/** * Get block instance for the current user, if it exists * * @return Block|false */ public function getBlock() { $blockData = $this->memc->get($this->getMemcacheBlockKey()); if (is_array($blockData)) { $blocker = User::newFromName(self::BLOCKER_NAME); $block = new Block(); $block->setTarget($this->mUser); $block->setBlocker($blocker); $block->setBlockEmail($blocker->getEmail()); $block->mReason = $blockData['reason']; $block->mExpiry = $blockData['expiry']; $block->mTimestamp = wfTimestamp(TS_MW, $blockData['set_at']); $this->info(__METHOD__, ['reason' => $block->mReason, 'expiry' => $block->getExpiry()]); return $block; } else { return false; } }
function execute($par) { global $wgRequest, $wgOut, $wgBlockOpenProxies, $wgProxyKey; $this->setHeaders(); $this->outputHeader(); $ip = wfGetIP(); if (!$wgBlockOpenProxies || $wgRequest->getText('ip') != md5($ip . $wgProxyKey)) { $wgOut->addWikiMsg('proxyblocker-disabled'); return; } $user = User::newFromName(wfMsgForContent('proxyblocker')); if (!$user->isLoggedIn()) { $user->addToDatabase(); } $block = new Block(); $block->setTarget($ip); $block->setBlocker($user); $block->mReason = wfMsg('proxyblockreason'); $block->insert(); $wgOut->addWikiMsg('proxyblocksuccess'); }
function execute($par) { global $wgBlockOpenProxies, $wgProxyKey; $this->setHeaders(); $this->outputHeader(); $ip = $this->getRequest()->getIP(); if (!$wgBlockOpenProxies || $this->getRequest()->getText('ip') != md5($ip . $wgProxyKey)) { $this->getOutput()->addWikiMsg('proxyblocker-disabled'); return; } $user = User::newFromName($this->msg('proxyblocker')->inContentLanguage()->text()); # FIXME: newFromName could return false on a badly configured wiki. if (!$user->isLoggedIn()) { $user->addToDatabase(); } $block = new Block(); $block->setTarget($ip); $block->setBlocker($user); $block->mReason = $this->msg('proxyblockreason')->inContentLanguage()->text(); $block->insert(); $this->getOutput()->addWikiMsg('proxyblocksuccess'); }
/** * Get blocking information * @param $bFromSlave Bool Whether to check the slave database first. To * improve performance, non-critical checks are done * against slaves. Check when actually saving should be * done against master. */ private function getBlockedStatus($bFromSlave = true) { global $wgProxyWhitelist, $wgUser; if (-1 != $this->mBlockedby) { return; } wfProfileIn(__METHOD__); wfDebug(__METHOD__ . ": checking...\n"); // Initialize data... // Otherwise something ends up stomping on $this->mBlockedby when // things get lazy-loaded later, causing false positive block hits // due to -1 !== 0. Probably session-related... Nothing should be // overwriting mBlockedby, surely? $this->load(); # We only need to worry about passing the IP address to the Block generator if the # user is not immune to autoblocks/hardblocks, and they are the current user so we # know which IP address they're actually coming from if (!$this->isAllowed('ipblock-exempt') && $this->getID() == $wgUser->getID()) { $ip = $this->getRequest()->getIP(); } else { $ip = null; } # User/IP blocking $block = Block::newFromTarget($this->getName(), $ip, !$bFromSlave); # Proxy blocking if (!$block instanceof Block && $ip !== null && !$this->isAllowed('proxyunbannable') && !in_array($ip, $wgProxyWhitelist)) { # Local list if (self::isLocallyBlockedProxy($ip)) { $block = new Block(); $block->setBlocker(wfMsg('proxyblocker')); $block->mReason = wfMsg('proxyblockreason'); $block->setTarget($ip); } elseif ($this->isAnon() && $this->isDnsBlacklisted($ip)) { $block = new Block(); $block->setBlocker(wfMsg('sorbs')); $block->mReason = wfMsg('sorbsreason'); $block->setTarget($ip); } } if ($block instanceof Block) { wfDebug(__METHOD__ . ": Found block.\n"); $this->mBlock = $block; $this->mBlockedby = $block->getByName(); $this->mBlockreason = $block->mReason; $this->mHideName = $block->mHideName; $this->mAllowUsertalk = !$block->prevents('editownusertalk'); } else { $this->mBlockedby = ''; $this->mHideName = 0; $this->mAllowUsertalk = false; } # Extensions wfRunHooks('GetBlockedStatus', array(&$this)); wfProfileOut(__METHOD__); }
