/**
* Get block instance for the current user, if it exists
*
* @return Block|false
*/
public function getBlock()
{
$blockData = $this->memc->get($this->getMemcacheBlockKey());
if (is_array($blockData)) {
$blocker = User::newFromName(self::BLOCKER_NAME);
$block = new Block();
$block->setTarget($this->mUser);
$block->setBlocker($blocker);
$block->setBlockEmail($blocker->getEmail());
$block->mReason = $blockData['reason'];
$block->mExpiry = $blockData['expiry'];
$block->mTimestamp = wfTimestamp(TS_MW, $blockData['set_at']);
$this->info(__METHOD__, ['reason' => $block->mReason, 'expiry' => $block->getExpiry()]);
return $block;
} else {
return false;
}
}
function execute($par)
{
global $wgRequest, $wgOut, $wgBlockOpenProxies, $wgProxyKey;
$this->setHeaders();
$this->outputHeader();
$ip = wfGetIP();
if (!$wgBlockOpenProxies || $wgRequest->getText('ip') != md5($ip . $wgProxyKey)) {
$wgOut->addWikiMsg('proxyblocker-disabled');
return;
}
$user = User::newFromName(wfMsgForContent('proxyblocker'));
if (!$user->isLoggedIn()) {
$user->addToDatabase();
}
$block = new Block();
$block->setTarget($ip);
$block->setBlocker($user);
$block->mReason = wfMsg('proxyblockreason');
$block->insert();
$wgOut->addWikiMsg('proxyblocksuccess');
}
function execute($par)
{
global $wgBlockOpenProxies, $wgProxyKey;
$this->setHeaders();
$this->outputHeader();
$ip = $this->getRequest()->getIP();
if (!$wgBlockOpenProxies || $this->getRequest()->getText('ip') != md5($ip . $wgProxyKey)) {
$this->getOutput()->addWikiMsg('proxyblocker-disabled');
return;
}
$user = User::newFromName($this->msg('proxyblocker')->inContentLanguage()->text());
# FIXME: newFromName could return false on a badly configured wiki.
if (!$user->isLoggedIn()) {
$user->addToDatabase();
}
$block = new Block();
$block->setTarget($ip);
$block->setBlocker($user);
$block->mReason = $this->msg('proxyblockreason')->inContentLanguage()->text();
$block->insert();
$this->getOutput()->addWikiMsg('proxyblocksuccess');
}
/**
* Get blocking information
* @param $bFromSlave Bool Whether to check the slave database first. To
* improve performance, non-critical checks are done
* against slaves. Check when actually saving should be
* done against master.
*/
private function getBlockedStatus($bFromSlave = true)
{
global $wgProxyWhitelist, $wgUser;
if (-1 != $this->mBlockedby) {
return;
}
wfProfileIn(__METHOD__);
wfDebug(__METHOD__ . ": checking...\n");
// Initialize data...
// Otherwise something ends up stomping on $this->mBlockedby when
// things get lazy-loaded later, causing false positive block hits
// due to -1 !== 0. Probably session-related... Nothing should be
// overwriting mBlockedby, surely?
$this->load();
# We only need to worry about passing the IP address to the Block generator if the
# user is not immune to autoblocks/hardblocks, and they are the current user so we
# know which IP address they're actually coming from
if (!$this->isAllowed('ipblock-exempt') && $this->getID() == $wgUser->getID()) {
$ip = $this->getRequest()->getIP();
} else {
$ip = null;
}
# User/IP blocking
$block = Block::newFromTarget($this->getName(), $ip, !$bFromSlave);
# Proxy blocking
if (!$block instanceof Block && $ip !== null && !$this->isAllowed('proxyunbannable') && !in_array($ip, $wgProxyWhitelist)) {
# Local list
if (self::isLocallyBlockedProxy($ip)) {
$block = new Block();
$block->setBlocker(wfMsg('proxyblocker'));
$block->mReason = wfMsg('proxyblockreason');
$block->setTarget($ip);
} elseif ($this->isAnon() && $this->isDnsBlacklisted($ip)) {
$block = new Block();
$block->setBlocker(wfMsg('sorbs'));
$block->mReason = wfMsg('sorbsreason');
$block->setTarget($ip);
}
}
if ($block instanceof Block) {
wfDebug(__METHOD__ . ": Found block.\n");
$this->mBlock = $block;
$this->mBlockedby = $block->getByName();
$this->mBlockreason = $block->mReason;
$this->mHideName = $block->mHideName;
$this->mAllowUsertalk = !$block->prevents('editownusertalk');
} else {
$this->mBlockedby = '';
$this->mHideName = 0;
$this->mAllowUsertalk = false;
}
# Extensions
wfRunHooks('GetBlockedStatus', array(&$this));
wfProfileOut(__METHOD__);
}
/**
* @param $action string
* @param $parameters array
* @param $title Title
* @param $vars AbuseFilterVariableHolder
* @param $rule_desc
* @param $rule_number int|string
*
* @return array|null a message describing the action that was taken,
* or null if no action was taken. The message is given as an array
* containing the message key followed by any message parameters.
