Extension:AbuseFilter/Rules format

From MediaWiki.org
Jump to: navigation, search

The rules are formatted much as conditionals in a C/Java/Perl-like language.

Literals[edit | edit source]

You can specify a literal by placing it in single or double quotes (for strings), or by typing it in as-is (for numbers, both floating-point and integer). You can get linebreaks with \n, tab characters with \t, and you can also escape the quote character with a backslash.

Examples

"This is a string"
'This is also a string'
'This string shouldn\'t fail'
"This string\nHas a linebreak"
1234
1.234
-123

Comments[edit | edit source]

You can specify comments using the following syntax:

/* This is a comment */

Variables[edit | edit source]

The abuse filter passes various variables by name into the parser. These variables can be accessed by typing their name in, in a place where a literal would work. You can view the variables associated with each request in the abuse log.

Examples

USER_EDITCOUNT
ARTICLE_RECENT_CONTRIBUTORS

Action variable can be 'edit', 'move', 'createaccount', 'autocreateaccount', 'delete' or 'upload'.

You can define more variables for ease of understanding with the assign symbol := in a line (closed by ;) within a condition. Example (from w:en:Special:AbuseFilter/79):

(
	line1:="(\{\{(r|R)eflist|\{\{(r|R)efs|<references\s?/>|</references\s?>)";
	rcount(line1, removed_lines)
) > (
	rcount(line1, added_lines)
)

Lists:

a_list := [ 5, 6, 7];


All variables[edit | edit source]

Variables available
Description Name Data type Values
Edit count of user user_editcount string Empty for unregistered users.
Name of user account user_name string
Time email address was confirmed user_emailconfirm string YYYYMMDDHHMMSS
Age of user account user_age in seconds; 0 for IP
Groups (including implicit) user is in user_groups
Rights that a user has user_rights
Page ID (found in the page's HTML source - search for wgArticleId) article_articleid integer In theory this is 0 for new pages, but this is unreliable. Instead, use "old_size==0" to identify new page creation.
Page namespace article_namespace integer refers to namespace index
Page title (without namespace) article_text string
Full page title article_prefixedtext string
Edit protection level of the page article_restrictions_edit
Move protection level of the page article_restrictions_move
Last ten users to contribute to the page article_recent_contributors Empty if the user is the only contributor to the page
Action action string edit, move, createaccount, autocreateaccount, delete, upload
Edit summary/reason summary string
Whether or not the edit is marked as minor minor_edit string
Old page wikitext, before the edit old_wikitext
New page wikitext, after the edit new_wikitext
Unified diff of changes made by edit edit_diff
New page size new_size integer
Old page size old_size integer
Size change in edit edit_delta
Lines added in edit added_lines
Lines removed in edit removed_lines
All external links in the new text all_links
Links in the page, before the edit old_links
All external links added in the edit added_links
All external links removed in the edit removed_links
Parsed HTML source of the new revision new_html
New page text, stripped of any markup new_text
Disabled old_html
Disabled old_text
Whether or not the change was made through a tor exit node tor_exit_node 0, 1
Unix timestamp of change timestamp string int(timestamp) gives you a number with which you can calculate the date, time, day of week, etc.

CentralAuth also provides a global_user_groups variable, like user_groups.

When action is move, only the summary, action and timestamp variables, and variables with a name that starts with "user" are available. Variables with a name that starts with "article_" are also available, but the prefix is replaced by "moved_from_" and "moved_to_", that represent the values of the original article name and the destination one respectively. For example, "moved_from_text" and "moved_to_text" instead of "article_text".

Page/Article namespace[edit | edit source]

See also Manual:Namespace

English Wikipedia namespaces
Basic namespaces Talk namespaces
0 Main Talk 1
2 User User talk 3
4 Wikipedia Wikipedia talk 5
6 File File talk 7
8 MediaWiki MediaWiki talk 9
10 Template Template talk 11
12 Help Help talk 13
14 Category Category talk 15
100 Portal Portal talk 101
108 Book Book talk 109
Virtual namespaces
-1 Special
-2 Media

Simple comparisons[edit | edit source]

You can compare variables with other variables and literals with the following syntax:

