/** * Construct an IP address representation. * @param string $address The textual representation of an IP address or CIDR range. */ public function __construct($address) { // analyze address format $this->is_valid = IP::isIPAddress($address); if (!$this->is_valid) { return; } $this->is_ipv4 = IP::isIPv4($address); $this->is_ipv6 = !$this->is_ipv4 && IP::isIPv6($address); // analyze address range $this->is_range = IP::isValidBlock($address); $this->encoded_range = IP::parseRange($address); $this->range = array(IP::prettifyIP(IP::formatHex($this->encoded_range[self::START])), IP::prettifyIP(IP::formatHex($this->encoded_range[self::END]))); }
public function execute() { global $wgContLang; $db = $this->getDB(); $params = $this->extractRequestParams(); $this->requireMaxOneParameter($params, 'users', 'ip'); $prop = array_flip($params['prop']); $fld_id = isset($prop['id']); $fld_user = isset($prop['user']); $fld_userid = isset($prop['userid']); $fld_by = isset($prop['by']); $fld_byid = isset($prop['byid']); $fld_timestamp = isset($prop['timestamp']); $fld_expiry = isset($prop['expiry']); $fld_reason = isset($prop['reason']); $fld_range = isset($prop['range']); $fld_flags = isset($prop['flags']); $result = $this->getResult(); $this->addTables('ipblocks'); $this->addFields(array('ipb_auto', 'ipb_id', 'ipb_timestamp')); $this->addFieldsIf(array('ipb_address', 'ipb_user'), $fld_user || $fld_userid); $this->addFieldsIf('ipb_by_text', $fld_by); $this->addFieldsIf('ipb_by', $fld_byid); $this->addFieldsIf('ipb_expiry', $fld_expiry); $this->addFieldsIf('ipb_reason', $fld_reason); $this->addFieldsIf(array('ipb_range_start', 'ipb_range_end'), $fld_range); $this->addFieldsIf(array('ipb_anon_only', 'ipb_create_account', 'ipb_enable_autoblock', 'ipb_block_email', 'ipb_deleted', 'ipb_allow_usertalk'), $fld_flags); $this->addOption('LIMIT', $params['limit'] + 1); $this->addTimestampWhereRange('ipb_timestamp', $params['dir'], $params['start'], $params['end']); // Include in ORDER BY for uniqueness $this->addWhereRange('ipb_id', $params['dir'], null, null); if (!is_null($params['continue'])) { $cont = explode('|', $params['continue']); $this->dieContinueUsageIf(count($cont) != 2); $op = $params['dir'] == 'newer' ? '>' : '<'; $continueTimestamp = $db->addQuotes($db->timestamp($cont[0])); $continueId = (int) $cont[1]; $this->dieContinueUsageIf($continueId != $cont[1]); $this->addWhere("ipb_timestamp {$op} {$continueTimestamp} OR " . "(ipb_timestamp = {$continueTimestamp} AND " . "ipb_id {$op}= {$continueId})"); } if (isset($params['ids'])) { $this->addWhereFld('ipb_id', $params['ids']); } if (isset($params['users'])) { $usernames = array(); foreach ((array) $params['users'] as $u) { $usernames[] = $this->prepareUsername($u); } $this->addWhereFld('ipb_address', $usernames); $this->addWhereFld('ipb_auto', 0); } if (isset($params['ip'])) { $blockCIDRLimit = $this->getConfig()->get('BlockCIDRLimit'); if (IP::isIPv4($params['ip'])) { $type = 'IPv4'; $cidrLimit = $blockCIDRLimit['IPv4']; $prefixLen = 0; } elseif (IP::isIPv6($params['ip'])) { $type = 'IPv6'; $cidrLimit = $blockCIDRLimit['IPv6']; $prefixLen = 3; // IP::toHex output is prefixed with "v6-" } else { $this->dieUsage('IP parameter is not valid', 'param_ip'); } # Check range validity, if it's a CIDR list($ip, $range) = IP::parseCIDR($params['ip']); if ($ip !== false && $range !