/** * @param $action string * @param $parameters array * @param $title Title * @param $vars AbuseFilterVariableHolder * @param $rule_desc * @param $rule_number int|string * * @return array|null a message describing the action that was taken, * or null if no action was taken. The message is given as an array * containing the message key followed by any message parameters. * * @note: Returning the message as an array instead of a Message object is * needed for compatibility with MW 1.20: we will be constructing a * Status object from these messages, and before 1.21, Status did * not accept Message objects to be added directly. */ public static function takeConsequenceAction($action, $parameters, $title, $vars, $rule_desc, $rule_number) { global $wgAbuseFilterCustomActionsHandlers, $wgRequest; $message = null; switch ($action) { case 'disallow': if (strlen($parameters[0])) { $message = array($parameters[0], $rule_desc, $rule_number); } else { // Generic message. $message = array('abusefilter-disallowed', $rule_desc, $rule_number); } break; case 'block': global $wgUser, $wgAbuseFilterBlockDuration, $wgAbuseFilterAnonBlockDuration; $filterUser = AbuseFilter::getFilterUser(); // Create a block. $block = new Block(); $block->setTarget($wgUser->getName()); $block->setBlocker($filterUser); $block->mReason = wfMessage('abusefilter-blockreason', $rule_desc, $rule_number)->inContentLanguage()->text(); $block->isHardblock(false); $block->isAutoblocking(true); $block->prevents('createaccount', true); $block->prevents('editownusertalk', false); if ($wgUser->isAnon() && $wgAbuseFilterAnonBlockDuration !== null) { // The user isn't logged in and the anon block duration doesn't default to $wgAbuseFilterBlockDuration $expiry = $wgAbuseFilterAnonBlockDuration; } else { $expiry = $wgAbuseFilterBlockDuration; } $block->mExpiry = SpecialBlock::parseExpiryInput($expiry); $block->insert(); // Log it # Prepare log parameters $logParams = array(); if ($block->mExpiry == 'infinity') { $logParams[] = 'indefinite'; } else { $logParams[] = $expiry; } $logParams[] = 'nocreate'; $log = new LogPage('block'); $log->addEntry('block', Title::makeTitle(NS_USER, $wgUser->getName()), wfMessage('abusefilter-blockreason', $rule_desc, $rule_number)->inContentLanguage()->text(), $logParams, self::getFilterUser()); $message = array('abusefilter-blocked-display', $rule_desc, $rule_number); break; case 'rangeblock': $filterUser = AbuseFilter::getFilterUser(); $range = IP::sanitizeRange($wgRequest->getIP() . '/16'); // Create a block. $block = new Block(); $block->setTarget($range); $block->setBlocker($filterUser); $block->mReason = wfMessage('abusefilter-blockreason', $rule_desc, $rule_number)->inContentLanguage()->text(); $block->isHardblock(false); $block->prevents('createaccount', true); $block->prevents('editownusertalk', false); $block->mExpiry = SpecialBlock::parseExpiryInput('1 week'); $block->insert(); // Log it # Prepare log parameters $logParams = array(); $logParams[] = 'indefinite'; $logParams[] = 'nocreate'; $log = new LogPage('block'); $log->addEntry('block', Title::makeTitle(NS_USER, $range), wfMessage('abusefilter-blockreason', $rule_desc, $rule_number)->inContentLanguage()->text(), $logParams, self::getFilterUser()); $message = array('abusefilter-blocked-display', $rule_desc, $rule_number); break; case 'degroup': global $wgUser; if (!$wgUser->isAnon()) { // Remove all groups from the user. Ouch. $groups = $wgUser->getGroups(); foreach ($groups as $group) { $wgUser->removeGroup($group); } $message = array('abusefilter-degrouped', $rule_desc, $rule_number); // Don't log it if there aren't any groups being removed! if (!count($groups)) { break; } // Log it. $log = new LogPage('rights'); $log->addEntry('rights', $wgUser->getUserPage(), wfMessage('abusefilter-degroupreason', $rule_desc, $rule_number)->inContentLanguage()->text(), array(implode(', ', $groups), ''), self::getFilterUser()); } break; case 'blockautopromote': global $wgUser, $wgMemc; if (!$wgUser->isAnon()) { $blockPeriod = (int) mt_rand(3 * 86400, 7 * 86400); // Block for 3-7 days. $wgMemc->set(self::autoPromoteBlockKey($wgUser), true, $blockPeriod); $message = array('abusefilter-autopromote-blocked', $rule_desc, $rule_number); } break; case 'flag': // Do nothing. Here for completeness. break; case 'tag': // Mark with a tag on recentchanges. global $wgUser; $actionID = implode('-', array($title->getPrefixedText(), $wgUser->getName(), $vars->getVar('ACTION')->toString())); if (!isset(AbuseFilter::$tagsToSet[$actionID])) { AbuseFilter::$tagsToSet[$actionID] = $parameters; } else { AbuseFilter::$tagsToSet[$actionID] = array_merge(AbuseFilter::$tagsToSet[$actionID], $parameters); } break; default: if (isset($wgAbuseFilterCustomActionsHandlers[$action])) { $custom_function = $wgAbuseFilterCustomActionsHandlers[$action]; if (is_callable($custom_function)) { $msg = call_user_func($custom_function, $action, $parameters, $title, $vars, $rule_desc, $rule_number); } if (isset($msg)) { $message = array($msg); } } else { wfDebugLog('AbuseFilter', "Unrecognised action {$action}"); } } return $message; }
