Wikipedia:Edit filter/Documentation

Edit filter management
Tags management

The extension defines a domain-specific language solely to write filter rules. Since the language is not Turing complete, it cannot replace bots for more complex tasks.

Significant content taken from mw:Extension:AbuseFilter/Rules format; see page history for attribution.

Variables

The edit filter captures the following data from edits. They are stored in the following variables. They can be manipulated and analyzed with various functions and operators. The data types are int (signed integer values), string (sequences of Unicode characters), bool (true and false), float (signed rational numbers), array (non-associative arrays) and null (usually an uninitialized variable).

Note that some numerical variables may be defined as a string; to act based on these variables, you may need to cast them to an int. For example, the variable timestamp is a string; to extract the date, hour etc. you must cast it to an int first (e.g. int(timestamp) % (60*60*24) === 22).

"Pre-save transformed" means after the wikitext is evaluated before saving; i.e. with template substitution. The wikitext is taken from the latest version before page save. For example, the added_lines_pst of {{subst:Mbox}} is {{#invoke:Message box|mbox}}; the added_lines is exactly {{subst:Mbox}} verbatim.

For an up-to-date list of variables, see the documentation on mediawiki.org.

Comparison

Operator	True when ...
`<`	the left operand is less than the right.
`>`	the left operand is more than the right.
`<=`	the left operand is less than or equal to the right.
`>=`	the left operand is more than or equal to the right.
`=` or `==`	the left operand is equal to the right.
`!=`	the left operand is not equal to the right.
`===`	the left operand is equal to the right and they are of the same data type.
`!==`	the left operand is not equal to the right and they are not of the same data type.

Arithmetic

Operator	Operation
+	Addition
-	Subtraction
*	Multiplication
/	Division
**	Exponentiation
%	Modulo (remainder)

+ concatenates a string with a string or other data type.

Keywords

like returns true if the left string matches the right string; this is distinct from = as the right string is treated as a glob pattern.
in returns true if the right string contains the left string. contains is its reverse, i.e. returns true if the left string contains the right string. Note: empty strings are not contained in, nor contain, any other string (not even the empty string itself).
rlike returns true if the left string matches the regular expression pattern in the right string. irlike is rlike with case-insensitivity. The regex engine is PCRE with support for Unicode characters. Beware, as regex is potentially expensive for two reasons:
- The time to run a regex with quantifiers can grow exponentially with the size of an edit because of PCRE's backtracking algorithm.^[1]
- Calling each regex has a fixed overhead, so merging multiple regexes together would be wise.^[2]
if .. then .. else .. end and the ternary conditional operator condition ? then_value : else_value.

Declaring new variables

You can declare new variables within a condition; their scope is lexical scoping limited to the condition they appear within.

Functions

For an up-to-date list of available functions see mw:Extension:AbuseFilter/Rules format#Functions.

name	description
`lcase`	Returns the argument converted to lower case.
`ucase`	Returns the argument converted to upper case.
`length`	Returns the length of the string given as the argument.
`string`	Casts to string data type.
`int`	Casts to integer data type.
`float`	Casts to floating-point data type.
`bool`	Casts to boolean data type.
`norm`	Equivalent to `rmwhitespace(rmspecials(rmdoubles(ccnorm(arg1))))`.
`ccnorm`	Normalises confusable/similar characters in the argument, and returns a canonical form. A list of characters and their replacements can be found on git, eg. `ccnorm( "Eeèéëēĕėęě3ƐƷ" ) == "EEEEEEEEEEEEE"`.^[3]^[4] Note that the extension AntiSpoof is required for this function to have an effect. Without it the string will simply be left unchanged.
`specialratio`	Returns the number of non-alphanumeric characters divided by the total number of characters in the argument.
`rmspecials`	Removes any special characters in the argument, and returns the result. (Equivalent to s/[^\p{L}\p{N}]//g.)
`rmdoubles`	Removes repeated characters in the argument, and returns the result.
`rmwhitespace`	Removes whitespace (spaces, tabs, and newlines).
`count`	Returns the number of times the needle (first string) appears in the haystack (second string). If only one argument is given, splits it by commas and returns the number of segments.
`rcount`	Similar to `count` but the needle uses a regular expression instead. Can be made case-insensitive by letting the regular expression start with "(?i)".
`ip_in_range`	Returns true if user's IP (first string) matches specified IP ranges (second string). Only works for anonymous users. Supports IPv4 and IPv6 addresses.
`contains_any`	Returns true if the first string contains any strings from the following arguments (unlimited number of arguments).
`substr`	Returns the portion of the first string, by offset from the second argument (starts at 0) and maximum length from the third argument (optional).
`strlen`	Same as `length`.
`strpos`	Returns the numeric position of the first occurrence of needle (second string) in the haystack (first string). This function may return 0 when the needle is found at the begining of the haystack, so it might be misinterpreted as false value by another comparative operator. The better way is to use `==` or `!==` for testing whether it is found.
`str_replace`	Replaces all occurrences of the search string with the replacement string. The function takes 3 arguments in the following order: text to perform the search, text to find, replacement text.
`rescape`	Returns the argument with some characters preceded with the escape character "\", so that the string can be used in a regular expression without those characters having a special meaning.
`set`	Sets a variable (first string) with a given value (second argument) for further use in the filter. Another syntax: `name := value`.
`set_var`	Same as `set`.

Actions which can be assigned in response to filtered edits

If a user triggers a filter, the edit filter can apply any of the following sanctions based on the severity of the offense:

All actions triggering a filter are logged at a special page.
The user's action can be tagged for further review.
The user can be warned that their actions may be unconstructive.
The user's action may be disallowed.
The user's autoconfirmed status may be revoked (or delayed if the user doesn't hold it).

