Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 192 |
|
0.00% |
0 / 10 |
CRAP | |
0.00% |
0 / 1 |
| BlockedExternalDomains | |
0.00% |
0 / 192 |
|
0.00% |
0 / 10 |
756 | |
0.00% |
0 / 1 |
| __construct | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
2 | |||
| execute | |
0.00% |
0 / 14 |
|
0.00% |
0 / 1 |
30 | |||
| showList | |
0.00% |
0 / 67 |
|
0.00% |
0 / 1 |
42 | |||
| doDomainRow | |
0.00% |
0 / 18 |
|
0.00% |
0 / 1 |
12 | |||
| showRemoveForm | |
0.00% |
0 / 29 |
|
0.00% |
0 / 1 |
6 | |||
| processRemoveForm | |
0.00% |
0 / 15 |
|
0.00% |
0 / 1 |
12 | |||
| showAddForm | |
0.00% |
0 / 28 |
|
0.00% |
0 / 1 |
6 | |||
| processAddForm | |
0.00% |
0 / 15 |
|
0.00% |
0 / 1 |
12 | |||
| getGroupName | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| isListed | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| 1 | <?php |
| 2 | /** |
| 3 | * This program is free software; you can redistribute it and/or modify |
| 4 | * it under the terms of the GNU General Public License as published by |
| 5 | * the Free Software Foundation; either version 2 of the License, or |
| 6 | * (at your option) any later version. |
| 7 | * |
| 8 | * This program is distributed in the hope that it will be useful, |
| 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 11 | * GNU General Public License for more details. |
| 12 | * |
| 13 | * You should have received a copy of the GNU General Public License along |
| 14 | * with this program; if not, write to the Free Software Foundation, Inc., |
| 15 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
| 16 | * http://www.gnu.org/copyleft/gpl.html |
| 17 | * |
| 18 | * @file |
| 19 | */ |
| 20 | namespace MediaWiki\Extension\AbuseFilter\Special; |
| 21 | |
| 22 | use MediaWiki\Exception\ErrorPageError; |
| 23 | use MediaWiki\Exception\PermissionsError; |
| 24 | use MediaWiki\Extension\AbuseFilter\BlockedDomains\BlockedDomainValidator; |
| 25 | use MediaWiki\Extension\AbuseFilter\BlockedDomains\IBlockedDomainStorage; |
| 26 | use MediaWiki\Html\Html; |
| 27 | use MediaWiki\HTMLForm\HTMLForm; |
| 28 | use MediaWiki\SpecialPage\SpecialPage; |
| 29 | use MediaWiki\Title\TitleValue; |
| 30 | use Wikimedia\ObjectCache\WANObjectCache; |
| 31 | use Wikimedia\Rdbms\IDBAccessObject; |
| 32 | |
| 33 | /** |
| 34 | * List and manage blocked external domains |
| 35 | * |
| 36 | * @ingroup SpecialPage |
| 37 | */ |
| 38 | class BlockedExternalDomains extends SpecialPage { |
| 39 | private IBlockedDomainStorage $blockedDomainStorage; |
| 40 | private BlockedDomainValidator $blockedDomainValidator; |
| 41 | private WANObjectCache $wanCache; |
| 42 | |
| 43 | public function __construct( |
| 44 | IBlockedDomainStorage $blockedDomainStorage, |
| 45 | BlockedDomainValidator $blockedDomainValidator, |
| 46 | WANObjectCache $wanCache |
| 47 | ) { |
| 48 | parent::__construct( 'BlockedExternalDomains' ); |
| 49 | $this->blockedDomainStorage = $blockedDomainStorage; |
| 50 | $this->blockedDomainValidator = $blockedDomainValidator; |
| 51 | $this->wanCache = $wanCache; |
| 52 | } |
| 53 | |
| 54 | /** @inheritDoc */ |
| 55 | public function execute( $par ) { |
| 56 | if ( !$this->getConfig()->get( 'AbuseFilterEnableBlockedExternalDomain' ) ) { |
| 57 | throw new ErrorPageError( 'abusefilter-disabled', 'disabledspecialpage-disabled' ); |
| 58 | } |
| 59 | $this->setHeaders(); |
| 60 | $this->outputHeader(); |
| 61 | $this->addHelpLink( 'Manual:BlockedExternalDomains' ); |
| 62 | |
| 63 | $request = $this->getRequest(); |
| 64 | switch ( $par ) { |
| 65 | case 'remove': |
