/**
  * Get block instance for the current user, if it exists
  *
  * @return Block|false
  */
 public function getBlock()
 {
     $blockData = $this->memc->get($this->getMemcacheBlockKey());
     if (is_array($blockData)) {
         $blocker = User::newFromName(self::BLOCKER_NAME);
         $block = new Block();
         $block->setTarget($this->mUser);
         $block->setBlocker($blocker);
         $block->setBlockEmail($blocker->getEmail());
         $block->mReason = $blockData['reason'];
         $block->mExpiry = $blockData['expiry'];
         $block->mTimestamp = wfTimestamp(TS_MW, $blockData['set_at']);
         $this->info(__METHOD__, ['reason' => $block->mReason, 'expiry' => $block->getExpiry()]);
         return $block;
     } else {
         return false;
     }
 }
Esempio n. 2
0
 function execute($par)
 {
     global $wgRequest, $wgOut, $wgBlockOpenProxies, $wgProxyKey;
     $this->setHeaders();
     $this->outputHeader();
     $ip = wfGetIP();
     if (!$wgBlockOpenProxies || $wgRequest->getText('ip') != md5($ip . $wgProxyKey)) {
         $wgOut->addWikiMsg('proxyblocker-disabled');
         return;
     }
     $user = User::newFromName(wfMsgForContent('proxyblocker'));
     if (!$user->isLoggedIn()) {
         $user->addToDatabase();
     }
     $block = new Block();
     $block->setTarget($ip);
     $block->setBlocker($user);
     $block->mReason = wfMsg('proxyblockreason');
     $block->insert();
     $wgOut->addWikiMsg('proxyblocksuccess');
 }
 function execute($par)
 {
     global $wgBlockOpenProxies, $wgProxyKey;
     $this->setHeaders();
     $this->outputHeader();
     $ip = $this->getRequest()->getIP();
     if (!$wgBlockOpenProxies || $this->getRequest()->getText('ip') != md5($ip . $wgProxyKey)) {
         $this->getOutput()->addWikiMsg('proxyblocker-disabled');
         return;
     }
     $user = User::newFromName($this->msg('proxyblocker')->inContentLanguage()->text());
     # FIXME: newFromName could return false on a badly configured wiki.
     if (!$user->isLoggedIn()) {
         $user->addToDatabase();
     }
     $block = new Block();
     $block->setTarget($ip);
     $block->setBlocker($user);
     $block->mReason = $this->msg('proxyblockreason')->inContentLanguage()->text();
     $block->insert();
     $this->getOutput()->addWikiMsg('proxyblocksuccess');
 }
Esempio n. 4
0
 /**
  * Get blocking information
  * @param $bFromSlave Bool Whether to check the slave database first. To
  *                    improve performance, non-critical checks are done
  *                    against slaves. Check when actually saving should be
  *                    done against master.
  */
 private function getBlockedStatus($bFromSlave = true)
 {
     global $wgProxyWhitelist, $wgUser;
     if (-1 != $this->mBlockedby) {
         return;
     }
     wfProfileIn(__METHOD__);
     wfDebug(__METHOD__ . ": checking...\n");
     // Initialize data...
     // Otherwise something ends up stomping on $this->mBlockedby when
     // things get lazy-loaded later, causing false positive block hits
     // due to -1 !== 0. Probably session-related... Nothing should be
     // overwriting mBlockedby, surely?
     $this->load();
     # We only need to worry about passing the IP address to the Block generator if the
     # user is not immune to autoblocks/hardblocks, and they are the current user so we
     # know which IP address they're actually coming from
     if (!$this->isAllowed('ipblock-exempt') && $this->getID() == $wgUser->getID()) {
         $ip = $this->getRequest()->getIP();
     } else {
         $ip = null;
     }
     # User/IP blocking
     $block = Block::newFromTarget($this->getName(), $ip, !$bFromSlave);
     # Proxy blocking
     if (!$block instanceof Block && $ip !== null && !$this->isAllowed('proxyunbannable') && !in_array($ip, $wgProxyWhitelist)) {
         # Local list
         if (self::isLocallyBlockedProxy($ip)) {
             $block = new Block();
             $block->setBlocker(wfMsg('proxyblocker'));
             $block->mReason = wfMsg('proxyblockreason');
             $block->setTarget($ip);
         } elseif ($this->isAnon() && $this->isDnsBlacklisted($ip)) {
             $block = new Block();
             $block->setBlocker(wfMsg('sorbs'));
             $block->mReason = wfMsg('sorbsreason');
             $block->setTarget($ip);
         }
     }
     if ($block instanceof Block) {
         wfDebug(__METHOD__ . ": Found block.\n");
         $this->mBlock = $block;
         $this->mBlockedby = $block->getByName();
         $this->mBlockreason = $block->mReason;
         $this->mHideName = $block->mHideName;
         $this->mAllowUsertalk = !$block->prevents('editownusertalk');
     } else {
         $this->mBlockedby = '';
         $this->mHideName = 0;
         $this->mAllowUsertalk = false;
     }
     # Extensions
     wfRunHooks('GetBlockedStatus', array(&$this));
     wfProfileOut(__METHOD__);
 }
 /**
  * @param $action string
  * @param $parameters array
  * @param $title Title
  * @param $vars AbuseFilterVariableHolder
  * @param $rule_desc
  * @param $rule_number int|string
  *
  * @return array|null a message describing the action that was taken,
  *         or null if no action was taken. The message is given as an array
  *         containing the message key followed by any message parameters.
