User:松/Drafts/Extension:AbuseFilter/Rules format
The rules are formatted much as conditionals in a C/Java/Perl-like language.
Literals
You can specify a literal by placing it in single or double quotes (for strings), or by typing it in as-is (for numbers, both floating-point and integer). You can get linebreaks with \n
, tab characters with \t
, and you can also escape the quote character with a backslash.
Examples
"This is a string"
'This is also a string'
'This string shouldn\'t fail'
"This string\nHas a linebreak"
1234
1.234
-123
- Comments
You can specify comments using the following syntax:
/* This is a comment */
Variables
The abuse filter passes various variables by name into the parser. These variables can be accessed by typing their name in, in a place where a literal would work. You can view the variables associated with each request in the abuse log.
Examples
USER_EDITCOUNT ARTICLE_RECENT_CONTRIBUTORS
Action variable can be 'edit'
, 'move'
, 'createaccount'
, 'autocreateaccount'
, 'delete'
or 'upload'
.
You can define more variables for ease of understanding with the assign symbol :=
in a line (closed by ;
) within a condition. Example (from w:en:Special:AbuseFilter/79):
(
line1:="(\{\{(r|R)eflist|\{\{(r|R)efs|<references\s?/>|</references\s?>)";
rcount(line1, removed_lines)
) > (
rcount(line1, added_lines)
)
Lists:
a_list := [ 5, 6, 7];
All variables
Description | Name | Data type | Values |
---|---|---|---|
Edit count of the user | user_editcount |
string | Empty for unregistered users. |
Name of the user account | user_name |
string | |
Time email address was confirmed | user_emailconfirm |
string | YYYYMMDDHHMMSS |
Age of the user account | user_age |
in seconds; 0 for IP | |
Groups (including implicit) the user is in | user_groups |
||
Rights that the user has | user_rights |
||
⧼abusefilter-edit-builder-vars-article-id⧽ (found in the page's HTML source - search for wgArticleId) | article_articleid |
integer | In theory this is 0 for new pages, but this is unreliable. Instead, use "old_size==0" to identify new page creation. |
⧼abusefilter-edit-builder-vars-article-ns⧽ | article_namespace |
integer | refers to namespace index |
⧼abusefilter-edit-builder-vars-article-text⧽ | article_text |
string | |
⧼abusefilter-edit-builder-vars-article-prefixedtext⧽ | article_prefixedtext |
string | |
Edit protection level of the page | article_restrictions_edit |
||
Move protection level of the page | article_restrictions_move |
||
Last ten users to contribute to the page | article_recent_contributors |
Empty if the user is the only contributor to the page(?), only scans the last 100 revisions | |
Action | action |
string | edit, move, createaccount, autocreateaccount, delete, upload |
Edit summary/reason | summary |
string | |
Whether or not the edit is marked as minor (no longer in use) | minor_edit |
string | |
Old page text, stripped of any markup (no longer in use) | old_wikitext |
||
New page text, stripped of any markup | new_wikitext |
||
Unified diff of changes made by edit | edit_diff |
||
New page size | new_size |
integer | |
Old page size | old_size |
integer | |
Size change in edit | edit_delta |
||
Lines added in edit | added_lines |
||
Lines removed in edit | removed_lines |
||
All external links in the new text | all_links |
||
Links in the page, before the edit | old_links |
||
All external links added in the edit | added_links |
||
All external links removed in the edit | removed_links |
||
Parsed HTML source of the new revision | new_html |
||
New page text, stripped of any markup | new_text |
||
Disabled | old_html |
||
Disabled | old_text |
||
Whether or not the change was made through a tor exit node | tor_exit_node |
0, 1 | |
Unix timestamp of change | timestamp |
string | int(timestamp) gives you a number with which you can calculate the date, time, day of week, etc. |
SHA1 hash of file contents | file_sha1 |
||
Size of the file in bytes | file_size |
integer | The file size in bytes |
CentralAuth also provides a global_user_groups variable, like user_groups.
When action is move, only the summary, action and timestamp variables, and variables with a name that starts with "user
" are available. Variables with a name that starts with "article_
" are also available, but the prefix is replaced by "moved_from_
" and "moved_to_", that represent the values of the original article name and the destination one respectively. For example, "moved_from_text
" and "moved_to_text
" instead of "article_text
".
