The rules are a custom language. They are formatted similar to conditionals in a C/Java/Perl-like language.
You can specify a literal by placing it in single or double quotes (for strings), or by typing it in as-is (for numbers, both floating-point and integer).You can get linebreaks with\n, tab characters with\t, and you can also escape the quote character with a backslash.
Use the+ (plus) symbol toconcatenate twoliteral strings or the values of twovars with a string value.
"This is a string"'This is also a string''This string shouldn\'t fail'"This string\nHas a linebreak"12341.234-123
You can define custom variables for ease of understanding with the assign symbol:= in a line (closed by;) within a condition.Such variables may use letters, underscores, and numbers (apart from the first character) and are case-insensitive.Example (fromw:Special:AbuseFilter/79):
(line1:="(?:\{\{[Rr]ef(?:list|s)|<references\s?\/>|<\/references\s?>)";rcount(line1,removed_lines))>(rcount(line1,added_lines))
AbuseFilter has support for non-associative arrays, which can be used like in the following examples.
Expressions likepage_namespace in [14, 15] may not work as expected. This one will evaluate totrue also ifpage_namespace is1,4, or5. For more information and possible workarounds, please seeT181024. |
my_array:=[5,6,7,10];my_array[0]==5length(my_array)==4int(my_array)===4// Same as lengthfloat(my_array)===4.0// Counts the elementsstring(my_array)=="5\n6\n7\n10\n"// Note: the last linebreak could be removed in the future5inmy_array==true'5'inmy_array==true'5\n6'inmy_array==true// Note: this is due to how arrays are cast to string, i.e. by imploding them with linebreaks1inmy_array==true// Note: this happens because 'in' casts arguments to strings, so the 1 is caught in '10' and returns true.my_array[]:=57;// This appends an element at the end of the arraymy_array===[5,6,7,10,57]my_array[2]:=42;// And this is for changing an element in the arraymy_array===[5,6,42,10,57]
You can specify comments using the following syntax:
/* This is a comment */You can use basic arithmetic symbols to do arithmetic on variables and literals with the following syntax:
- – Subtract the right-hand operand from the left-hand operand.+ – Add the right-hand operand to the left-hand operand.* – Multiply the left-hand operand by the right-hand operand./ – Divide the left-hand operand by the right-hand operand.** – Raise the left-hand operand to the exponential power specified by the right-hand operand.% – Return the remainder given when the left-hand operand is divided by the right-hand operand.The type of the returned result is the same that would be returned by PHP, for which a lot of documentation may be foundonline.More exhaustive examples may be found inthis AF parser test.
| Example | Result |
|---|---|
1 + 1 | 2 |
2 * 2 | 4 |
1 / 2 | 0.5 |
9 ** 2 | 81 |
6 % 5 | 1 |
You can match if and only if all of a number of conditions are true, one of a number of conditions are true, or one and only one of all conditions are true.
x | y — OR – returns true if one or more of the conditions is true.x & y — AND – returns true if both of the conditions are true.x ^ y — XOR – returns true if one, and only one of the two conditions is true.!x — NOT – returns true if the condition is not true.Examples
| Code | Result |
|---|---|
1 | 1 | true |
1 | 0 | true |
0 | 0 | false |
1 & 1 | true |
1 & 0 | false |
0 & 0 | false |
1 ^ 1 | false |
1 ^ 0 | true |
0 ^ 0 | false |
!1 | false |
!0 | true |
You can comparevariables with other variables andliterals with the followingsyntax:
<,> – Returntrue if the left-handoperand isless than/greater than the right-hand operand respectively. Watch out: operands are cast to strings and, like it happens in PHP,null < any number === true andnull > any number === false.<=,>= – Returntrue if the left-hand operand isless than or equal to/greater than or equal to the right-hand operand respectively. Watch out: operands are cast to strings and, like it happens in PHP,null <= any number === true andnull >= any number === false.== (or=),!= – Returntrue if the left-hand operand isequal to/not equal to the right-hand operand respectively.===,!== – Returntrue if the left-hand operand isequal to/not equal to the right-hand operand AND the left-hand operand isthe same/not the same data type to the right-hand operand respectively.| Example | Result |
|---|---|
1 == 2 | false |
1 <= 2 | true |
1 >= 2 | false |
1 != 2 | true |
1 < 2 | true |
1 > 2 | false |
2 = 2 | true |
'' == false | true |
'' === false | false |
1 == true | true |
1 === true | false |
['1','2','3'] == ['1','2','3'] | true |
[1,2,3] === [1,2,3] | true |
['1','2','3'] == [1,2,3] | true |
['1','2','3'] === [1,2,3] | false |
[1,1,''] == [true, true, false] | true |
[] == false & [] == null | true |
['1'] == '1' | false[1] |
The abuse filter passes various variables by name into the parser.These variables can be accessed by typing their name in, in a place where a literal would work.You can view the variables associated with each request in the abuse log.
