public function __construct(Block $block) { global $wgLang, $wgRequest; $blocker = $block->getBlocker(); if ($blocker instanceof User) { // local user $blockerUserpage = $block->getBlocker()->getUserPage(); $link = "[[{$blockerUserpage->getPrefixedText()}|{$blockerUserpage->getText()}]]"; } else { // foreign user $link = $blocker; } $reason = $block->mReason; if ($reason == '') { $reason = wfMsg('blockednoreason'); } /* $ip returns who *is* being blocked, $intended contains who was meant to be blocked. * This could be a username, an IP range, or a single IP. */ $intended = $block->getTarget(); parent::__construct('blockedtitle', $block->mAuto ? 'autoblockedtext' : 'blockedtext', array($link, $reason, $wgRequest->getIP(), $block->getByName(), $block->getId(), $wgLang->formatExpiry($block->mExpiry), $intended, $wgLang->timeanddate(wfTimestamp(TS_MW, $block->mTimestamp), true))); }
/** * Retroactively autoblocks the last IP used by the user (if it is a user) * blocked by this Block. * * @param Block $block * @param Array &$blockIds */ public static function doRetroactiveAutoblock(Block $block, array &$blockIds) { $dbr = wfGetDB(DB_SLAVE); $user = User::newFromName((string) $block->getTarget(), false); if (!$user->getId()) { return array(); // user in an IP? } $options = array('ORDER BY' => 'cuc_timestamp DESC'); $options['LIMIT'] = 1; // just the last IP used $res = $dbr->select('cu_changes', array('cuc_ip'), array('cuc_user' => $user->getId()), __METHOD__, $options); # Iterate through IPs used (this is just one or zero for now) foreach ($res as $row) { if ($row->cuc_ip) { $id = $block->doAutoblock($row->cuc_ip); if ($id) { $blockIds[] = $id; } } } return false; // autoblock handled }
/** * Retroactively autoblocks the last IP used by the user (if it is a user) * blocked by this Block. This will use the recentchanges table. * * @param Block $block * @param array &$blockIds */ protected static function defaultRetroactiveAutoblock(Block $block, array &$blockIds) { global $wgPutIPinRC; // No IPs are in recentchanges table, so nothing to select if (!$wgPutIPinRC) { return; } $dbr = wfGetDB(DB_SLAVE); $options = array('ORDER BY' => 'rc_timestamp DESC'); $conds = array('rc_user_text' => (string) $block->getTarget()); // Just the last IP used. $options['LIMIT'] = 1; $res = $dbr->select('recentchanges', array('rc_ip'), $conds, __METHOD__, $options); if (!$res->numRows()) { # No results, don't autoblock anything wfDebug("No IP found to retroactively autoblock\n"); } else { foreach ($res as $row) { if ($row->rc_ip) { $id = $block->doAutoblock($row->rc_ip); if ($id) { $blockIds[] = $id; } } } } }
/** * Given the form data, actually implement a block * @param $data Array * @param $context IContextSource * @return Bool|String */ public static function processForm(array $data, IContextSource $context) { global $wgBlockAllowsUTEdit; $performer = $context->getUser(); // Handled by field validator callback // self::validateTargetField( $data['Target'] ); # This might have been a hidden field or a checkbox, so interesting data # can come from it $data['Confirm'] = !in_array($data['Confirm'], array('', '0', null, false), true); list($target, $type) = self::getTargetAndType($data['Target']); if ($type == Block::TYPE_USER) { $user = $target; $target = $user->getName(); $userId = $user->getId(); # Give admins a heads-up before they go and block themselves. Much messier # to do this for IPs, but it's pretty unlikely they'd ever get the 'block' # permission anyway, although the code does allow for it. # Note: Important to use $target instead of $data['Target'] # since both $data['PreviousTarget'] and $target are normalized # but $data['target'] gets overriden by (non-normalized) request variable # from previous request. if ($target === $performer->getName() && ($data['PreviousTarget'] !== $target || !