Commit graph

97 commits

Author SHA1 Message Date
gerritbot b3faf4d28b Update moved class ContentSecurityPolicy
See T321882. Moved in Ic809656a31

Bug: T321681
Change-Id: Ifee5e52ff0f67269fda4d90cd3dec1b6f89b7e8a
2023-05-06 21:18:56 +00:00
Amir Sarabadani 70a398c036 Use core's externallinks lookup
Depends-On: I8ae9ef388957b0c04efa281f3bc3b5796bec17fe
Bug: T326251
Change-Id: Ibb0f01bdb7a7286389732d45ed0177ca4dfbf2a5
2023-04-24 19:55:10 +02:00
Umherirrender 65d54c1a27 Replace deprecated HTMLForm::addFooterText
Bug: T325474
Change-Id: I32197ab82558b6aba9b535614f129dc06b51d0eb
2022-12-27 12:48:17 +01:00
Reedy 30cd1d8a23 Namespace base classes
Change-Id: I3fa9747e0ea970c5de39e2da8603e1bba9388a69
2022-07-30 18:13:03 +00:00
Alexander Vorwerk 607452ef05 Add new ConfirmEditTriggersCaptchaHook
This allows the dynamic activation of CAPTCHAS triggering without the
need to change the configuration.

This lays the foundation for stewards to later be able to activate
'emergency captchas' via an on-wiki interface.

Bug: T303433
Change-Id: If48689fe068aa3ec56e51e01b84cf25c63bcbf0b
2022-06-30 18:59:45 +00:00
Roman Stolar 87c1b07038 Replace deprecated methods IContextSource::getWikiPage && IContextSource::canUseWikiPage
Use CacheKeyHelper to collect status of captchas that was activated instead of set random properties on page object.

Bug: T275710
Change-Id: I7942ccd6b58584f436f872bf7c9deb63ab84482a
2021-11-11 17:02:30 +02:00
Daimona Eaytoy 6da60010a4 Don't put HTML via RawMessage in the EditFilterMergedContent hook Status
This just won't work:
- For edits via the UI, errors are wrapped in an errorbox div by
  EditPage.php, so this code is outputting an errorbox inside an
  errorbox, which is simply painful to see.
- API edits don't format errors via HTML, so trying to pass raw HTML
  there results in broken formatting

Bug: T293818
Change-Id: Ib74d128cc71246c7cfa72456cbe453e8086f2d63
2021-11-02 18:59:46 +01:00
sbassett 1493c928c2 SECURITY: Avoid double-escaping html tag contents
* Avoid double-escaping the captcha-edit-fail message
via both Html::element and RawMessage.

* Also add suppress comment due to overall taint of
RawMessage.

Bug: T293818
Change-Id: I6b985266a26f6b152bca05a91f6054ed1a5f2a5a
2021-11-02 09:45:06 -05:00
Alexander Vorwerk fc7a88124e Use Parser::getUserIdentity() instead of ::getUser() in SimpleCaptcha
ParserOptions::__construct() and Parser::preSaveTransform() both
accept an UserIdentity and don't need a full user object.

Bug: T289731
Change-Id: I9e3d3f21452167ae1b1e9dca664605ee471f90e2
2021-08-25 22:13:32 +02:00
jenkins-bot f5b0e5b9d2 Merge "SimpleCaptcha: avoid using ContentHandler::getContentText()" 2021-07-12 12:38:22 +00:00
Reedy cedfdae4c5 Revert "Replace depricating method IContextSource::getWikiPage && IContextSource::canUseWikiPage"
This reverts commit 0a221920ae.

Bug: T285959
Change-Id: Idc0d2beae2f73c15515041153daa831da5c29eaa
2021-07-01 15:57:03 +00:00
Roman Stolar 0a221920ae Replace depricating method IContextSource::getWikiPage && IContextSource::canUseWikiPage
Bug: T275710
Change-Id: Id27157692cd6a4e747b122813ba653d04854f042
2021-06-28 16:25:49 +03:00
DannyS712 aedd7f481b Pass a user to WikiPage::prepareContentForEdit()
Bug: T285447
Change-Id: Id9ca458d13c71a4114cf961541c47566afd80277
2021-06-24 03:30:14 +00:00
Alexander Vorwerk f2e8c8cf03 SimpleCaptcha: avoid using ContentHandler::getContentText()
ContentHandler::getContentText() is deprecated and should be
replaced with Content::getText() for TextContent instances.

