Florianschmidtwelzow has uploaded a new change for review. https://gerrit.wikimedia.org/r/250277
Change subject: Add extension.json, empty PHP entry point ...................................................................... Add extension.json, empty PHP entry point Changed README to README.md Moved changelog from README.md to CHANGELOG.md Bumped version to 1.4.0. And start following semver-notation. Bug: T88047 Change-Id: I21f417d9f5985598358d53a0afae815543f001ee --- A CHANGELOG.md M ConfirmEdit.php D README A README.md A extension.json 5 files changed, 303 insertions(+), 221 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/ConfirmEdit refs/changes/77/250277/1 diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..328ef15 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,9 @@ +ConfirmEdit Changelog +========= + +### Changelog + +#### Version 1.2 + +Fixes bug 46132 - ConfirmEdit fatal error when using MathCaptcha and current Math extension. +See <https://phabricator.wikimedia.org/T48132>. diff --git a/ConfirmEdit.php b/ConfirmEdit.php index 0990a66..8116e5a 100755 --- a/ConfirmEdit.php +++ b/ConfirmEdit.php @@ -30,181 +30,17 @@ * @ingroup Extensions */ -if ( !defined( 'MEDIAWIKI' ) ) { - exit; +if ( function_exists( 'wfLoadExtension' ) ) { + wfLoadExtension( 'ConfirmEdit' ); + // Keep i18n globals so mergeMessageFileList.php doesn't break + $wgMessagesDirs['ConfirmEdit'] = __DIR__ . '/i18n'; + $wgExtensionMessagesFiles['ConfirmEditAlias'] = __DIR__ . '/ConfirmEdit.alias.php'; + /* wfWarn( + 'Deprecated PHP entry point used for ConfirmEdit extension. ' . + 'Please use wfLoadExtension instead, ' . + 'see https://www.mediawiki.org/wiki/Extension_registration for more details.' + ); */ + return; +} else { + die( 'This version of the ConfirmEdit extension requires MediaWiki 1.25+' ); } -if ( !defined( 'MW_SUPPORTS_CONTENTHANDLER' ) ) { - throw new Exception( 'This version of ConfirmEdit requires MediaWiki 1.21 or later' ); -} - -$wgExtensionCredits['antispam'][] = array( - 'path' => __FILE__, - 'name' => 'ConfirmEdit', - 'author' => array( 'Brion Vibber', '...' ), - 'url' => 'https://www.mediawiki.org/wiki/Extension:ConfirmEdit', - 'version' => '1.3', - 'descriptionmsg' => 'captcha-desc', - 'license-name' => 'GPL-2.0+', -); - -/** - * The 'skipcaptcha' permission key can be given out to - * let known-good users perform triggering actions without - * having to go through the captcha. - * - * By default, sysops and registered bot accounts will be - * able to skip, while others have to go through it. - */ -$wgGroupPermissions['*' ]['skipcaptcha'] = false; -$wgGroupPermissions['user' ]['skipcaptcha'] = false; -$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = false; -$wgGroupPermissions['bot' ]['skipcaptcha'] = true; // registered bots -$wgGroupPermissions['sysop' ]['skipcaptcha'] = true; -$wgAvailableRights[] = 'skipcaptcha'; - -/** - * List of IP ranges to allow to skip the captcha, similar to the group setting: - * "$wgGroupPermission[...]['skipcaptcha'] = true" - * - * Specific IP addresses or CIDR-style ranges may be used, - * for instance: - * $wgCaptchaWhitelistIP = array('192.168.1.0/24', '10.1.0.0/16'); - */ -$wgCaptchaWhitelistIP = false; - -$wgCaptcha = null; -$wgCaptchaClass = 'SimpleCaptcha'; - -/** - * Actions which can trigger a captcha - * - * If the 'edit' trigger is on, *every* edit will trigger the captcha. - * This may be useful for protecting against vandalbot attacks. - * - * If using the default 'addurl' trigger, the captcha will trigger on - * edits that include URLs that aren't in the current version of the page. - * This should catch automated linkspammers without annoying people when - * they make more typical edits. - * - * The captcha code should not use $wgCaptchaTriggers, but CaptchaTriggers() - * which also takes into account per namespace triggering. - */ -$wgCaptchaTriggers = array(); -$wgCaptchaTriggers['edit'] = false; // Would check on every edit -$wgCaptchaTriggers['create'] = false; // Check on page creation. -$wgCaptchaTriggers['sendemail'] = false; // Special:Emailuser -$wgCaptchaTriggers['addurl'] = true; // Check on edits that add URLs -$wgCaptchaTriggers['createaccount'] = true; // Special:Userlogin&type=signup -$wgCaptchaTriggers['badlogin'] = true; // Special:Userlogin after failure - -/** - * You may wish to apply special rules for captcha triggering on some namespaces. - * $wgCaptchaTriggersOnNamespace[<namespace id>][<trigger>] forces an always on / - * always off configuration with that trigger for the given namespace. - * Leave unset to use the global options ($wgCaptchaTriggers). - * - * Shall not be used with 'createaccount' (it is not checked). - */ -$wgCaptchaTriggersOnNamespace = array(); - -# Example: -# $wgCaptchaTriggersOnNamespace[NS_TALK]['create'] = false; //Allow creation of talk pages without captchas. -# $wgCaptchaTriggersOnNamespace[NS_PROJECT]['edit'] = true; //Show captcha whenever editing Project pages. - -/** - * Indicate how to store per-session data required to match up the - * internal captcha data with the editor. - * - * 'CaptchaSessionStore' uses PHP's session storage, which is cookie-based - * and may fail for anons with cookies disabled. - * - * 'CaptchaCacheStore' uses $wgMemc, which avoids the cookie dependency - * but may be fragile depending on cache configuration. - */ -$wgCaptchaStorageClass = 'CaptchaSessionStore'; - -/** - * Number of seconds a captcha session should last in the data cache - * before expiring when managing through CaptchaCacheStore class. - * - * Default is a half hour. - */ -$wgCaptchaSessionExpiration = 30 * 60; - -/** - * Number of seconds after a bad login that a captcha will be shown to - * that client on the login form to slow down password-guessing bots. - * - * Has no effect if 'badlogin' is disabled in $wgCaptchaTriggers or - * if there is not a caching engine enabled. - * - * Default is five minutes. - */ -$wgCaptchaBadLoginExpiration = 5 * 60; - -/** - * Allow users who have confirmed their email addresses to post - * URL links without being harassed by the captcha. - */ -$ceAllowConfirmedEmail = false; - -/** - * Number of bad login attempts before triggering the captcha. 0 means the - * captcha is presented on the first login. - */ -$wgCaptchaBadLoginAttempts = 3; - -/** - * Regex to whitelist URLs to known-good sites... - * For instance: - * $wgCaptchaWhitelist = '#^https?://([a-z0-9-]+\\.)?(wikimedia|wikipedia)\.org/#i'; - * Local admins can define a whitelist under [[MediaWiki:captcha-addurl-whitelist]] - */ -$wgCaptchaWhitelist = false; - -/** - * Additional regexes to check for. Use full regexes; can match things - * other than URLs such as junk edits. - * - * If the new version matches one and the old version doesn't, - * toss up the captcha screen. - * - * @fixme Add a message for local admins to add items as well. - */ -$wgCaptchaRegexes = array(); - -/** Register special page */ -$wgSpecialPages['Captcha'] = 'CaptchaSpecialPage'; - -$wgMessagesDirs['ConfirmEdit'] = __DIR__ . '/i18n'; -$wgExtensionMessagesFiles['ConfirmEditAlias'] = __DIR__ . "/ConfirmEdit.alias.php"; - -$wgHooks['EditPageBeforeEditButtons'][] = 'ConfirmEditHooks::confirmEditPage'; -$wgHooks['UserCreateForm'][] = 'ConfirmEditHooks::injectUserCreate'; -$wgHooks['AbortNewAccount'][] = 'ConfirmEditHooks::confirmUserCreate'; -$wgHooks['LoginAuthenticateAudit'][] = 'ConfirmEditHooks::triggerUserLogin'; -$wgHooks['UserLoginForm'][] = 'ConfirmEditHooks::injectUserLogin'; -$wgHooks['AbortLogin'][] = 'ConfirmEditHooks::confirmUserLogin'; -$wgHooks['EmailUserForm'][] = 'ConfirmEditHooks::injectEmailUser'; -$wgHooks['EmailUser'][] = 'ConfirmEditHooks::confirmEmailUser'; -$wgHooks['EditPage::showEditForm:fields'][] = 