Code Coverage for /workspace/src/extensions/AbuseFilter/includes/Special/SpecialAbuseLog.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	1.75% covered (danger)	1.75%	11 / 630	0.00% covered (danger)	0.00%	0 / 18	CRAP	0.00% covered (danger)	0.00%	0 / 1
SpecialAbuseLog	1.75% covered (danger)	1.75%	11 / 630	0.00% covered (danger)	0.00%	0 / 18	12224.76	0.00% covered (danger)	0.00%	0 / 1
__construct	0.00% covered (danger)	0.00%	0 / 12	0.00% covered (danger)	0.00%	0 / 1	2
doesWrites		n/a	0 / 0		n/a	0 / 0	1
getGroupName		n/a	0 / 0		n/a	0 / 0	1
execute	0.00% covered (danger)	0.00%	0 / 20	0.00% covered (danger)	0.00%	0 / 1	72
getShortDescription	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
loadParameters	0.00% covered (danger)	0.00%	0 / 19	0.00% covered (danger)	0.00%	0 / 1	30
getAllFilterableActions	0.00% covered (danger)	0.00%	0 / 9	0.00% covered (danger)	0.00%	0 / 1	2
searchForm	0.00% covered (danger)	0.00%	0 / 109	0.00% covered (danger)	0.00%	0 / 1	56
showHideView	0.00% covered (danger)	0.00%	0 / 8	0.00% covered (danger)	0.00%	0 / 1	2
showList	0.00% covered (danger)	0.00%	0 / 151	0.00% covered (danger)	0.00%	0 / 1	1980
getDeleteButton	0.00% covered (danger)	0.00%	0 / 6	0.00% covered (danger)	0.00%	0 / 1	6
getListToggle	0.00% covered (danger)	0.00%	0 / 3	0.00% covered (danger)	0.00%	0 / 1	6
showDetails	0.00% covered (danger)	0.00%	0 / 94	0.00% covered (danger)	0.00%	0 / 1	156
getPrivateDetailsRow	0.00% covered (danger)	0.00%	0 / 26	0.00% covered (danger)	0.00%	0 / 1	20
buildPrivateDetailsTable	0.00% covered (danger)	0.00%	0 / 115	0.00% covered (danger)	0.00%	0 / 1	20
showPrivateDetails	0.00% covered (danger)	0.00%	0 / 30	0.00% covered (danger)	0.00%	0 / 1	56
checkPrivateDetailsAccessReason	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	6
addPrivateDetailsAccessLogEntry	0.00% covered (danger)	0.00%	0 / 9	0.00% covered (danger)	0.00%	0 / 1	2
getUserLinks	0.00% covered (danger)	0.00%	0 / 5	0.00% covered (danger)	0.00%	0 / 1	6
getEntryVisibilityForUser	91.67% covered (success)	91.67%	11 / 12	0.00% covered (danger)	0.00%	0 / 1	7.03

1	<?php
2
3	namespace MediaWiki\Extension\AbuseFilter\Special;
4
5	use DifferenceEngine;
6	use ExtensionRegistry;
7	use Html;
8	use HTMLForm;
9	use InvalidArgumentException;
10	use Linker;
11	use ListToggle;
12	use ManualLogEntry;
13	use MediaWiki\Cache\LinkBatchFactory;
14	use MediaWiki\Extension\AbuseFilter\AbuseFilterPermissionManager;
15	use MediaWiki\Extension\AbuseFilter\AbuseFilterServices;
16	use MediaWiki\Extension\AbuseFilter\CentralDBNotAvailableException;
17	use MediaWiki\Extension\AbuseFilter\Consequences\ConsequencesRegistry;
18	use MediaWiki\Extension\AbuseFilter\Filter\FilterNotFoundException;
19	use MediaWiki\Extension\AbuseFilter\GlobalNameUtils;
20	use MediaWiki\Extension\AbuseFilter\Pager\AbuseLogPager;
21	use MediaWiki\Extension\AbuseFilter\SpecsFormatter;
22	use MediaWiki\Extension\AbuseFilter\Variables\UnsetVariableException;
23	use MediaWiki\Extension\AbuseFilter\Variables\VariablesBlobStore;
24	use MediaWiki\Extension\AbuseFilter\Variables\VariablesFormatter;
25	use MediaWiki\Extension\AbuseFilter\Variables\VariablesManager;
26	use MediaWiki\Extension\AbuseFilter\View\HideAbuseLog;
27	use MediaWiki\MediaWikiServices;
28	use MediaWiki\Permissions\Authority;
29	use MediaWiki\Permissions\PermissionManager;
30	use MediaWiki\Revision\RevisionRecord;
31	use MediaWiki\User\UserIdentity;
32	use MediaWiki\User\UserIdentityLookup;
33	use MediaWiki\WikiMap\WikiMap;
34	use OOUI\ButtonInputWidget;
35	use SpecialPage;
36	use Status;
37	use stdClass;
38	use Title;
39	use Wikimedia\Rdbms\LBFactory;
40	use Xml;
41
42	class SpecialAbuseLog extends AbuseFilterSpecialPage {
43	public const PAGE_NAME = 'AbuseLog';
44
45	/** Visible entry */
46	public const VISIBILITY_VISIBLE = 'visible';
47	/** Explicitly hidden entry */
48	public const VISIBILITY_HIDDEN = 'hidden';
49	/** Visible entry but the associated revision is hidden */
50	public const VISIBILITY_HIDDEN_IMPLICIT = 'implicit';
51
52	/**
53	* @var string\|null The user whose AbuseLog entries are being searched
54	*/
55	protected $mSearchUser;
56
57	/**
58	* @var string The start time of the search period
59	*/
60	protected $mSearchPeriodStart;
61
62	/**
63	* @var string The end time of the search period
64	*/
65	protected $mSearchPeriodEnd;
66
67	/**