*
* @note: Returning the message as an array instead of a Message object is
* needed for compatibility with MW 1.20: we will be constructing a
* Status object from these messages, and before 1.21, Status did
* not accept Message objects to be added directly.
*/
public static function takeConsequenceAction($action, $parameters, $title, $vars, $rule_desc, $rule_number)
{
global $wgAbuseFilterCustomActionsHandlers, $wgRequest;
$message = null;
switch ($action) {
case 'disallow':
if (strlen($parameters[0])) {
$message = array($parameters[0], $rule_desc, $rule_number);
} else {
// Generic message.
$message = array('abusefilter-disallowed', $rule_desc, $rule_number);
}
break;
case 'block':
global $wgUser, $wgAbuseFilterBlockDuration, $wgAbuseFilterAnonBlockDuration;
$filterUser = AbuseFilter::getFilterUser();
// Create a block.
$block = new Block();
$block->setTarget($wgUser->getName());
$block->setBlocker($filterUser);
$block->mReason = wfMessage('abusefilter-blockreason', $rule_desc, $rule_number)->inContentLanguage()->text();
$block->isHardblock(false);
$block->isAutoblocking(true);
$block->prevents('createaccount', true);
$block->prevents('editownusertalk', false);
if ($wgUser->isAnon() && $wgAbuseFilterAnonBlockDuration !== null) {
// The user isn't logged in and the anon block duration doesn't default to $wgAbuseFilterBlockDuration
$expiry = $wgAbuseFilterAnonBlockDuration;
} else {
$expiry = $wgAbuseFilterBlockDuration;
}
$block->mExpiry = SpecialBlock::parseExpiryInput($expiry);
$block->insert();
// Log it
# Prepare log parameters
$logParams = array();
if ($block->mExpiry == 'infinity') {
$logParams[] = 'indefinite';
} else {
$logParams[] = $expiry;
}
$logParams[] = 'nocreate';
$log = new LogPage('block');
$log->addEntry('block', Title::makeTitle(NS_USER, $wgUser->getName()), wfMessage('abusefilter-blockreason', $rule_desc, $rule_number)->inContentLanguage()->text(), $logParams, self::getFilterUser());
$message = array('abusefilter-blocked-display', $rule_desc, $rule_number);
break;
case 'rangeblock':
$filterUser = AbuseFilter::getFilterUser();
$range = IP::sanitizeRange($wgRequest->getIP() . '/16');
// Create a block.
$block = new Block();
$block->setTarget($range);
$block->setBlocker($filterUser);
$block->mReason = wfMessage('abusefilter-blockreason', $rule_desc, $rule_number)->inContentLanguage()->text();
$block->isHardblock(false);
$block->prevents('createaccount', true);
$block->prevents('editownusertalk', false);
$block->mExpiry = SpecialBlock::parseExpiryInput('1 week');
$block->insert();
// Log it
# Prepare log parameters
$logParams = array();
$logParams[] = 'indefinite';
$logParams[] = 'nocreate';
$log = new LogPage('block');
$log->addEntry('block', Title::makeTitle(NS_USER, $range), wfMessage('abusefilter-blockreason', $rule_desc, $rule_number)->inContentLanguage()->text(), $logParams, self::getFilterUser());
$message = array('abusefilter-blocked-display', $rule_desc, $rule_number);
break;
case 'degroup':
global $wgUser;
if (!$wgUser->isAnon()) {
// Remove all groups from the user. Ouch.
$groups = $wgUser->getGroups();
foreach ($groups as $group) {
$wgUser->removeGroup($group);
}
$message = array('abusefilter-degrouped', $rule_desc, $rule_number);
// Don't log it if there aren't any groups being removed!
if (!count($groups)) {
break;
}
// Log it.
$log = new LogPage('rights');
$log->addEntry('rights', $wgUser->getUserPage(), wfMessage('abusefilter-degroupreason', $rule_desc, $rule_number)->inContentLanguage()->text(), array(implode(', ', $groups), ''), self::getFilterUser());
}
break;
case 'blockautopromote':
global $wgUser, $wgMemc;
if (!$wgUser->isAnon()) {
$blockPeriod = (int) mt_rand(3 * 86400, 7 * 86400);
// Block for 3-7 days.