Change-Id: Iafe14100b3776510c5159657f42f6c0c8d551539
2021-05-18 00:03:26 +02:00
Reedy 7662c8ab5f SimpleCaptcha: Remove unused SecurityCheck-DoubleEscaped suppression
Change-Id: Ib1a141df679bfaa9a94ba04cccea52a3d6503166
2021-04-21 23:22:37 +01:00
vladshapik 3f46a9b5c1 Avoid using User ::getCanonicalName
Remove using of User::getCanonicalName since this method will be hard-deprecated. Now it is soft-deprecated

Bug: T275030
Change-Id: Ic11a4259271c8941225882ddce64b53d44280409
2021-02-21 23:44:07 +02:00
libraryupgrader b482798a02 build: Updating mediawiki/mediawiki-phan-config to 0.10.5
Change-Id: I6f9091dbff52c91c6ad81a386a2355a82ab6012a
2020-12-10 22:03:48 +00:00
libraryupgrader fd495575a1 build: Updating mediawiki/mediawiki-codesniffer to 32.0.0
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate
* MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected
* MediaWiki.Commenting.PropertyDocumentation.WrongStyle

Change-Id: I8479cfb5fbc67a6472e28045ece5ea2ae1ba6ac6
2020-10-29 08:41:34 +00:00
Florian 9aba484800 Add Content Security Policy handling for ReCaptcha and hCaptcha
Bug: T250544
Change-Id: I280054a8252c991cca04ec74bdb41e079c885d99
2020-10-29 02:36:00 +00:00
DannyS712 21ec725c5a Update hooks to use PageSaveComplete
Extension requires MW 1.35+, always available

Bug: T250566
Change-Id: I43d76880557dd794540147503c7c94091c7b847a
2020-06-23 19:36:44 +00:00
DannyS712 f0e26d680b Remove use of Revision::newFromTitle
Bug: T249183
Change-Id: I0532af197c7bf4ae88c85c27cdfb5e55ea46feb3
2020-04-04 04:10:13 +00:00
DannyS712 b8b0e23632 Pass a user when creating a new ParserOptions
Bug: T246861
Change-Id: Ib516006f0a02c26da50d2a865242adc5cc65be9e
2020-03-04 08:08:26 +00:00
jenkins-bot f5f9c0971d Merge "Remove unused return values and reduce code complexity" 2020-02-09 17:27:11 +00:00
Ammar Abdulhamid 07a2824630 Replace deprecated IP class with IP Utilities
* Also bump required MW version to 1.35.0

Bug: T242556
Change-Id: I279e7d83a0dc75414117208ed23f8cc6b729eb19
2020-02-09 08:23:02 +01:00
Thiemo Kreuz 0dfd1f4ed1 Remove unused return values and reduce code complexity
Changes:
* Do not return anything in a method that is not expected to return
  something.
* Inline some previously hard to read code.
* More specific type hints, if possible.

Change-Id: I0e460899eea07d8733f638a11133adc3000f0542
2020-02-03 15:37:32 +01:00
jenkins-bot efadd21e76 Merge "Stop passing objects by reference" 2020-01-19 16:43:11 +00:00
Max Semenik 9380fa050e Stop passing objects by reference
Bug: T193950
Change-Id: I8c4aabe75ffce55f81c7ffb0f76b67155db1f761
2020-01-17 20:08:16 +00:00
DannyS712 affb6a238e Remove use of global $wgUser
Bug: T242936
Change-Id: I618b223ba9a1d0c9944bb171ffff345ae8e512ed
2020-01-16 01:28:02 +00:00
libraryupgrader 54f6c6d87e build: Updating mediawiki/mediawiki-codesniffer to 29.0.0
Additional changes:
* Also sorted "composer fix" command to run phpcbf last.

Change-Id: Iba0ed9df5be4a7fbedce377556c87d42bddfb509
2020-01-14 04:33:04 +00:00
libraryupgrader d481d0c8db build: Updating mediawiki/mediawiki-phan-config to 0.9.0
Additional changes:
* Added .eslintcache to .gitignore.
* Fix wrong types

Change-Id: I833b061c62b82f3c88d968c70bae8317641aaa3d
2019-12-27 14:42:40 +00:00
Daimona Eaytoy 7297235b2a Pass correct type to constructor
Although there was no docblock on CaptchaAuthenticationRequest::__construct,
the method is supposed to get a string and an array, as that's how the
class members are documented and used. Trying to access offsets of null
resulted in PHP notices on PHP 7.4, as seen in the experimental job
for various repos.

Bug: T239726
Change-Id: Idd073ebf3d560543ec225479de060e3c198847eb
2019-12-03 19:30:55 +00:00
James D. Forrester d0d036ea50 Drop use of wgParser, replaced in 1.32 and to be removed in 1.35
Bug: T160811
Change-Id: I6147fc4aa6d004cd848c170750a740091c336012
2019-10-28 20:12:00 +00:00
RazeSoldier dd1ccc92ea Enable OOUI in SimpleCaptcha
If we use it without OOUI enabled, an exception will be thrown

Bug: T232129
Change-Id: I46ee483b67776fa528a0267cfcafb1b0cee1a670
2019-09-07 17:46:09 +08:00
Aaron Schulz 82d48cae8c Switch to using BagOStuff::incrWithInit()
Change-Id: Ia82d9985f3f416ccbb5d7414848cc5b894635ca4
2019-08-09 16:50:55 -07:00
Derick Alangi 4a1c8bbfbd SimpleCaptcha: Avoid usage of deprecated wfGlobalCacheKey()
Deprecated in 1.30 and makeGlobalKey() on a BagOStuff was available
since 1.27. This extension requires 1.31 so the migration seems fine.