68	* @var string The page of which AbuseLog entries are being searched
69	*/
70	protected $mSearchTitle;
71
72	/**
73	* @var string The action performed by the user
74	*/
75	protected $mSearchAction;
76
77	/**
78	* @var string The action taken by AbuseFilter
79	*/
80	protected $mSearchActionTaken;
81
82	/**
83	* @var string The wiki name where we're performing the search
84	*/
85	protected $mSearchWiki;
86
87	/**
88	* @var string\|null The filter IDs we're looking for. Either a single one, or a pipe-separated list
89	*/
90	protected $mSearchFilter;
91
92	/**
93	* @var string The visibility of entries we're interested in
94	*/
95	protected $mSearchEntries;
96
97	/**
98	* @var string The impact of the user action, i.e. if the change has been saved
99	*/
100	protected $mSearchImpact;
101
102	/** @var string\|null The filter group to search, as defined in $wgAbuseFilterValidGroups */
103	protected $mSearchGroup;
104
105	/** @var LBFactory */
106	private $lbFactory;
107
108	/** @var LinkBatchFactory */
109	private $linkBatchFactory;
110
111	/** @var PermissionManager */
112	private $permissionManager;
113
114	/** @var UserIdentityLookup */
115	private $userIdentityLookup;
116
117	/** @var ConsequencesRegistry */
118	private $consequencesRegistry;
119
120	/** @var VariablesBlobStore */
121	private $varBlobStore;
122
123	/** @var SpecsFormatter */
124	private $specsFormatter;
125
126	/** @var VariablesFormatter */
127	private $variablesFormatter;
128
129	/** @var VariablesManager */
130	private $varManager;
131
132	/**
133	* @param LBFactory $lbFactory
134	* @param LinkBatchFactory $linkBatchFactory
135	* @param PermissionManager $permissionManager
136	* @param UserIdentityLookup $userIdentityLookup
137	* @param AbuseFilterPermissionManager $afPermissionManager
138	* @param ConsequencesRegistry $consequencesRegistry
139	* @param VariablesBlobStore $varBlobStore
140	* @param SpecsFormatter $specsFormatter
141	* @param VariablesFormatter $variablesFormatter
142	* @param VariablesManager $varManager
143	*/
144	public function __construct(
145	LBFactory $lbFactory,
146	LinkBatchFactory $linkBatchFactory,
147	PermissionManager $permissionManager,
148	UserIdentityLookup $userIdentityLookup,
149	AbuseFilterPermissionManager $afPermissionManager,
150	ConsequencesRegistry $consequencesRegistry,
151	VariablesBlobStore $varBlobStore,
152	SpecsFormatter $specsFormatter,
153	VariablesFormatter $variablesFormatter,
154	VariablesManager $varManager
155	) {
156	parent::__construct( self::PAGE_NAME, 'abusefilter-log', $afPermissionManager );
157	$this->lbFactory = $lbFactory;
158	$this->linkBatchFactory = $linkBatchFactory;
159	$this->permissionManager = $permissionManager;
160	$this->userIdentityLookup = $userIdentityLookup;
161	$this->consequencesRegistry = $consequencesRegistry;
162	$this->varBlobStore = $varBlobStore;
163	$this->specsFormatter = $specsFormatter;
164	$this->specsFormatter->setMessageLocalizer( $this );
165	$this->variablesFormatter = $variablesFormatter;
166	$this->variablesFormatter->setMessageLocalizer( $this );
167	$this->varManager = $varManager;
168	}
169
170	/**
171	* @codeCoverageIgnore Merely declarative
172	* @inheritDoc
173	*/
174	public function doesWrites() {
175	return true;
176	}
177
178	/**
179	* @codeCoverageIgnore Merely declarative
180	* @inheritDoc
181	*/
182	protected function getGroupName() {
183	return 'changes';
184	}
185
186	/**
187	* Main routine
188	*
189	* $parameter string is converted into the $args array, which can come in
190	* three shapes:
191	*
192	* An array of size 2: only if the URL is like Special:AbuseLog/private/id
193	* where id is the log identifier. In this case, the private details of the
194	* log (e.g. IP address) will be shown.
195	*
196	* An array of size 1: either the URL is like Special:AbuseLog/id where
197	* the id is log identifier, in which case the details of the log except for
198	* private bits (e.g. IP address) are shown, or Special:AbuseLog/hide for hiding entries,
199	* or the URL is incomplete as in Special:AbuseLog/private (without speciying id),
200	* in which case a warning is shown to the user
201	*
202	* An array of size 0 when URL is like Special:AbuseLog or an array of size
203	* 1 when the URL is like Special:AbuseFilter/ (i.e. without anything after
204	* the slash). Otherwise, the abuse logs are shown as a list, with a search form above the list.