| 66 | $this->showRemoveForm( $request->getVal( 'domain' ) ); |
| 67 | break; |
| 68 | case 'add': |
| 69 | $this->showAddForm( $request->getVal( 'domain' ) ); |
| 70 | break; |
| 71 | default: |
| 72 | $this->showList(); |
| 73 | break; |
| 74 | } |
| 75 | } |
| 76 | |
| 77 | private function showList() { |
| 78 | $out = $this->getOutput(); |
| 79 | $out->setPageTitleMsg( $this->msg( 'abusefilter-blocked-domains-title' ) ); |
| 80 | $out->wrapWikiMsg( "$1", 'abusefilter-blocked-domains-intro' ); |
| 81 | |
| 82 | // Direct editing of this page is blocked via EditPermissionHandler |
| 83 | $userCanManage = $this->getAuthority()->isAllowed( 'abusefilter-modify-blocked-external-domains' ); |
| 84 | |
| 85 | // Show form to add a blocked domain |
| 86 | if ( $userCanManage ) { |
| 87 | $fields = [ |
| 88 | 'Domain' => [ |
| 89 | 'type' => 'text', |
| 90 | 'label' => $this->msg( 'abusefilter-blocked-domains-domain' )->plain(), |
| 91 | 'required' => true, |
| 92 | ], |
| 93 | 'Notes' => [ |
| 94 | 'type' => 'text', |
| 95 | 'maxlength' => 255, |
| 96 | 'label' => $this->msg( 'abusefilter-blocked-domains-notes' )->plain(), |
| 97 | 'size' => 250, |
| 98 | ], |
| 99 | ]; |
| 100 | |
| 101 | HTMLForm::factory( 'ooui', $fields, $this->getContext() ) |
| 102 | ->setAction( $this->getPageTitle( 'add' )->getLocalURL() ) |
| 103 | ->setWrapperLegendMsg( 'abusefilter-blocked-domains-add-heading' ) |
| 104 | ->setHeaderHtml( $this->msg( 'abusefilter-blocked-domains-add-explanation' )->parseAsBlock() ) |
| 105 | ->setSubmitCallback( [ $this, 'processAddForm' ] ) |
| 106 | ->setSubmitTextMsg( 'abusefilter-blocked-domains-add-submit' ) |
| 107 | ->show(); |
| 108 | |
| 109 | if ( $out->getRedirect() !== '' ) { |
| 110 | return; |
| 111 | } |
| 112 | } |
| 113 | |
| 114 | $res = $this->blockedDomainStorage->loadConfig( IDBAccessObject::READ_LATEST ); |
| 115 | if ( !$res->isGood() ) { |
| 116 | return; |
| 117 | } |
| 118 | |
| 119 | $content = Html::element( 'th', [], $this->msg( 'abusefilter-blocked-domains-domain-header' )->text() ) . |
| 120 | Html::element( 'th', [], $this->msg( 'abusefilter-blocked-domains-notes-header' )->text() ); |
| 121 | if ( $userCanManage ) { |
| 122 | $content .= Html::element( |
| 123 | 'th', |
| 124 | [], |
| 125 | $this->msg( 'abusefilter-blocked-domains-addedby-header' )->text() |
| 126 | ); |
| 127 | $content .= Html::element( |
| 128 | 'th', |
| 129 | [ 'class' => 'unsortable' ], |
| 130 | $this->msg( 'abusefilter-blocked-domains-actions-header' )->text() |
| 131 | ); |
| 132 | } |
| 133 | $thead = Html::rawElement( 'tr', [], $content ); |
| 134 | |
| 135 | // Parsing each row is expensive, put it behind WAN cache |
| 136 | // with md5 checksum, we make sure changes to the domain list |
| 137 | // invalidate the cache |
| 138 | $cacheKey = $this->wanCache->makeKey( |
| 139 | 'abuse-filter-special-blocked-external-domains-rows', |
| 140 | md5( json_encode( $res->getValue() ) ), |
| 141 | (int)$userCanManage |
| 142 | ); |
| 143 | $tbody = $this->wanCache->getWithSetCallback( |
| 144 | $cacheKey, |
| 145 | WANObjectCache::TTL_DAY, |
| 146 | function () use ( $res, $userCanManage ) { |
| 147 | $tbody = ''; |
| 148 | foreach ( $res->getValue() as $domain ) { |
| 149 | $tbody .= $this->doDomainRow( $domain, $userCanManage ); |
| 150 | } |
| 151 | return $tbody; |
| 152 | } |
| 153 | ); |
| 154 | |
| 155 | $out->addModuleStyles( [ 'jquery.tablesorter.styles', 'mediawiki.pager.styles' ] ); |
| 156 | $out->addModules( 'jquery.tablesorter' ); |
| 157 | $out->addHTML( Html::rawElement( |