$wgMemc->set(self::autoPromoteBlockKey($wgUser), true, $blockPeriod);
$message = array('abusefilter-autopromote-blocked', $rule_desc, $rule_number);
}
break;
case 'flag':
// Do nothing. Here for completeness.
break;
case 'tag':
// Mark with a tag on recentchanges.
global $wgUser;
$actionID = implode('-', array($title->getPrefixedText(), $wgUser->getName(), $vars->getVar('ACTION')->toString()));
if (!isset(AbuseFilter::$tagsToSet[$actionID])) {
AbuseFilter::$tagsToSet[$actionID] = $parameters;
} else {
AbuseFilter::$tagsToSet[$actionID] = array_merge(AbuseFilter::$tagsToSet[$actionID], $parameters);
}
break;
default:
if (isset($wgAbuseFilterCustomActionsHandlers[$action])) {
$custom_function = $wgAbuseFilterCustomActionsHandlers[$action];
if (is_callable($custom_function)) {
$msg = call_user_func($custom_function, $action, $parameters, $title, $vars, $rule_desc, $rule_number);
}
if (isset($msg)) {
$message = array($msg);
}
} else {
wfDebugLog('AbuseFilter', "Unrecognised action {$action}");
}
}
return $message;
}
/**
* Get blocking information
* @param bool $bFromSlave Whether to check the slave database first.
* To improve performance, non-critical checks are done against slaves.
* Check when actually saving should be done against master.
*/
private function getBlockedStatus($bFromSlave = true)
{
global $wgProxyWhitelist, $wgUser, $wgApplyIpBlocksToXff;
if (-1 != $this->mBlockedby) {
return;
}
wfDebug(__METHOD__ . ": checking...\n");
// Initialize data...
// Otherwise something ends up stomping on $this->mBlockedby when
// things get lazy-loaded later, causing false positive block hits
// due to -1 !== 0. Probably session-related... Nothing should be
// overwriting mBlockedby, surely?
$this->load();
# We only need to worry about passing the IP address to the Block generator if the
# user is not immune to autoblocks/hardblocks, and they are the current user so we
# know which IP address they're actually coming from
if (!$this->isAllowed('ipblock-exempt') && $this->equals($wgUser)) {
$ip = $this->getRequest()->getIP();
} else {
$ip = null;
}
// User/IP blocking
$block = Block::newFromTarget($this, $ip, !$bFromSlave);
// Proxy blocking
if (!$block instanceof Block && $ip !== null && !$this->isAllowed('proxyunbannable') && !in_array($ip, $wgProxyWhitelist)) {
// Local list
if (self::isLocallyBlockedProxy($ip)) {
$block = new Block();
$block->setBlocker(wfMessage('proxyblocker')->text());
$block->mReason = wfMessage('proxyblockreason')->text();
$block->setTarget($ip);
} elseif ($this->isAnon() && $this->isDnsBlacklisted($ip)) {
$block = new Block();
$block->setBlocker(wfMessage('sorbs')->text());
$block->mReason = wfMessage('sorbsreason')->text();
$block->setTarget($ip);
}
}
// (bug 23343) Apply IP blocks to the contents of XFF headers, if enabled
if (!$block instanceof Block && $wgApplyIpBlocksToXff && $ip !== null && !$this->isAllowed('proxyunbannable') && !in_array($ip, $wgProxyWhitelist)) {
$xff = $this->getRequest()->getHeader('X-Forwarded-For');
$xff = array_map('trim', explode(',', $xff));
$xff = array_diff($xff, array($ip));
$xffblocks = Block::getBlocksForIPList($xff, $this->isAnon(), !$bFromSlave);
$block = Block::chooseBlock($xffblocks, $xff);