User-related variables are always available, except for one case: account creation when the creator is not logged in. All variables starting withuser_ are affected, exceptuser_type. |
| Description | Name | Data type | Notes | ||
|---|---|---|---|---|---|
| Action | action | string | One of the following: edit, move, createaccount, autocreateaccount, delete, upload[2], stashupload[3] | ||
| Unix timestamp of change | timestamp | string | int(timestamp) gives you a number with which you can calculate the date, time, day of week, etc. | ||
| Database name of the wiki ($1) | wiki_name | string | For instance, this is "enwiki" on the English Wikipedia, and "itwikiquote" on the Italian Wikiquote. | ||
| Language code of the wiki ($1) | wiki_language | string | For instance, this is "en" on the English Wikipedia, and "it" on the Italian Wikiquote. Multi-lingual wikis like Commons, Meta, and Wikidata will also report as "en". | ||
| Edit count of the user ($1) | user_editcount | integer/null | Null only for unregistered users. Neither 0 nor null fortemporary accounts. | ||
| Name of the user account ($1) (IP in case the user is not registered) | user_name | string | For "createaccount" and "autocreateaccount" actions, use account_name if you want the name of the account being created.
| ||
| Type of the user account ($1) | user_type | string | The type of the user, which will be one ofip,temp (if the user is using atemporary account),named,external, orunknown. | ||
| Time email address was confirmed ($1) | user_emailconfirm | string/null | In the format: YYYYMMDDHHMMSS. Null if the email wasn't confirmed. | ||
| Age of the user account ($1) | user_age | integer | In seconds. 0 for unregistered users. Not 0 for temporary accounts. | ||
| Whether the user is blocked ($1) | user_blocked | boolean | True for blocked registered users and temporary accounts. Also true for edits from blocked IP addresses, even if the editor is a registered user who is not blocked. False otherwise. This doesn't differentiate between partial and sitewide blocks. | ||
| Groups (including implicit) the user is in ($1) | user_groups | array of strings | seeSpecial:ListGroupRights | ||
| Rights that the user has ($1) | user_rights | array of strings | seeSpecial:ListGroupRights | ||
| Page ID ($1) | article_articleid | integer | (deprecated) Usepage_id instead. | ||
| Page ID ($1) (can be seen via "page information" link in sidebar) | page_id | integer | This is 0 for new pages, but it is unreliable when inspecting past hits. If you need an exact result when inspecting past hits, use "page_age == 0" to identify new page creation. (note that it is slower, though.) This issue has been fixed in9369d08, merged on September 11th 2023. | ||
| Page namespace ($1) | article_namespace | integer | (deprecated) Usepage_namespace instead. | ||
| Page namespace ($1) | page_namespace | integer | refers tonamespace index. Check for namespace(s) using expressions like "page_namespace == 2" or "equals_to_any(page_namespace, 1, 3)" | ||
| Page age in seconds ($1) | page_age | integer | the number of seconds since the first edit (or 0 for new pages). This is reliable, but it tends to be slow; consider usingpage_id if you don't need much precision. | ||
| Page title without namespace ($1) | article_text | string | (deprecated) Usepage_title instead. | ||
| Page title without namespace ($1) | page_title | string | |||
| Full page title ($1) | article_prefixedtext | string | (deprecated) Usepage_prefixedtitle instead. | ||
| Full page title ($1) | page_prefixedtitle | string | |||
| Edit protection level of the page ($1) | article_restrictions_edit | string | (deprecated) Usepage_restrictions_edit instead. | ||
| Edit protection level of the page ($1) | page_restrictions_edit | array of strings | |||
| Move protection level of the page ($1) | article_restrictions_move | string | (deprecated) Usepage_restrictions_move instead. | ||
| Move protection level of the page ($1) | page_restrictions_move | array of strings | |||
| Upload protection of the file ($1) | article_restrictions_upload | string | (deprecated) Usepage_restrictions_upload instead. | ||
| Upload protection of the file ($1) | page_restrictions_upload | array of strings | |||
| Create protection of the page ($1) | article_restrictions_create | string | (deprecated) Usepage_restrictions_create instead. | ||
| Create protection of the page ($1) | page_restrictions_create | array of strings | |||
| Last ten users to contribute to the page ($1) | article_recent_contributors | array of strings | (deprecated) Usepage_recent_contributors instead. | ||