205	*
206	* @param string\|null $parameter URL parameters
207	*/
208	public function execute( $parameter ) {
209	$out = $this->getOutput();
210
211	$this->addNavigationLinks( 'log' );
212
213	$this->setHeaders();
214	$this->addHelpLink( 'Extension:AbuseFilter' );
215	$this->loadParameters();
216
217	$out->disableClientCache();
218
219	$out->addModuleStyles( 'ext.abuseFilter' );
220
221	$this->checkPermissions();
222
223	$args = $parameter !== null ? explode( '/', $parameter ) : [];
224
225	if ( count( $args ) === 2 && $args[0] === 'private' ) {
226	$this->showPrivateDetails( (int)$args[1] );
227	} elseif ( count( $args ) === 1 && $args[0] !== '' ) {
228	if ( $args[0] === 'private' ) {
229	$out->addWikiMsg( 'abusefilter-invalid-request-noid' );
230	} elseif ( $args[0] === 'hide' ) {
231	$this->showHideView();
232	} else {
233	$this->showDetails( $args[0] );
234	}
235	} else {
236	$this->outputHeader( 'abusefilter-log-summary' );
237	$this->searchForm();
238	$this->showList();
239	}
240	}
241
242	/**
243	* @inheritDoc
244	*/
245	public function getShortDescription( string $path = '' ): string {
246	return $this->msg( 'abusefilter-topnav-log' )->text();
247	}
248
249	/**
250	* Loads parameters from request
251	*/
252	public function loadParameters() {
253	$request = $this->getRequest();
254
255	$searchUsername = trim( $request->getText( 'wpSearchUser' ) );
256	$userTitle = Title::newFromText( $searchUsername, NS_USER );
257	$this->mSearchUser = $userTitle ? $userTitle->getText() : null;
258	if ( $this->getConfig()->get( 'AbuseFilterIsCentral' ) ) {
259	$this->mSearchWiki = $request->getText( 'wpSearchWiki' );
260	}
261
262	$this->mSearchPeriodStart = $request->getText( 'wpSearchPeriodStart' );
263	$this->mSearchPeriodEnd = $request->getText( 'wpSearchPeriodEnd' );
264	$this->mSearchTitle = $request->getText( 'wpSearchTitle' );
265
266	$this->mSearchFilter = null;
267	$this->mSearchGroup = null;
268	if ( $this->afPermissionManager->canSeeLogDetails( $this->getAuthority() ) ) {
269	$this->mSearchFilter = $request->getText( 'wpSearchFilter' );
270	if ( count( $this->getConfig()->get( 'AbuseFilterValidGroups' ) ) > 1 ) {
271	$this->mSearchGroup = $request->getText( 'wpSearchGroup' );
272	}
273	}
274
275	$this->mSearchAction = $request->getText( 'wpSearchAction' );
276	$this->mSearchActionTaken = $request->getText( 'wpSearchActionTaken' );
277	$this->mSearchEntries = $request->getText( 'wpSearchEntries' );
278	$this->mSearchImpact = $request->getText( 'wpSearchImpact' );
279	}
280
281	/**
282	* @return string[]
283	*/
284	private function getAllFilterableActions() {
285	return [
286	'edit',
287	'move',
288	'upload',
289	'stashupload',
290	'delete',
291	'createaccount',
292	'autocreateaccount',
293	];
294	}
295
296	/**
297	* Builds the search form
298	*/
299	public function searchForm() {
300	$performer = $this->getAuthority();
301	$formDescriptor = [
302	'SearchUser' => [
303	'label-message' => 'abusefilter-log-search-user',
304	'type' => 'user',
305	'ipallowed' => true,
306	'default' => $this->mSearchUser,
307	],
308	'SearchPeriodStart' => [
309	'label-message' => 'abusefilter-test-period-start',
310	'type' => 'datetime',
311	'default' => $this->mSearchPeriodStart
312	],
313	'SearchPeriodEnd' => [
314	'label-message' => 'abusefilter-test-period-end',
315	'type' => 'datetime',
316	'default' => $this->mSearchPeriodEnd
317	],
318	'SearchTitle' => [
319	'label-message' => 'abusefilter-log-search-title',
320	'type' => 'title',
321	'interwiki' => false,
322	'default' => $this->mSearchTitle,
323	'required' => false
324	],
325	'SearchImpact' => [
326	'label-message' => 'abusefilter-log-search-impact',
327	'type' => 'select',
328	'options' => [
329	$this->msg( 'abusefilter-log-search-impact-all' )->text() => 0,
330	$this->msg( 'abusefilter-log-search-impact-saved' )->text() => 1,
331	$this->msg( 'abusefilter-log-search-impact-not-saved' )->text() => 2,
332	],
333	],
334	];
335	$filterableActions = $this->getAllFilterableActions();
336	$actions = array_combine( $filterableActions, $filterableActions );
337	ksort( $actions );
338	$actions = array_merge(
339	[ $this->msg( 'abusefilter-log-search-action-any' )->text() => 'any' ],
340	$actions,
341	[ $this->msg( 'abusefilter-log-search-action-other' )->text() => 'other' ]
342	);
343	$formDescriptor['SearchAction'] = [
344	'label-message' => 'abusefilter-log-search-action-label',
345	'type' => 'select',
346	'options' => $actions,
347	'default' => 'any',
348	];
349	$options = [];
350	foreach ( $this->consequencesRegistry->getAllActionNames() as $action ) {
351	$key = $this->specsFormatter->getActionDisplay( $action );
352	$options[$key] = $action;
353	}
354	ksort( $options );
355	$options = array_merge(
356	[ $this->msg( 'abusefilter-log-search-action-taken-any' )->text() => '' ],
357	$options,
358	[ $this->msg( 'abusefilter-log-noactions-filter' )->text() => 'noactions' ]
359	);
360	$formDescriptor['SearchActionTaken'] = [
361	'label-message' => 'abusefilter-log-search-action-taken-label',
362	'type' => 'select',
363	'options' => $options,
364	];
365	if ( $this->afPermissionManager->canSeeHiddenLogEntries( $performer ) ) {
366	$formDescriptor['SearchEntries'] = [
367	'type' => 'select',
368	'label-message' => 'abusefilter-log-search-entries-label',
369	'options' => [
370	$this->msg( 'abusefilter-log-search-entries-all' )->text() => 0,
371	$this->msg( 'abusefilter-log-search-entries-hidden' )->text() => 1,
372	$this->msg( 'abusefilter-log-search-entries-visible' )->text() => 2,
373	],
374	];
375	}
376
377	if ( $this->afPermissionManager->canSeeLogDetails( $performer ) ) {
378	$groups = $this->getConfig()->get( 'AbuseFilterValidGroups' );
379	if ( count( $groups ) > 1 ) {
380	$options = array_merge(
381	[ $this->msg( 'abusefilter-log-search-group-any' )->text() => 0 ],
382	array_combine( $groups, $groups )
383	);
384	$formDescriptor['SearchGroup'] = [
385	'label-message' => 'abusefilter-log-search-group',
386	'type' => 'select',
387	'options' => $options
388	];
389	}
390	$helpmsg = $this->getConfig()->get( 'AbuseFilterIsCentral' )
391	? $this->msg( 'abusefilter-log-search-filter-help-central' )->escaped()
392	: $this->msg( 'abusefilter-log-search-filter-help' )
393	->params( GlobalNameUtils::GLOBAL_FILTER_PREFIX )->escaped();
394	$formDescriptor['SearchFilter'] = [
395	'label-message' => 'abusefilter-log-search-filter',
396	'type' => 'text',
397	'default' => $this->mSearchFilter,
398	'help' => $helpmsg
399	];
400	}
401	if ( $this->getConfig()->get( 'AbuseFilterIsCentral' ) ) {
402	// @todo Add free form input for wiki name. Would be nice to generate
403	// a select with unique names in the db at some point.