  • < and > — Return true if the left-hand operand is less than/greater than the right-hand operand respectively.
  • <= and >= — Return true if the left-hand operand is less than or equal to/greater than or equal to the right-hand operand respectively.
  • == (or =) and != — Return true if the left-hand operand is equal to/not equal to the right-hand operand respectively.
  • === and !== — Return true if the left-hand operand is equal to/not equal to the right-hand operand AND the left-hand operand is the same/not the same data type to the right-hand operand respectively.
Example Result
1 == 2 False
1 <= 2 True
1 >= 2 False
1 != 2 True
1 < 2 True
1 > 2 False
0 == False True
0 === False False

Arithmetic[edit | edit source]

You can use basic arithmetic symbols to do arithmetic on variables and literals with the following syntax:

  • - — Subtract the right-hand operand from the left-hand operand.
  • + — Add the right-hand operand to the left-hand operand.
  • * — Multiply the left-hand operand by the right-hand operand.
  • / — Divide the left-hand operand by the right-hand operand.
  • ** — Raise the left-hand operand to the exponential power specified by the right-hand operand.
  • % — Return the remainder given when the left-hand operand is divided by the right-hand operand.
Example Result
1 + 1 2
2 * 2 4
1 / 2 0.5
9 ** 2 81
6 % 5 1

String concatenation[edit | edit source]

You can use the + (plus) symbol to concatenate two literal strings or the values of two vars with a string value.

Keywords[edit | edit source]

The following special keywords are included for often-used functionality:

  • like (or matches) returns true if the left-hand operand matches the glob pattern in the right-hand operand.
  • in returns true if the right-hand operand (a string) contains the left-hand operand.
  • rlike (or regex) and irlike return true if the left-hand operand matches (contains) the regex pattern in the right-hand operand (irlike is case insensitive). The system uses PCRE. The only PCRE option enabled is PCRE_UTF8 (modifier u in PHP); for irlike both PCRE_CASELESS and PCRE_UTF8 are enabled (modifier iu).
  • contains
  • if ... then ... else ... end
  • ... ? ... : ...
  • true, false and null


Examples

Code Result
"1234" like "12?4" True
"1234" like "12*" True
"foo" in "foobar" True
"foo" regex "\w+" True

Functions[edit | edit source]

A number of built-in functions are included to ease some common issues. They are executed in the general format functionName( arg1, arg2, arg3 ), and can be used in place of any literal or variable. Its arguments can be given as literals, variables, or even other functions.

name description
lcase Returns the argument converted to lower case.
ucase Returns the argument converted to upper case.
length Returns the length of the string given as the argument.
string Casts to string data type.
int Casts to integer data type.
float Casts to floating-point data type.
bool Casts to boolean data type.
norm Equivalent to rmwhitespace(rmspecials(rmdoubles(ccnorm(arg1)))).
ccnorm Normalises confusable/similar characters in the argument, and returns a canonical form. A list of characters and their replacements can be found on git, eg. ccnorm( "Eeèéëēĕėęě3ƐƷ" ) === "EEEEEEEEEEEEE".[1][2]
specialratio Returns the number of non-alphanumeric characters divided by the total number of characters in the argument.
rmspecials Removes any special characters in the argument, and returns the result.
rmdoubles Removes repeated characters in the argument, and returns the result.
rmwhitespace Removes whitespace (spaces, tabs, newlines).
count Returns the number of times the needle (first string) appears in the haystack (second string). If only one argument is given, splits it by commas and returns the number of segments.
rcount Similar to count but the needle uses a regular expression instead. Can be made case-insensitive by letting the regular expression start with "(?i)".
ip_in_range Returns true if user's IP (first string) matches specified IP ranges (second string). Only works for anonymous users.
contains_any Returns true if the first string contains any strings from the following arguments (unlimited number of arguments).
substr Returns the portion of the first string, by offset from the second argument (starts at 0) and maximum length from the third argument (optional).
strlen Same as length.
strpos Returns the numeric position of the first occurrence of needle (second string) in the haystack (first string). This function may return 0 when the needle is found at the begining of the haystack, so it might be misinterpreted as false value by another comparative operator. The better way is to use === or !== for testing whether it is found.
str_replace Replaces all occurrences of the search string with the replacement string. The function takes 3 arguments in the following order: text to perform the search, text to find, replacement text.
rescape Returns the argument with some characters preceded with the escape character "\", so that the string can be used in a regular expression without those characters having a special meaning.
set Sets a variable (first string) with a given value (second argument) for further use in the filter. Another syntax: name := value.
set_var Same as set.