  *
  * @note: Returning the message as an array instead of a Message object is
  *        needed for compatibility with MW 1.20: we will be constructing a
  *        Status object from these messages, and before 1.21, Status did
  *        not accept Message objects to be added directly.
  */
 public static function takeConsequenceAction($action, $parameters, $title, $vars, $rule_desc, $rule_number)
 {
     global $wgAbuseFilterCustomActionsHandlers, $wgRequest;
     $message = null;
     switch ($action) {
         case 'disallow':
             if (strlen($parameters[0])) {
                 $message = array($parameters[0], $rule_desc, $rule_number);
             } else {
                 // Generic message.
                 $message = array('abusefilter-disallowed', $rule_desc, $rule_number);
             }
             break;
         case 'block':
             global $wgUser, $wgAbuseFilterBlockDuration, $wgAbuseFilterAnonBlockDuration;
             $filterUser = AbuseFilter::getFilterUser();
             // Create a block.
             $block = new Block();
             $block->setTarget($wgUser->getName());
             $block->setBlocker($filterUser);
             $block->mReason = wfMessage('abusefilter-blockreason', $rule_desc, $rule_number)->inContentLanguage()->text();
             $block->isHardblock(false);
             $block->isAutoblocking(true);
             $block->prevents('createaccount', true);
             $block->prevents('editownusertalk', false);
             if ($wgUser->isAnon() && $wgAbuseFilterAnonBlockDuration !== null) {
                 // The user isn't logged in and the anon block duration doesn't default to $wgAbuseFilterBlockDuration
                 $expiry = $wgAbuseFilterAnonBlockDuration;
             } else {
                 $expiry = $wgAbuseFilterBlockDuration;
             }
             $block->mExpiry = SpecialBlock::parseExpiryInput($expiry);
             $block->insert();
             // Log it
             # Prepare log parameters
             $logParams = array();
             if ($block->mExpiry == 'infinity') {
                 $logParams[] = 'indefinite';
             } else {
                 $logParams[] = $expiry;
             }
             $logParams[] = 'nocreate';
             $log = new LogPage('block');
             $log->addEntry('block', Title::makeTitle(NS_USER, $wgUser->getName()), wfMessage('abusefilter-blockreason', $rule_desc, $rule_number)->inContentLanguage()->text(), $logParams, self::getFilterUser());
             $message = array('abusefilter-blocked-display', $rule_desc, $rule_number);
             break;
         case 'rangeblock':
             $filterUser = AbuseFilter::getFilterUser();
             $range = IP::sanitizeRange($wgRequest->getIP() . '/16');
             // Create a block.
             $block = new Block();
             $block->setTarget($range);
             $block->setBlocker($filterUser);
             $block->mReason = wfMessage('abusefilter-blockreason', $rule_desc, $rule_number)->inContentLanguage()->text();
             $block->isHardblock(false);
             $block->prevents('createaccount', true);
             $block->prevents('editownusertalk', false);
             $block->mExpiry = SpecialBlock::parseExpiryInput('1 week');
             $block->insert();
             // Log it
             # Prepare log parameters
             $logParams = array();
             $logParams[] = 'indefinite';
             $logParams[] = 'nocreate';
             $log = new LogPage('block');
             $log->addEntry('block', Title::makeTitle(NS_USER, $range), wfMessage('abusefilter-blockreason', $rule_desc, $rule_number)->inContentLanguage()->text(), $logParams, self::getFilterUser());
             $message = array('abusefilter-blocked-display', $rule_desc, $rule_number);
             break;
         case 'degroup':
             global $wgUser;
             if (!$wgUser->isAnon()) {
                 // Remove all groups from the user. Ouch.
                 $groups = $wgUser->getGroups();
                 foreach ($groups as $group) {
                     $wgUser->removeGroup($group);
                 }
                 $message = array('abusefilter-degrouped', $rule_desc, $rule_number);
                 // Don't log it if there aren't any groups being removed!
                 if (!count($groups)) {
                     break;
                 }
                 // Log it.
                 $log = new LogPage('rights');
                 $log->addEntry('rights', $wgUser->getUserPage(), wfMessage('abusefilter-degroupreason', $rule_desc, $rule_number)->inContentLanguage()->text(), array(implode(', ', $groups), ''), self::getFilterUser());
             }
             break;
         case 'blockautopromote':
             global $wgUser, $wgMemc;
             if (!$wgUser->isAnon()) {
                 $blockPeriod = (int) mt_rand(3 * 86400, 7 * 86400);
                 // Block for 3-7 days.
