Tue, Apr 24
Mon, Apr 23
Iaeae672dca66ffc745054daabd6f0eae7dfbc648 resolves the part of the issue that allows saving unchanged filters, but it doesn't address the issue of "Actions" being highlighted in pink even when it is not changed.
@Daimona: In Special:AbuseFilter/history/1 on the top of the page there is a link that reads "Back to filter editor". I think that should be turned into a button (just like the "Create a new filter" link on Special:AbuseFilter which is now a OOUI button).
Fri, Apr 20
@werdna that is something you had added in 2009. Do you have any insight as to when an API call won't come with a title?
@Daimona thanks for working on this. It seems like the only item left is the use of $wgTitle which only in the filterAction() function in AbuseFilter.php and I honestly don't understand why this is necessary.
Thu, Apr 19
@Krinkle: I don't get the errors anymore.
Tue, Apr 17
Isn't it the case that true == 1 and false == 0 as far as AbuseFilter parser handles it? If so, then I don't think the use cases of user_blocked will be impacted because they effectively check if it is equal to 1 or not, and converting to either true/false or true/false/null will not change that (it will, if they use the "identical" operator, which you call "triple-compare", but you already have a bullet point for it).
It will be easy to fix, but it is not worth spending time on. Right now, it is only an aesthetic issue; instead of spending time on it, we should overhaul CU completely.
@Legoktm well then phan should have caught the example I gave, why didn't it?
@MarcoAurelio That is not relevant. abusefilter-hidden-log and abusefilter-hide-log are about the abuse logs. This issue is about when a page (e.g. an article) has a revision that triggered a filter and then was revdel'ed.
Mon, Apr 16
@dmaza we have a few patches that are more than minimal improvements, and we need someone more daring to +2 them, so I'm going to add you as reviewer on those in the next day or so.
Sun, Apr 15
That is weird. AbuseFilter now uses CodeEditor, but CodeEditor is supposed to show you the textarea when JS is not enabled. Somehow, it doesn't (the textarea is there if you look at the page HTML, it is just not visible).
Sat, Apr 14
I think what @Krenair meant was "why not use/inject X-Forward-For to show both the IP that actually did the action (server's) and the IP of the user on whose behalf the server did the action (in this case I guess the blocked user?)
Fri, Apr 13
Wed, Apr 11
I am investigating. I just haven't been able to find the root cause so far. Once I find it, a patch will be submitted.
Of note, @Krinkle has proposed in T187973#3994713 that we should use the tag #wikimedia-site-requests for the query task and he believes that "the task of a global sysop performing on-wiki changes is outside the scope for any Phabricator task" which leaves me unsure as to how to manage that step.
That is what I asked of @Bawolff in one of the other tasks. He responded to my question partially and copied @APalmer_WMF from legal too. I think this whole discussion (of what is the proper way to ask for queries and to fix filters enmass) deserves a task of its own! I will copy all of you in a task I am about to create in a moment!
In the meantine, @Daimona, @matej_suchanek and I have been actively working on AbuseFilter over the last 2-3 months with many patches created and merged. Most of our work is "patchwork" (as opposed to major overhaul) for now. It is best to postpone major overhaul to when either we have stewards or we become seasoned enough in this code to be the stewards,
Tue, Apr 10
I think the number of cases in which this may break a filter is so few that we should go ahead and merge this.
I think it is not a "basic" right per se, so moving there makes sense.
Agreed. So now, what is your plan for analysis of possible regressions?
Reopening. These are two different tasks.
Mon, Apr 9
The next step would be to attain approval from the Security Team. I am not part of that team.
You mean right now 5/2 = 3, right?
@Bawolff since you have helped with other DB queries in the past, I am adding you here. What is the right approach though? Is there a project tag for DB requests like this? And also, should this be converted to a Security task since some of the filters that string() may not be public? And lastly, once we identify them, who are the group of (super)users who can modify these filters enmass?
We need a subtask for the search and modification of the existing filters with a "context" variable in WMF.
Sat, Apr 7
This is related to T44345 in that in both cases, the IP that should be used should be an invalid IP (such as 127.0.0.1) indicating that this is something the server is doing, not something a user is doing.
Fri, Apr 6
I think this needs a (much needed) overhaul of the way AbuseFilter is coded. Quoting @matej_suchanek from an email, the plan could be to split it to a new class (say, AbuseFilterRunner) and cover it with tests.
@kaldari no. That job is only run when a notification is sent. Even though you might think it is safe to assume that there are so many notifications that the job will be called many times a minute, that is only correct for big projects (such as English Wikipedia). Smalller WMF projects (such as newly created wikis) may not have even a single notification for several days, and this makes is theoretically possible for us to retain data beyond the retention period.
Thu, Apr 5
I want to use this opportunity to complain that a clear, step-by-step process for replication WMF's wiki farm is not out there and no matter how much I try to replicate it I cannot do it closely enough.
Wed, Apr 4
I'm happy to quickly modify my patch to put the IP in event_extra as soon as a 90-day purging script is made for Echo and enabled on WMF.
We should also explore to see if there is a hacky way to get the data from MaxMind's free data set indirectly (for example does the City data have a subnet ID)?
After several months of following up with MaxMind folks, I don't have any hope that they will incorporate subnet data into their free dataset. Marking it as stalled, until either MaxMind resolves it on their end or we find a different data source.
I would like this feature to be exclusively coded in CheckUser through hooks. No change to the core.
@Legoktm I like your idea of turning this into a widget. Can you please give me an example of another widget I can model it after?
@Volker_E we have a fundamental problem here.
Tue, Apr 3
I don't know if the tag feature has any accessibility for those who are blind. For colorblindness, we can try to use colors that are distinguishable by most color-blind people, but I get your point and think that color should not be our primary choice.
@Tgr, correct, though perhaps we can start with an on-demand testing and start really small and grow from there only if we see that it is being effective and supported.
@Ladsgroup so, what happened?
Mon, Apr 2
Shouldn't be too hard. Let me take a look at it.
@Aklapper I just copied the same tags form the task about Urdu sign, without thinking hard enough.
The problem occurs with all MediaWiki pages, not just those containing CSS/JS; for instance https://fa.wikipedia.org/wiki/%D9%85%D8%AF%DB%8C%D8%A7%D9%88%DB%8C%DA%A9%DB%8C:Gadgets-definition
Can we modify the form such that flags are part of a MultiselectCheckbox?
Sun, Apr 1
Sat, Mar 31
@Daimona there is a little form at the end of Special:AbuseFilter/# which asks you for the reason to see the private details. That needs to be OOUIfied.
It is easy. Just specify the options parameter for the MenuTagMultiselectWidget (here is an example, search for options: finallList)
Fri, Mar 30
@Nikerabbit good question. My focus is MediaWiki core and it's most commonly used extensions (such as AbuseFilter, CheckUser, CodeEditor, etc.) and most commonly used skins (such as Vector and Monobook), but I am happy to even start more restrictive and only thing about MediaWiki core. And "we" refers to the community of developers that work on these.