if ($block instanceof Block) {
# Mangle the reason to alert the user that the block
# originated from matching the X-Forwarded-For header.
$block->mReason = wfMessage('xffblockreason', $block->mReason)->text();
}
}
if ($block instanceof Block) {
wfDebug(__METHOD__ . ": Found block.\n");
$this->mBlock = $block;
$this->mBlockedby = $block->getByName();
$this->mBlockreason = $block->mReason;
$this->mHideName = $block->mHideName;
$this->mAllowUsertalk = !$block->prevents('editownusertalk');
} else {
$this->mBlockedby = '';
$this->mHideName = 0;
$this->mAllowUsertalk = false;
}
// Extensions
Hooks::run('GetBlockedStatus', array(&$this));
}
protected function addXffBlocks()
{
static $inited = false;
if ($inited) {
return;
}
$inited = true;
$blockList = array(array('target' => '70.2.0.0/16', 'type' => Block::TYPE_RANGE, 'desc' => 'Range Hardblock', 'ACDisable' => false, 'isHardblock' => true, 'isAutoBlocking' => false), array('target' => '2001:4860:4001::/48', 'type' => Block::TYPE_RANGE, 'desc' => 'Range6 Hardblock', 'ACDisable' => false, 'isHardblock' => true, 'isAutoBlocking' => false), array('target' => '60.2.0.0/16', 'type' => Block::TYPE_RANGE, 'desc' => 'Range Softblock with AC Disabled', 'ACDisable' => true, 'isHardblock' => false, 'isAutoBlocking' => false), array('target' => '50.2.0.0/16', 'type' => Block::TYPE_RANGE, 'desc' => 'Range Softblock', 'ACDisable' => false, 'isHardblock' => false, 'isAutoBlocking' => false), array('target' => '50.1.1.1', 'type' => Block::TYPE_IP, 'desc' => 'Exact Softblock', 'ACDisable' => false, 'isHardblock' => false, 'isAutoBlocking' => false));
foreach ($blockList as $insBlock) {
$target = $insBlock['target'];
if ($insBlock['type'] === Block::TYPE_IP) {
$target = User::newFromName(IP::sanitizeIP($target), false)->getName();
} elseif ($insBlock['type'] === Block::TYPE_RANGE) {
$target = IP::sanitizeRange($target);
}
$block = new Block();
$block->setTarget($target);
$block->setBlocker('testblocker@global');
$block->mReason = $insBlock['desc'];
$block->mExpiry = 'infinity';
$block->prevents('createaccount', $insBlock['ACDisable']);
$block->isHardblock($insBlock['isHardblock']);
$block->isAutoblocking($insBlock['isAutoBlocking']);
$block->insert();
}
}
/**
* Given the form data, actually implement a block
* @param $data Array
* @param $context IContextSource
* @return Bool|String
*/
public static function processForm(array $data, IContextSource $context)
{
global $wgBlockAllowsUTEdit;
$performer = $context->getUser();
// Handled by field validator callback
// self::validateTargetField( $data['Target'] );
# This might have been a hidden field or a checkbox, so interesting data
# can come from it
$data['Confirm'] = !in_array($data['Confirm'], array('', '0', null, false), true);
list($target, $type) = self::getTargetAndType($data['Target']);
if ($type == Block::TYPE_USER) {
$user = $target;
$target = $user->getName();
$userId = $user->getId();
# Give admins a heads-up before they go and block themselves. Much messier
# to do this for IPs, but it's pretty unlikely they'd ever get the 'block'
# permission anyway, although the code does allow for it.
# Note: Important to use $target instead of $data['Target']
# since both $data['PreviousTarget'] and $target are normalized
# but $data['target'] gets overriden by (non-normalized) request variable
# from previous request.
if ($target === $performer->getName() && ($data['PreviousTarget'] !== $target || !$data['Confirm'])) {
return array('ipb-blockingself');
}
} elseif ($type == Block::TYPE_RANGE) {
$userId = 0;
} elseif ($type == Block::TYPE_IP) {
$target = $target->getName();
$userId = 0;
} else {
# This should have been caught in the form field validation
return array('badipaddress');
}
if (strlen($data['Expiry']) == 0 || strlen($data['Expiry']) > 50 || !self::parseExpiryInput($data['Expiry'])) {
return array('ipb_expiry_invalid');
}
if (!isset($data['DisableEmail'])) {
$data['DisableEmail'] = false;
}
# If the user has done the form 'properly', they won't even have been given the
# option to suppress-block unless they have the 'hideuser' permission
if (!isset($data['HideUser'])) {
$data['HideUser'] = false;
}
if ($data['HideUser']) {
if (!$performer->isAllowed('hideuser')) {
# this codepath is unreachable except by a malicious user spoofing forms,
# or by race conditions (user has oversight and sysop, loads block form,
# and is de-oversighted before submission); so need to fail completely
# rather than just silently disable hiding
return array('badaccess-group0');
}
# Recheck params here...
if ($type != Block::TYPE_USER) {
$data['HideUser'] = false;
# IP users should not be hidden
} elseif (!in_array($data['Expiry'], array('infinite', 'infinity', 'indefinite'))) {
# Bad expiry.
return array('ipb_expiry_temp');
} elseif ($user->getEditCount() > self::HIDEUSER_CONTRIBLIMIT) {
# Typically, the user should have a handful of edits.
# Disallow hiding users with many edits for performance.
return array('ipb_hide_invalid');
} elseif (!$data['Confirm']) {
return array('ipb-confirmhideuser');
}
}
# Create block object.
$block = new Block();
$block->setTarget($target);
$block->setBlocker($performer);
$block->mReason = $data['Reason'][0];
$block->mExpiry = self::parseExpiryInput($data['Expiry']);
$block->prevents('createaccount', $data['CreateAccount']);
$block->prevents('editownusertalk', !$wgBlockAllowsUTEdit || $data['DisableUTEdit']);
$block->prevents('sendemail', $data['DisableEmail']);
$block->isHardblock($data['HardBlock']);
$block->isAutoblocking($data['AutoBlock']);
$block->mHideName = $data['HideUser'];
if (!wfRunHooks('BlockIp', array(&$block, &$performer))) {
return array('hookaborted');