404	$formDescriptor['SearchWiki'] = [
405	'label-message' => 'abusefilter-log-search-wiki',
406	'type' => 'text',
407	'default' => $this->mSearchWiki,
408	];
409	}
410
411	HTMLForm::factory( 'ooui', $formDescriptor, $this->getContext() )
412	->setWrapperLegendMsg( 'abusefilter-log-search' )
413	->setSubmitTextMsg( 'abusefilter-log-search-submit' )
414	->setMethod( 'get' )
415	->setCollapsibleOptions( true )
416	->prepareForm()
417	->displayForm( false );
418	}
419
420	private function showHideView() {
421	$view = new HideAbuseLog(
422	$this->lbFactory,
423	$this->afPermissionManager,
424	$this->getContext(),
425	$this->getLinkRenderer(),
426	self::PAGE_NAME
427	);
428	$view->show();
429	}
430
431	/**
432	* Shows the results list
433	*/
434	public function showList() {
435	$out = $this->getOutput();
436	$performer = $this->getAuthority();
437
438	// Generate conditions list.
439	$conds = [];
440
441	if ( $this->mSearchUser !== null ) {
442	$searchedUser = $this->userIdentityLookup->getUserIdentityByName( $this->mSearchUser );
443
444	if ( !$searchedUser ) {
445	$conds['afl_user'] = 0;
446	$conds['afl_user_text'] = $this->mSearchUser;
447	} else {
448	$conds['afl_user'] = $searchedUser->getId();
449	$conds['afl_user_text'] = $searchedUser->getName();
450	}
451	}
452
453	$dbr = $this->lbFactory->getReplicaDatabase();
454	if ( $this->mSearchPeriodStart ) {
455	$conds[] = 'afl_timestamp >= ' .
456	$dbr->addQuotes( $dbr->timestamp( strtotime( $this->mSearchPeriodStart ) ) );
457	}
458
459	if ( $this->mSearchPeriodEnd ) {
460	$conds[] = 'afl_timestamp <= ' .
461	$dbr->addQuotes( $dbr->timestamp( strtotime( $this->mSearchPeriodEnd ) ) );
462	}
463
464	if ( $this->mSearchWiki ) {
465	if ( $this->mSearchWiki === WikiMap::getCurrentWikiDbDomain()->getId() ) {
466	$conds['afl_wiki'] = null;
467	} else {
468	$conds['afl_wiki'] = $this->mSearchWiki;
469	}
470	}
471
472	$groupFilters = [];
473	if ( $this->mSearchGroup ) {
474	$groupFilters = $dbr->selectFieldValues(
475	'abuse_filter',
476	'af_id',
477	[ 'af_group' => $this->mSearchGroup ],
478	__METHOD__
479	);
480	}
481
482	$searchFilters = [];
483	if ( $this->mSearchFilter ) {
484	$rawFilters = array_map( 'trim', explode( '\|', $this->mSearchFilter ) );
485	// Map of [ [ id, global ], ... ]
486	$filtersList = [];
487	$foundInvalid = false;
488	foreach ( $rawFilters as $filter ) {
489	try {
490	$filtersList[] = GlobalNameUtils::splitGlobalName( $filter );
491	} catch ( InvalidArgumentException $e ) {
492	$foundInvalid = true;
493	continue;
494	}
495	}
496
497	// if a filter is hidden, users who can't view private filters should
498	// not be able to find log entries generated by it.