                 $wgMemc->set(self::autoPromoteBlockKey($wgUser), true, $blockPeriod);
                 $message = array('abusefilter-autopromote-blocked', $rule_desc, $rule_number);
             }
             break;
         case 'flag':
             // Do nothing. Here for completeness.
             break;
         case 'tag':
             // Mark with a tag on recentchanges.
             global $wgUser;
             $actionID = implode('-', array($title->getPrefixedText(), $wgUser->getName(), $vars->getVar('ACTION')->toString()));
             if (!isset(AbuseFilter::$tagsToSet[$actionID])) {
                 AbuseFilter::$tagsToSet[$actionID] = $parameters;
             } else {
                 AbuseFilter::$tagsToSet[$actionID] = array_merge(AbuseFilter::$tagsToSet[$actionID], $parameters);
             }
             break;
         default:
             if (isset($wgAbuseFilterCustomActionsHandlers[$action])) {
                 $custom_function = $wgAbuseFilterCustomActionsHandlers[$action];
                 if (is_callable($custom_function)) {
                     $msg = call_user_func($custom_function, $action, $parameters, $title, $vars, $rule_desc, $rule_number);
                 }
                 if (isset($msg)) {
                     $message = array($msg);
                 }
             } else {
                 wfDebugLog('AbuseFilter', "Unrecognised action {$action}");
             }
     }
     return $message;
 }
Esempio n. 6
0
 /**
  * Get blocking information
  * @param bool $bFromSlave Whether to check the slave database first.
  *   To improve performance, non-critical checks are done against slaves.
  *   Check when actually saving should be done against master.
  */
 private function getBlockedStatus($bFromSlave = true)
 {
     global $wgProxyWhitelist, $wgUser, $wgApplyIpBlocksToXff;
     if (-1 != $this->mBlockedby) {
         return;
     }
     wfDebug(__METHOD__ . ": checking...\n");
     // Initialize data...
     // Otherwise something ends up stomping on $this->mBlockedby when
     // things get lazy-loaded later, causing false positive block hits
     // due to -1 !== 0. Probably session-related... Nothing should be
     // overwriting mBlockedby, surely?
     $this->load();
     # We only need to worry about passing the IP address to the Block generator if the
     # user is not immune to autoblocks/hardblocks, and they are the current user so we
     # know which IP address they're actually coming from
     if (!$this->isAllowed('ipblock-exempt') && $this->equals($wgUser)) {
         $ip = $this->getRequest()->getIP();
     } else {
         $ip = null;
     }
     // User/IP blocking
     $block = Block::newFromTarget($this, $ip, !$bFromSlave);
     // Proxy blocking
     if (!$block instanceof Block && $ip !== null && !$this->isAllowed('proxyunbannable') && !in_array($ip, $wgProxyWhitelist)) {
         // Local list
         if (self::isLocallyBlockedProxy($ip)) {
             $block = new Block();
             $block->setBlocker(wfMessage('proxyblocker')->text());
             $block->mReason = wfMessage('proxyblockreason')->text();
             $block->setTarget($ip);
         } elseif ($this->isAnon() && $this->isDnsBlacklisted($ip)) {
             $block = new Block();
             $block->setBlocker(wfMessage('sorbs')->text());
             $block->mReason = wfMessage('sorbsreason')->text();
             $block->setTarget($ip);
         }
     }
     // (bug 23343) Apply IP blocks to the contents of XFF headers, if enabled
     if (!$block instanceof Block && $wgApplyIpBlocksToXff && $ip !== null && !$this->isAllowed('proxyunbannable') && !in_array($ip, $wgProxyWhitelist)) {
         $xff = $this->getRequest()->getHeader('X-Forwarded-For');
         $xff = array_map('trim', explode(',', $xff));
         $xff = array_diff($xff, array($ip));
         $xffblocks = Block::getBlocksForIPList($xff, $this->isAnon(), !$bFromSlave);
         $block = Block::chooseBlock($xffblocks, $xff);