/** * Get blocking information * @param bool $bFromSlave Whether to check the slave database first. * To improve performance, non-critical checks are done against slaves. * Check when actually saving should be done against master. */ private function getBlockedStatus($bFromSlave = true) { global $wgProxyWhitelist, $wgUser, $wgApplyIpBlocksToXff; if (-1 != $this->mBlockedby) { return; } wfDebug(__METHOD__ . ": checking...\n"); // Initialize data... // Otherwise something ends up stomping on $this->mBlockedby when // things get lazy-loaded later, causing false positive block hits // due to -1 !== 0. Probably session-related... Nothing should be // overwriting mBlockedby, surely? $this->load(); # We only need to worry about passing the IP address to the Block generator if the # user is not immune to autoblocks/hardblocks, and they are the current user so we # know which IP address they're actually coming from if (!$this->isAllowed('ipblock-exempt') && $this->equals($wgUser)) { $ip = $this->getRequest()->getIP(); } else { $ip = null; } // User/IP blocking $block = Block::newFromTarget($this, $ip, !$bFromSlave); // Proxy blocking if (!$block instanceof Block && $ip !== null && !$this->isAllowed('proxyunbannable') && !in_array($ip, $wgProxyWhitelist)) { // Local list if (self::isLocallyBlockedProxy($ip)) { $block = new Block(); $block->setBlocker(wfMessage('proxyblocker')->text()); $block->mReason = wfMessage('proxyblockreason')->text(); $block->setTarget($ip); } elseif ($this->isAnon() && $this->isDnsBlacklisted($ip)) { $block = new Block(); $block->setBlocker(wfMessage('sorbs')->text()); $block->mReason = wfMessage('sorbsreason')->text(); $block->setTarget($ip); } } // (bug 23343) Apply IP blocks to the contents of XFF headers, if enabled if (!$block instanceof Block && $wgApplyIpBlocksToXff && $ip !== null && !$this->isAllowed('proxyunbannable') && !in_array($ip, $wgProxyWhitelist)) { $xff = $this->getRequest()->getHeader('X-Forwarded-For'); $xff = array_map('trim', explode(',', $xff)); $xff = array_diff($xff, array($ip)); $xffblocks = Block::getBlocksForIPList($xff, $this->isAnon(), !$bFromSlave); $block = Block::chooseBlock($xffblocks, $xff); if ($block instanceof Block) { # Mangle the reason to alert the user that the block # originated from matching the X-Forwarded-For header. $block->mReason = wfMessage('xffblockreason', $block->mReason)->text(); } } if ($block instanceof Block) { wfDebug(__METHOD__ . ": Found block.\n"); $this->mBlock = $block; $this->mBlockedby = $block->getByName(); $this->mBlockreason = $block->mReason; $this->mHideName = $block->mHideName; $this->mAllowUsertalk = !$block->prevents('editownusertalk'); } else { $this->mBlockedby = ''; $this->mHideName = 0; $this->mAllowUsertalk = false; } // Extensions Hooks::run('GetBlockedStatus', array(&$this)); }
protected function addXffBlocks() { static $inited = false; if ($inited) { return; } $inited = true; $blockList = array(array('target' => '70.2.0.0/16', 'type' => Block::TYPE_RANGE, 'desc' => 'Range Hardblock', 'ACDisable' => false, 'isHardblock' => true, 'isAutoBlocking' => false), array('target' => '2001:4860:4001::/48', 'type' => Block::TYPE_RANGE, 'desc' => 'Range6 Hardblock', 'ACDisable' => false, 'isHardblock' => true, 'isAutoBlocking' => false), array('target' => '60.2.0.0/16', 'type' => Block::TYPE_RANGE, 'desc' => 'Range Softblock with AC Disabled', 'ACDisable' => true, 'isHardblock' => false, 'isAutoBlocking' => false), array('target' => '50.2.0.0/16', 'type' => Block::TYPE_RANGE, 'desc' => 'Range Softblock', 'ACDisable' => false, 'isHardblock' => false, 'isAutoBlocking' => false), array('target' => '50.1.1.1', 'type' => Block::TYPE_IP, 'desc' => 