}
# Try to insert block. Is there a conflicting block?
$status = $block->insert();
if (!$status) {
# Show form unless the user is already aware of this...
if (!$data['Confirm'] || array_key_exists('PreviousTarget', $data) && $data['PreviousTarget'] !== $target) {
return array(array('ipb_already_blocked', $block->getTarget()));
# Otherwise, try to update the block...
} else {
# This returns direct blocks before autoblocks/rangeblocks, since we should
# be sure the user is blocked by now it should work for our purposes
$currentBlock = Block::newFromTarget($target);
if ($block->equals($currentBlock)) {
return array(array('ipb_already_blocked', $block->getTarget()));
}
# If the name was hidden and the blocking user cannot hide
# names, then don't allow any block changes...
if ($currentBlock->mHideName && !$performer->isAllowed('hideuser')) {
return array('cant-see-hidden-user');
}
$currentBlock->delete();
$status = $block->insert();
$logaction = 'reblock';
# Unset _deleted fields if requested
if ($currentBlock->mHideName && !$data['HideUser']) {
RevisionDeleteUser::unsuppressUserName($target, $userId);
}
# If hiding/unhiding a name, this should go in the private logs
if ((bool) $currentBlock->mHideName) {
$data['HideUser'] = true;
}
}
} else {
$logaction = 'block';
}
wfRunHooks('BlockIpComplete', array($block, $performer));
# Set *_deleted fields if requested
if ($data['HideUser']) {
RevisionDeleteUser::suppressUserName($target, $userId);
}
# Can't watch a rangeblock
if ($type != Block::TYPE_RANGE && $data['Watch']) {
$performer->addWatch(Title::makeTitle(NS_USER, $target));
}
# Block constructor sanitizes certain block options on insert
$data['BlockEmail'] = $block->prevents('sendemail');
$data['AutoBlock'] = $block->isAutoblocking();
# Prepare log parameters
$logParams = array();
$logParams[] = $data['Expiry'];
$logParams[] = self::blockLogFlags($data, $type);
# Make log entry, if the name is hidden, put it in the oversight log
$log_type = $data['HideUser'] ? 'suppress' : 'block';
$log = new LogPage($log_type);
$log_id = $log->addEntry($logaction, Title::makeTitle(NS_USER, $target), $data['Reason'][0], $logParams);
# Relate log ID to block IDs (bug 25763)
$blockIds = array_merge(array($status['id']), $status['autoIds']);
$log->addRelations('ipb_id', $blockIds, $log_id);
# Report to the user
return true;
}
/**
* Autoblocks the given IP, referring to this Block.
*
* @param string $autoblockIP The IP to autoblock.
* @return int|bool Block ID if an autoblock was inserted, false if not.
*/
public function doAutoblock($autoblockIP)
{
# If autoblocks are disabled, go away.
if (!$this->isAutoblocking()) {
return false;
}
# Check for presence on the autoblock whitelist.
if (self::isWhitelistedFromAutoblocks($autoblockIP)) {
return false;
}
# Allow hooks to cancel the autoblock.
if (!wfRunHooks('AbortAutoblock', array($autoblockIP, &$this))) {
wfDebug("Autoblock aborted by hook.\n");
return false;
}
# It's okay to autoblock. Go ahead and insert/update the block...
# Do not add a *new* block if the IP is already blocked.
$ipblock = Block::newFromTarget($autoblockIP);
if ($ipblock) {
# Check if the block is an autoblock and would exceed the user block
# if renewed. If so, do nothing, otherwise prolong the block time...
if ($ipblock->mAuto && $this->mExpiry > Block::getAutoblockExpiry($ipblock->mTimestamp)) {
# Reset block timestamp to now and its expiry to
# $wgAutoblockExpiry in the future
$ipblock->updateTimestamp();
}
return false;
}
# Make a new block object with the desired properties.
$autoblock = new Block();
wfDebug("Autoblocking {$this->getTarget()}@" . $autoblockIP . "\n");
$autoblock->setTarget($autoblockIP);
$autoblock->setBlocker($this->getBlocker());
$autoblock->mReason = wfMessage('autoblocker', $this->getTarget(), $this->mReason)->inContentLanguage()->plain();
$timestamp = wfTimestampNow();
$autoblock->mTimestamp = $timestamp;
$autoblock->mAuto = 1;
$autoblock->prevents('createaccount', $this->prevents('createaccount'));
# Continue suppressing the name if needed
$autoblock->mHideName = $this->mHideName;
$autoblock->prevents('editownusertalk', $this->prevents('editownusertalk'));
$autoblock->mParentBlockId = $this->mId;
if ($this->mExpiry == 'infinity') {
# Original block was indefinite, start an autoblock now
$autoblock->mExpiry = Block::getAutoblockExpiry($timestamp);