| Last ten users to contribute to the page ($1) | page_recent_contributors | array of strings | This tends to beslow (see#Performance). Try to put conditions more likely evaluate to false before this one, to avoid unnecessarily running the query. This value is an empty array for page creations. The resulting array will have each name only once, regardless of how many times they contributed. Only scans the last 100 revisions | ||
| First user to contribute to the page ($1) | article_first_contributor | string | (deprecated) Usepage_first_contributor instead. | ||
| First user to contribute to the page ($1) | page_first_contributor | string | This tends to beslow (see#Performance).[4] Try to put conditions more likely evaluate to false before this one, to avoid unnecessarily running the query. |
| Description | Name | Data type | Notes |
|---|---|---|---|
| Edit summary/reason ($1) | summary | string | Summaries automatically created by MediaWiki ("New section", "Blanked the page", etc.) are createdafter the filter checks the edit, so they will never actually catch, even if the debugger shows that they should. The variable contains whatever the user sees in the edit summary window, which may include MediaWiki preloaded section titles.[5] |
minor_edit | Disabled, and set to false for all entries between 2016 and 2018.[6] | ||
| Old page wikitext, before the edit ($1) | old_wikitext | string | This variable can be very large. Consider usingremoved_lines if possible to improve performance. |
| New page wikitext, after the edit ($1) | new_wikitext | string | This variable can be very large. Consider usingadded_lines if possible to improve performance. |
| Unified diff of changes made by edit ($1) | edit_diff | string | |
| Unified diff of changes made by edit, pre-save transformed ($1) | edit_diff_pst | string | This tends to beslow (see#Performance). Checking bothadded_lines andremoved_lines is probably more efficient.[7] |
| New page size ($1) | new_size | integer | |
| Old page size ($1) | old_size | integer | |
| Size change in edit ($1) | edit_delta | integer | |
| Lines added in edit ($1) | added_lines | array of strings | includes all lines in the final diff that begin with + |
| Lines removed in edit ($1) | removed_lines | array of strings | |
| Lines added in edit, pre-save transformed ($1) | added_lines_pst | array of strings | Useadded_lines if possible, which is more efficient. |
| External links in the new text ($1) | new_links | array of strings | This tends to beslow (see#Performance). |
| External links in the new text ($1) | all_links | array of strings | (deprecated) Usenew_links instead. |
| External links in the page, before the edit ($1) | old_links | array of strings | This tends to beslow (see#Performance). |
| External links added in the edit ($1) | added_links | array of strings | This tends to beslow (see#Performance). Consider checking againstadded_lines first, then checkadded_links so that fewer edits are slowed down. This followsMediaWiki's rules for external links. Only unique links are added to the array. Changing a link will count as 1 added and 1 removed link. |
| External links removed in the edit ($1) | removed_links | array of strings | This tends to beslow (see#Performance). Consider checking againstremoved_lines first, then checkremoved_links so that fewer edits are slowed down. This followsMediaWiki's rules for external links. Only unique links are added to the array. Changing a link will count as 1 added and 1 removed link. |
| New page wikitext, pre-save transformed ($1) | new_pst | string | This variable can be very large. |
| Parsed HTML source of the new revision ($1) | new_html | string | This variable can be very large. Consider usingadded_lines if possible to improve performance. |
| New page text, stripped of any markup ($1) | new_text | string | This variable can be very large. Consider usingadded_lines if possible to improve performance. |
old_html | Disabled for performance reasons. | ||
old_text | Disabled for performance reasons. | ||
| Time since last page edit in seconds ($1) | page_last_edit_age | integer ornull | null when the page does not exist |
| SHA1 hash of file contents ($1) | file_sha1 | string | [2] |
| Size of the file in bytes ($1) | file_size | integer | The file size in bytes[2] |
| Width of the file in pixels ($1) | file_width | integer | The width in pixels[2] |
| Height of the file in pixels ($1) | file_height | integer | The height in pixels[2] |
| Bits per color channel of the file ($1) | file_bits_per_channel | integer | The amount of bits per color channel[2] |
| MIME type of the file ($1) | file_mime | string | The fileMIME type.[2] |
| Media type of the file ($1) | file_mediatype | string | The file media type.[8][2] |
| Page ID of move destination page ($1) | moved_to_articleid | integer | (deprecated) Usemoved_to_id instead. |