'Exact Softblock', 'ACDisable' => false, 'isHardblock' => false, 'isAutoBlocking' => false)); foreach ($blockList as $insBlock) { $target = $insBlock['target']; if ($insBlock['type'] === Block::TYPE_IP) { $target = User::newFromName(IP::sanitizeIP($target), false)->getName(); } elseif ($insBlock['type'] === Block::TYPE_RANGE) { $target = IP::sanitizeRange($target); } $block = new Block(); $block->setTarget($target); $block->setBlocker('testblocker@global'); $block->mReason = $insBlock['desc']; $block->mExpiry = 'infinity'; $block->prevents('createaccount', $insBlock['ACDisable']); $block->isHardblock($insBlock['isHardblock']); $block->isAutoblocking($insBlock['isAutoBlocking']); $block->insert(); } }
/** * Given the form data, actually implement a block * @param $data Array * @param $context IContextSource * @return Bool|String */ public static function processForm(array $data, IContextSource $context) { global $wgBlockAllowsUTEdit; $performer = $context->getUser(); // Handled by field validator callback // self::validateTargetField( $data['Target'] ); # This might have been a hidden field or a checkbox, so interesting data # can come from it $data['Confirm'] = !in_array($data['Confirm'], array('', '0', null, false), true); list($target, $type) = self::getTargetAndType($data['Target']); if ($type == Block::TYPE_USER) { $user = $target; $target = $user->getName(); $userId = $user->getId(); # Give admins a heads-up before they go and block themselves. Much messier # to do this for IPs, but it's pretty unlikely they'd ever get the 'block' # permission anyway, although the code does allow for it. # Note: Important to use $target instead of $data['Target'] # since both $data['PreviousTarget'] and $target are normalized # but $data['target'] gets overriden by (non-normalized) request variable # from previous request. if ($target === $performer->getName() && ($data['PreviousTarget'] !== $target || !$data['Confirm'])) { return array('ipb-blockingself'); } } elseif ($type == Block::TYPE_RANGE) { $userId = 0; } elseif ($type == Block::TYPE_IP) { $target = $target->getName(); $userId = 0; } else { # This should have been caught in the form field validation return array('badipaddress'); } if (strlen($data['Expiry']) == 0 || strlen($data['Expiry']) > 50 || !self::parseExpiryInput($data['Expiry'])) { return array('ipb_expiry_invalid'); } if (!isset($data['DisableEmail'])) { $data['DisableEmail'] = false; } # If the user has done the form 'properly', they won't even have been given the # option to suppress-block unless they have the 'hideuser' permission if (!isset($data['HideUser'])) { $data['HideUser'] = false; } if ($data['HideUser']) { if (!$performer->isAllowed('hideuser')) { # this codepath is unreachable except by a malicious user spoofing forms, # or by race conditions (user has oversight and sysop, loads block form, # and is de-oversighted before submission); so need to fail completely # rather than just silently disable hiding return array('badaccess-group0'); } # Recheck params here... if ($type != Block::TYPE_USER) { $data['HideUser'] = false; # IP users should not be hidden } elseif (!in_array($data['Expiry'], array('infinite', 'infinity', 'indefinite'))) { # Bad expiry. return array('ipb_expiry_temp'); } elseif ($user->getEditCount() > self::HIDEUSER_CONTRIBLIMIT) { # Typically, the user should have a handful of edits. # Disallow hiding users with many edits for performance. return array('ipb_hide_invalid'); } elseif (!$data['Confirm']) { return array('ipb-confirmhideuser'); } } # Create block object. $block = new Block(); $block->setTarget($target); $block->setBlocker($performer); $block->mReason = $data['Reason'][0]; $block->mExpiry = self::parseExpiryInput($data['Expiry']); $block->prevents('createaccount', $data['CreateAccount']); $block->prevents('editownusertalk', !$wgBlockAllowsUTEdit || $data['DisableUTEdit']); $block->prevents('sendemail', $data['DisableEmail']); $block->isHardblock($data['HardBlock']); $block->isAutoblocking($data['AutoBlock']); $block->mHideName = $data['HideUser']; if (!wfRunHooks('BlockIp', array(&$block, &$performer))) { return array('hookaborted'); } # Try to insert block. Is there a conflicting block? $status = $block->insert(); if (!$status) { # Show form unless the user is already aware of this... if (!