Other

  • convert returns the second argument converted to variant language specified by the first argument. ONLY apply on wikis with LanguageConverter class. (New func added on rev:49399, need support of MediaWiki after rev:49397)

Examples

length( "Wikipedia" ) 9
lcase( "Wikipedia" ) wikipedia
ccnorm( "ωɨƙɩᑭƐƉlα" ) W1K1PED1A
ccnorm( "ìíîïĩļǐīĭḷĿї!ľį₤ĺľḷĿΛЛљóòôöõǒōŏǫőόὸὀὁὄὂὅὃọ$śŝşšṣσ" ) ìíîïĩļǐīĭḷĿї!ľį₤ĺľḷĿΛЛљóòôöõǒōŏǫőόὸὀὁὄὂὅὃọ$śŝşšṣσ[2]
rmdoubles( "foobybboo" ) fobybo
specialratio( "Wikipedia!" ) 0.1
norm( "!!ω..ɨ..ƙ..ɩ..ᑭᑭ..Ɛ.Ɖ@@l%%α!!" ) W1K1PED1A
count( "foo", "foofooboofoo" ) 3
count( "foo,bar,baz" ) 3
rmspecials( "FOOBAR!!1" ) FOOBAR1
rescape( "abc* (def)" ) abc\* \(def\)

Boolean operations[edit | edit source]

You can match if and only if all of a number of conditions are true, one of a number of conditions are true, or one and only one of all conditions are true.

  • x | y — OR – returns true if one or more of the conditions is true.
  • x & y — AND – returns true if both of the conditions are true.
  • x ^ y — XOR – returns true if one, and only one of the two conditions is true.
  • !x — NOT – returns true if the condition is not true.

Examples

Code Result
1 True
0 True
0 False
1 & 1 True
1 & 0 False
0 & 0 False
1 ^ 1 False
1 ^ 0 True
0 ^ 0 False
!1 False

Order of operations[edit | edit source]

Operations are generally done left-to-right, but there is an order to which they are resolved. As soon as the filter fails one of the conditions, it will stop checking the rest of them (due to short-circuit evaluation) and move on to the next filter (except for bug 41693). The evaluation order is:

  1. Anything surrounded by parentheses (( and )) is evaluated as a single unit.
  2. Turning variables/literals into their respective data. (i.e., article_namespace to 0)
  3. Function calls (norm, lcase, etc.)
  4. Unary + and - (defining positive or negative value, e.g. -1234, +1234)
  5. Keywords
  6. Boolean inversion (!x)
  7. Exponentiation (2**3 → 8)
  8. Multiplication-related (multiplication, division, modulo)
  9. Addition and subtraction (3-2 → 1)
  10. Comparisons. (<, >, ==)
  11. Boolean operations. (&, |, ^, in)

Examples[edit | edit source]

  • A & B | C is equivalent to (A & B) | C, not to A & (B | C). In particular, both false & true | true and false & false | true evaluates to true.
  • A | B & C is equivalent to (A | B) & C, not to A | (B & C). In particular, both true | true & false and true | false & false evaluates to false.

Conditions[edit | edit source]

Condition counting
Rules Conditions used Notes
'foo' == 'bar' 1 A simple test counts as one condition
false & false & false & false & false 5[3]
( 'foo' == 'bar' ) 2 Evaluating parenthesis also counts as conditions
( 'foo' ) == ( 'bar' ) 3
(((( 'foo' == 'bar' )))) 5
false & ( false & false & false & false ) 2 But they can be used to force a short-circuit
false & ( true & true & true & true ) 2
true & ( false & false & false & false ) 6 Rearranging and grouping the conditions according to their likelihood of being true might represent a big difference in the total number of conditions used by a complex filter
true & ( false & ( false & false & false ) ) 4
str_replace( 'FooFoo', 'Foo', '' ) == 'bar' 5 Each function call and each parameter evaluation also counts as one condition
  str_replace( 'FooFoo', 'Foo', '' ) == 'bar'
| str_replace( 'FooFoo', 'Foo', '' ) == 'baz'
9 1 from str_replace + 3 from its parameters + 1 from the first == + 3 for the same parameters + 1 for the second ==
str_replace( 'FooFoo', 'Foo', '' ) 5 equivalent to "str_replace( 'FooFoo', 'Foo', '' ) = 1"

Useful links[edit | edit source]

Notes[edit | edit source]

  1. Be aware of bug 27987
  2. 2.0 2.1 Be aware of bug 25619
  3. The last 4 conditions are counted due to bug 41693
Language: English  • मराठी • русский