| Page ID of move destination page ($1) | moved_to_id | integer | |
| Title of move destination page ($1) | moved_to_text | string | (deprecated) Usemoved_to_title instead. |
| Title of move destination page ($1) | moved_to_title | string | |
| Full title of move destination page ($1) | moved_to_prefixedtext | string | (deprecated) Usemoved_to_prefixedtitle instead. |
| Full title of move destination page ($1) | moved_to_prefixedtitle | string | |
| Namespace of move destination page ($1) | moved_to_namespace | integer | |
| Move destination page age in seconds ($1) | moved_to_age | integer | |
| Time since last move destination page edit in seconds ($1) | moved_to_last_edit_age | integer ornull | null when the target page does not exist |
| Edit protection level of move destination page ($1) | moved_to_restrictions_edit | array of string | Same aspage_restrictions_edit, but for the target of the move. |
| Move protection level of move destination page ($1) | moved_to_restrictions_move | array of string | Same aspage_restrictions_move, but for the target of the move. |
| Upload protection of move destination file ($1) | moved_to_restrictions_upload | array of string | Same aspage_restrictions_upload, but for the target of the move. |
| Create protection of move destination page ($1) | moved_to_restrictions_create | array of string | Same aspage_restrictions_create, but for the target of the move. |
| Last ten users to contribute to move destination page ($1) | moved_to_recent_contributors | array of strings | Same aspage_recent_contributors, but for the target of the move. |
| First user to contribute to move destination page ($1) | moved_to_first_contributor | string | Same aspage_first_contributor, but for the target of the move. |
| Namespace of move source page ($1) | moved_from_namespace | integer | |
| Title of move source page ($1) | moved_from_text | string | (deprecated) Usemoved_from_title instead. |
| Title of move source page ($1) | moved_from_title | string | |
| Full title of move source page ($1) | moved_from_prefixedtext | string | (deprecated) Usemoved_from_prefixedtitle instead. |
| Full title of move source page ($1) | moved_from_prefixedtitle | string | |
| Page ID of move source page ($1) | moved_from_articleid | integer | (deprecated) Usemoved_from_id instead. |
| Page ID of move source page ($1) | moved_from_id | integer | |
| Move source page age in seconds ($1) | moved_from_age | integer | |
| Time since last move source page edit in seconds ($1) | moved_from_last_edit_age | integer | |
| Edit protection level of move source page ($1) | moved_from_restrictions_edit | array of string | Same aspage_restrictions_edit, but for the page being moved. |
| Move protection level of move source page ($1) | moved_from_restrictions_move | array of string | Same aspage_restrictions_move, but for the page being moved. |
| Upload protection of move source file ($1) | moved_from_restrictions_upload | array of string | Same aspage_restrictions_upload, but for the page being moved. |
| Create protection of move source page ($1) | moved_from_restrictions_create | array of string | Same aspage_restrictions_create, but for the page being moved. |
| Last ten users to contribute to move source page ($1) | moved_from_recent_contributors | array of strings | Same aspage_recent_contributors, but for the page being moved. |
| First user to contribute to move source page ($1) | moved_from_first_contributor | string | Same aspage_first_contributor, but for the page being moved. |
| Account name on account creation ($1) | account_name | string | Name of the account being created. Available only in thecreateaccount andautocreateaccount actions. |
| Account name on account creation ($1) | accountname | string | (deprecated) Useaccount_name instead. |
| Account type on account creation ($1) | account_type | string | Type of the account being created, which will be one of the following:
The only difference from |
| Content model of the old revision | old_content_model | string | SeeHelp:ChangeContentModel for information about content model changes |
| Content model of the new revision | new_content_model | string | SeeHelp:ChangeContentModel for information about content model changes |
A variable can be considered protected. For instance, on wikis with temporary accounts enabled, IPs are considered PII and access to them must be restricted.Protected variables and filters that use them (including the logs they create) are only accessible to maintainers with theabusefilter-access-protected-vars right.Using a protected variable flags the filter as protected as well.The filter subsequently cannot be unprotected, even if it no longer actively uses a protected variable, as its historical logs will remain available.