| 158 | 'table', |
| 159 | [ 'class' => 'mw-datatable sortable' ], |
| 160 | Html::rawElement( 'thead', [], $thead ) . |
| 161 | Html::rawElement( 'tbody', [], $tbody ) |
| 162 | ) ); |
| 163 | } |
| 164 | |
| 165 | /** |
| 166 | * Show the row in the table |
| 167 | * |
| 168 | * @param array $domain domain data |
| 169 | * @param bool $showManageActions whether to add manage actions |
| 170 | * @return string HTML for the row |
| 171 | */ |
| 172 | private function doDomainRow( $domain, $showManageActions ) { |
| 173 | $newRow = Html::rawElement( 'td', [], Html::element( 'code', [], $domain['domain'] ) ); |
| 174 | |
| 175 | $newRow .= Html::rawElement( 'td', [], $this->getOutput()->parseInlineAsInterface( $domain['notes'] ) ); |
| 176 | |
| 177 | if ( $showManageActions ) { |
| 178 | if ( isset( $domain['addedBy'] ) ) { |
| 179 | $addedBy = $this->getLinkRenderer()->makeLink( |
| 180 | new TitleValue( 3, $domain['addedBy'] ), |
| 181 | $domain['addedBy'] |
| 182 | ); |
| 183 | } else { |
| 184 | $addedBy = ''; |
| 185 | } |
| 186 | $newRow .= Html::rawElement( 'td', [], $addedBy ); |
| 187 | |
| 188 | $actionLink = $this->getLinkRenderer()->makeKnownLink( |
| 189 | $this->getPageTitle( 'remove' ), |
| 190 | $this->msg( 'abusefilter-blocked-domains-remove' )->text(), |
| 191 | [], |
| 192 | [ 'domain' => $domain['domain'] ] |
| 193 | ); |
| 194 | $newRow .= Html::rawElement( 'td', [], $actionLink ); |
| 195 | } |
| 196 | |
| 197 | return Html::rawElement( 'tr', [], $newRow ) . "\n"; |
| 198 | } |
| 199 | |
| 200 | /** |
| 201 | * Show form for removing a domain from the blocked list |
| 202 | * |
| 203 | * @param string $domain |
| 204 | * @return void |
| 205 | */ |
| 206 | private function showRemoveForm( $domain ) { |
| 207 | if ( !$this->getAuthority()->isAllowed( 'editsitejson' ) ) { |
| 208 | throw new PermissionsError( 'editsitejson' ); |
| 209 | } |
| 210 | |
| 211 | $out = $this->getOutput(); |
| 212 | $out->setPageTitleMsg( $this->msg( 'abusefilter-blocked-domains-remove-title' ) ); |
| 213 | $out->addBacklinkSubtitle( $this->getPageTitle() ); |
| 214 | |
| 215 | $preText = $this->msg( 'abusefilter-blocked-domains-remove-explanation-initial', $domain )->parseAsBlock(); |
| 216 | |
| 217 | $fields = [ |
| 218 | 'Domain' => [ |
| 219 | 'type' => 'text', |
| 220 | 'label' => $this->msg( 'abusefilter-blocked-domains-domain' )->plain(), |
| 221 | 'required' => true, |
| 222 | 'default' => $domain, |
| 223 | ], |
| 224 | 'Notes' => [ |
| 225 | 'type' => 'text', |
| 226 | 'maxlength' => 255, |
| 227 | 'label' => $this->msg( 'abusefilter-blocked-domains-notes' )->plain(), |
| 228 | 'size' => 250, |
| 229 | ], |
| 230 | ]; |
| 231 | |
| 232 | HTMLForm::factory( 'ooui', $fields, $this->getContext() ) |
| 233 | ->setAction( $this->getPageTitle( 'remove' )->getLocalURL() ) |
| 234 | ->setSubmitCallback( function ( $data, $form ) { |
| 235 | return $this->processRemoveForm( $data, $form ); |
| 236 | } ) |
| 237 | ->setSubmitTextMsg( 'abusefilter-blocked-domains-remove-submit' ) |
| 238 | ->setSubmitDestructive() |
| 239 | ->addPreHtml( $preText ) |
| 240 | ->show(); |
| 241 | } |
| 242 | |
| 243 | /** |
| 244 | * Process the form for removing a domain from the blocked list |
| 245 | * |
| 246 | * @param array $data request data |
| 247 | * @param HTMLForm $form |
| 248 | * @return bool whether the action was successful or not |
| 249 | */ |
| 250 | public function processRemoveForm( array $data, HTMLForm $form ) { |
| 251 | $out = $form->getContext()->getOutput(); |
