Wikipedia:Edit filter/Documentation

The extension defines a domain-specific language solely to write filter rules. Since the language is not Turing complete, it cannot replace bots for more complex tasks.

Significant content taken from mw:Extension:AbuseFilter/Rules format; see page history for attribution.

Variables

The edit filter captures the following data from edits. They are stored in the following variables. They can be manipulated and analyzed with various functions and operators. The data types are int (signed integer values), string (sequences of Unicode characters), bool (true and false), float (signed rational numbers), array (non-associative arrays) and null (usually an uninitialized variable).

Note that some numerical variables may be defined as a string; to act based on these variables, you may need to cast them to an int. For example, the variable timestamp is a string; to extract the date, hour etc. you must cast it to an int first (e.g. int(timestamp) % (60*60*24) === 22).

"Pre-save transformed" means after the wikitext is evaluated before saving; i.e. with template substitution. The wikitext is taken from the latest version before page save. For example, the added_lines_pst of {{subst:Mbox}} is {{#invoke:Message box|mbox}}; the added_lines is exactly {{subst:Mbox}} verbatim.

For an up-to-date list of variables, see the documentation on mediawiki.org.

Comparison

Operator True when ...
< the left operand is less than the right.
> the left operand is more than the right.
<= the left operand is less than or equal to the right.
>= the left operand is more than or equal to the right.
= or == the left operand is equal to the right.
!= the left operand is not equal to the right.
=== the left operand is equal to the right and they are of the same data type.
!== the left operand is not equal to the right and they are not of the same data type.

Arithmetic

Operator Operation
Addition
- Subtraction
* Multiplication
/ Division
** Exponentiation
% Modulo (remainder)

concatenates a string with a string or other data type.

Keywords

  • like returns true if the left string matches the right string; this is distinct from = as the right string is treated as a glob pattern.
  • in returns true if the right string contains the left string. contains is its reverse, i.e. returns true if the left string contains the right string. Note: empty strings are not contained in, nor contain, any other string (not even the empty string itself).
  • rlike returns true if the left string matches the regular expression pattern in the right string. irlike is rlike with case-insensitivity. The regex engine is PCRE with support for Unicode characters. Beware, as regex is potentially expensive for two reasons:
    • The time to run a regex with quantifiers can grow exponentially with the size of an edit because of PCRE's backtracking algorithm.[1]
    • Calling each regex has a fixed overhead, so merging multiple regexes together would be wise.[2]
  • if .. then .. else .. end and the ternary conditional operator condition ? then_value : else_value.

Declaring new variables

You can declare new variables within a condition; their scope is lexical scoping limited to the condition they appear within.

Functions

For an up-to-date list of available functions see mw:Extension:AbuseFilter/Rules format#Functions.

name description
lcase Returns the argument converted to lower case.
ucase Returns the argument converted to upper case.
length Returns the length of the string given as the argument.
string Casts to string data type.
int Casts to integer data type.
float Casts to floating-point data type.
bool Casts to boolean data type.
norm Equivalent to rmwhitespace(rmspecials(rmdoubles(ccnorm(arg1)))).
ccnorm Normalises confusable/similar characters in the argument, and returns a canonical form. A list of characters and their replacements can be found on git, eg. ccnorm( "Eeèéëēĕėęě3ƐƷ" ) == "EEEEEEEEEEEEE".[3][4] Note that the extension AntiSpoof is required for this function to have an effect. Without it the string will simply be left unchanged.
specialratio Returns the number of non-alphanumeric characters divided by the total number of characters in the argument.
rmspecials Removes any special characters in the argument, and returns the result. (Equivalent to s/[^\p{L}\p{N}]//g.)
rmdoubles Removes repeated characters in the argument, and returns the result.
rmwhitespace Removes whitespace (spaces, tabs, and newlines).
count Returns the number of times the needle (first string) appears in the haystack (second string). If only one argument is given, splits it by commas and returns the number of segments.
rcount Similar to count but the needle uses a regular expression instead. Can be made case-insensitive by letting the regular expression start with "(?i)".
ip_in_range Returns true if user's IP (first string) matches specified IP ranges (second string). Only works for anonymous users. Supports IPv4 and IPv6 addresses.
contains_any Returns true if the first string contains any strings from the following arguments (unlimited number of arguments).
substr Returns the portion of the first string, by offset from the second argument (starts at 0) and maximum length from the third argument (optional).
strlen Same as length.
strpos Returns the numeric position of the first occurrence of needle (second string) in the haystack (first string). This function may return 0 when the needle is found at the begining of the haystack, so it might be misinterpreted as false value by another comparative operator. The better way is to use == or !== for testing whether it is found.
str_replace Replaces all occurrences of the search string with the replacement string. The function takes 3 arguments in the following order: text to perform the search, text to find, replacement text.
rescape Returns the argument with some characters preceded with the escape character "\", so that the string can be used in a regular expression without those characters having a special meaning.
set Sets a variable (first string) with a given value (second argument) for further use in the filter. Another syntax: name := value.
set_var Same as set.