A private log is created when a filter maintainer views the value of a protected variable.This private log is not an abuse filter log.It is a private log only viewable to users with theabusefilter-protected-vars-log right and is stored atSpecial:Log/abusefilter-protected-vars.
The default protected variables are defined inAbuseFilterProtectedVariables inextension.json.
| Description | Name | Data type | Notes |
|---|---|---|---|
| IP of the user account (for logged-out users and temporary accounts only) ($1) | user_unnamed_ip | string | User IP for anonymous users/temporary accounts This returns If theCheckUser extension is installed, then the user must also have access to the IP addresses of temporary accounts. This access is described atHelp:Extension:CheckUser.null for registered users. |
false when examinating past edits, and may not reflect their actual value at the time the edit was made. SeeT102944.| Description | Name | Data type | Values | Added by | Notes |
|---|---|---|---|---|---|
| Global groups that the user is in ($1) | global_user_groups | array | CentralAuth | ||
| Global edit count of the user ($1) | global_user_editcount | integer | CentralAuth | ||
| Global groups that the user is in on account creation ($1) | global_account_groups | array | Available only whenaction iscreateaccount (then it is always empty) orautocreateaccount. | CentralAuth | |
| Global edit count of the user on account creation ($1) | global_account_editcount | integer | Available only whenaction iscreateaccount (then it is always zero) orautocreateaccount. | CentralAuth | |
| OAuth consumer used to perform this change ($1) | oauth_consumer | integer | OAuth | ||
| Page ID of Structured Discussions board ($1) | board_articleid | integer | (deprecated) Useboard_id instead. | StructuredDiscussions | |
| Page ID of Structured Discussions board ($1) | board_id | integer | StructuredDiscussions | ||
| Namespace of Structured Discussions board ($1) | board_namespace | integer | refers tonamespace index | StructuredDiscussions | |
| Title (without namespace) of Structured Discussions board ($1) | board_text | string | (deprecated) Useboard_title instead. | StructuredDiscussions | |
| Title (without namespace) of Structured Discussions board ($1) | board_title | string | StructuredDiscussions | ||
| Full title of Structured Discussions board ($1) | board_prefixedtext | string | (deprecated) Useboard_prefixedtitle instead. | StructuredDiscussions | |
| Full title of Structured Discussions board ($1) | board_prefixedtitle | string | StructuredDiscussions | ||
| Source text of translation unit ($1) | translate_source_text | string | Translate | ||
| Target language for translation ($1) | translate_target_language | string | This is the language code, likeen for English. | Translate | |
| Whether or not the change was made through a Tor exit node ($1) | tor_exit_node | boolean | true if the action comes from a tor exit node. | TorBlock | |
| Whether or not a user is editing through the mobile interface ($1) | user_mobile | boolean | true for mobile users,false otherwise. | MobileFrontend | |
| Whether the user is editing from mobile app ($1) | user_app | boolean | true if the user is editing from the mobile app,false otherwise. | MobileApp | |
| Page views[1] | article_views | integer | (deprecated) Usepage_views instead. | HitCounters | |
| Page views[2] | page_views | integer | the amount of page views | HitCounters | |
| Source page views[3] | moved_from_views | integer | the amount of page views of the source page | HitCounters | |
| Target page views[4] | moved_to_views | integer | the amount of page views of the target page | HitCounters | |
| Whether the IP address is blocked using the stopforumspam.com list[5] | sfs_blocked | boolean | Whether the IP address is blocked using the stopforumspam.com list | StopForumSpam | |
| Whether the IP being used by the user is known by the IPoid service ($1) | ip_reputation_ipoid_known | boolean | For information about this variable seeExtension:IPReputation/AbuseFilter variables. | IPReputation | Protected variable |
| Number of clients associated with IP being used by the user ($1) | ip_reputation_client_count | integer | For information about this variable seeExtension:IPReputation/AbuseFilter variables. | IPReputation | Protected variable |
| List of behaviors associated with the IP being used by the user ($1) | ip_reputation_client_behaviors | array | For information about this variable seeExtension:IPReputation/AbuseFilter variables. | IPReputation | Protected variable |
| List of proxy services associated with IP being used by the user ($1) | ip_reputation_client_proxies | array | For information about this variable seeExtension:IPReputation/AbuseFilter variables. | IPReputation | Protected variable |
| List of risks associated with the IP being used by the user ($1) | ip_reputation_risk_types | array | For information about this variable seeExtension:IPReputation/AbuseFilter variables. | IPReputation | Protected variable |
| List of tunnel operators associated with the IP being used by the user ($1) | ip_reputation_tunnel_operators | array | For information about this variable seeExtension:IPReputation/AbuseFilter variables. | IPReputation | Protected variable |
Whenaction='move', only thesummary,action,timestamp anduser_* variables are available.Thepage_* variables are also available, but the prefix is replaced bymoved_from_ andmoved_to_, that represent the values of the original article name and the destination one, respectively.For example,moved_from_title andmoved_to_title instead ofpage_title.