$data['Confirm'])) { return array('ipb-blockingself'); } } elseif ($type == Block::TYPE_RANGE) { $userId = 0; } elseif ($type == Block::TYPE_IP) { $target = $target->getName(); $userId = 0; } else { # This should have been caught in the form field validation return array('badipaddress'); } if (strlen($data['Expiry']) == 0 || strlen($data['Expiry']) > 50 || !self::parseExpiryInput($data['Expiry'])) { return array('ipb_expiry_invalid'); } if (!isset($data['DisableEmail'])) { $data['DisableEmail'] = false; } # If the user has done the form 'properly', they won't even have been given the # option to suppress-block unless they have the 'hideuser' permission if (!isset($data['HideUser'])) { $data['HideUser'] = false; } if ($data['HideUser']) { if (!$performer->isAllowed('hideuser')) { # this codepath is unreachable except by a malicious user spoofing forms, # or by race conditions (user has oversight and sysop, loads block form, # and is de-oversighted before submission); so need to fail completely # rather than just silently disable hiding return array('badaccess-group0'); } # Recheck params here... if ($type != Block::TYPE_USER) { $data['HideUser'] = false; # IP users should not be hidden } elseif (!in_array($data['Expiry'], array('infinite', 'infinity', 'indefinite'))) { # Bad expiry. return array('ipb_expiry_temp'); } elseif ($user->getEditCount() > self::HIDEUSER_CONTRIBLIMIT) { # Typically, the user should have a handful of edits. # Disallow hiding users with many edits for performance. return array('ipb_hide_invalid'); } elseif (!$data['Confirm']) { return array('ipb-confirmhideuser'); } } # Create block object. $block = new Block(); $block->setTarget($target); $block->setBlocker($performer); $block->mReason = $data['Reason'][0]; $block->mExpiry = self::parseExpiryInput($data['Expiry']); $block->prevents('createaccount', $data['CreateAccount']); $block->prevents('editownusertalk', !$wgBlockAllowsUTEdit || $data['DisableUTEdit']); $block->prevents('sendemail', $data['DisableEmail']); $block->isHardblock($data['HardBlock']); $block->isAutoblocking($data['AutoBlock']); $block->mHideName = $data['HideUser']; if (!wfRunHooks('BlockIp', array(&$block, &$performer))) { return array('hookaborted'); } # Try to insert block. Is there a conflicting block? $status = $block->insert(); if (!$status) { # Show form unless the user is already aware of this... if (!$data['Confirm'] || array_key_exists('PreviousTarget', $data) && $data['PreviousTarget'] !== $target) { return array(array('ipb_already_blocked', $block->getTarget())); # Otherwise, try to update the block... } else { # This returns direct blocks before autoblocks/rangeblocks, since we should # be sure the user is blocked by now it should work for our purposes $currentBlock = Block::newFromTarget($target); if ($block->equals($currentBlock)) { return array(array('ipb_already_blocked', $block->getTarget())); } # If the name was hidden and the blocking user cannot hide # names, then don't allow any block changes... if ($currentBlock->mHideName && !$performer->isAllowed('hideuser')) { return array('cant-see-hidden-user'); } $currentBlock->delete(); $status = $block->insert(); $logaction = 'reblock'; # Unset _deleted fields if requested if ($currentBlock->mHideName && !$data['HideUser']) { RevisionDeleteUser::unsuppressUserName($target, $userId); } # If hiding/unhiding a name, this should go in the private logs if ((bool) $currentBlock->mHideName) { $data['HideUser'] = true; } } } else { $logaction = 'block'; } wfRunHooks('BlockIpComplete', array($block, $performer)); # Set *_deleted fields if requested if ($data['HideUser']) { RevisionDeleteUser::suppressUserName($target, $userId); } # Can't watch a rangeblock if ($type != Block::TYPE_RANGE && $data['Watch']) { $performer->addWatch(Title::makeTitle(NS_USER, $target)); } # Block constructor sanitizes certain block options on insert $data['BlockEmail'] = $block->prevents('sendemail'); $data['AutoBlock'] = $block->isAutoblocking(); # Prepare log parameters $logParams = array(); $logParams[] = $data['Expiry']; $logParams[] = self::blockLogFlags($data, $type); # Make log entry, if the name is hidden, put it in the oversight log $log_type = $data['HideUser'] ? 'suppress' : 'block'; $log = new LogPage($log_type); $log_id = $log->addEntry($logaction, Title::makeTitle(NS_USER, $target), $data['Reason'][0], $logParams); # Relate log ID to block IDs (bug 25763) $blockIds = array_merge(array($status['id']), $status['autoIds']); $log->addRelations('ipb_id', $blockIds, $log_id); # Report to the user return true; }