$data['Confirm'] || array_key_exists('PreviousTarget', $data) && $data['PreviousTarget'] !== $target) { return array(array('ipb_already_blocked', $block->getTarget())); # Otherwise, try to update the block... } else { # This returns direct blocks before autoblocks/rangeblocks, since we should # be sure the user is blocked by now it should work for our purposes $currentBlock = Block::newFromTarget($target); if ($block->equals($currentBlock)) { return array(array('ipb_already_blocked', $block->getTarget())); } # If the name was hidden and the blocking user cannot hide # names, then don't allow any block changes... if ($currentBlock->mHideName && !$performer->isAllowed('hideuser')) { return array('cant-see-hidden-user'); } $currentBlock->delete(); $status = $block->insert(); $logaction = 'reblock'; # Unset _deleted fields if requested if ($currentBlock->mHideName && !$data['HideUser']) { RevisionDeleteUser::unsuppressUserName($target, $userId); } # If hiding/unhiding a name, this should go in the private logs if ((bool) $currentBlock->mHideName) { $data['HideUser'] = true; } } } else { $logaction = 'block'; } wfRunHooks('BlockIpComplete', array($block, $performer)); # Set *_deleted fields if requested if ($data['HideUser']) { RevisionDeleteUser::suppressUserName($target, $userId); } # Can't watch a rangeblock if ($type != Block::TYPE_RANGE && $data['Watch']) { $performer->addWatch(Title::makeTitle(NS_USER, $target)); } # Block constructor sanitizes certain block options on insert $data['BlockEmail'] = $block->prevents('sendemail'); $data['AutoBlock'] = $block->isAutoblocking(); # Prepare log parameters $logParams = array(); $logParams[] = $data['Expiry']; $logParams[] = self::blockLogFlags($data, $type); # Make log entry, if the name is hidden, put it in the oversight log $log_type = $data['HideUser'] ? 'suppress' : 'block'; $log = new LogPage($log_type); $log_id = $log->addEntry($logaction, Title::makeTitle(NS_USER, $target), $data['Reason'][0], $logParams); # Relate log ID to block IDs (bug 25763) $blockIds = array_merge(array($status['id']), $status['autoIds']); $log->addRelations('ipb_id', $blockIds, $log_id); # Report to the user return true; }
/** * Autoblocks the given IP, referring to this Block. * * @param string $autoblockIP The IP to autoblock. * @return int|bool Block ID if an autoblock was inserted, false if not. */ public function doAutoblock($autoblockIP) { # If autoblocks are disabled, go away. if (!$this->isAutoblocking()) { return false; } # Check for presence on the autoblock whitelist. if (self::isWhitelistedFromAutoblocks($autoblockIP)) { return false; } # Allow hooks to cancel the autoblock. if (!wfRunHooks('AbortAutoblock', array($autoblockIP, &$this))) { wfDebug("Autoblock aborted by hook.\n"); return false; } # It's okay to autoblock. Go ahead and insert/update the block... # Do not add a *new* block if the IP is already blocked. $ipblock = Block::newFromTarget($autoblockIP); if ($ipblock) { # Check if the block is an autoblock and would exceed the user block # if renewed. If so, do nothing, otherwise prolong the block time... if ($ipblock->mAuto && $this->mExpiry > Block::getAutoblockExpiry($ipblock->mTimestamp)) { # Reset block timestamp to now and its expiry to # $wgAutoblockExpiry in the future $ipblock->updateTimestamp(); } return false; } # Make a new block object with the desired properties. $autoblock = new Block(); wfDebug("Autoblocking {$this->getTarget()}@" . $autoblockIP . "\n"); $autoblock->setTarget($autoblockIP); $autoblock->setBlocker($this->getBlocker()); $autoblock->mReason = wfMessage('autoblocker', $this->getTarget(), $this->mReason)->inContentLanguage()->plain(); $timestamp = wfTimestampNow(); $autoblock->mTimestamp = $timestamp; $autoblock->mAuto = 1; $autoblock->prevents('createaccount', $this->prevents('createaccount')); # Continue suppressing the name if needed $autoblock->mHideName = $this->mHideName; $autoblock->prevents('editownusertalk', $this->prevents('editownusertalk')); $autoblock->mParentBlockId = $this->mId; if ($this->mExpiry == 'infinity') { # Original block was indefinite, start an autoblock now $autoblock->mExpiry = Block::getAutoblockExpiry($timestamp); } else { # If the user is already blocked with an expiry date, we don't # want to pile on top of that. $autoblock->mExpiry = min($this->mExpiry, Block::getAutoblockExpiry($timestamp)); } # Insert the block... $status = $autoblock->insert(); return $status ? $status['id'] : false; }