         if ($block instanceof Block) {
             # Mangle the reason to alert the user that the block
             # originated from matching the X-Forwarded-For header.
             $block->mReason = wfMessage('xffblockreason', $block->mReason)->text();
         }
     }
     if ($block instanceof Block) {
         wfDebug(__METHOD__ . ": Found block.\n");
         $this->mBlock = $block;
         $this->mBlockedby = $block->getByName();
         $this->mBlockreason = $block->mReason;
         $this->mHideName = $block->mHideName;
         $this->mAllowUsertalk = !$block->prevents('editownusertalk');
     } else {
         $this->mBlockedby = '';
         $this->mHideName = 0;
         $this->mAllowUsertalk = false;
     }
     // Extensions
     Hooks::run('GetBlockedStatus', array(&$this));
 }
 protected function addXffBlocks()
 {
     static $inited = false;
     if ($inited) {
         return;
     }
     $inited = true;
     $blockList = array(array('target' => '70.2.0.0/16', 'type' => Block::TYPE_RANGE, 'desc' => 'Range Hardblock', 'ACDisable' => false, 'isHardblock' => true, 'isAutoBlocking' => false), array('target' => '2001:4860:4001::/48', 'type' => Block::TYPE_RANGE, 'desc' => 'Range6 Hardblock', 'ACDisable' => false, 'isHardblock' => true, 'isAutoBlocking' => false), array('target' => '60.2.0.0/16', 'type' => Block::TYPE_RANGE, 'desc' => 'Range Softblock with AC Disabled', 'ACDisable' => true, 'isHardblock' => false, 'isAutoBlocking' => false), array('target' => '50.2.0.0/16', 'type' => Block::TYPE_RANGE, 'desc' => 'Range Softblock', 'ACDisable' => false, 'isHardblock' => false, 'isAutoBlocking' => false), array('target' => '50.1.1.1', 'type' => Block::TYPE_IP, 'desc' => 'Exact Softblock', 'ACDisable' => false, 'isHardblock' => false, 'isAutoBlocking' => false));
     foreach ($blockList as $insBlock) {
         $target = $insBlock['target'];
         if ($insBlock['type'] === Block::TYPE_IP) {
             $target = User::newFromName(IP::sanitizeIP($target), false)->getName();
         } elseif ($insBlock['type'] === Block::TYPE_RANGE) {
             $target = IP::sanitizeRange($target);
         }
         $block = new Block();
         $block->setTarget($target);
         $block->setBlocker('testblocker@global');
         $block->mReason = $insBlock['desc'];
         $block->mExpiry = 'infinity';
         $block->prevents('createaccount', $insBlock['ACDisable']);
         $block->isHardblock($insBlock['isHardblock']);
         $block->isAutoblocking($insBlock['isAutoBlocking']);
         $block->insert();
     }
 }
Esempio n. 8
0
 /**
  * Given the form data, actually implement a block
  * @param  $data Array
  * @param  $context IContextSource
  * @return Bool|String
  */
 public static function processForm(array $data, IContextSource $context)
 {
     global $wgBlockAllowsUTEdit;
     $performer = $context->getUser();
     // Handled by field validator callback
     // self::validateTargetField( $data['Target'] );
     # This might have been a hidden field or a checkbox, so interesting data
     # can come from it
     $data['Confirm'] = !in_array($data['Confirm'], array('', '0', null, false), true);
     list($target, $type) = self::getTargetAndType($data['Target']);
     if ($type == Block::TYPE_USER) {
         $user = $target;
         $target = $user->getName();
         $userId = $user->getId();
         # Give admins a heads-up before they go and block themselves.  Much messier
         # to do this for IPs, but it's pretty unlikely they'd ever get the 'block'
         # permission anyway, although the code does allow for it.
         # Note: Important to use $target instead of $data['Target']
         # since both $data['PreviousTarget'] and $target are normalized
         # but $data['target'] gets overriden by (non-normalized) request variable
         # from previous request.
         if ($target === $performer->getName() && ($data['PreviousTarget'] !== $target || !$data['Confirm'])) {
             return array('ipb-blockingself');
         }
     } elseif ($type == Block::TYPE_RANGE) {
         $userId = 0;
     } elseif ($type == Block::TYPE_IP) {
         $target = $target->getName();
         $userId = 0;
     } else {
         # This should have been caught in the form field validation
         return array('badipaddress');
     }
     if (strlen($data['Expiry']) == 0 || strlen($data['Expiry']) > 50 || !self::parseExpiryInput($data['Expiry'])) {
         return array('ipb_expiry_invalid');
     }
     if (!isset($data['DisableEmail'])) {
         $data['DisableEmail'] = false;
     }
     # If the user has done the form 'properly', they won't even have been given the
     # option to suppress-block unless they have the 'hideuser' permission
     if (!isset($data['HideUser'])) {
         $data['HideUser'] = false;
     }
     if ($data['HideUser']) {
         if (!$performer->isAllowed('hideuser')) {
             # this codepath is unreachable except by a malicious user spoofing forms,
             # or by race conditions (user has oversight and sysop, loads block form,
             # and is de-oversighted before submission); so need to fail completely
             # rather than just silently disable hiding
             return array('badaccess-group0');
         }
         # Recheck params here...
         if ($type != Block::TYPE_USER) {
             $data['HideUser'] = false;
             # IP users should not be hidden
         } elseif (!in_array($data['Expiry'], array('infinite', 'infinity', 'indefinite'))) {
             # Bad expiry.
             return array('ipb_expiry_temp');
         } elseif ($user->getEditCount() > self::HIDEUSER_CONTRIBLIMIT) {
             # Typically, the user should have a handful of edits.
             # Disallow hiding users with many edits for performance.
             return array('ipb_hide_invalid');
         } elseif (!$data['Confirm']) {
             return array('ipb-confirmhideuser');
         }
     }
     # Create block object.
     $block = new Block();
     $block->setTarget($target);
     $block->setBlocker($performer);
     $block->mReason = $data['Reason'][0];
     $block->mExpiry = self::parseExpiryInput($data['Expiry']);
     $block->prevents('createaccount', $data['CreateAccount']);
     $block->prevents('editownusertalk', !$wgBlockAllowsUTEdit || $data['DisableUTEdit']);
     $block->prevents('sendemail', $data['DisableEmail']);
     $block->isHardblock($data['HardBlock']);
     $block->isAutoblocking($data['AutoBlock']);
     $block->mHideName = $data['HideUser'];
     if (!wfRunHooks('BlockIp', array(&$block, &$performer))) {
         return array('hookaborted');