499	if ( !$this->afPermissionManager->canViewPrivateFiltersLogs( $performer ) ) {
500	$searchedForPrivate = false;
501	foreach ( $filtersList as $index => $filterData ) {
502	try {
503	$filter = AbuseFilterServices::getFilterLookup()->getFilter( ...$filterData );
504	} catch ( FilterNotFoundException $_ ) {
505	unset( $filtersList[$index] );
506	$foundInvalid = true;
507	continue;
508	}
509	if ( $filter->isHidden() ) {
510	unset( $filtersList[$index] );
511	$searchedForPrivate = true;
512	}
513	}
514	if ( $searchedForPrivate ) {
515	$out->addWikiMsg( 'abusefilter-log-private-not-included' );
516	}
517	}
518
519	if ( $foundInvalid ) {
520	// @todo Tell what the invalid IDs are
521	$out->addHTML(
522	Html::rawElement(
523	'p',
524	[],
525	Html::warningBox( $this->msg( 'abusefilter-log-invalid-filter' )->escaped() )
526	)
527	);
528	}
529
530	foreach ( $filtersList as $filterData ) {
531	$searchFilters[] = GlobalNameUtils::buildGlobalName( ...$filterData );
532	}
533	}
534
535	$searchIDs = null;
536	if ( $this->mSearchGroup && !$this->mSearchFilter ) {
537	$searchIDs = $groupFilters;
538	} elseif ( !$this->mSearchGroup && $this->mSearchFilter ) {
539	$searchIDs = $searchFilters;
540	} elseif ( $this->mSearchGroup && $this->mSearchFilter ) {
541	$searchIDs = array_intersect( $groupFilters, $searchFilters );
542	}
543
544	if ( $searchIDs !== null ) {
545	if ( !count( $searchIDs ) ) {
546	$out->addWikiMsg( 'abusefilter-log-noresults' );
547	return;
548	}
549
550	$filterConds = [ 'local' => [], 'global' => [] ];
551	foreach ( $searchIDs as $filter ) {
552	list( $filterID, $isGlobal ) = GlobalNameUtils::splitGlobalName( $filter );
553	$key = $isGlobal ? 'global' : 'local';
554	$filterConds[$key][] = $filterID;
555	}
556	$filterWhere = [];
557	if ( $filterConds['local'] ) {
558	$filterWhere[] = $dbr->makeList(
559	[ 'afl_global' => 0, 'afl_filter_id' => $filterConds['local'] ],
560	LIST_AND
561	);
562	}
563	if ( $filterConds['global'] ) {
564	$filterWhere[] = $dbr->makeList(
565	[ 'afl_global' => 1, 'afl_filter_id' => $filterConds['global'] ],
566	LIST_AND
567	);
568	}
569	$conds[] = $dbr->makeList( $filterWhere, LIST_OR );
570	}
571
572	$searchTitle = Title::newFromText( $this->mSearchTitle );
573	if ( $searchTitle ) {
574	$conds['afl_namespace'] = $searchTitle->getNamespace();
575	$conds['afl_title'] = $searchTitle->getDBkey();
576	}
577
578	if ( $this->afPermissionManager->canSeeHiddenLogEntries( $performer ) ) {
579	if ( $this->mSearchEntries === '1' ) {
580	$conds['afl_deleted'] = 1;
581	} elseif ( $this->mSearchEntries === '2' ) {
582	$conds['afl_deleted'] = 0;
583	}
584	}
585
586	if ( in_array( $this->mSearchImpact, [ '1', '2' ] ) ) {
587	$unsuccessfulActionConds = 'afl_rev_id IS NULL';
588	if ( $this->mSearchImpact === '1' ) {
589	$conds[] = "NOT ( $unsuccessfulActionConds )";
590	} else {
591	$conds[] = $unsuccessfulActionConds;
592	}
593	}
594
595	if ( $this->mSearchActionTaken ) {
596	if ( in_array( $this->mSearchActionTaken, $this->consequencesRegistry->getAllActionNames() ) ) {
597	$list = [ 'afl_actions' => $this->mSearchActionTaken ];
598	$list[] = 'afl_actions' . $dbr->buildLike(
599	$this->mSearchActionTaken, ',', $dbr->anyString() );
600	$list[] = 'afl_actions' . $dbr->buildLike(
601	$dbr->anyString(), ',', $this->mSearchActionTaken );
602	$list[] = 'afl_actions' . $dbr->buildLike(
603	$dbr->anyString(),
604	',', $this->mSearchActionTaken, ',',
605	$dbr->anyString()
606	);
607	$conds[] = $dbr->makeList( $list, LIST_OR );
608	} elseif ( $this->mSearchActionTaken === 'noactions' ) {
609	$conds['afl_actions'] = '';
610	}
611	}
612
613	if ( $this->mSearchAction ) {
614	$filterableActions = $this->getAllFilterableActions();
615	if ( in_array( $this->mSearchAction, $filterableActions ) ) {
616	$conds['afl_action'] = $this->mSearchAction;
617	} elseif ( $this->mSearchAction === 'other' ) {
618	$list = $dbr->makeList( [ 'afl_action' => $filterableActions ], LIST_OR );
619	$conds[] = "NOT ( $list )";
620	}
621	}
622
623	$pager = new AbuseLogPager(
624	$this->getContext(),
625	$this->getLinkRenderer(),
626	$conds,
627	$this->linkBatchFactory,
628	$this->permissionManager,
629	$this->afPermissionManager,
630	$this->getName()
631	);
632	$pager->doQuery();
633	$result = $pager->getResult();
634
635	$form = Xml::tags(
636	'form',
637	[
638	'method' => 'GET',
639	'action' => $this->getPageTitle( 'hide' )->getLocalURL()
640	],
641	$this->getDeleteButton() . $this->getListToggle() .
642	Xml::tags( 'ul', [ 'class' => 'plainlinks' ], $pager->getBody() ) .
643	$this->getListToggle() . $this->getDeleteButton()
644	);
645
646	if ( $result && $result->numRows() !== 0 ) {
647	$out->addModuleStyles( 'mediawiki.interface.helpers.styles' );
648	$out->addHTML( $pager->getNavigationBar() . $form . $pager->getNavigationBar() );
649	} else {
650	$out->addWikiMsg( 'abusefilter-log-noresults' );
651	}
652	}
653
654	/**
655	* Returns the HTML for a button to hide selected entries
656	*
657	* @return string\|ButtonInputWidget
658	*/
659	private function getDeleteButton() {
660	if ( !$this->afPermissionManager->canHideAbuseLog( $this->getAuthority() ) ) {
661	return '';
662	}
663	return new ButtonInputWidget( [
664	'label' => $this->msg( 'abusefilter-log-hide-entries' )->text(),
665	'type' => 'submit'
666	] );
667	}
668
669	/**
670	* Get the All / Invert / None options provided by
671	* ToggleList.php to mass select the checkboxes.