} else {
# If the user is already blocked with an expiry date, we don't
# want to pile on top of that.
$autoblock->mExpiry = min($this->mExpiry, Block::getAutoblockExpiry($timestamp));
}
# Insert the block...
$status = $autoblock->insert();
return $status ? $status['id'] : false;
}
/**
* Block a list of selected users
*
* @param $users Array
* @param $reason String
* @param $tag String: replaces user pages
* @param $talkTag String: replaces user talk pages
* @return Array: list of html-safe usernames
*/
public static function doMassUserBlockInternal($users, $reason = '', $tag = '', $talkTag = '')
{
global $wgUser;
$counter = $blockSize = 0;
$safeUsers = array();
$log = new LogPage('block');
foreach ($users as $name) {
# Enforce limits
$counter++;
$blockSize++;
# Lets not go *too* fast
if ($blockSize >= 20) {
$blockSize = 0;
wfWaitForSlaves(5);
}
$u = User::newFromName($name, false);
// If user doesn't exist, it ought to be an IP then
if (is_null($u) || !$u->getId() && !IP::isIPAddress($u->getName())) {
continue;
}
$userTitle = $u->getUserPage();
$userTalkTitle = $u->getTalkPage();
$userpage = new Article($userTitle);
$usertalk = new Article($userTalkTitle);
$safeUsers[] = '[[' . $userTitle->getPrefixedText() . '|' . $userTitle->getText() . ']]';
$expirestr = $u->getId() ? 'indefinite' : '1 week';
$expiry = SpecialBlock::parseExpiryInput($expirestr);
$anonOnly = IP::isIPAddress($u->getName()) ? 1 : 0;
// Create the block
$block = new Block();
$block->setTarget($u);
$block->setBlocker($wgUser);
$block->mReason = $reason;
$block->mExpiry = $expiry;
$block->isHardblock(!IP::isIPAddress($u->getName()));
$block->isAutoblocking(true);
$block->prevents('createaccount', true);
$block->prevents('sendemail', false);
$block->prevents('editownusertalk', false);
$oldblock = Block::newFromTarget($u->getName());
if (!$oldblock) {
$block->insert();
# Prepare log parameters
$logParams = array();
$logParams[] = $expirestr;
if ($anonOnly) {
$logParams[] = 'anononly';
}
$logParams[] = 'nocreate';
# Add log entry
$log->addEntry('block', $userTitle, $reason, $logParams);
}
# Tag userpage! (check length to avoid mistakes)
if (strlen($tag) > 2) {
$userpage->doEdit($tag, $reason, EDIT_MINOR);
}
if (strlen($talkTag) > 2) {
$usertalk->doEdit($talkTag, $reason, EDIT_MINOR);
}
}
return $safeUsers;
}
/**
* Given the form data, actually implement a block. This is also called from ApiBlock.
*
* @param array $data
* @param IContextSource $context
* @return bool|string
*/
public static function processForm(array $data, IContextSource $context)
{
global $wgBlockAllowsUTEdit, $wgHideUserContribLimit, $wgContLang;
$performer = $context->getUser();
// Handled by field validator callback
// self::validateTargetField( $data['Target'] );
# This might have been a hidden field or a checkbox, so interesting data
# can come from it
$data['Confirm'] = !in_array($data['Confirm'], ['', '0', null, false], true);
/** @var User $target */
list($target, $type) = self::getTargetAndType($data['Target']);
if ($type == Block::TYPE_USER) {
$user = $target;
$target = $user->getName();
$userId = $user->getId();
# Give admins a heads-up before they go and block themselves. Much messier
# to do this for IPs, but it's pretty unlikely they'd ever get the 'block'
# permission anyway, although the code does allow for it.
# Note: Important to use $target instead of $data['Target']
# since both $data['PreviousTarget'] and $target are normalized
# but $data['target'] gets overridden by (non-normalized) request variable
# from previous request.
if ($target === $performer->getName() && ($data['PreviousTarget'] !== $target || !$data['Confirm'])) {
return ['ipb-blockingself', 'ipb-confirmaction'];
}
} elseif ($type == Block::TYPE_RANGE) {
$userId = 0;
} elseif ($type == Block::TYPE_IP) {
$target = $target->getName();
$userId = 0;
} else {
# This should have been caught in the form field validation
return ['badipaddress'];
}
$expiryTime = self::parseExpiryInput($data['Expiry']);
if (strlen($data['Expiry']) == 0 || strlen($data['Expiry']) > 50 || !$expiryTime) {
return ['ipb_expiry_invalid'];
}
// an expiry time should be in the future, not in the
// past (wouldn't make any sense) - bug T123069
if ($expiryTime < wfTimestampNow()) {
return ['ipb_expiry_old'];
}
if (!isset($data['DisableEmail'])) {
$data['DisableEmail'] = false;
}
# If the user has done the form 'properly', they won't even have been given the
# option to suppress-block unless they have the 'hideuser' permission
if (!isset($data['HideUser'])) {
$data['HideUser'] = false;
}
if ($data['HideUser']) {
if (!$performer->isAllowed('hideuser')) {
# this codepath is unreachable except by a malicious user spoofing forms,
# or by race conditions (user has hideuser and block rights, loads block form,
# and loses hideuser rights before submission); so need to fail completely
# rather than just silently disable hiding
return ['badaccess-group0'];