     }
     # Try to insert block. Is there a conflicting block?
     $status = $block->insert();
     if (!$status) {
         # Show form unless the user is already aware of this...
         if (!$data['Confirm'] || array_key_exists('PreviousTarget', $data) && $data['PreviousTarget'] !== $target) {
             return array(array('ipb_already_blocked', $block->getTarget()));
             # Otherwise, try to update the block...
         } else {
             # This returns direct blocks before autoblocks/rangeblocks, since we should
             # be sure the user is blocked by now it should work for our purposes
             $currentBlock = Block::newFromTarget($target);
             if ($block->equals($currentBlock)) {
                 return array(array('ipb_already_blocked', $block->getTarget()));
             }
             # If the name was hidden and the blocking user cannot hide
             # names, then don't allow any block changes...
             if ($currentBlock->mHideName && !$performer->isAllowed('hideuser')) {
                 return array('cant-see-hidden-user');
             }
             $currentBlock->delete();
             $status = $block->insert();
             $logaction = 'reblock';
             # Unset _deleted fields if requested
             if ($currentBlock->mHideName && !$data['HideUser']) {
                 RevisionDeleteUser::unsuppressUserName($target, $userId);
             }
             # If hiding/unhiding a name, this should go in the private logs
             if ((bool) $currentBlock->mHideName) {
                 $data['HideUser'] = true;
             }
         }
     } else {
         $logaction = 'block';
     }
     wfRunHooks('BlockIpComplete', array($block, $performer));
     # Set *_deleted fields if requested
     if ($data['HideUser']) {
         RevisionDeleteUser::suppressUserName($target, $userId);
     }
     # Can't watch a rangeblock
     if ($type != Block::TYPE_RANGE && $data['Watch']) {
         $performer->addWatch(Title::makeTitle(NS_USER, $target));
     }
     # Block constructor sanitizes certain block options on insert
     $data['BlockEmail'] = $block->prevents('sendemail');
     $data['AutoBlock'] = $block->isAutoblocking();
     # Prepare log parameters
     $logParams = array();
     $logParams[] = $data['Expiry'];
     $logParams[] = self::blockLogFlags($data, $type);
     # Make log entry, if the name is hidden, put it in the oversight log
     $log_type = $data['HideUser'] ? 'suppress' : 'block';
     $log = new LogPage($log_type);
     $log_id = $log->addEntry($logaction, Title::makeTitle(NS_USER, $target), $data['Reason'][0], $logParams);
     # Relate log ID to block IDs (bug 25763)
     $blockIds = array_merge(array($status['id']), $status['autoIds']);
     $log->addRelations('ipb_id', $blockIds, $log_id);
     # Report to the user
     return true;
 }
Esempio n. 9
0
 /**
  * Autoblocks the given IP, referring to this Block.
  *
  * @param string $autoblockIP The IP to autoblock.
  * @return int|bool Block ID if an autoblock was inserted, false if not.
  */
 public function doAutoblock($autoblockIP)
 {
     # If autoblocks are disabled, go away.
     if (!$this->isAutoblocking()) {
         return false;
     }
     # Check for presence on the autoblock whitelist.
     if (self::isWhitelistedFromAutoblocks($autoblockIP)) {
         return false;
     }
     # Allow hooks to cancel the autoblock.
     if (!wfRunHooks('AbortAutoblock', array($autoblockIP, &$this))) {
         wfDebug("Autoblock aborted by hook.\n");
         return false;
     }
     # It's okay to autoblock. Go ahead and insert/update the block...
     # Do not add a *new* block if the IP is already blocked.
     $ipblock = Block::newFromTarget($autoblockIP);
     if ($ipblock) {
         # Check if the block is an autoblock and would exceed the user block
         # if renewed. If so, do nothing, otherwise prolong the block time...
         if ($ipblock->mAuto && $this->mExpiry > Block::getAutoblockExpiry($ipblock->mTimestamp)) {
             # Reset block timestamp to now and its expiry to
             # $wgAutoblockExpiry in the future
             $ipblock->updateTimestamp();
         }
         return false;
     }
     # Make a new block object with the desired properties.
     $autoblock = new Block();
     wfDebug("Autoblocking {$this->getTarget()}@" . $autoblockIP . "\n");
     $autoblock->setTarget($autoblockIP);
     $autoblock->setBlocker($this->getBlocker());
     $autoblock->mReason = wfMessage('autoblocker', $this->getTarget(), $this->mReason)->inContentLanguage()->plain();
     $timestamp = wfTimestampNow();
     $autoblock->mTimestamp = $timestamp;
     $autoblock->mAuto = 1;
     $autoblock->prevents('createaccount', $this->prevents('createaccount'));
     # Continue suppressing the name if needed
     $autoblock->mHideName = $this->mHideName;
     $autoblock->prevents('editownusertalk', $this->prevents('editownusertalk'));
     $autoblock->mParentBlockId = $this->mId;
     if ($this->mExpiry == 'infinity') {
         # Original block was indefinite, start an autoblock now
         $autoblock->mExpiry = Block::getAutoblockExpiry($timestamp);