Since MediaWiki 1.28 (gerrit:295254),action='upload' is only used when publishing an upload, and not for uploads to stash.A newaction='stashupload' is introduced, which is used for all uploads, including uploads to stash.This behaves likeaction='upload' used to, and only provides file metadata variables (file_*).Variables related to the page edit, includingsummary,new_wikitext and several others, are now available foraction='upload'.For every file upload, filters may be called withaction='stashupload' (for uploads to stash), and are always called withaction='upload'; they are not called withaction='edit'.
Filter authors should useaction='stashupload' | action='upload' in filter code when a file can be checked based only on the file contents – for example, to reject low-resolution files – andaction='upload' only when the wikitext parts of the edit need to be examined too – for example, to reject files with no description.This allows tools that separate uploading the file and publishing the file (e.g.UploadWizard orUpload dialog) to inform the user of the failure before they spend the time filling in the upload details.
As noted in the table above, some of these variables can be very slow.While writing filters, remember that the condition limit isnot a good metric of how heavy filters are.For instance, variables like*_recent_contributors or*_links always need a DB query to be computed, while*_pst variables will have to perform parsing of the text, which again is a heavy operation; all these variables should be used very, very carefully.For instance, on Italian Wikipedia it's been observed that, with 135 active filters and an average of 450 used conditions, filters execution time was around 500ms, with peaks reaching 15 seconds.Removing theadded_links variable from a single filter, and halving the cases when another filter would useadded_lines_pst brought the average execution time to 50ms.More specifically:
_links variables when you need high accuracy and checking for "http://..." in other variables (for instance,added_lines) could lead to heavy malfunctioning;_pst variables when you're really sure that non-PST variables aren't enough. You may also conditionally decide which one to check: if, for instance, you want to examine a signature, check first ifadded_lines contains~~~;Last but not least, note that whenever a variable is computed for a given filter, it'll be saved and any other filter will immediately retrieve it. This means that one single filter computing this variable counts more or less as dozens of filters using it.
The following special keywords are included for often-used functionality:
like (ormatches) returns true if the left-hand operand matches theglob pattern in the right-hand operand.in returns true if the right-hand operand (a string) contains the left-hand operand.Note: empty strings are not contained in, nor contain, any other string (not even the empty string itself).contains works likein, but with the left and right-hand operands switched.Note: empty strings are not contained in, nor contain, any other string (not even the empty string itself).rlike (orregex) andirlike return true if the left-hand operand matches (contains) theregex pattern in the right-hand operand (irlike is caseinsensitive).if ... then ... endif ... then ... else ... end... ? ... : ...true,false,nullExamples
| Code | Result | Comment |
|---|---|---|
"1234" like "12?4" | True | |
"1234" like "12*" | True | |
"foo" in "foobar" | True | |
"foobar" contains "foo" | True | |
"o" in ["foo", "bar"] | True | Due to the string cast |
"foo" regex "\w+" | True | |
"a\b" regex "a\\\\b" | True | To look for the escape character backslash using regex you need to use either four backslashes or two\x5C. (Either works fine.) |
"a\b" regex "a\x5C\x5Cb" | True |
A number of built-in functions are included to ease some common issues.They are executed in the general formatfunctionName( arg1, arg2, arg3 ), and can be used in place of any literal or variable.Its arguments can be given as literals, variables, or even other functions.