'ConfirmEditHooks::showEditFormFields'; -$wgHooks['EditFilterMergedContent'][] = 'ConfirmEditHooks::confirmEditMerged'; - -if ( !defined( 'MW_EDITFILTERMERGED_SUPPORTS_API' ) ) { - $wgHooks['APIEditBeforeSave'][] = 'ConfirmEditHooks::confirmEditAPI'; -} - -$wgHooks['APIGetAllowedParams'][] = 'ConfirmEditHooks::APIGetAllowedParams'; -$wgHooks['APIGetParamDescription'][] = 'ConfirmEditHooks::APIGetParamDescription'; -$wgHooks['AddNewAccountApiForm'][] = 'ConfirmEditHooks::addNewAccountApiForm'; -$wgHooks['AddNewAccountApiResult'][] = 'ConfirmEditHooks::addNewAccountApiResult'; -$wgHooks['UnitTestsList'][] = 'ConfirmEditHooks::onUnitTestsList'; - -$wgExtensionFunctions[] = 'ConfirmEditHooks::confirmEditSetup'; - -$wgAutoloadClasses['ConfirmEditHooks'] = __DIR__ . '/includes/ConfirmEditHooks.php'; -$wgAutoloadClasses['SimpleCaptcha'] = __DIR__ . '/SimpleCaptcha/Captcha.php'; -$wgAutoloadClasses['CaptchaStore'] = __DIR__ . '/includes/CaptchaStore.php'; -$wgAutoloadClasses['CaptchaSessionStore'] = __DIR__ . '/includes/CaptchaStore.php'; -$wgAutoloadClasses['CaptchaCacheStore'] = __DIR__ . '/includes/CaptchaStore.php'; -$wgAutoloadClasses['CaptchaSpecialPage'] = __DIR__ . '/includes/specials/SpecialCaptcha.php'; diff --git a/README b/README deleted file mode 100644 index 7a331e6..0000000 --- a/README +++ /dev/null @@ -1,44 +0,0 @@ -ConfirmEdit extension for MediaWiki - -This extension provides various CAPTCHA tools for MediaWiki, to allow -for protection against spambots and other automated tools. - -For more information, see the extension homepage at: -http://www.mediawiki.org/wiki/Extension:ConfirmEdit - -== Overview == - -The following modules are included in ConfirmEdit: - -* SimpleCaptcha - users have to solve an arithmetic math problem -* MathCaptcha - users have to solve a math problem that's displayed as -an image -* FancyCaptcha - users have to identify a series of characters, displayed -in a stylized way -* QuestyCaptcha - users have to answer a question, out of a series of -questions defined by the administrator(s) -* ReCaptcha - users have to identify a series of characters, either -visually or audially, from a widget provided by the reCAPTCHA service - -== License == - -ConfirmEdit is published under the GPL license. - -== Authors == - -The main framework, and the SimpleCaptcha and FancyCaptcha modules, were -written by Brion Vibber. - -The MathCaptcha module was written by Rob Church. - -The QuestyCaptcha module was written by Benjamin Lees. - -The reCAPTCHA module was written by Mike Crawford and Ben Maurer. - -Additional maintenance work was done by Yaron Koren. - -== Changelog == - -= Version 1.2 -Fixes bug 46132 - ConfirmEdit fatal error when using MathCaptcha and current Math extension. -See <https://bugzilla.wikimedia.org/show_bug.cgi?id=46132>. diff --git a/README.md b/README.md new file mode 100644 index 0000000..584dd33 --- /dev/null +++ b/README.md @@ -0,0 +1,152 @@ +ConfirmEdit +========= + +ConfirmEdit extension for MediaWiki + +This extension provides various CAPTCHA tools for MediaWiki, to allow +for protection against spambots and other automated tools. + +For more information, see the extension homepage at: +http://www.mediawiki.org/wiki/Extension:ConfirmEdit + +### Overview + +The following modules are included in ConfirmEdit: + +* SimpleCaptcha - users have to solve an arithmetic math problem +* MathCaptcha - users have to solve a math problem that's displayed as +an image +* FancyCaptcha - users have to identify a series of characters, displayed +in a stylized way +* QuestyCaptcha - users have to answer a question, out of a series of +questions defined by the administrator(s) +* ReCaptcha - users have to identify a series of characters, either +visually or audially, from a widget provided by the reCAPTCHA service + +### License + +ConfirmEdit is published under the GPL license. + +### Authors + +The main framework, and the SimpleCaptcha and FancyCaptcha modules, were +written by Brion Vibber. + +The MathCaptcha module was written by Rob Church. + +The QuestyCaptcha module was written by Benjamin Lees. + +The reCAPTCHA module was written by Mike Crawford and Ben Maurer. + +Additional maintenance work was done by Yaron Koren. + +### Configuations Comments +```php +/** + * List of IP ranges to allow to skip the captcha, similar to the group setting: + * "$wgGroupPermission[...]