     } else {
         # If the user is already blocked with an expiry date, we don't
         # want to pile on top of that.
         $autoblock->mExpiry = min($this->mExpiry, Block::getAutoblockExpiry($timestamp));
     }
     # Insert the block...
     $status = $autoblock->insert();
     return $status ? $status['id'] : false;
 }
 /**
  * Block a list of selected users
  *
  * @param $users Array
  * @param $reason String
  * @param $tag String: replaces user pages
  * @param $talkTag String: replaces user talk pages
  * @return Array: list of html-safe usernames
  */
 public static function doMassUserBlockInternal($users, $reason = '', $tag = '', $talkTag = '')
 {
     global $wgUser;
     $counter = $blockSize = 0;
     $safeUsers = array();
     $log = new LogPage('block');
     foreach ($users as $name) {
         # Enforce limits
         $counter++;
         $blockSize++;
         # Lets not go *too* fast
         if ($blockSize >= 20) {
             $blockSize = 0;
             wfWaitForSlaves(5);
         }
         $u = User::newFromName($name, false);
         // If user doesn't exist, it ought to be an IP then
         if (is_null($u) || !$u->getId() && !IP::isIPAddress($u->getName())) {
             continue;
         }
         $userTitle = $u->getUserPage();
         $userTalkTitle = $u->getTalkPage();
         $userpage = new Article($userTitle);
         $usertalk = new Article($userTalkTitle);
         $safeUsers[] = '[[' . $userTitle->getPrefixedText() . '|' . $userTitle->getText() . ']]';
         $expirestr = $u->getId() ? 'indefinite' : '1 week';
         $expiry = SpecialBlock::parseExpiryInput($expirestr);
         $anonOnly = IP::isIPAddress($u->getName()) ? 1 : 0;
         // Create the block
         $block = new Block();
         $block->setTarget($u);
         $block->setBlocker($wgUser);
         $block->mReason = $reason;
         $block->mExpiry = $expiry;
         $block->isHardblock(!IP::isIPAddress($u->getName()));
         $block->isAutoblocking(true);
         $block->prevents('createaccount', true);
         $block->prevents('sendemail', false);
         $block->prevents('editownusertalk', false);
         $oldblock = Block::newFromTarget($u->getName());
         if (!$oldblock) {
             $block->insert();
             # Prepare log parameters
             $logParams = array();
             $logParams[] = $expirestr;
             if ($anonOnly) {
                 $logParams[] = 'anononly';
             }
             $logParams[] = 'nocreate';
             # Add log entry
             $log->addEntry('block', $userTitle, $reason, $logParams);
         }
         # Tag userpage! (check length to avoid mistakes)
         if (strlen($tag) > 2) {
             $userpage->doEdit($tag, $reason, EDIT_MINOR);
         }
         if (strlen($talkTag) > 2) {
             $usertalk->doEdit($talkTag, $reason, EDIT_MINOR);
         }
     }
     return $safeUsers;
 }
Esempio n. 11
0
 /**
  * Given the form data, actually implement a block. This is also called from ApiBlock.
  *
  * @param array $data
  * @param IContextSource $context
  * @return bool|string
  */
 public static function processForm(array $data, IContextSource $context)
 {
     global $wgBlockAllowsUTEdit, $wgHideUserContribLimit, $wgContLang;
     $performer = $context->getUser();
     // Handled by field validator callback
     // self::validateTargetField( $data['Target'] );
     # This might have been a hidden field or a checkbox, so interesting data
     # can come from it
     $data['Confirm'] = !in_array($data['Confirm'], ['', '0', null, false], true);
     /** @var User $target */
     list($target, $type) = self::getTargetAndType($data['Target']);
     if ($type == Block::TYPE_USER) {
         $user = $target;
         $target = $user->getName();
         $userId = $user->getId();
         # Give admins a heads-up before they go and block themselves.  Much messier
         # to do this for IPs, but it's pretty unlikely they'd ever get the 'block'
         # permission anyway, although the code does allow for it.
         # Note: Important to use $target instead of $data['Target']
         # since both $data['PreviousTarget'] and $target are normalized
         # but $data['target'] gets overridden by (non-normalized) request variable
         # from previous request.
         if ($target === $performer->getName() && ($data['PreviousTarget'] !== $target || !$data['Confirm'])) {
             return ['ipb-blockingself', 'ipb-confirmaction'];
         }
     } elseif ($type == Block::TYPE_RANGE) {
         $userId = 0;
     } elseif ($type == Block::TYPE_IP) {
         $target = $target->getName();
         $userId = 0;
     } else {
         # This should have been caught in the form field validation
         return ['badipaddress'];
     }
     $expiryTime = self::parseExpiryInput($data['Expiry']);
     if (strlen($data['Expiry']) == 0 || strlen($data['Expiry']) > 50 || !$expiryTime) {
         return ['ipb_expiry_invalid'];
     }
     // an expiry time should be in the future, not in the
     // past (wouldn't make any sense) - bug T123069
     if ($expiryTime < wfTimestampNow()) {
         return ['ipb_expiry_old'];
     }
     if (!isset($data['DisableEmail'])) {
         $data['DisableEmail'] = false;
     }
     # If the user has done the form 'properly', they won't even have been given the
     # option to suppress-block unless they have the 'hideuser' permission
     if (!isset($data['HideUser'])) {
         $data['HideUser'] = false;
     }
     if ($data['HideUser']) {
         if (!$performer->isAllowed('hideuser')) {
             # this codepath is unreachable except by a malicious user spoofing forms,
             # or by race conditions (user has hideuser and block rights, loads block form,
             # and loses hideuser rights before submission); so need to fail completely
             # rather than just silently disable hiding
             return ['badaccess-group0'];