Change-Id: Ia7b276ee65fdf58c4fc0859563930528d44a03ca
2019-07-18 17:40:04 +01:00
Derick Alangi 92b41aa481 Avoid usage of deprecated ObjectCache::getMainWANInstance()
Replacement with services made available in 1.28 and this extension
requires 1.31. So, the replacement is good.

Change-Id: Idd5dda1e7cfa34b71ffb13446eb0f9e4f113f678
2019-07-03 13:43:23 +01:00
jenkins-bot bdefccfd6c Merge "Fix bug in Captcha::confirmEditMerged which breaks the $wgCaptchaRegex check" 2019-05-26 10:42:22 +00:00
Umherirrender 72900c1ac5 Improve param docs
Change-Id: Ie0619f6f946e651df9c102f0f4f305c15b10eab4
2019-05-23 21:16:12 +02:00
Porplemontage e8c475dc8d Fix bug in Captcha::confirmEditMerged which breaks the $wgCaptchaRegex check
Change the passing of $section to an empty string instead of false to properly comply with its type and the check in Captcha::loadText

Bug: T211848
Change-Id: I0555f7fbe246b0a4741759aee5b265b4f2cc3843
2019-05-22 22:33:53 +00:00
Florian a46515f782 Do not ignore message parameters
The return value of the getMessage function is intentionally a Message
object (which can have different stuff, be a RawMessage or contain
parameters. Just getting the key of the message, passing it to another
function which just creates a new message out of it, doesn't make sense
and breaks the original intention of the method.

This is now fixed by this change.

Bug: T222590
Change-Id: Id8ebba6b8239e6eee4be698680edcafad6c86cb0
2019-05-18 21:27:16 +02:00
Umherirrender 9bc797453e Swap ternary check for if statement
isset is not needed to check for null
and if is used, because the else branch is not needed

Change-Id: I3069ac43911101aa500c4897d419dca68f968040
2019-03-14 19:54:36 +01:00
libraryupgrader 87715809bb build: Updating mediawiki/mediawiki-codesniffer to 24.0.0
Change-Id: I4650b34b2c6d18cae2bf4650aaf423810fb96457
2019-02-06 12:04:20 +00:00
Ed Sanders 423234cb77 Convert SimpleCaptcha to OOUI
Change-Id: Ic904b53b2ac489be572f4b6096ddc8c92c482a59
2018-12-12 11:51:38 +00:00
C. Scott Ananian 7b4a11d0ca Replace deprecated OutputPage::parse()
The OutputPage::parse() method emits untidy output and is often used
with the wrong user interface/content language selection.  Replace
with Message::parseAsBlock() which was tidied in
I0f417f75a49dfea873e9a2f44d81796a48b9f428.

Bug: T198214
Change-Id: If1f0887ccd447e725fafbfcd842866c35ebb1a7e
2018-10-26 18:57:57 +00:00
C. Scott Ananian d22d1e88f4 Replace deprecated untidy OutputPage::addWikiText() method
The replacement OutputPage::addWikiMsg() method is ancient, and so
no bump to the minimum required MW version is needed.

Bug: T198214
Change-Id: I082bfb4585632dc37464d04aa93938ca05a9fdd0
2018-10-17 12:46:25 -04:00
C. Scott Ananian 0312de771d Only expand {{...}} in messages once
If we're going to call `OutputPage::addWikiText` to parse the message,
we don't need to pre-expand `{{...}}` markup using `Message::text()`
before passing it to the parser; `Message::plain()` works fine.  This
makes these callsites consistent with how `OutputPage::addWikiMsg()`
inserts messages.

Bug: T206574
Change-Id: Ic6e9c24139613f9c46e814f630c08d5a52789032
2018-10-11 09:32:49 -04:00
libraryupgrader f852bdb403 build: Updating mediawiki/mediawiki-codesniffer to 22.0.0
Change-Id: I69c8746bafc4f0a39cc007db6a221d206c89c522
2018-09-03 00:12:31 +00:00
Stephane Bisson 93818fe9d1 Make shouldCheck public again
Follow up Ie956fe86184535a376d0398483ac3c853fa9127c

Make SimpleCaptcha::shouldCheck public since it is
called by Flow/includes/SpamFilter/ConfirmEdit.php(35)
and is now failing in production.

Bug: T199811
Change-Id: I85a813aaa06b896266c320089e24ca2e5e81d0ee
2018-07-17 11:27:48 -04:00
Max Semenik 5b7a36a521 Clean up some phpcs problems
Change-Id: Ie956fe86184535a376d0398483ac3c853fa9127c
2018-07-12 23:13:58 +00:00
libraryupgrader d80dc20133 build: Updating mediawiki/mediawiki-codesniffer to 20.0.0
Change-Id: I325d3664bb6087ed457031bf7ec5301d2fae823c
2018-05-26 01:41:30 +00:00