Actions which can be assigned in response to filtered edits

If a user triggers a filter, the edit filter can apply any of the following sanctions based on the severity of the offense:

  • All actions triggering a filter are logged at a special page.
  • The user's action can be tagged for further review.
  • The user can be warned that their actions may be unconstructive.
  • The user's action may be disallowed.
  • The user's autoconfirmed status may be revoked (or delayed if the user doesn't hold it).

The following actions are currently not available on this wiki:

  • The user's account may be blocked from editing, along with all IP addresses used in the last 7 days.
  • The user's account may be removed from all privileged groups (such as sysop, bot, rollbacker).

Note: Individual sanctions can be disabled selectively. Any edit filter manager can restore autoconfirmed status in case of an error.

Condition limit

The condition limit is a limit imposed by the software on the total number of conditions that can be evaluated by the filters. It is arbitrarily fixed at 2,000[5]. While the aim of this limit is to avoid performance issues, it should be noted that this isn't a good metric of how heavy a filter is: for instance, a filter using dozens of simple comparisons (and thus dozens of conditions) is much lighter than one using a single check on the all_links variable. See mw:Extension:AbuseFilter/Conditions and mw:Extension:AbuseFilter/Rules format#Performance for more details.

Monitoring

All edits triggering an action will produce a report at Special:AbuseLog. On this page, a brief log entry is entered. Users with the appropriate permissions may view the log summary. Users with certain higher permissions may view details on the log entry. This includes all information available to the filter when it ran, and may be useful for debugging purposes. Users with the highest level of log-viewing permissions may view private data about the action which caused the log event, such as the user's IP address. See the AbuseFilter documentation for more details on the permissions structure.

Sample abuse log entries

  • 06:43, 23 June 2008: Andrew (talk | contribs | block) triggered an abuse filter, making an edit on Main Page. Actions taken: warn,disallow; Filter description: Test Filter
  • 06:43, 23 June 2008: Andrew (talk | contribs | block) triggered an abuse filter, making an edit on Main Page. Actions taken: none; Filter description: Test Filter

Sample detailed abuse log entries

 
A sample detailed log entry
  • 06:43, 23 June 2008: Andrew (talk | contribs | block) triggered filter 1, making an edit on Main Page. Actions taken: warn,disallow; Filter description: Test Filter (details)
  • 06:43, 23 June 2008: Andrew (talk | contribs | block) triggered filter 2, making an edit on Main Page. Actions taken: none; Filter description: Test Filter (details)
  • 06:42, 23 June 2008: Andrew (talk | contribs | block) triggered filter 1, making an edit on Main Page. Actions taken: warn; Filter description: Test Filter (details)
  • 06:42, 23 June 2008: Andrew (talk | contribs | block) triggered filter 2, making an edit on Main Page. Actions taken: none; Filter description: Test Filter (details)
  • 06:22, 23 June 2008: Andrew (talk | contribs | block) triggered filter 1, making an edit on Main Page. Actions taken: warn,disallow; Filter description: Test Filter (details)
  • 06:22, 23 June 2008: Andrew (talk | contribs | block) triggered filter 2, making an edit on Main Page. Actions taken: none; Filter description: Test Filter (details)

The details link brings up a screen like that on the right.

Safeguards

To protect the wiki against poorly configured filters, a technical limit is imposed on the maximum percentage of actions that will trigger a given filter. Other technical limits are in the process of being written.

Notification

All notifications are based on the template {{edit filter warning}}.

Standard notifications shown to a user triggering a filter action:

Message name Message text
abusefilter-disallowed
abusefilter-autopromote-blocked

Generic warning message is below. Admins are advised to use custom warnings.

Message name Message text
abusefilter-warning

Some existing filters and their warnings:

Filter and message Message text
30: large deletions

removal

132: removal of all categories

all categories removed

If a filter is set to warn and disallow, then a user clicking "Save page" will alternatively see that warning and standard disallowed message.

References

  1. ^ For information on this slow behavior, see ReDoS and Regular expression § Implementations and running times. For information on writing regular expressions free from catastrophic backtracking, see "Preventing Regular Expression Denial of Service (ReDoS)" and phab:T187669.
  2. ^ The WMF currently executes user-provided regex using a shellbox. Doing so limits the use of resources as a defense against exponential behavior, but adds a base cost.
  3. ^ Be aware of phab:T29987
  4. ^ Be aware of phab:T27619
  5. ^ T309609