         }
         # Recheck params here...
         if ($type != Block::TYPE_USER) {
             $data['HideUser'] = false;
             # IP users should not be hidden
         } elseif (!wfIsInfinity($data['Expiry'])) {
             # Bad expiry.
             return ['ipb_expiry_temp'];
         } elseif ($wgHideUserContribLimit !== false && $user->getEditCount() > $wgHideUserContribLimit) {
             # Typically, the user should have a handful of edits.
             # Disallow hiding users with many edits for performance.
             return [['ipb_hide_invalid', Message::numParam($wgHideUserContribLimit)]];
         } elseif (!$data['Confirm']) {
             return ['ipb-confirmhideuser', 'ipb-confirmaction'];
         }
     }
     # Create block object.
     $block = new Block();
     $block->setTarget($target);
     $block->setBlocker($performer);
     # Truncate reason for whole multibyte characters
     $block->mReason = $wgContLang->truncate($data['Reason'][0], 255);
     $block->mExpiry = $expiryTime;
     $block->prevents('createaccount', $data['CreateAccount']);
     $block->prevents('editownusertalk', !$wgBlockAllowsUTEdit || $data['DisableUTEdit']);
     $block->prevents('sendemail', $data['DisableEmail']);
     $block->isHardblock($data['HardBlock']);
     $block->isAutoblocking($data['AutoBlock']);
     $block->mHideName = $data['HideUser'];
     $reason = ['hookaborted'];
     if (!Hooks::run('BlockIp', [&$block, &$performer, &$reason])) {
         return $reason;
     }
     # Try to insert block. Is there a conflicting block?
     $status = $block->insert();
     if (!$status) {
         # Indicates whether the user is confirming the block and is aware of
         # the conflict (did not change the block target in the meantime)
         $blockNotConfirmed = !$data['Confirm'] || array_key_exists('PreviousTarget', $data) && $data['PreviousTarget'] !== $target;
         # Special case for API - bug 32434
         $reblockNotAllowed = array_key_exists('Reblock', $data) && !$data['Reblock'];
         # Show form unless the user is already aware of this...
         if ($blockNotConfirmed || $reblockNotAllowed) {
             return [['ipb_already_blocked', $block->getTarget()]];
             # Otherwise, try to update the block...
         } else {
             # This returns direct blocks before autoblocks/rangeblocks, since we should
             # be sure the user is blocked by now it should work for our purposes
             $currentBlock = Block::newFromTarget($target);
             if ($block->equals($currentBlock)) {
                 return [['ipb_already_blocked', $block->getTarget()]];
             }
             # If the name was hidden and the blocking user cannot hide
             # names, then don't allow any block changes...
             if ($currentBlock->mHideName && !$performer->isAllowed('hideuser')) {
                 return ['cant-see-hidden-user'];
             }
             $currentBlock->isHardblock($block->isHardblock());
             $currentBlock->prevents('createaccount', $block->prevents('createaccount'));
             $currentBlock->mExpiry = $block->mExpiry;
             $currentBlock->isAutoblocking($block->isAutoblocking());
             $currentBlock->mHideName = $block->mHideName;
             $currentBlock->prevents('sendemail', $block->prevents('sendemail'));
             $currentBlock->prevents('editownusertalk', $block->prevents('editownusertalk'));
             $currentBlock->mReason = $block->mReason;
             $status = $currentBlock->update();
             $logaction = 'reblock';
             # Unset _deleted fields if requested
             if ($currentBlock->mHideName && !$data['HideUser']) {
                 RevisionDeleteUser::unsuppressUserName($target, $userId);
             }
             # If hiding/unhiding a name, this should go in the private logs
             if ((bool) $currentBlock->mHideName) {
                 $data['HideUser'] = true;
             }
         }
     } else {
         $logaction = 'block';
     }
     Hooks::run('BlockIpComplete', [$block, $performer]);
     # Set *_deleted fields if requested
     if ($data['HideUser']) {
         RevisionDeleteUser::suppressUserName($target, $userId);
     }
     # Can't watch a rangeblock
     if ($type != Block::TYPE_RANGE && $data['Watch']) {
         WatchAction::doWatch(Title::makeTitle(NS_USER, $target), $performer, User::IGNORE_USER_RIGHTS);
     }
     # Block constructor sanitizes certain block options on insert
     $data['BlockEmail'] = $block->prevents('sendemail');
     $data['AutoBlock'] = $block->isAutoblocking();
     # Prepare log parameters
     $logParams = [];
     $logParams['5::duration'] = $data['Expiry'];
     $logParams['6::flags'] = self::blockLogFlags($data, $type);
     # Make log entry, if the name is hidden, put it in the suppression log
     $log_type = $data['HideUser'] ? 'suppress' : 'block';
     $logEntry = new ManualLogEntry($log_type, $logaction);
     $logEntry->setTarget(Title::makeTitle(NS_USER, $target));
     $logEntry->setComment($data['Reason'][0]);
     $logEntry->setPerformer($performer);
     $logEntry->setParameters($logParams);
     # Relate log ID to block IDs (bug 25763)
     $blockIds = array_merge([$status['id']], $status['autoIds']);
     $logEntry->setRelations(['ipb_id' => $blockIds]);
     $logId = $logEntry->insert();
     $logEntry->publish($logId);
     # Report to the user
     return true;
 }
Esempio n. 12
0
 public static function takeConsequenceAction($action, $parameters, $title, $vars, $rule_desc)
 {
     $display = '';
     switch ($action) {
         case 'disallow':
             if (strlen($parameters[0])) {
                 $display .= wfMsgExt($parameters[0], 'parseinline', array($rule_desc)) . "\n";
             } else {
                 // Generic message.