/** * Output a message that informs the user that they cannot create an account because * there is a block on them or their IP which prevents account creation. Note that * User::isBlockedFromCreateAccount(), which gets this block, ignores the 'hardblock' * setting on blocks (bug 13611). * @param $block Block the block causing this error */ function userBlockedMessage( Block $block ) { global $wgOut; # Let's be nice about this, it's likely that this feature will be used # for blocking large numbers of innocent people, e.g. range blocks on # schools. Don't blame it on the user. There's a small chance that it # really is the user's fault, i.e. the username is blocked and they # haven't bothered to log out before trying to create an account to # evade it, but we'll leave that to their guilty conscience to figure # out. $wgOut->setPageTitle( wfMsg( 'cantcreateaccounttitle' ) ); $block_reason = $block->mReason; if ( strval( $block_reason ) === '' ) { $block_reason = wfMsg( 'blockednoreason' ); } $wgOut->addWikiMsg( 'cantcreateaccount-text', $block->getTarget(), $block_reason, $block->getByName() ); $wgOut->returnToMain( false ); }
/** * Output a message that informs the user that they cannot create an account because * there is a block on them or their IP which prevents account creation. Note that * User::isBlockedFromCreateAccount(), which gets this block, ignores the 'hardblock' * setting on blocks (bug 13611). * @param Block $block The block causing this error * @throws ErrorPageError */ function userBlockedMessage(Block $block) { # Let's be nice about this, it's likely that this feature will be used # for blocking large numbers of innocent people, e.g. range blocks on # schools. Don't blame it on the user. There's a small chance that it # really is the user's fault, i.e. the username is blocked and they # haven't bothered to log out before trying to create an account to # evade it, but we'll leave that to their guilty conscience to figure # out. $errorParams = array($block->getTarget(), $block->mReason ? $block->mReason : $this->msg('blockednoreason')->text(), $block->getByName()); if ($block->getType() === Block::TYPE_RANGE) { $errorMessage = 'cantcreateaccount-range-text'; $errorParams[] = $this->getRequest()->getIP(); } else { $errorMessage = 'cantcreateaccount-text'; } throw new ErrorPageError('cantcreateaccounttitle', $errorMessage, $errorParams); }
/** * @static * @param Block $block * @param $user * @return bool */ public static function onBlockIpComplete($block, $user) { $blockTarget = $block->getTarget(); if ($blockTarget instanceof User && $blockTarget->isLoggedIn()) { $vote = new VoteHelper($block->getTarget(), null); $vote->invalidateUser(); } return true; }
/** * Given the form data, actually implement a block. This is also called from ApiBlock. * * @param array $data * @param IContextSource $context * @return bool|string */ public static function processForm(array $data, IContextSource $context) { global $wgBlockAllowsUTEdit, $wgHideUserContribLimit, $wgContLang; $performer = $context->getUser(); // Handled by field validator callback // self::validateTargetField( $data['Target'] ); # This might have been a hidden field or a checkbox, so interesting data # can come from it $data['Confirm'] = !in_array($data['Confirm'], ['', '0', null, false], true); /** @var User $target */ list($target, $type) = self::getTargetAndType($data['Target']); if ($type == Block::TYPE_USER) { $user = $target; $target = $user->getName(); $userId = $user->getId(); # Give admins a heads-up before they go and block themselves. Much messier # to do this for IPs, but it's pretty unlikely they'd ever get the 'block' # permission anyway, although the code does allow for it. # Note: Important to use $target instead of $data['Target'] # since both $data['PreviousTarget'] and $target are normalized # but $data['target'] gets overridden by (non-normalized) request variable # from previous request. if ($target === $performer->getName() && ($data['PreviousTarget'] !