Page/Article namespace
See also Manual:Namespace
English Wikipedia namespaces | |||
---|---|---|---|
Basic namespaces | Talk namespaces | ||
0 | Main | Talk | 1 |
2 | User | User talk | 3 |
4 | Wikipedia | Wikipedia talk | 5 |
6 | File | File talk | 7 |
8 | MediaWiki | MediaWiki talk | 9 |
10 | Template | Template talk | 11 |
12 | Help | Help talk | 13 |
14 | Category | Category talk | 15 |
100 | Portal | Portal talk | 101 |
108 | Book | Book talk | 109 |
Virtual namespaces | |||
-1 | Special | ||
-2 | Media |
Simple comparisons
You can compare variables with other variables and literals with the following syntax:
<
and>
— Return true if the left-hand operand is less than/greater than the right-hand operand respectively.<=
and>=
— Return true if the left-hand operand is less than or equal to/greater than or equal to the right-hand operand respectively.==
(or=
) and!=
— Return true if the left-hand operand is equal to/not equal to the right-hand operand respectively.===
and!==
— Return true if the left-hand operand is equal to/not equal to the right-hand operand AND the left-hand operand is the same/not the same data type to the right-hand operand respectively.
Example | Result |
---|---|
1 == 2 |
False |
1 <= 2 |
True |
1 >= 2 |
False |
1 != 2 |
True |
1 < 2 |
True |
1 > 2 |
False |
0 == False |
True |
0 === False |
False |
Arithmetic
You can use basic arithmetic symbols to do arithmetic on variables and literals with the following syntax:
-
— Subtract the right-hand operand from the left-hand operand.+
— Add the right-hand operand to the left-hand operand.*
— Multiply the left-hand operand by the right-hand operand./
— Divide the left-hand operand by the right-hand operand.**
— Raise the left-hand operand to the exponential power specified by the right-hand operand.%
— Return the remainder given when the left-hand operand is divided by the right-hand operand.
Example | Result |
---|---|
1 + 1 |
2 |
2 * 2 |
4 |
1 / 2 |
0.5 |
9 ** 2 |
81 |
6 % 5 |
1 |
String concatenation
You can use the +
(plus) symbol to concatenate two literal strings or the values of two vars with a string value.
Keywords
The following special keywords are included for often-used functionality:
like
(ormatches
) returns true if the left-hand operand matches the glob pattern in the right-hand operand.in
returns true if the right-hand operand (a string) contains the left-hand operand.rlike
(orregex
) andirlike
return true if the left-hand operand matches (contains) the regex pattern in the right-hand operand (irlike
is case insensitive). The system uses PCRE. The only PCRE option enabled isPCRE_UTF8
(modifieru
in PHP); forirlike
bothPCRE_CASELESS
andPCRE_UTF8
are enabled (modifieriu
).contains
if ... then ... else ... end
... ? ... : ...
true
,false
andnull
Examples
Code | Result |
---|---|
"1234" like "12?4"
|
True |
"1234" like "12*"
|
True |
"foo" in "foobar"
|
True |
"foo" regex "\w+"
|
True |
Functions
A number of built-in functions are included to ease some common issues. They are executed in the general format functionName( arg1, arg2, arg3 )
, and can be used in place of any literal or variable. Its arguments can be given as literals, variables, or even other functions.
name | description |
---|---|
lcase |
Returns the argument converted to lower case. |
ucase |
Returns the argument converted to upper case. |
length |
Returns the length of the string given as the argument. |
string |
Casts to string data type. |
int |
Casts to integer data type. |
float |
Casts to floating-point data type. |
bool |
Casts to boolean data type. |
norm |
Equivalent to rmwhitespace(rmspecials(rmdoubles(ccnorm(arg1)))) .
|
ccnorm |
Normalises confusable/similar characters in the argument, and returns a canonical form. A list of characters and their replacements can be found Template:Git file, eg. ccnorm( "Eeèéëēĕėęě3ƐƷ" ) === "EEEEEEEEEEEEE" .[1][2]
|
specialratio |
Returns the number of non-alphanumeric characters divided by the total number of characters in the argument. |
rmspecials |
Removes any special characters in the argument, and returns the result. |
rmdoubles |
Removes repeated characters in the argument, and returns the result. |
rmwhitespace |
Removes whitespace (spaces, tabs, newlines). |
count |
Returns the number of times the needle (first string) appears in the haystack (second string). If only one argument is given, splits it by commas and returns the number of segments. |
rcount |
Similar to count but the needle uses a regular expression instead. Can be made case-insensitive by letting the regular expression start with "(?i)".
|
ip_in_range |
Returns true if user's IP (first string) matches specified IP ranges (second string). Only works for anonymous users. |
contains_any |
Returns true if the first string contains any strings from the following arguments (unlimited number of arguments). |
substr |
Returns the portion of the first string, by offset from the second argument (starts at 0) and maximum length from the third argument (optional). |
strlen |
Same as length .
|
strpos |
Returns the numeric position of the first occurrence of needle (second string) in the haystack (first string). This function may return 0 when the needle is found at the begining of the haystack, so it might be misinterpreted as false value by another comparative operator. The better way is to use === or !== for testing whether it is found.