/** * Block a list of selected users * * @param $users Array * @param $reason String * @param $tag String: replaces user pages * @param $talkTag String: replaces user talk pages * @return Array: list of html-safe usernames */ public static function doMassUserBlockInternal($users, $reason = '', $tag = '', $talkTag = '') { global $wgUser; $counter = $blockSize = 0; $safeUsers = array(); $log = new LogPage('block'); foreach ($users as $name) { # Enforce limits $counter++; $blockSize++; # Lets not go *too* fast if ($blockSize >= 20) { $blockSize = 0; wfWaitForSlaves(5); } $u = User::newFromName($name, false); // If user doesn't exist, it ought to be an IP then if (is_null($u) || !$u->getId() && !IP::isIPAddress($u->getName())) { continue; } $userTitle = $u->getUserPage(); $userTalkTitle = $u->getTalkPage(); $userpage = new Article($userTitle); $usertalk = new Article($userTalkTitle); $safeUsers[] = '[[' . $userTitle->getPrefixedText() . '|' . $userTitle->getText() . ']]'; $expirestr = $u->getId() ? 'indefinite' : '1 week'; $expiry = SpecialBlock::parseExpiryInput($expirestr); $anonOnly = IP::isIPAddress($u->getName()) ? 1 : 0; // Create the block $block = new Block(); $block->setTarget($u); $block->setBlocker($wgUser); $block->mReason = $reason; $block->mExpiry = $expiry; $block->isHardblock(!IP::isIPAddress($u->getName())); $block->isAutoblocking(true); $block->prevents('createaccount', true); $block->prevents('sendemail', false); $block->prevents('editownusertalk', false); $oldblock = Block::newFromTarget($u->getName()); if (!$oldblock) { $block->insert(); # Prepare log parameters $logParams = array(); $logParams[] = $expirestr; if ($anonOnly) { $logParams[] = 'anononly'; } $logParams[] = 'nocreate'; # Add log entry $log->addEntry('block', $userTitle, $reason, $logParams); } # Tag userpage! (check length to avoid mistakes) if (strlen($tag) > 2) { $userpage->doEdit($tag, $reason, EDIT_MINOR); } if (strlen($talkTag) > 2) { $usertalk->doEdit($talkTag, $reason, EDIT_MINOR); } } return $safeUsers; }
/** * Given the form data, actually implement a block. This is also called from ApiBlock. * * @param array $data * @param IContextSource $context * @return bool|string */ public static function processForm(array $data, IContextSource $context) { global $wgBlockAllowsUTEdit, $wgHideUserContribLimit, $wgContLang; $performer = $context->getUser(); // Handled by field validator callback // self::validateTargetField( $data['Target'] ); # This might have been a hidden field or a checkbox, so interesting data # can come from it $data['Confirm'] = !in_array($data['Confirm'], ['', '0', null, false], true); /** @var User $target */ list($target, $type) = self::getTargetAndType($data['Target']); if ($type == Block::TYPE_USER) { $user = $target; $target = $user->getName(); $userId = $user->getId(); # Give admins a heads-up before they go and block themselves. Much messier # to do this for IPs, but it's pretty unlikely they'd ever get the 'block' # permission anyway, although the code does allow for it. # Note: Important to use $target instead of $data['Target'] # since both $data['PreviousTarget'] and $target are normalized # but $data['target'] gets overridden by (non-normalized) request variable # from previous request. if ($target === $performer->getName() && ($data['PreviousTarget'] !== $target || !$data['Confirm'])) { return ['ipb-blockingself', 'ipb-confirmaction']; } } elseif ($type == Block::TYPE_RANGE) { $userId = 0; } elseif ($type == Block::TYPE_IP) { $target = $target->getName(); $userId = 0; } else { # This should have been caught in the form field validation return ['badipaddress']; } $expiryTime = self::parseExpiryInput($data['Expiry']); if (strlen($data['Expiry']) == 0 || strlen($data['Expiry']) > 50 || !$expiryTime) { return ['ipb_expiry_invalid']; } // an expiry time should be in the future, not in the // past (wouldn't make any sense) - bug T123069 if ($expiryTime < wfTimestampNow()) { return ['ipb_expiry_old']; } if (!isset($data['DisableEmail'])) { $data['DisableEmail'] = false; } # If the user has done the form 'properly', they won't even have been given the # option to suppress-block unless they have the 'hideuser' permission if (!isset($data['HideUser'])) { $data['HideUser'] = false; } if ($data['HideUser']) { if (!