672	*
673	* @return string
674	*/
675	private function getListToggle() {
676	if ( !$this->afPermissionManager->canHideAbuseLog( $this->getUser() ) ) {
677	return '';
678	}
679	return ( new ListToggle( $this->getOutput() ) )->getHtml();
680	}
681
682	/**
683	* @param string\|int $id
684	* @suppress SecurityCheck-SQLInjection
685	*/
686	public function showDetails( $id ) {
687	$out = $this->getOutput();
688	$performer = $this->getAuthority();
689
690	$pager = new AbuseLogPager(
691	$this->getContext(),
692	$this->getLinkRenderer(),
693	[],
694	$this->linkBatchFactory,
695	$this->permissionManager,
696	$this->afPermissionManager,
697	$this->getName()
698	);
699
700	[
701	'tables' => $tables,
702	'fields' => $fields,
703	'join_conds' => $join_conds,
704	] = $pager->getQueryInfo();
705
706	$dbr = $this->lbFactory->getReplicaDatabase();
707	$row = $dbr->selectRow(
708	$tables,
709	$fields,
710	[ 'afl_id' => $id ],
711	__METHOD__,
712	[],
713	$join_conds
714	);
715
716	$error = null;
717	if ( !$row ) {
718	$error = 'abusefilter-log-nonexistent';
719	} else {
720	$filterID = $row->afl_filter_id;
721	$global = $row->afl_global;
722
723	if ( $global ) {
724	try {
725	$filter_hidden = AbuseFilterServices::getFilterLookup()->getFilter( $filterID, $global )
726	->isHidden();
727	} catch ( CentralDBNotAvailableException $_ ) {
728	// Conservatively assume that it's hidden, like in formatRow
729	$filter_hidden = true;
730	}
731	} else {
732	$filter_hidden = $row->af_hidden;
733	}
734
735	if ( !$this->afPermissionManager->canSeeLogDetailsForFilter( $performer, $filter_hidden ) ) {
736	$error = 'abusefilter-log-cannot-see-details';
737	} else {
738	$visibility = self::getEntryVisibilityForUser( $row, $performer, $this->afPermissionManager );
739	if ( $visibility === self::VISIBILITY_HIDDEN ) {
740	$error = 'abusefilter-log-details-hidden';
741	} elseif ( $visibility === self::VISIBILITY_HIDDEN_IMPLICIT ) {
742	$error = 'abusefilter-log-details-hidden-implicit';
743	}
744	}
745	}
746
747	if ( $error ) {
748	$out->addWikiMsg( $error );
749	return;
750	}
751
752	$output = Xml::element(
753	'legend',
754	null,
755	$this->msg( 'abusefilter-log-details-legend' )
756	->numParams( $id )
757	->text()
758	);
759	$output .= Xml::tags( 'p', null, $pager->doFormatRow( $row, false ) );
760
761	// Load data
762	$vars = $this->varBlobStore->loadVarDump( $row->afl_var_dump );
763	$out->addJsConfigVars( 'wgAbuseFilterVariables', $this->varManager->dumpAllVars( $vars, true ) );
764	$out->addModuleStyles( 'mediawiki.interface.helpers.styles' );
765
766	// Diff, if available
767	if ( $row->afl_action === 'edit' ) {
768	// Guard for exception because these variables may be unset in case of data corruption (T264513)
769	// No need to lazy-load as these come from a DB dump.
770	try {
771	$old_wikitext = $vars->getComputedVariable( 'old_wikitext' )->toString();
772	} catch ( UnsetVariableException $_ ) {
773	$old_wikitext = '';
774	}
775	try {
776	$new_wikitext = $vars->getComputedVariable( 'new_wikitext' )->toString();
777	} catch ( UnsetVariableException $_ ) {
778	$new_wikitext = '';
779	}
780
781	$diffEngine = new DifferenceEngine( $this->getContext() );
782
783	$diffEngine->showDiffStyle();
784
785	$formattedDiff = $diffEngine->addHeader(
786	$diffEngine->generateTextDiffBody( $old_wikitext, $new_wikitext ),
787	'', ''
788	);
789
790	$output .=
791	Xml::tags(
792	'h3',
793	null,
794	$this->msg( 'abusefilter-log-details-diff' )->parse()
795	);
796
797	$output .= $formattedDiff;
798	}
799
800	$output .= Xml::element( 'h3', null, $this->msg( 'abusefilter-log-details-vars' )->text() );
801
802	// Build a table.
803	$output .= $this->variablesFormatter->buildVarDumpTable( $vars );
804
805	if ( $this->afPermissionManager->canSeePrivateDetails( $performer ) ) {
806	$formDescriptor = [
807	'Reason' => [
808	'label-message' => 'abusefilter-view-privatedetails-reason',
809	'type' => 'text',
810	'size' => 45,
811	],
812	];
813
814	$htmlForm = HTMLForm::factory( 'ooui', $formDescriptor, $this->getContext() );
815	$htmlForm->setTitle( $this->getPageTitle( 'private/' . $id ) )
816	->setWrapperLegendMsg( 'abusefilter-view-privatedetails-legend' )
817	->setSubmitTextMsg( 'abusefilter-view-privatedetails-submit' )
818	->prepareForm();
819
820	$output .= $htmlForm->getHTML( false );
821	}
822
823	// TODO Clarify whether TextSlotDiffRenderer::getTextDiff can return unsafe stuff
824	// @phan-suppress-next-line SecurityCheck-XSS
825	$out->addHTML( Xml::tags( 'fieldset', null, $output ) );
826	}
827
828	/**
829	* Helper function to select a row with private details and some more context
830	* for an AbuseLog entry.
831	* @todo Create a service for this
832	*
833	* @param Authority $authority The user who's trying to view the row
834	* @param int $id The ID of the log entry
835	* @return Status A status object with the requested row stored in the value property,
836	* or an error and no row.