== $target || !$data['Confirm'])) { return ['ipb-blockingself', 'ipb-confirmaction']; } } elseif ($type == Block::TYPE_RANGE) { $userId = 0; } elseif ($type == Block::TYPE_IP) { $target = $target->getName(); $userId = 0; } else { # This should have been caught in the form field validation return ['badipaddress']; } $expiryTime = self::parseExpiryInput($data['Expiry']); if (strlen($data['Expiry']) == 0 || strlen($data['Expiry']) > 50 || !$expiryTime) { return ['ipb_expiry_invalid']; } // an expiry time should be in the future, not in the // past (wouldn't make any sense) - bug T123069 if ($expiryTime < wfTimestampNow()) { return ['ipb_expiry_old']; } if (!isset($data['DisableEmail'])) { $data['DisableEmail'] = false; } # If the user has done the form 'properly', they won't even have been given the # option to suppress-block unless they have the 'hideuser' permission if (!isset($data['HideUser'])) { $data['HideUser'] = false; } if ($data['HideUser']) { if (!$performer->isAllowed('hideuser')) { # this codepath is unreachable except by a malicious user spoofing forms, # or by race conditions (user has hideuser and block rights, loads block form, # and loses hideuser rights before submission); so need to fail completely # rather than just silently disable hiding return ['badaccess-group0']; } # Recheck params here... if ($type != Block::TYPE_USER) { $data['HideUser'] = false; # IP users should not be hidden } elseif (!wfIsInfinity($data['Expiry'])) { # Bad expiry. return ['ipb_expiry_temp']; } elseif ($wgHideUserContribLimit !== false && $user->getEditCount() > $wgHideUserContribLimit) { # Typically, the user should have a handful of edits. # Disallow hiding users with many edits for performance. return [['ipb_hide_invalid', Message::numParam($wgHideUserContribLimit)]]; } elseif (!$data['Confirm']) { return ['ipb-confirmhideuser', 'ipb-confirmaction']; } } # Create block object. $block = new Block(); $block->setTarget($target); $block->setBlocker($performer); # Truncate reason for whole multibyte characters $block->mReason = $wgContLang->truncate($data['Reason'][0], 255); $block->mExpiry = $expiryTime; $block->prevents('createaccount', $data['CreateAccount']); $block->prevents('editownusertalk', !$wgBlockAllowsUTEdit || $data['DisableUTEdit']); $block->prevents('sendemail', $data['DisableEmail']); $block->isHardblock($data['HardBlock']); $block->isAutoblocking($data['AutoBlock']); $block->mHideName = $data['HideUser']; $reason = ['hookaborted']; if (!Hooks::run('BlockIp', [&$block, &$performer, &$reason])) { return $reason; } # Try to insert block. Is there a conflicting block? $status = $block->insert(); if (!$status) { # Indicates whether the user is confirming the block and is aware of # the conflict (did not change the block target in the meantime) $blockNotConfirmed = !$data['Confirm'] || array_key_exists('PreviousTarget', $data) && $data['PreviousTarget'] !== $target; # Special case for API - bug 32434 $reblockNotAllowed = array_key_exists('Reblock', $data) && !$data['Reblock']; # Show form unless the user is already aware of this... if ($blockNotConfirmed || $reblockNotAllowed) { return [['ipb_already_blocked', $block->getTarget()]]; # Otherwise, try to update the block... } else { # This returns direct blocks before autoblocks/rangeblocks, since we should # be sure the user is blocked by now it should work for our purposes $currentBlock = Block::newFromTarget($target); if ($block->equals($currentBlock)) { return [['ipb_already_blocked', $block->getTarget()]]; } # If the name was hidden and the blocking user cannot hide # names, then don't allow any block changes... if ($currentBlock->mHideName && !