| 252 | $domain = $this->blockedDomainValidator->validateDomain( $data['Domain'] ); |
| 253 | if ( $domain === false ) { |
| 254 | $out->wrapWikiTextAsInterface( 'error', 'Invalid URL' ); |
| 255 | return false; |
| 256 | } |
| 257 | |
| 258 | $status = $this->blockedDomainStorage->removeDomain( |
| 259 | $domain, |
| 260 | $data['Notes'] ?? '', |
| 261 | $this->getAuthority() |
| 262 | ); |
| 263 | |
| 264 | if ( !$status->isGood() ) { |
| 265 | $out->wrapWikiTextAsInterface( 'error', 'Save failed' ); |
| 266 | return false; |
| 267 | } |
| 268 | |
| 269 | $out->redirect( $this->getPageTitle()->getLocalURL() ); |
| 270 | return true; |
| 271 | } |
| 272 | |
| 273 | /** |
| 274 | * Show form for adding a domain to the blocked list |
| 275 | * |
| 276 | * @param string $domain |
| 277 | * @return void |
| 278 | */ |
| 279 | private function showAddForm( $domain ) { |
| 280 | if ( !$this->getAuthority()->isAllowed( 'editsitejson' ) ) { |
| 281 | throw new PermissionsError( 'editsitejson' ); |
| 282 | } |
| 283 | |
| 284 | $out = $this->getOutput(); |
| 285 | $out->setPageTitleMsg( $this->msg( "abusefilter-blocked-domains-add-heading" ) ); |
| 286 | $out->addBacklinkSubtitle( $this->getPageTitle() ); |
| 287 | |
| 288 | $preText = $this->msg( "abusefilter-blocked-domains-add-explanation", $domain )->parseAsBlock(); |
| 289 | |
| 290 | $fields = [ |
| 291 | 'Domain' => [ |
| 292 | 'type' => 'text', |
| 293 | 'label' => $this->msg( 'abusefilter-blocked-domains-domain' )->plain(), |
| 294 | 'required' => true, |
| 295 | 'default' => $domain, |
| 296 | ], |
| 297 | 'Notes' => [ |
| 298 | 'type' => 'text', |
| 299 | 'maxlength' => 255, |
| 300 | 'label' => $this->msg( 'abusefilter-blocked-domains-notes' )->plain(), |
| 301 | 'size' => 250, |
| 302 | ], |
| 303 | ]; |
| 304 | |
| 305 | HTMLForm::factory( 'ooui', $fields, $this->getContext() ) |
| 306 | ->setAction( $this->getPageTitle( 'add' )->getLocalURL() ) |
| 307 | ->setSubmitCallback( function ( $data, $form ) { |
| 308 | return $this->processAddForm( $data, $form ); |
| 309 | } ) |
| 310 | ->setSubmitTextMsg( "abusefilter-blocked-domains-add-submit" ) |
| 311 | ->addPreHtml( $preText ) |
| 312 | ->show(); |
| 313 | } |
| 314 | |
| 315 | /** |
| 316 | * Process the form for adding a domain to the blocked list |
| 317 | * |
| 318 | * @param array $data request data |
| 319 | * @param HTMLForm $form |
| 320 | * @return bool whether the action was successful or not |
| 321 | */ |
| 322 | private function processAddForm( array $data, HTMLForm $form ) { |
| 323 | $out = $form->getContext()->getOutput(); |
| 324 | |
| 325 | $domain = $this->blockedDomainValidator->validateDomain( $data['Domain'] ); |
| 326 | if ( $domain === false ) { |
| 327 | $out->wrapWikiTextAsInterface( 'error', 'Invalid URL' ); |
| 328 | return false; |
| 329 | } |
| 330 | $status = $this->blockedDomainStorage->addDomain( |
| 331 | $domain, |
| 332 | $data['Notes'] ?? '', |
| 333 | $this->getAuthority() |
| 334 | ); |
| 335 | |
| 336 | if ( !$status->isGood() ) { |
| 337 | $out->wrapWikiTextAsInterface( 'error', 'Save failed' ); |
| 338 | return false; |
| 339 | } |
| 340 | |
| 341 | $out->redirect( $this->getPageTitle()->getLocalURL() ); |
| 342 | return true; |
| 343 | } |
| 344 | |
| 345 | /** @inheritDoc */ |
| 346 | protected function getGroupName() { |
| 347 | return 'spam'; |
| 348 | } |
| 349 | |
| 350 | /** @inheritDoc */ |
| 351 | public function isListed() { |
| 352 | return $this->getConfig()->get( 'AbuseFilterEnableBlockedExternalDomain' ); |
| 353 | } |
| 354 | } |