837	*/
838	public static function getPrivateDetailsRow( Authority $authority, $id ) {
839	$afPermManager = AbuseFilterServices::getPermissionManager();
840	$dbr = MediaWikiServices::getInstance()->getDBLoadBalancerFactory()->getReplicaDatabase();
841
842	$row = $dbr->selectRow(
843	[ 'abuse_filter_log', 'abuse_filter' ],
844	[ 'afl_id', 'afl_user_text', 'afl_filter_id', 'afl_global', 'afl_timestamp', 'afl_ip',
845	'af_id', 'af_public_comments', 'af_hidden' ],
846	[ 'afl_id' => $id ],
847	__METHOD__,
848	[],
849	[ 'abuse_filter' => [ 'LEFT JOIN', [ 'af_id=afl_filter_id', 'afl_global' => 0 ] ] ]
850	);
851
852	$status = Status::newGood();
853	if ( !$row ) {
854	$status->fatal( 'abusefilter-log-nonexistent' );
855	return $status;
856	}
857
858	$filterID = $row->afl_filter_id;
859	$global = $row->afl_global;
860
861	if ( $global ) {
862	$lookup = AbuseFilterServices::getFilterLookup();
863	$filterHidden = $lookup->getFilter( $filterID, $global )->isHidden();
864	} else {
865	$filterHidden = $row->af_hidden;
866	}
867
868	if ( !$afPermManager->canSeeLogDetailsForFilter( $authority, $filterHidden ) ) {
869	$status->fatal( 'abusefilter-log-cannot-see-details' );
870	return $status;
871	}
872	$status->setResult( true, $row );
873	return $status;
874	}
875
876	/**
877	* Builds an HTML table with the private details for a given abuseLog entry.
878	*
879	* @param stdClass $row The row, as returned by self::getPrivateDetailsRow()
880	* @return string The HTML output
881	*/
882	protected function buildPrivateDetailsTable( $row ) {
883	$output = Xml::element(
884	'legend',
885	null,
886	$this->msg( 'abusefilter-log-details-privatedetails' )->text()
887	);
888
889	$header =
890	Xml::element( 'th', null, $this->msg( 'abusefilter-log-details-var' )->text() ) .
891	Xml::element( 'th', null, $this->msg( 'abusefilter-log-details-val' )->text() );
892
893	$output .=
894	Xml::openElement( 'table',
895	[
896	'class' => 'wikitable mw-abuselog-private',
897	'style' => 'width: 80%;'
898	]
899	) .
900	Xml::openElement( 'tbody' );
901	$output .= $header;
902
903	// Log ID
904	$linkRenderer = $this->getLinkRenderer();
905	$output .=
906	Xml::tags( 'tr', null,
907	Xml::element( 'td',
908	[ 'style' => 'width: 30%;' ],
909	$this->msg( 'abusefilter-log-details-id' )->text()
910	) .
911	Xml::openElement( 'td' ) .
912	$linkRenderer->makeKnownLink(
913	$this->getPageTitle( $row->afl_id ),
914	$this->getLanguage()->formatNum( $row->afl_id )
915	) .
916	Xml::closeElement( 'td' )
917	);
918
919	// Timestamp
920	$output .=
921	Xml::tags( 'tr', null,
922	Xml::element( 'td',
923	[ 'style' => 'width: 30%;' ],
924	$this->msg( 'abusefilter-edit-builder-vars-timestamp-expanded' )->text()
925	) .
926	Xml::element( 'td',
927	null,
928	$this->getLanguage()->userTimeAndDate( $row->afl_timestamp, $this->getUser() )
929	)
930	);
931
932	// User
933	$output .=
934	Xml::tags( 'tr', null,
935	Xml::element( 'td',
936	[ 'style' => 'width: 30%;' ],
937	$this->msg( 'abusefilter-edit-builder-vars-user-name' )->text()
938	) .
939	Xml::element( 'td',
940	null,
941	$row->afl_user_text
942	)
943	);
944
945	// Filter ID
946	$output .=
947	Xml::tags( 'tr', null,
948	Xml::element( 'td',
949	[ 'style' => 'width: 30%;' ],
950	$this->msg( 'abusefilter-list-id' )->text()
951	) .
952	Xml::openElement( 'td' ) .
953	$linkRenderer->makeKnownLink(
954	SpecialPage::getTitleFor( 'AbuseFilter', $row->af_id ),
955	$this->getLanguage()->formatNum( $row->af_id )
956	) .
957	Xml::closeElement( 'td' )
958	);
959
960	// Filter description
961	$output .=
962	Xml::tags( 'tr', null,
963	Xml::element( 'td',
964	[ 'style' => 'width: 30%;' ],
965	$this->msg( 'abusefilter-list-public' )->text()
966	) .
967	Xml::element( 'td',
968	null,
969	$row->af_public_comments
970	)
971	);
972
973	// IP address
974	if ( $row->afl_ip !== '' ) {
975	if ( ExtensionRegistry::getInstance()->isLoaded( 'CheckUser' ) &&
976	$this->permissionManager->userHasRight( $this->getUser(), 'checkuser' )
977	) {
978	$CULink = ' · ' . $linkRenderer->makeKnownLink(
979	SpecialPage::getTitleFor(
980	'CheckUser',
981	$row->afl_ip
982	),
983	$this->msg( 'abusefilter-log-details-checkuser' )->text()
984	);
985	} else {
986	$CULink = '';
987	}
988	$output .=
989	Xml::tags( 'tr', null,
990	Xml::element( 'td',
991	[ 'style' => 'width: 30%;' ],
992	$this->msg( 'abusefilter-log-details-ip' )->text()
993	) .