|
str_replace |
Replaces all occurrences of the search string with the replacement string. The function takes 3 arguments in the following order: text to perform the search, text to find, replacement text. |
rescape |
Returns the argument with some characters preceded with the escape character "\", so that the string can be used in a regular expression without those characters having a special meaning. |
set |
Sets a variable (first string) with a given value (second argument) for further use in the filter. Another syntax: name := value .
|
set_var |
Same as set .
|
Other
convert
returns the second argument converted to variant language specified by the first argument. ONLY apply on wikis with LanguageConverter class. (New func added on rev:49399, need support of MediaWiki after rev:49397)
Examples
length( "Wikipedia" )
|
9 |
lcase( "Wikipedia" )
|
wikipedia |
ccnorm( "ωɨƙɩᑭƐƉlα" )
|
W1K1PED1A |
ccnorm( "ìíîïĩļǐīĭḷĿї!ľį₤ĺľḷĿΛЛљóòôöõǒōŏǫőόὸὀὁὄὂὅὃọ$śŝşšṣσ" )
|
ìíîïĩļǐīĭḷĿї!ľį₤ĺľḷĿΛЛљóòôöõǒōŏǫőόὸὀὁὄὂὅὃọ$śŝşšṣσ[2] |
rmdoubles( "foobybboo" )
|
fobybo |
specialratio( "Wikipedia!" )
|
0.1 |
norm( "!!ω..ɨ..ƙ..ɩ..ᑭᑭ..Ɛ.Ɖ@@l%%α!!" )
|
W1K1PED1A |
count( "foo", "foofooboofoo" )
|
3 |
count( "foo,bar,baz" )
|
3 |
rmspecials( "FOOBAR!!1" )
|
FOOBAR1 |
rescape( "abc* (def)" )
|
abc\* \(def\) |
Boolean operations
You can match if and only if all of a number of conditions are true, one of a number of conditions are true, or one and only one of all conditions are true.
x | y
— OR – returns true if one or more of the conditions is true.x & y
— AND – returns true if both of the conditions are true.x ^ y
— XOR – returns true if one, and only one of the two conditions is true.!x
— NOT – returns true if the condition is not true.
Examples
Code | Result |
---|---|
1 | True |
0 | True |
0 | False |
1 & 1
|
True |
1 & 0
|
False |
0 & 0
|
False |
1 ^ 1
|
False |
1 ^ 0
|
True |
0 ^ 0
|
False |
!1
|
False |
Order of operations
Operations are generally done left-to-right, but there is an order to which they are resolved. As soon as the filter fails one of the conditions, it will stop checking the rest of them (due to short-circuit evaluation) and move on to the next filter (except for bug 41693). The evaluation order is:
- Anything surrounded by parentheses (
(
and)
) is evaluated as a single unit. - Turning variables/literals into their respective data. (i.e.,
article_namespace
to 0) - Function calls (
norm
,lcase
, etc.) - Unary
+
and-
(defining positive or negative value, e.g.-1234
,+1234
) - Keywords
- Boolean inversion (
!x
) - Exponentiation (
2**3 → 8
) - Multiplication-related (multiplication, division, modulo)
- Addition and subtraction (
3-2 → 1
) - Comparisons. (
<
,>
,==
) - Boolean operations. (
&
,|
,^
,in
)
Examples
A & B | C
is equivalent to(A & B) | C
, not toA & (B | C)
. In particular, bothfalse & true | true
andfalse & false | true
evaluates totrue
.A | B & C
is equivalent to(A | B) & C
, not toA | (B & C)
. In particular, bothtrue | true & false
andtrue | false & false
evaluates tofalse
.
Condition counting
Rules | Conditions used | Notes |
---|---|---|
'foo' == 'bar' |
1 | A simple test counts as one condition |
false & false & false & false & false |
5[3] | |
( 'foo' == 'bar' ) |
2 | Evaluating parenthesis also counts as conditions |
( 'foo' ) == ( 'bar' ) |
3 | |
(((( 'foo' == 'bar' )))) |
5 | |
false & ( false & false & false & false ) |
2 | But they can be used to force a short-circuit |
false & ( true & true & true & true ) |
2 | |
true & ( false & false & false & false ) |
6 | Rearranging and grouping the conditions according to their likelihood of being true might represent a big difference in the total number of conditions used by a complex filter |
true & ( false & ( false & false & false ) ) |
4 | |
str_replace( 'FooFoo', 'Foo', '' ) == 'bar' |
5 | Each function call and each parameter evaluation also counts as one condition |
str_replace( 'FooFoo', 'Foo', '' ) == 'bar' |
9 | 1 from str_replace + 3 from its parameters + 1 from the first == + 3 for the same parameters + 1 for the second ==
|
str_replace( 'FooFoo', 'Foo', '' ) |
5 | equivalent to "str_replace( 'FooFoo', 'Foo', '' ) = 1 "
|
Further explanation on how to reduce conditions used can be found at Extension:AbuseFilter/Conditions.