$performer->isAllowed('hideuser')) { # this codepath is unreachable except by a malicious user spoofing forms, # or by race conditions (user has hideuser and block rights, loads block form, # and loses hideuser rights before submission); so need to fail completely # rather than just silently disable hiding return ['badaccess-group0']; } # Recheck params here... if ($type != Block::TYPE_USER) { $data['HideUser'] = false; # IP users should not be hidden } elseif (!wfIsInfinity($data['Expiry'])) { # Bad expiry. return ['ipb_expiry_temp']; } elseif ($wgHideUserContribLimit !== false && $user->getEditCount() > $wgHideUserContribLimit) { # Typically, the user should have a handful of edits. # Disallow hiding users with many edits for performance. return [['ipb_hide_invalid', Message::numParam($wgHideUserContribLimit)]]; } elseif (!$data['Confirm']) { return ['ipb-confirmhideuser', 'ipb-confirmaction']; } } # Create block object. $block = new Block(); $block->setTarget($target); $block->setBlocker($performer); # Truncate reason for whole multibyte characters $block->mReason = $wgContLang->truncate($data['Reason'][0], 255); $block->mExpiry = $expiryTime; $block->prevents('createaccount', $data['CreateAccount']); $block->prevents('editownusertalk', !$wgBlockAllowsUTEdit || $data['DisableUTEdit']); $block->prevents('sendemail', $data['DisableEmail']); $block->isHardblock($data['HardBlock']); $block->isAutoblocking($data['AutoBlock']); $block->mHideName = $data['HideUser']; $reason = ['hookaborted']; if (!Hooks::run('BlockIp', [&$block, &$performer, &$reason])) { return $reason; } # Try to insert block. Is there a conflicting block? $status = $block->insert(); if (!$status) { # Indicates whether the user is confirming the block and is aware of # the conflict (did not change the block target in the meantime) $blockNotConfirmed = !$data['Confirm'] || array_key_exists('PreviousTarget', $data) && $data['PreviousTarget'] !== $target; # Special case for API - bug 32434 $reblockNotAllowed = array_key_exists('Reblock', $data) && !$data['Reblock']; # Show form unless the user is already aware of this... if ($blockNotConfirmed || $reblockNotAllowed) { return [['ipb_already_blocked', $block->getTarget()]]; # Otherwise, try to update the block... } else { # This returns direct blocks before autoblocks/rangeblocks, since we should # be sure the user is blocked by now it should work for our purposes $currentBlock = Block::newFromTarget($target); if ($block->equals($currentBlock)) { return [['ipb_already_blocked', $block->getTarget()]]; } # If the name was hidden and the blocking user cannot hide # names, then don't allow any block changes... if ($currentBlock->mHideName && !$performer->isAllowed('hideuser')) { return ['cant-see-hidden-user']; } $currentBlock->isHardblock($block->isHardblock()); $currentBlock->prevents('createaccount', $block->prevents('createaccount')); $currentBlock->mExpiry = $block->mExpiry; $currentBlock->isAutoblocking($block->isAutoblocking()); $currentBlock->mHideName = $block->mHideName; $currentBlock->prevents('sendemail', $block->prevents('sendemail')); $currentBlock->prevents('editownusertalk', $block->prevents('editownusertalk')); $currentBlock->mReason = $block->mReason; $status = $currentBlock->update(); $logaction = 'reblock'; # Unset _deleted fields if requested if ($currentBlock->mHideName && !$data['HideUser']) { RevisionDeleteUser::unsuppressUserName($target, $userId); } # If hiding/unhiding a name, this should go in the private logs if ((bool) $currentBlock->mHideName) { $data['HideUser'] = true; } } } else { $logaction = 'block'; } Hooks::run('BlockIpComplete', [$block, $performer]); # Set *_deleted fields if requested if ($data['HideUser']) { RevisionDeleteUser::suppressUserName($target, $userId); } # Can't watch a rangeblock if ($type != Block::TYPE_RANGE && $data['Watch']) { WatchAction::doWatch(Title::makeTitle(NS_USER, $target), $performer, User::IGNORE_USER_RIGHTS); } # Block constructor sanitizes certain block options on insert $data['BlockEmail'] = $block->prevents('sendemail'); $data['AutoBlock'] = $block->isAutoblocking(); # Prepare log parameters $logParams = []; $logParams['5::duration'] = $data['Expiry']; $logParams['6::flags'] = self::blockLogFlags($data, $type); # Make log entry, if the name is hidden, put it in the suppression log $log_type = $data['HideUser'] ? 