| name | description |
|---|---|
lcase | Returns the argument converted to lower case. |
ucase | Returns the argument converted to upper case. |
length | Returns the length of the string given as the argument. If the argument is an array, returns its number of elements. |
string | Casts to string data type. If the argument is an array, implodes it with linebreaks. |
int | Casts to integer data type. |
float | Casts to floating-point data type. |
bool | Casts to boolean data type. |
norm | Equivalent tormwhitespace(rmspecials(rmdoubles(ccnorm(arg1)))). |
ccnorm | Normalises confusable/similar characters in the argument, and returns a canonical form. A list of characters and their replacements can be foundon git, e.g.ccnorm( "Eeèéëēĕėęě3ƐƷ" ) === "EEEEEEEEEEEEE".[9] The output of this function is always uppercase. While not expensive, this function isn't cheap either, and could slow a filter down if called many times. |
ccnorm_contains_any | Normalises confusable/similar characters in all its arguments, and returns true if the first string containsany string from the following arguments (unlimited number of arguments, logic OR mode). A list of characters and their replacements can be foundon git. Due to the usage ofccnorm, this function can be slow if passed too many arguments. |
ccnorm_contains_all | Normalises confusable/similar characters in all its arguments, and returns true if the first string containsevery string from the following arguments (unlimited number of arguments, logic AND mode). A list of characters and their replacements can be foundon git. Due to the usage ofccnorm, this function can be slow if passed too many arguments. |
specialratio | Returns the number of non-alphanumeric characters divided by the total number of characters in the argument. |
rmspecials | Removes any special characters in the argument, and returns the result. Does not remove whitespace. (Equivalent to s/[^\p{L}\p{N}\s]//g.) |
rmdoubles | Removes repeated characters in the argument, and returns the result. |
rmwhitespace | Removes whitespace (spaces, tabs, newlines). |
count | Returns the number of times the needle (first string) appears in the haystack (second string). If only one argument is given, splits it by commas and returns the number of segments. This should not be confused with length, which returns the number of elements in anarray (or the number of characters in a string). Whilecount works in a similar way tolengthonly when there is a single argument and that argument is an array, this usage is discouraged because array variables may be evaluated as null, making this usage bug-prone. |
rcount | Similar tocount but the needle uses a regular expression instead. Can be made case-insensitive by letting the regular expression start with "(?i)". Please note that, for plain strings, this function can be up to 50 times slower thancount[10], so use that one when possible. |
get_matches | MW 1.31+ Looks for matches of the regex needle (first string) in the haystack (second string). Returns an array where the 0 element is the whole match and every[n] element is the match of the n'th capturing group of the needle. Can be made case-insensitive by letting the regular expression start with "(?i)". If a capturing group didn't match, that array position will take value offalse. |
ip_in_range | Returns true if user's IP (first string) matches the specified IP range (second string, can be inCIDR notation, explicit notation like "1.1.1.1-2.2.2.2", or a single IP). Only works for anonymous users. Supports both IPv4 and IPv6 addresses. |
ip_in_ranges | Returnstrue if user's IP (first string) matchesany of the specified IP ranges (following strings in logic OR mode, can be inCIDR notation, explicit notation like "1.1.1.1-2.2.2.2", or a single IP). Only works for anonymous users. Supports both IPv4 and IPv6 addresses. |
contains_any | Returns true if the first string containsany string from the following arguments (unlimited number of arguments in logic OR mode). If the first argument is an array, it gets cast to string. |
contains_all | Returns true if the first string containsevery string from the following arguments (unlimited number of arguments in logic AND mode). If the first argument is an array, it gets cast to string. |
equals_to_any | Returns true if the first argument is identical (===) to any of the following ones (unlimited number of arguments). Basically,equals_to_any(a, b, c) is the same asa===b | a===c, but more compact and saves conditions. |