}
# Recheck params here...
if ($type != Block::TYPE_USER) {
$data['HideUser'] = false;
# IP users should not be hidden
} elseif (!wfIsInfinity($data['Expiry'])) {
# Bad expiry.
return ['ipb_expiry_temp'];
} elseif ($wgHideUserContribLimit !== false && $user->getEditCount() > $wgHideUserContribLimit) {
# Typically, the user should have a handful of edits.
# Disallow hiding users with many edits for performance.
return [['ipb_hide_invalid', Message::numParam($wgHideUserContribLimit)]];
} elseif (!$data['Confirm']) {
return ['ipb-confirmhideuser', 'ipb-confirmaction'];
}
}
# Create block object.
$block = new Block();
$block->setTarget($target);
$block->setBlocker($performer);
# Truncate reason for whole multibyte characters
$block->mReason = $wgContLang->truncate($data['Reason'][0], 255);
$block->mExpiry = $expiryTime;
$block->prevents('createaccount', $data['CreateAccount']);
$block->prevents('editownusertalk', !$wgBlockAllowsUTEdit || $data['DisableUTEdit']);
$block->prevents('sendemail', $data['DisableEmail']);
$block->isHardblock($data['HardBlock']);
$block->isAutoblocking($data['AutoBlock']);
$block->mHideName = $data['HideUser'];
$reason = ['hookaborted'];
if (!Hooks::run('BlockIp', [&$block, &$performer, &$reason])) {
return $reason;
}
# Try to insert block. Is there a conflicting block?
$status = $block->insert();
if (!$status) {
# Indicates whether the user is confirming the block and is aware of
# the conflict (did not change the block target in the meantime)
$blockNotConfirmed = !$data['Confirm'] || array_key_exists('PreviousTarget', $data) && $data['PreviousTarget'] !== $target;
# Special case for API - bug 32434
$reblockNotAllowed = array_key_exists('Reblock', $data) && !$data['Reblock'];
# Show form unless the user is already aware of this...
if ($blockNotConfirmed || $reblockNotAllowed) {
return [['ipb_already_blocked', $block->getTarget()]];
# Otherwise, try to update the block...
} else {
# This returns direct blocks before autoblocks/rangeblocks, since we should
# be sure the user is blocked by now it should work for our purposes
$currentBlock = Block::newFromTarget($target);
if ($block->equals($currentBlock)) {
return [['ipb_already_blocked', $block->getTarget()]];
}
# If the name was hidden and the blocking user cannot hide
# names, then don't allow any block changes...
if ($currentBlock->mHideName && !$performer->isAllowed('hideuser')) {
return ['cant-see-hidden-user'];
}
$currentBlock->isHardblock($block->isHardblock());
$currentBlock->prevents('createaccount', $block->prevents('createaccount'));
$currentBlock->mExpiry = $block->mExpiry;
$currentBlock->isAutoblocking($block->isAutoblocking());
$currentBlock->mHideName = $block->mHideName;
$currentBlock->prevents('sendemail', $block->prevents('sendemail'));
$currentBlock->prevents('editownusertalk', $block->prevents('editownusertalk'));
$currentBlock->mReason = $block->mReason;
$status = $currentBlock->update();
$logaction = 'reblock';
# Unset _deleted fields if requested
if ($currentBlock->mHideName && !$data['HideUser']) {
RevisionDeleteUser::unsuppressUserName($target, $userId);
}
# If hiding/unhiding a name, this should go in the private logs
if ((bool) $currentBlock->mHideName) {
$data['HideUser'] = true;
}
}
} else {
$logaction = 'block';
}
Hooks::run('BlockIpComplete', [$block, $performer]);
# Set *_deleted fields if requested
if ($data['HideUser']) {
RevisionDeleteUser::suppressUserName($target, $userId);
}
# Can't watch a rangeblock
if ($type != Block::TYPE_RANGE && $data['Watch']) {
WatchAction::doWatch(Title::makeTitle(NS_USER, $target), $performer, User::IGNORE_USER_RIGHTS);
}
# Block constructor sanitizes certain block options on insert
$data['BlockEmail'] = $block->prevents('sendemail');
$data['AutoBlock'] = $block->isAutoblocking();
# Prepare log parameters
$logParams = [];
$logParams['5::duration'] = $data['Expiry'];
$logParams['6::flags'] = self::blockLogFlags($data, $type);
# Make log entry, if the name is hidden, put it in the suppression log
$log_type = $data['HideUser'] ? 'suppress' : 'block';
$logEntry = new ManualLogEntry($log_type, $logaction);
$logEntry->setTarget(Title::makeTitle(NS_USER, $target));
$logEntry->setComment($data['Reason'][0]);
$logEntry->setPerformer($performer);
$logEntry->setParameters($logParams);
# Relate log ID to block IDs (bug 25763)
$blockIds = array_merge([$status['id']], $status['autoIds']);
$logEntry->setRelations(['ipb_id' => $blockIds]);
$logId = $logEntry->insert();
$logEntry->publish($logId);
# Report to the user
return true;
}
public static function takeConsequenceAction($action, $parameters, $title, $vars, $rule_desc)
{
$display = '';
switch ($action) {
case 'disallow':
if (strlen($parameters[0])) {
$display .= wfMsgExt($parameters[0], 'parseinline', array($rule_desc)) . "\n";
} else {
// Generic message.