'suppress' : 'block'; $logEntry = new ManualLogEntry($log_type, $logaction); $logEntry->setTarget(Title::makeTitle(NS_USER, $target)); $logEntry->setComment($data['Reason'][0]); $logEntry->setPerformer($performer); $logEntry->setParameters($logParams); # Relate log ID to block IDs (bug 25763) $blockIds = array_merge([$status['id']], $status['autoIds']); $logEntry->setRelations(['ipb_id' => $blockIds]); $logId = $logEntry->insert(); $logEntry->publish($logId); # Report to the user return true; }
public static function takeConsequenceAction($action, $parameters, $title, $vars, $rule_desc) { $display = ''; switch ($action) { case 'disallow': if (strlen($parameters[0])) { $display .= wfMsgExt($parameters[0], 'parseinline', array($rule_desc)) . "\n"; } else { // Generic message. $display .= wfMsgExt('abusefilter-disallowed', 'parseinline', array($rule_desc)) . "<br />\n"; } break; case 'block': global $wgUser, $wgAbuseFilterBlockDuration; $filterUser = AbuseFilter::getFilterUser(); // Create a block. $block = new Block(); $block->setTarget($wgUser->getName()); $block->setBlocker($filterUser); $block->mReason = wfMsgForContent('abusefilter-blockreason', $rule_desc); $block->isHardblock(false); $block->prevents('createaccount', true); $block->mExpiry = SpecialBlock::parseExpiryInput($wgAbuseFilterBlockDuration); $block->insert(); // Log it # Prepare log parameters $logParams = array(); if ($block->mExpiry == 'infinity') { $logParams[] = 'indefinite'; } else { $logParams[] = $wgAbuseFilterBlockDuration; } $logParams[] = 'nocreate, angry-autoblock'; $log = new LogPage('block'); $log->addEntry('block', Title::makeTitle(NS_USER, $wgUser->getName()), wfMsgForContent('abusefilter-blockreason', $rule_desc), $logParams, self::getFilterUser()); $display .= wfMsgExt('abusefilter-blocked-display', 'parseinline', array($rule_desc)) . "<br />\n"; break; case 'rangeblock': $filterUser = AbuseFilter::getFilterUser(); $range = IP::sanitizeRange(wfGetIP() . '/16'); // Create a block. $block = new Block(); $block->setTarget($range); $block->setBlocker($filterUser); $block->mReason = wfMsgForContent('abusefilter-blockreason', $rule_desc); $block->isHardblock(false); $block->prevents('createaccount', true); $block->mExpiry = SpecialBlock::parseExpiryInput('1 week'); $block->insert(); // Log it # Prepare log parameters $logParams = array(); $logParams[] = 'indefinite'; $logParams[] = 'nocreate, angry-autoblock'; $log = new LogPage('block'); $log->addEntry('block', Title::makeTitle(NS_USER, $range), wfMsgForContent('abusefilter-blockreason', $rule_desc), $logParams, self::getFilterUser()); $display .= wfMsgExt('abusefilter-blocked-display', 'parseinline', $rule_desc) . "<br />\n"; break; case 'degroup': global $wgUser; if (!$wgUser->isAnon()) { // Remove all groups from the user. Ouch. $groups = $wgUser->getGroups(); foreach ($groups as $group) { $wgUser->removeGroup($group); } $display .= wfMsgExt('abusefilter-degrouped', 'parseinline', array($rule_desc)) . "<br />\n"; // Don't log it if there aren't any groups being removed! if (!count($groups)) { break; } // Log it. $log = new LogPage('rights'); $log->addEntry('rights', $wgUser->getUserPage(), wfMsgForContent('abusefilter-degroupreason', $rule_desc), array(implode(', ', $groups), wfMsgForContent('rightsnone')), self::getFilterUser()); } break; case 'blockautopromote': global $wgUser, $wgMemc; if (!$wgUser->isAnon()) { $blockPeriod = (int) mt_rand(3 * 86400, 7 * 86400); // Block for 3-7 days. $wgMemc->set(self::autoPromoteBlockKey($wgUser), true, $blockPeriod); $display .= wfMsgExt('abusefilter-autopromote-blocked', 'parseinline', array($rule_desc)) . "<br />\n"; } break; case 'flag': // Do nothing. Here for completeness. break; case 'tag': // Mark with a tag on recentchanges. global $wgUser; $actionID = implode('-', array($title->getPrefixedText(), $wgUser->getName(), $vars->getVar('ACTION')->toString())); AbuseFilter::$tagsToSet[$actionID] = $parameters; break; default: wfDebugLog('AbuseFilter', "Unrecognised action {$action}"); } return $display; }