== false && $range < $cidrLimit) { $this->dieUsage("{$type} CIDR ranges broader than /{$cidrLimit} are not accepted", 'cidrtoobroad'); } # Let IP::parseRange handle calculating $upper, instead of duplicating the logic here. list($lower, $upper) = IP::parseRange($params['ip']); # Extract the common prefix to any rangeblock affecting this IP/CIDR $prefix = substr($lower, 0, $prefixLen + floor($cidrLimit / 4)); # Fairly hard to make a malicious SQL statement out of hex characters, # but it is good practice to add quotes $lower = $db->addQuotes($lower); $upper = $db->addQuotes($upper); $this->addWhere(array('ipb_range_start' . $db->buildLike($prefix, $db->anyString()), 'ipb_range_start <= ' . $lower, 'ipb_range_end >= ' . $upper, 'ipb_auto' => 0)); } if (!is_null($params['show'])) { $show = array_flip($params['show']); /* Check for conflicting parameters. */ if (isset($show['account']) && isset($show['!account']) || isset($show['ip']) && isset($show['!ip']) || isset($show['range']) && isset($show['!range']) || isset($show['temp']) && isset($show['!temp'])) { $this->dieUsageMsg('show'); } $this->addWhereIf('ipb_user = 0', isset($show['!account'])); $this->addWhereIf('ipb_user != 0', isset($show['account'])); $this->addWhereIf('ipb_user != 0 OR ipb_range_end > ipb_range_start', isset($show['!ip'])); $this->addWhereIf('ipb_user = 0 AND ipb_range_end = ipb_range_start', isset($show['ip'])); $this->addWhereIf('ipb_expiry = ' . $db->addQuotes($db->getInfinity()), isset($show['!temp'])); $this->addWhereIf('ipb_expiry != ' . $db->addQuotes($db->getInfinity()), isset($show['temp'])); $this->addWhereIf('ipb_range_end = ipb_range_start', isset($show['!range'])); $this->addWhereIf('ipb_range_end > ipb_range_start', isset($show['range'])); } if (!$this->getUser()->isAllowed('hideuser')) { $this->addWhereFld('ipb_deleted', 0); } // Purge expired entries on one in every 10 queries if (!mt_rand(0, 10)) { Block::purgeExpired(); } $res = $this->select(__METHOD__); $count = 0; foreach ($res as $row) { if (++$count > $params['limit']) { // We've had enough $this->setContinueEnumParameter('continue', "{$row->ipb_timestamp}|{$row->ipb_id}"); break; } $block = array(ApiResult::META_TYPE => 'assoc'); if ($fld_id) { $block['id'] = (int) $row->ipb_id; } if ($fld_user && !$row->ipb_auto) { $block['user'] = $row->ipb_address; } if ($fld_userid && !$row->ipb_auto) { $block['userid'] = (int) $row->ipb_user; } if ($fld_by) { $block['by'] = $row->ipb_by_text; } if ($fld_byid) { $block['byid'] = (int) $row->ipb_by; } if ($fld_timestamp) { $block['timestamp'] = wfTimestamp(TS_ISO_8601, $row->ipb_timestamp); } if ($fld_expiry) { $block['expiry'] = $wgContLang->formatExpiry($row->ipb_expiry, TS_ISO_8601); } if ($fld_reason) { $block['reason'] = $row->ipb_reason; } if ($fld_range && !$row->ipb_auto) { $block['rangestart'] = IP::formatHex($row->ipb_range_start); $block['rangeend'] = IP::formatHex($row->ipb_range_end); } if ($fld_flags) { // For clarity, these flags use the same names as their action=block counterparts $block['automatic'] = (bool) $row->ipb_auto; $block['anononly'] = (bool) $row->ipb_anon_only; $block['nocreate'] = (bool) $row->ipb_create_account; $block['autoblock'] = (bool) $row->ipb_enable_autoblock; $block['noemail'] = (bool) $row->ipb_block_email; $block['hidden'] = (bool) $row->ipb_deleted; $block['allowusertalk'] = (bool) $row->ipb_allow_usertalk; } $fit = $result->addValue(array('query', $this->getModuleName()), null, $block); if (!$fit) { $this->setContinueEnumParameter('continue', "{$row->ipb_timestamp}|{$row->ipb_id}"); break; } } $result->addIndexedTagName(array('query', $this->getModuleName()), 'block'); }