['skipcaptcha'] = true" + * + * Specific IP addresses or CIDR-style ranges may be used, + * for instance: + * $wgCaptchaWhitelistIP = array('192.168.1.0/24', '10.1.0.0/16'); + */ +$wgCaptchaWhitelistIP = false; + +/** + * Actions which can trigger a captcha + * + * If the 'edit' trigger is on, *every* edit will trigger the captcha. + * This may be useful for protecting against vandalbot attacks. + * + * If using the default 'addurl' trigger, the captcha will trigger on + * edits that include URLs that aren't in the current version of the page. + * This should catch automated linkspammers without annoying people when + * they make more typical edits. + * + * The captcha code should not use $wgCaptchaTriggers, but CaptchaTriggers() + * which also takes into account per namespace triggering. + */ +$wgCaptchaTriggers = array(); +$wgCaptchaTriggers['edit'] = false; // Would check on every edit +$wgCaptchaTriggers['create'] = false; // Check on page creation. +$wgCaptchaTriggers['sendemail'] = false; // Special:Emailuser +$wgCaptchaTriggers['addurl'] = true; // Check on edits that add URLs +$wgCaptchaTriggers['createaccount'] = true; // Special:Userlogin&type=signup +$wgCaptchaTriggers['badlogin'] = true; // Special:Userlogin after failure + +/** + * You may wish to apply special rules for captcha triggering on some namespaces. + * $wgCaptchaTriggersOnNamespace[<namespace id>][<trigger>] forces an always on / + * always off configuration with that trigger for the given namespace. + * Leave unset to use the global options ($wgCaptchaTriggers). + * + * Shall not be used with 'createaccount' (it is not checked). + */ +$wgCaptchaTriggersOnNamespace = array(); + +# Example: +# $wgCaptchaTriggersOnNamespace[NS_TALK]['create'] = false; //Allow creation of talk pages without captchas. +# $wgCaptchaTriggersOnNamespace[NS_PROJECT]['edit'] = true; //Show captcha whenever editing Project pages. + +/** + * Indicate how to store per-session data required to match up the + * internal captcha data with the editor. + * + * 'CaptchaSessionStore' uses PHP's session storage, which is cookie-based + * and may fail for anons with cookies disabled. + * + * 'CaptchaCacheStore' uses $wgMemc, which avoids the cookie dependency + * but may be fragile depending on cache configuration. + */ +$wgCaptchaStorageClass = 'CaptchaSessionStore'; + +/** + * Number of seconds a captcha session should last in the data cache + * before expiring when managing through CaptchaCacheStore class. + * + * Default is a half hour. + */ +$wgCaptchaSessionExpiration = 30 * 60; + +/** + * Number of seconds after a bad login that a captcha will be shown to + * that client on the login form to slow down password-guessing bots. + * + * Has no effect if 'badlogin' is disabled in $wgCaptchaTriggers or + * if there is not a caching engine enabled. + * + * Default is five minutes. + */ +$wgCaptchaBadLoginExpiration = 5 * 60; + +/** + * Allow users who have confirmed their email addresses to post + * URL links without being harassed by the captcha. + */ +$ceAllowConfirmedEmail = false; + +/** + * Number of bad login attempts before triggering the captcha. 0 means the + * captcha is presented on the first login. + */ +$wgCaptchaBadLoginAttempts = 3; + +/** + * Regex to whitelist URLs to known-good sites... + * For instance: + * $wgCaptchaWhitelist = '#^https?://([a-z0-9-]+\\.)?