$performer->isAllowed('hideuser')) { return ['cant-see-hidden-user']; } $currentBlock->isHardblock($block->isHardblock()); $currentBlock->prevents('createaccount', $block->prevents('createaccount')); $currentBlock->mExpiry = $block->mExpiry; $currentBlock->isAutoblocking($block->isAutoblocking()); $currentBlock->mHideName = $block->mHideName; $currentBlock->prevents('sendemail', $block->prevents('sendemail')); $currentBlock->prevents('editownusertalk', $block->prevents('editownusertalk')); $currentBlock->mReason = $block->mReason; $status = $currentBlock->update(); $logaction = 'reblock'; # Unset _deleted fields if requested if ($currentBlock->mHideName && !$data['HideUser']) { RevisionDeleteUser::unsuppressUserName($target, $userId); } # If hiding/unhiding a name, this should go in the private logs if ((bool) $currentBlock->mHideName) { $data['HideUser'] = true; } } } else { $logaction = 'block'; } Hooks::run('BlockIpComplete', [$block, $performer]); # Set *_deleted fields if requested if ($data['HideUser']) { RevisionDeleteUser::suppressUserName($target, $userId); } # Can't watch a rangeblock if ($type != Block::TYPE_RANGE && $data['Watch']) { WatchAction::doWatch(Title::makeTitle(NS_USER, $target), $performer, User::IGNORE_USER_RIGHTS); } # Block constructor sanitizes certain block options on insert $data['BlockEmail'] = $block->prevents('sendemail'); $data['AutoBlock'] = $block->isAutoblocking(); # Prepare log parameters $logParams = []; $logParams['5::duration'] = $data['Expiry']; $logParams['6::flags'] = self::blockLogFlags($data, $type); # Make log entry, if the name is hidden, put it in the suppression log $log_type = $data['HideUser'] ? 'suppress' : 'block'; $logEntry = new ManualLogEntry($log_type, $logaction); $logEntry->setTarget(Title::makeTitle(NS_USER, $target)); $logEntry->setComment($data['Reason'][0]); $logEntry->setPerformer($performer); $logEntry->setParameters($logParams); # Relate log ID to block IDs (bug 25763) $blockIds = array_merge([$status['id']], $status['autoIds']); $logEntry->setRelations(['ipb_id' => $blockIds]); $logId = $logEntry->insert(); $logEntry->publish($logId); # Report to the user return true; }
/** * Occurs after the request to block an IP or user has been processed * @see http://www.mediawiki.org/wiki/Manual:MediaWiki_hooks/BlockIpComplete */ function slack_user_blocked(Block $block, $user) { global $wgWikiUrl, $wgWikiUrlEnding, $wgWikiUrlEndingBlockList; $message = sprintf("%s has blocked %s %s Block expiration: %s. %s", getSlackUserText($user), getSlackUserText($block->getTarget()), $block->mReason == "" ? "" : "with reason '" . $block->mReason . "'.", $block->mExpiry, "<" . $wgWikiUrl . $wgWikiUrlEnding . $wgWikiUrlEndingBlockList . "|List of all blocks>."); push_slack_notify($message, "red"); return true; }
public function testDeprecatedConstructor() { $this->hideDeprecated('Block::__construct with multiple arguments'); $username = '******'; $reason = 'being irrational'; # Set up the target $u = User::newFromName($username); if ($u->getID() == 0) { $u->addToDatabase(); TestUser::setPasswordForUser($u, 'TotallyObvious'); } unset($u); # Make sure the user isn't blocked $this->assertNull(Block::newFromTarget($username), "{$username} should not be blocked"); # Perform the block $block = new Block($username, 0, 0, $reason, 0, false, 0); $block->insert(); # Check target $this->assertEquals($block->getTarget()->getName(), $username, "Target should be set properly"); # Check supplied parameter $this->assertEquals($block->mReason, $reason, "Reason should be non-default"); # Check default parameter $this->assertFalse((bool) $block->prevents('createaccount'), "Account creation should not be blocked by default"); }
/** * @static * @param Block $block instance of Block class includes/Block.php * @param User $user instance of User class includes/User.php * @return bool true 'cause it's a hook */ public static function eventlogBlockIp($block, $user) { self::log("block", "block", $user->getID(), $user->getName(), $block->getBlocker(), $block->getTarget(), $block->mReason); return true; }