substr | Returns the portion of the first string, by offset from the second argument (starts at 0) and maximum length from the third argument (optional). |
strlen | Same aslength. |
strpos | Returns the numeric position of the first occurrence of needle (second string) in the haystack (first string), starting from offset from the third argument (optional, default is 0). This function may return 0 when the needle is found at the beginning of the haystack, so it might be misinterpreted asfalse value by another comparative operator. The better way is to use=== or!== for testing whether it is found. Differently from PHP's strpos(), which returns false when the needle is not found, this function returns -1 when the needle is not found. |
str_replace | Replaces all occurrences of the search string with the replacement string. The function takes 3 arguments in the following order: text to perform the search on, text to find, replacement text. |
str_replace_regexp | Replaces all occurrences of the search string with the replacement string using regular expressions. The function takes 3 arguments in the following order: text to perform the search on, regular expression to match, replacement expression. |
rescape | Returns the argument with some characters preceded with the escape character "\", so that the string can be used in a regular expression without those characters having a special meaning. |
set | Sets a variable (first string) with a given value (second argument) for further use in the filter. Another syntax:name :=value. |
set_var | Same asset. |
| Code | Result | Comment |
|---|---|---|
length( "Wikipedia" ) | 9 | |
lcase( "WikiPedia" ) | wikipedia | |
ccnorm( "w1k1p3d14" ) | WIKIPEDIA | ccnorm output is always uppercase |
ccnorm( "ωɨƙɩᑭƐƉ1α" ) | WIKIPEDIA | |
ccnorm_contains_any( "w1k1p3d14", "wiKiP3D1A", "foo", "bar" ) | true | |
ccnorm_contains_any( "w1k1p3d14", "foo", "bar", "baz" ) | false | |
ccnorm_contains_any( "w1k1p3d14 is 4w3s0me", "bar", "baz", "some" ) | true | |
ccnorm( "ìíîïĩїį!ľ₤ĺľḷĿ" ) | IIIIIII!LLLLLL | |
norm( "!!ω..ɨ..ƙ..ɩ..ᑭᑭ..Ɛ.Ɖ@@1%%α!!" ) | WIKIPEDAIA | |
norm( "F00 B@rr" ) | FOBAR | norm removes whitespace, special characters and duplicates, then usesccnorm |
rmdoubles( "foobybboo" ) | fobybo | |
specialratio( "Wikipedia!" ) | 0.1 | |
count( "foo", "foofooboofoo" ) | 3 | |
count( "foo,bar,baz" ) | 3 | |
rmspecials( "FOOBAR!!1" ) | FOOBAR1 | |
rescape( "abc* (def)" ) | abc\* \(def\) | |
str_replace( "foobarbaz", "bar", "-" ) | foo-baz | |
str_replace_regexp( "foobarbaz", "(.)a(.)", "$2a$1" ) | foorabzab | |
ip_in_range( "127.0.10.0", "127.0.0.0/12" ) | true | |
ip_in_ranges( "127.0.10.0", "10.0.0.0/8", "127.0.0.0/12" ) | true | |
contains_any( "foobar", "x", "y", "f" ) | true | |
get_matches( "(foo?ba+r) is (so+ good)", "fobaaar is soooo good to eat" ) | ['fobaaar is soooo good', 'fobaaar', 'soooo good'] |
Operations are generally done left-to-right, but there is an order to which they are resolved.As soon as the filter fails one of the conditions, it will stop checking the rest of them (due toshort-circuit evaluation) and move on to the next filter.The evaluation order is:
( and)) is evaluated as a single unit.page_namespace to 0)norm,lcase, etc.)+ and- (defining positive or negative value, e.g.-1234,+1234)in,rlike, etc.)!x)2**3 → 8)3-2 → 1)<,>,==)&,|,^)... ? ... : ...):=)A & B | C is equivalent to(A & B) | C, not toA & (B | C). In particular, bothfalse & true| true andfalse & false| true evaluates totrue.A | B & C is equivalent to(A | B) & C, not toA | (B & C). In particular, bothtrue | true& false andtrue | false& false evaluates tofalse.added_lines rlike "foo" + "|bar" is wrong, useadded_lines rlike ("foo" + "|bar") instead.The condition limit is (more or less) tracking the number of comparison operators + number of function calls entered.
Further explanation on how to reduce conditions used can be found atExtension:AbuseFilter/Conditions.
Although the AbuseFilter examine function will identify "rollback" actions as edits, the AbuseFilter will not evaluate rollback actions for matching.[11]
false, except for the example above"text" in edit_diff_pst (or evenedit_diff), consider something like"text" in added_lines & !("text" in removed_lines)ccnorm( "your string" ) to see which characters are transformed.