                 $display .= wfMsgExt('abusefilter-disallowed', 'parseinline', array($rule_desc)) . "<br />\n";
             }
             break;
         case 'block':
             global $wgUser, $wgAbuseFilterBlockDuration;
             $filterUser = AbuseFilter::getFilterUser();
             // Create a block.
             $block = new Block();
             $block->setTarget($wgUser->getName());
             $block->setBlocker($filterUser);
             $block->mReason = wfMsgForContent('abusefilter-blockreason', $rule_desc);
             $block->isHardblock(false);
             $block->prevents('createaccount', true);
             $block->mExpiry = SpecialBlock::parseExpiryInput($wgAbuseFilterBlockDuration);
             $block->insert();
             // Log it
             # Prepare log parameters
             $logParams = array();
             if ($block->mExpiry == 'infinity') {
                 $logParams[] = 'indefinite';
             } else {
                 $logParams[] = $wgAbuseFilterBlockDuration;
             }
             $logParams[] = 'nocreate, angry-autoblock';
             $log = new LogPage('block');
             $log->addEntry('block', Title::makeTitle(NS_USER, $wgUser->getName()), wfMsgForContent('abusefilter-blockreason', $rule_desc), $logParams, self::getFilterUser());
             $display .= wfMsgExt('abusefilter-blocked-display', 'parseinline', array($rule_desc)) . "<br />\n";
             break;
         case 'rangeblock':
             $filterUser = AbuseFilter::getFilterUser();
             $range = IP::sanitizeRange(wfGetIP() . '/16');
             // Create a block.
             $block = new Block();
             $block->setTarget($range);
             $block->setBlocker($filterUser);
             $block->mReason = wfMsgForContent('abusefilter-blockreason', $rule_desc);
             $block->isHardblock(false);
             $block->prevents('createaccount', true);
             $block->mExpiry = SpecialBlock::parseExpiryInput('1 week');
             $block->insert();
             // Log it
             # Prepare log parameters
             $logParams = array();
             $logParams[] = 'indefinite';
             $logParams[] = 'nocreate, angry-autoblock';
             $log = new LogPage('block');
             $log->addEntry('block', Title::makeTitle(NS_USER, $range), wfMsgForContent('abusefilter-blockreason', $rule_desc), $logParams, self::getFilterUser());
             $display .= wfMsgExt('abusefilter-blocked-display', 'parseinline', $rule_desc) . "<br />\n";
             break;
         case 'degroup':
             global $wgUser;
             if (!$wgUser->isAnon()) {
                 // Remove all groups from the user. Ouch.
                 $groups = $wgUser->getGroups();
                 foreach ($groups as $group) {
                     $wgUser->removeGroup($group);
                 }
                 $display .= wfMsgExt('abusefilter-degrouped', 'parseinline', array($rule_desc)) . "<br />\n";
                 // Don't log it if there aren't any groups being removed!
                 if (!count($groups)) {
                     break;
                 }
                 // Log it.
                 $log = new LogPage('rights');
                 $log->addEntry('rights', $wgUser->getUserPage(), wfMsgForContent('abusefilter-degroupreason', $rule_desc), array(implode(', ', $groups), wfMsgForContent('rightsnone')), self::getFilterUser());
             }
             break;
         case 'blockautopromote':
             global $wgUser, $wgMemc;
             if (!$wgUser->isAnon()) {
                 $blockPeriod = (int) mt_rand(3 * 86400, 7 * 86400);
                 // Block for 3-7 days.
                 $wgMemc->set(self::autoPromoteBlockKey($wgUser), true, $blockPeriod);
                 $display .= wfMsgExt('abusefilter-autopromote-blocked', 'parseinline', array($rule_desc)) . "<br />\n";
             }
             break;
         case 'flag':
             // Do nothing. Here for completeness.
             break;
         case 'tag':
             // Mark with a tag on recentchanges.
             global $wgUser;
             $actionID = implode('-', array($title->getPrefixedText(), $wgUser->getName(), $vars->getVar('ACTION')->toString()));
             AbuseFilter::$tagsToSet[$actionID] = $parameters;
             break;
         default:
             wfDebugLog('AbuseFilter', "Unrecognised action {$action}");
     }
     return $display;
 }