$display .= wfMsgExt('abusefilter-disallowed', 'parseinline', array($rule_desc)) . "<br />\n";
}
break;
case 'block':
global $wgUser, $wgAbuseFilterBlockDuration;
$filterUser = AbuseFilter::getFilterUser();
// Create a block.
$block = new Block();
$block->setTarget($wgUser->getName());
$block->setBlocker($filterUser);
$block->mReason = wfMsgForContent('abusefilter-blockreason', $rule_desc);
$block->isHardblock(false);
$block->prevents('createaccount', true);
$block->mExpiry = SpecialBlock::parseExpiryInput($wgAbuseFilterBlockDuration);
$block->insert();
// Log it
# Prepare log parameters
$logParams = array();
if ($block->mExpiry == 'infinity') {
$logParams[] = 'indefinite';
} else {
$logParams[] = $wgAbuseFilterBlockDuration;
}
$logParams[] = 'nocreate, angry-autoblock';
$log = new LogPage('block');
$log->addEntry('block', Title::makeTitle(NS_USER, $wgUser->getName()), wfMsgForContent('abusefilter-blockreason', $rule_desc), $logParams, self::getFilterUser());
$display .= wfMsgExt('abusefilter-blocked-display', 'parseinline', array($rule_desc)) . "<br />\n";
break;
case 'rangeblock':
$filterUser = AbuseFilter::getFilterUser();
$range = IP::sanitizeRange(wfGetIP() . '/16');
// Create a block.
$block = new Block();
$block->setTarget($range);
$block->setBlocker($filterUser);
$block->mReason = wfMsgForContent('abusefilter-blockreason', $rule_desc);
$block->isHardblock(false);
$block->prevents('createaccount', true);
$block->mExpiry = SpecialBlock::parseExpiryInput('1 week');
$block->insert();
// Log it
# Prepare log parameters
$logParams = array();
$logParams[] = 'indefinite';
$logParams[] = 'nocreate, angry-autoblock';
$log = new LogPage('block');
$log->addEntry('block', Title::makeTitle(NS_USER, $range), wfMsgForContent('abusefilter-blockreason', $rule_desc), $logParams, self::getFilterUser());
$display .= wfMsgExt('abusefilter-blocked-display', 'parseinline', $rule_desc) . "<br />\n";
break;
case 'degroup':
global $wgUser;
if (!$wgUser->isAnon()) {
// Remove all groups from the user. Ouch.
$groups = $wgUser->getGroups();
foreach ($groups as $group) {
$wgUser->removeGroup($group);
}
$display .= wfMsgExt('abusefilter-degrouped', 'parseinline', array($rule_desc)) . "<br />\n";
// Don't log it if there aren't any groups being removed!
if (!count($groups)) {
break;
}
// Log it.
$log = new LogPage('rights');
$log->addEntry('rights', $wgUser->getUserPage(), wfMsgForContent('abusefilter-degroupreason', $rule_desc), array(implode(', ', $groups), wfMsgForContent('rightsnone')), self::getFilterUser());
}
break;
case 'blockautopromote':
global $wgUser, $wgMemc;
if (!$wgUser->isAnon()) {
$blockPeriod = (int) mt_rand(3 * 86400, 7 * 86400);
// Block for 3-7 days.
$wgMemc->set(self::autoPromoteBlockKey($wgUser), true, $blockPeriod);
$display .= wfMsgExt('abusefilter-autopromote-blocked', 'parseinline', array($rule_desc)) . "<br />\n";
}
break;
case 'flag':
// Do nothing. Here for completeness.
break;
case 'tag':
// Mark with a tag on recentchanges.
global $wgUser;
$actionID = implode('-', array($title->getPrefixedText(), $wgUser->getName(), $vars->getVar('ACTION')->toString()));
AbuseFilter::$tagsToSet[$actionID] = $parameters;
break;
default:
wfDebugLog('AbuseFilter', "Unrecognised action {$action}");
}
return $display;
}