994	Xml::tags(
995	'td',
996	null,
997	self::getUserLinks( 0, $row->afl_ip ) . $CULink
998	)
999	);
1000	} else {
1001	$output .=
1002	Xml::tags( 'tr', null,
1003	Xml::element( 'td',
1004	[ 'style' => 'width: 30%;' ],
1005	$this->msg( 'abusefilter-log-details-ip' )->text()
1006	) .
1007	Xml::element(
1008	'td',
1009	null,
1010	$this->msg( 'abusefilter-log-ip-not-available' )->text()
1011	)
1012	);
1013	}
1014
1015	$output .= Xml::closeElement( 'tbody' ) . Xml::closeElement( 'table' );
1016
1017	$output = Xml::tags( 'fieldset', null, $output );
1018	return $output;
1019	}
1020
1021	/**
1022	* @param int $id
1023	* @return void
1024	*/
1025	public function showPrivateDetails( $id ) {
1026	$out = $this->getOutput();
1027	$user = $this->getUser();
1028
1029	if ( !$this->afPermissionManager->canSeePrivateDetails( $user ) ) {
1030	$out->addWikiMsg( 'abusefilter-log-cannot-see-privatedetails' );
1031
1032	return;
1033	}
1034	$request = $this->getRequest();
1035
1036	// Make sure it is a valid request
1037	$token = $request->getVal( 'wpEditToken' );
1038	if ( !$request->wasPosted() \|\| !$user->matchEditToken( $token ) ) {
1039	$out->addHTML(
1040	Xml::tags(
1041	'p',
1042	null,
1043	Html::errorBox( $this->msg( 'abusefilter-invalid-request' )->params( $id )->parse() )
1044	)
1045	);
1046
1047	return;
1048	}
1049
1050	$reason = $request->getText( 'wpReason' );
1051	if ( !self::checkPrivateDetailsAccessReason( $reason ) ) {
1052	$out->addWikiMsg( 'abusefilter-noreason' );
1053	$this->showDetails( $id );
1054	return;
1055	}
1056
1057	$status = self::getPrivateDetailsRow( $user, $id );
1058	if ( !$status->isGood() ) {
1059	$out->addWikiMsg( $status->getErrors()[0] );
1060	return;
1061	}
1062	$row = $status->getValue();
1063
1064	// Log accessing private details
1065	if ( $this->getConfig()->get( 'AbuseFilterLogPrivateDetailsAccess' ) ) {
1066	self::addPrivateDetailsAccessLogEntry( $id, $reason, $user );
1067	}
1068
1069	// Show private details (IP).
1070	$table = $this->buildPrivateDetailsTable( $row );
1071	$out->addHTML( $table );
1072	}
1073
1074	/**
1075	* If specifying a reason for viewing private details of abuse log is required
1076	* then it makes sure that a reason is provided.
1077	*
1078	* @param string $reason
1079	* @return bool
1080	*/
1081	public static function checkPrivateDetailsAccessReason( $reason ) {
1082	global $wgAbuseFilterPrivateDetailsForceReason;
1083	return ( !$wgAbuseFilterPrivateDetailsForceReason \|\| strlen( $reason ) > 0 );
1084	}
1085
1086	/**
1087	* @param int $logID int The ID of the AbuseFilter log that was accessed
1088	* @param string $reason The reason provided for accessing private details
1089	* @param UserIdentity $userIdentity The user who accessed the private details
1090	* @return void
1091	*/
1092	public static function addPrivateDetailsAccessLogEntry( $logID, $reason, UserIdentity $userIdentity ) {
1093	$target = self::getTitleFor( self::PAGE_NAME, (string)$logID );
1094
1095	$logEntry = new ManualLogEntry( 'abusefilterprivatedetails', 'access' );
1096	$logEntry->setPerformer( $userIdentity );
1097	$logEntry->setTarget( $target );
1098	$logEntry->setParameters( [
1099	'4::logid' => $logID,
1100	] );
1101	$logEntry->setComment( $reason );
1102
1103	$logEntry->insert();
1104	}
1105
1106	/**
1107	* @param int $userId
1108	* @param string $userName
1109	* @return string
1110	*/
1111	public static function getUserLinks( $userId, $userName ) {
1112	static $cache = [];
1113
1114	if ( !isset( $cache[$userName][$userId] ) ) {
1115	$cache[$userName][$userId] = Linker::userLink( $userId, $userName ) .
1116	Linker::userToolLinks( $userId, $userName, true );
1117	}
1118
1119	return $cache[$userName][$userId];
1120	}
1121
1122	/**
1123	* @param stdClass $row
1124	* @param Authority $authority
1125	* @param AbuseFilterPermissionManager $afPermManager
1126	* @return string One of the self::VISIBILITY_* constants
1127	*/
1128	public static function getEntryVisibilityForUser(
1129	stdClass $row,
1130	Authority $authority,
1131	AbuseFilterPermissionManager $afPermManager
1132	): string {
1133	if ( $row->afl_deleted && !$afPermManager->canSeeHiddenLogEntries( $authority ) ) {
1134	return self::VISIBILITY_HIDDEN;
1135	}
1136	if ( !$row->afl_rev_id ) {
1137	return self::VISIBILITY_VISIBLE;
1138	}
1139	$revRec = MediaWikiServices::getInstance()
1140	->getRevisionLookup()
1141	->getRevisionById( (int)$row->afl_rev_id );
1142	if ( !$revRec \|\| $revRec->getVisibility() === 0 ) {
1143	return self::VISIBILITY_VISIBLE;
1144	}
1145	return $revRec->audienceCan( RevisionRecord::SUPPRESSED_ALL, RevisionRecord::FOR_THIS_USER, $authority )
1146	? self::VISIBILITY_VISIBLE
1147	: self::VISIBILITY_HIDDEN_IMPLICIT;
1148	}
1149	}