Various pieces of the tagging system will break if the tag name contains slashes or commas (e.g. T27151), so that should be checked for.
Recent changes have added the necessary validation to core, so it just needs factoring out there then calling here.
Change 197314 had a related patch set uploaded (by Anomie):
Factor out changetag name validation check
Change 197315 had a related patch set uploaded (by Anomie):
Improve tag name validation
Change 197314 abandoned by Anomie:
Factor out changetag name validation check
Reason:
If someone else wants to pick this up, feel free.
Change 197315 abandoned by Anomie:
Improve tag name validation
Reason:
If someone else wants to pick this up, feel free.
Change 197314 merged by jenkins-bot:
[mediawiki/core@master] Factor out changetag name validation check
On https://gerrit.wikimedia.org/r/#/c/197314/ , I suggested that we change it so all tags must be:
2. One of: 2a. canAddTagsAccompanyingChange (explicit tags + subset of allowed software, also implies that it exists) 2b. Already a defined AbuseFilter tag (this catches the 'already exists' possibility) 2c. canCreate.
I wanted to see if users habitually re-use software-defined tags for their own AbuseFilter tags, and if so how we might (or might not) accommodate it.
I wrote a script to investigate, P5491, which checks for whether software-defined tags are used, and whether the filter is enabled.
Full output: P5492
Grepped for tag names:
grep ',' extension-defined-2017-05-26.txt|grep -Ev 'TorBlockHooks::onListDefinedTags|MassMessageHooks::onRegisterTags|VisualEditorHooks::onListDefinedTags|MobileAppHooks::onListDefinedTags|MobileFrontendHooks::onListDefinedTags|ContentTranslationHooks::registerTags|MWOAuthHooks::getUsedConsumerTags|WikimediaEventsHooks::onListDefinedTags|WikiLoveHooks::onListDefinedTags|Hooks::onListDefinedTags|1 => false|\),'|arc paste
(Sorry, I should have made it possible to grep through properly but by that time it had already been running).
So 'visualeditor-needcheck' is used in one or more enabled AbuseFilter filter on one wiki, but it doesn't seem like this practice is widely used at all. IMHO, this tag is actually a good indication of why it's not good practice unless the extension opts into it (this particular one should be used for round-trip issues detected by VE itself, and wikis can choose another tag for "VE edit with possible issues" with their own criteria).
So I don't think we need to whitelist any additional tags via ChangeTagsAllowedAdd (that tag will keep working on that specific wiki due to the general grand-fathering for tags already being used by AbuseFilter).
Change 359085 had a related patch set uploaded (by Mattflaschen; owner: Mattflaschen):
[mediawiki/core@master] Add | to error message about invalid change tag characters
Change 359085 merged by jenkins-bot:
[mediawiki/core@master] Add | to error message about invalid change tag characters
Change 197315 merged by jenkins-bot:
[mediawiki/extensions/AbuseFilter@master] Improve tag name validation