(wikimedia|wikipedia)\.org/#i'; + * Local admins can define a whitelist under [[MediaWiki:captcha-addurl-whitelist]] + */ +$wgCaptchaWhitelist = false; + +/** + * Additional regexes to check for. Use full regexes; can match things + * other than URLs such as junk edits. + * + * If the new version matches one and the old version doesn't, + * toss up the captcha screen. + * + * @fixme Add a message for local admins to add items as well. + */ +$wgCaptchaRegexes = array(); +``` diff --git a/extension.json b/extension.json new file mode 100644 index 0000000..8082005 --- /dev/null +++ b/extension.json @@ -0,0 +1,129 @@ +{ + "@doc": "Please read README.md", + "name": "ConfirmEdit", + "version": "1.4.0", + "author": [ + "Brion Vibber", + "..." + ], + "url": "https://www.mediawiki.org/wiki/Extension:ConfirmEdit";, + "descriptionmsg": "captcha-desc", + "license-name": "GPL-2.0+", + "type": "antispam", + "GroupPermissions": { + "*": { + "skipcaptcha": false + }, + "user": { + "skipcaptcha": false + }, + "autoconfirmed": { + "skipcaptcha": false + }, + "bot": { + "skipcaptcha": true + }, + "sysop": { + "skipcaptcha": true + } + }, + "AvailableRights": [ + "skipcaptcha" + ], + "ExtensionFunctions": [ + "ConfirmEditHooks::confirmEditSetup" + ], + "SpecialPages": { + "Captcha": "CaptchaSpecialPage" + }, + "MessagesDirs": { + "ConfirmEdit": [ + "i18n" + ] + }, + "ExtensionMessagesFiles": { + "ConfirmEditAlias": "ConfirmEdit.alias.php" + }, + "AutoloadClasses": { + "ConfirmEditHooks": "includes/ConfirmEditHooks.php", + "SimpleCaptcha": "SimpleCaptcha/Captcha.php", + "CaptchaStore": "includes/CaptchaStore.php", + "CaptchaSessionStore": "includes/CaptchaStore.php", + "CaptchaCacheStore": "includes/CaptchaStore.php", + "CaptchaSpecialPage": "includes/specials/SpecialCaptcha.php" + }, + "Hooks": { + "EditPageBeforeEditButtons": [ + "ConfirmEditHooks::confirmEditPage" + ], + "UserCreateForm": [ + "ConfirmEditHooks::injectUserCreate" + ], + "AbortNewAccount": [ + "ConfirmEditHooks::confirmUserCreate" + ], + "LoginAuthenticateAudit": [ + "ConfirmEditHooks::triggerUserLogin" + ], + "UserLoginForm": [ + "ConfirmEditHooks::injectUserLogin" + ], + "AbortLogin": [ + "ConfirmEditHooks::confirmUserLogin" + ], + "EmailUserForm": [ + "ConfirmEditHooks::injectEmailUser" + ], + "EmailUser": [ + "ConfirmEditHooks::confirmEmailUser" + ], + "EditPage::showEditForm:fields": [ + "ConfirmEditHooks::showEditFormFields" + ], + "EditFilterMergedContent": [ + "ConfirmEditHooks::confirmEditMerged" + ], + "APIGetAllowedParams": [ + "ConfirmEditHooks::APIGetAllowedParams" + ], + "APIGetParamDescription": [ + "ConfirmEditHooks::APIGetParamDescription" + ], + "AddNewAccountApiForm": [ + "ConfirmEditHooks::addNewAccountApiForm" + ], + "AddNewAccountApiResult": [ + "ConfirmEditHooks::addNewAccountApiResult" + ], + "APIEditBeforeSave": [ + "ConfirmEditHooks::confirmEditAPI" + ], + "UnitTestsList": [ + "ConfirmEditHooks::onUnitTestsList" + ] + }, + "config": { + "_prefix": "", + "wgCaptchaWhitelistIP": false, + "wgCaptcha": null, + "wgCaptchaClass": "SimpleCaptcha", + "wgCaptchaTriggers": { + "edit": false, + "create": false, + "sendemail": false, + "addurl": true, + "createaccount": true, + "badlogin": true, + "_merge_strategy": "array_plus" + }, + "wgCaptchaTriggersOnNamespace": [], + "wgCaptchaStorageClass": "CaptchaSessionStore", + "wgCaptchaSessionExpiration": 1800, + "wgCaptchaBadLoginExpiration": 300, + "ceAllowConfirmedEmail": false, + "wgCaptchaBadLoginAttempts": 3, + "wgCaptchaWhitelist": false, + "wgCaptchaRegexes": [] + }, + "manifest_version": 1 +} -- To view, visit https://gerrit.wikimedia.org/r/250277 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I21f417d9f5985598358d53a0afae815543f001ee Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/ConfirmEdit Gerrit-Branch: REL1_26 Gerrit-Owner: Florianschmidtwelzow <[email protected]> Gerrit-Reviewer: Paladox <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
