be able to activate
'emergency captchas' via an on-wiki interface.

Bug: T303433
Change-Id: If48689fe068aa3ec56e51e01b84cf25c63bcbf0b
2022-06-30 18:59:45 +00:00
Roman Stolar 87c1b07038 Replace deprecated methods IContextSource::getWikiPage && IContextSource::canUseWikiPage
Use CacheKeyHelper to collect status of captchas that was activated instead of set random properties on page object.

Bug: T275710
Change-Id: I7942ccd6b58584f436f872bf7c9deb63ab84482a
2021-11-11 17:02:30 +02:00
Daimona Eaytoy 6da60010a4 Don't put HTML via RawMessage in the EditFilterMergedContent hook Status
This just won't work:
- For edits via the UI, errors are wrapped in an errorbox div by
  EditPage.php, so this code is outputting an errorbox inside an
  errorbox, which is simply painful to see.
- API edits don't format errors via HTML, so trying to pass raw HTML
  there results in broken formatting

Bug: T293818
Change-Id: Ib74d128cc71246c7cfa72456cbe453e8086f2d63
2021-11-02 18:59:46 +01:00
sbassett 1493c928c2 SECURITY: Avoid double-escaping html tag contents
* Avoid double-escaping the captcha-edit-fail message
via both Html::element and RawMessage.

* Also add suppress comment due to overall taint of
RawMessage.

Bug: T293818
Change-Id: I6b985266a26f6b152bca05a91f6054ed1a5f2a5a
2021-11-02 09:45:06 -05:00
Alexander Vorwerk fc7a88124e Use Parser::getUserIdentity() instead of ::getUser() in SimpleCaptcha
ParserOptions::__construct() and Parser::preSaveTransform() both
accept an UserIdentity and don't need a full user object.

Bug: T289731
Change-Id: I9e3d3f21452167ae1b1e9dca664605ee471f90e2
2021-08-25 22:13:32 +02:00
jenkins-bot f5b0e5b9d2 Merge "SimpleCaptcha: avoid using ContentHandler::getContentText()" 2021-07-12 12:38:22 +00:00
Reedy cedfdae4c5 Revert "Replace depricating method IContextSource::getWikiPage && IContextSource::canUseWikiPage"
This reverts commit 0a221920ae.

Bug: T285959
Change-Id: Idc0d2beae2f73c15515041153daa831da5c29eaa
2021-07-01 15:57:03 +00:00
Roman Stolar 0a221920ae Replace depricating method IContextSource::getWikiPage && IContextSource::canUseWikiPage
Bug: T275710
Change-Id: Id27157692cd6a4e747b122813ba653d04854f042
2021-06-28 16:25:49 +03:00
DannyS712 aedd7f481b Pass a user to WikiPage::prepareContentForEdit()
Bug: T285447
Change-Id: Id9ca458d13c71a4114cf961541c47566afd80277
2021-06-24 03:30:14 +00:00
Alexander Vorwerk f2e8c8cf03 SimpleCaptcha: avoid using ContentHandler::getContentText()
ContentHandler::getContentText() is deprecated and should be
replaced with Content::getText() for TextContent instances.

Change-Id: Iafe14100b3776510c5159657f42f6c0c8d551539
2021-05-18 00:03:26 +02:00
Reedy 7662c8ab5f SimpleCaptcha: Remove unused SecurityCheck-DoubleEscaped suppression
Change-Id: Ib1a141df679bfaa9a94ba04cccea52a3d6503166
2021-04-21 23:22:37 +01:00
vladshapik 3f46a9b5c1 Avoid using User ::getCanonicalName
Remove using of User::getCanonicalName since this method will be hard-deprecated. Now it is soft-deprecated

Bug: T275030
Change-Id: Ic11a4259271c8941225882ddce64b53d44280409
2021-02-21 23:44:07 +02:00
libraryupgrader b482798a02 build: Updating mediawiki/mediawiki-phan-config to 0.10.5
Change-Id: I6f9091dbff52c91c6ad81a386a2355a82ab6012a
2020-12-10 22:03:48 +00:00
libraryupgrader fd495575a1 build: Updating mediawiki/mediawiki-codesniffer to 32.0.0
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate
* MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected
* MediaWiki.Commenting.PropertyDocumentation.WrongStyle

Change-Id: I8479cfb5fbc67a6472e28045ece5ea2ae1ba6ac6
2020-10-29 08:41:34 +00:00
Florian 9aba484800 Add Content Security Policy handling for ReCaptcha and hCaptcha
Bug: T250544
Change-Id: I280054a8252c991cca04ec74bdb41e079c885d99
2020-10-29 02:36:00 +00:00
DannyS712 21ec725c5a Update hooks to use PageSaveComplete
Extension requires MW 1.35+, always available

Bug: T250566
Change-Id: I43d76880557dd794540147503c7c94091c7b847a
2020-06-23 19:36:44 +00:00
DannyS712 f0e26d680b Remove use of Revision::newFromTitle
Bug: T249183
Change-Id: I0532af197c7bf4ae88c85c27cdfb5e55ea46feb3
2020-04-04 04:10:13 +00:00
DannyS712 b8b0e23632 Pass a user when creating a new ParserOptions
Bug: T246861
Change-Id: Ib516006f0a02c26da50d2a865242adc5cc65be9e
2020-03-04 08:08:26 +00:00
jenkins-bot f5f9c0971d Merge "Remove unused return values and reduce code complexity" 2020-02-09 17:27:11 +00:00
Ammar Abdulhamid 07a2824630 Replace deprecated IP class with IP Utilities
* Also bump required MW version to 1.35.0

Bug: T242556
Change-Id: I279e7d83a0dc75414117208ed23f8cc6b729eb19
2020-02-09 08:23:02 +01:00
Thiemo Kreuz 0dfd1f4ed1 Remove unused return values and reduce code complexity
Changes:
* Do not return anything in a method that is not expected to return
  something.
* Inline some previously hard to read code.
* More specific type hints, if possible.

Change-Id: I0e460899eea07d8733f638a11133adc3000f0542
2020-02-03 15:37:32 +01:00
jenkins-bot efadd21e76 Merge "Stop passing objects by reference" 2020-01-19 16:43:11 +00:00