The following actions are currently not available on this wiki:

The user's account may be blocked from editing, along with all IP addresses used in the last 7 days.
The user's account may be removed from all privileged groups (such as sysop, bot, rollbacker).

Note: Individual sanctions can be disabled selectively. Any edit filter manager can restore autoconfirmed status in case of an error.

Condition limit

The condition limit is a limit imposed by the software on the total number of conditions that can be evaluated by the filters. It is arbitrarily fixed at 2,000^[5]. While the aim of this limit is to avoid performance issues, it should be noted that this isn't a good metric of how heavy a filter is: for instance, a filter using dozens of simple comparisons (and thus dozens of conditions) is much lighter than one using a single check on the all_links variable. See mw:Extension:AbuseFilter/Conditions and mw:Extension:AbuseFilter/Rules format#Performance for more details.

Monitoring

All edits triggering an action will produce a report at Special:AbuseLog. On this page, a brief log entry is entered. Users with the appropriate permissions may view the log summary. Users with certain higher permissions may view details on the log entry. This includes all information available to the filter when it ran, and may be useful for debugging purposes. Users with the highest level of log-viewing permissions may view private data about the action which caused the log event, such as the user's IP address. See the AbuseFilter documentation for more details on the permissions structure.

Sample abuse log entries

06:43, 23 June 2008: Andrew (talk | contribs | block) triggered an abuse filter, making an edit on Main Page. Actions taken: warn,disallow; Filter description: Test Filter
06:43, 23 June 2008: Andrew (talk | contribs | block) triggered an abuse filter, making an edit on Main Page. Actions taken: none; Filter description: Test Filter

Sample detailed abuse log entries

A sample detailed log entry

06:43, 23 June 2008: Andrew (talk | contribs | block) triggered filter 1, making an edit on Main Page. Actions taken: warn,disallow; Filter description: Test Filter (details)
06:43, 23 June 2008: Andrew (talk | contribs | block) triggered filter 2, making an edit on Main Page. Actions taken: none; Filter description: Test Filter (details)
06:42, 23 June 2008: Andrew (talk | contribs | block) triggered filter 1, making an edit on Main Page. Actions taken: warn; Filter description: Test Filter (details)
06:42, 23 June 2008: Andrew (talk | contribs | block) triggered filter 2, making an edit on Main Page. Actions taken: none; Filter description: Test Filter (details)
06:22, 23 June 2008: Andrew (talk | contribs | block) triggered filter 1, making an edit on Main Page. Actions taken: warn,disallow; Filter description: Test Filter (details)
06:22, 23 June 2008: Andrew (talk | contribs | block) triggered filter 2, making an edit on Main Page. Actions taken: none; Filter description: Test Filter (details)

The details link brings up a screen like that on the right.

Safeguards

To protect the wiki against poorly configured filters, a technical limit is imposed on the maximum percentage of actions that will trigger a given filter. Other technical limits are in the process of being written.

Notification

All notifications are based on the template {{edit filter warning}}.

Standard notifications shown to a user triggering a filter action:

Message name Message text

abusefilter-disallowed

An automated filter has identified this edit as potentially unconstructive, so it has been disallowed. If this edit is constructive, please report this error. Disruptive behavior may result in being blocked from editing.

Report error

abusefilter-autopromote-blocked

An automated filter has identified this edit as potentially unconstructive, and it has been disallowed. In addition, your account has been temporarily restricted from executing some sensitive operations. If this edit is constructive, please report this error.

Generic warning message is below. Admins are advised to use custom warnings.

Message name Message text

abusefilter-warning

Warning: An automated filter has identified this edit as potentially unconstructive. Please be aware that vandalism may result in revocation of your editing privileges. If this edit is constructive, please click 'Publish changes' again, and report this error.

Some existing filters and their warnings:

Filter and message Message text

30: large deletions

removal

Warning: An automated filter has identified this edit as removing a large amount of content. While some material on Wikipedia should be removed, such as vandalism and false or libelous information, we discourage removal of content without a valid reason. If you believe that your removal is constructive, please go to the bottom of this page and press 'Publish changes' to continue (be sure to enter an edit summary if you have not done so already). If you did not remove a large amount of content, and you believe that this edit is constructive, please report this error.

132: removal of all categories

all categories removed

Warning: An automated filter has identified this edit as removing all categories from an article, which is potentially unconstructive. Categories are present as text like [[Category:XYZ]] at the bottom of articles, and should not generally be all removed. Please be aware that vandalism may result in revocation of your editing privileges. If this edit is constructive, please click 'Publish changes' again, and report this error.

If a filter is set to warn and disallow, then a user clicking "Save page" will alternatively see that warning and standard disallowed message.

References

^ For information on this slow behavior, see ReDoS and Regular expression § Implementations and running times. For information on writing regular expressions free from catastrophic backtracking, see "Preventing Regular Expression Denial of Service (ReDoS)" and phab:T187669.
^ The WMF currently executes user-provided regex using a shellbox. Doing so limits the use of resources as a defense against exponential behavior, but adds a base cost.
^ Be aware of phab:T29987
^ Be aware of phab:T27619
^ T309609

[1] For information on this slow behavior, see ReDoS and Regular expression § Implementations and running times. For information on writing regular expressions free from catastrophic backtracking, see "Preventing Regular Expression Denial of Service (ReDoS)" and phab:T187669.

[2] The WMF currently executes user-provided regex using a shellbox. Doing so limits the use of resources as a defense against exponential behavior, but adds a base cost.

[T29987-3] Be aware of phab:T29987

[T27619-4] Be aware of phab:T27619

[5] T309609

[1]

[2]

[3]

[4]

[5]