public function execute() { global $wgContLang; $params = $this->extractRequestParams(); $this->requireMaxOneParameter($params, 'users', 'ip'); $prop = array_flip($params['prop']); $fld_id = isset($prop['id']); $fld_user = isset($prop['user']); $fld_userid = isset($prop['userid']); $fld_by = isset($prop['by']); $fld_byid = isset($prop['byid']); $fld_timestamp = isset($prop['timestamp']); $fld_expiry = isset($prop['expiry']); $fld_reason = isset($prop['reason']); $fld_range = isset($prop['range']); $fld_flags = isset($prop['flags']); $result = $this->getResult(); $this->addTables('ipblocks'); $this->addFields('ipb_auto'); $this->addFieldsIf('ipb_id', $fld_id); $this->addFieldsIf(array('ipb_address', 'ipb_user'), $fld_user || $fld_userid); $this->addFieldsIf('ipb_by_text', $fld_by); $this->addFieldsIf('ipb_by', $fld_byid); $this->addFieldsIf('ipb_timestamp', $fld_timestamp); $this->addFieldsIf('ipb_expiry', $fld_expiry); $this->addFieldsIf('ipb_reason', $fld_reason); $this->addFieldsIf(array('ipb_range_start', 'ipb_range_end'), $fld_range); $this->addFieldsIf(array('ipb_anon_only', 'ipb_create_account', 'ipb_enable_autoblock', 'ipb_block_email', 'ipb_deleted', 'ipb_allow_usertalk'), $fld_flags); $this->addOption('LIMIT', $params['limit'] + 1); $this->addTimestampWhereRange('ipb_timestamp', $params['dir'], $params['start'], $params['end']); $db = $this->getDB(); if (isset($params['ids'])) { $this->addWhereFld('ipb_id', $params['ids']); } if (isset($params['users'])) { foreach ((array) $params['users'] as $u) { $this->prepareUsername($u); } $this->addWhereFld('ipb_address', $this->usernames); $this->addWhereFld('ipb_auto', 0); } if (isset($params['ip'])) { list($ip, $range) = IP::parseCIDR($params['ip']); if ($ip && $range) { // We got a CIDR range if ($range < 16) { $this->dieUsage('CIDR ranges broader than /16 are not accepted', 'cidrtoobroad'); } $lower = wfBaseConvert($ip, 10, 16, 8, false); $upper = wfBaseConvert($ip + pow(2, 32 - $range) - 1, 10, 16, 8, false); } else { $lower = $upper = IP::toHex($params['ip']); } $prefix = substr($lower, 0, 4); # Fairly hard to make a malicious SQL statement out of hex characters, # but it is good practice to add quotes $lower = $db->addQuotes($lower); $upper = $db->addQuotes($upper); $this->addWhere(array('ipb_range_start' . $db->buildLike($prefix, $db->anyString()), 'ipb_range_start <= ' . $lower, 'ipb_range_end >= ' . $upper, 'ipb_auto' => 0)); } if (!is_null($params['show'])) { $show = array_flip($params['show']); /* Check for conflicting parameters. */ if (isset($show['account']) && isset($show['!account']) || isset($show['ip']) && isset($show['!ip']) || isset($show['range']) && isset($show['!range']) || isset($show['temp']) && isset($show['!temp'])) { $this->dieUsageMsg('show'); } $this->addWhereIf('ipb_user = 0', isset($show['!account'])); $this->addWhereIf('ipb_user != 0', isset($show['account'])); $this->addWhereIf('ipb_user != 0 OR ipb_range_end > ipb_range_start', isset($show['!ip'])); $this->addWhereIf('ipb_user = 0 AND ipb_range_end = ipb_range_start', isset($show['ip'])); $this->addWhereIf('ipb_expiry = ' . $db->addQuotes($db->getInfinity()), isset($show['!temp'])); $this->addWhereIf('ipb_expiry != ' . $db->addQuotes($db->getInfinity()), isset($show['temp'])); $this->addWhereIf('ipb_range_end = ipb_range_start', isset($show['!range'])); $this->addWhereIf('ipb_range_end > ipb_range_start', isset($show['range'])); } if (!$this->getUser()->isAllowed('hideuser')) { $this->addWhereFld('ipb_deleted', 0); } // Purge expired entries on one in every 10 queries if (!mt_rand(0, 10)) { Block::purgeExpired(); } $res = $this->select(__METHOD__); $count = 0; foreach ($res as $row) { if (++$count > $params['limit']) { // We've had enough $this->setContinueEnumParameter('start', wfTimestamp(TS_ISO_8601, $row->ipb_timestamp)); break; } $block = array(); if ($fld_id) { $block['id'] = $row->ipb_id; } if ($fld_user && !$row->ipb_auto) { $block['user'] = $row->ipb_address; } if ($fld_userid && !$row->ipb_auto) { $block['userid'] = $row->ipb_user; } if ($fld_by) { $block['by'] = $row->ipb_by_text; } if ($fld_byid) { $block['byid'] = $row->ipb_by; } if ($fld_timestamp) { $block['timestamp'] = wfTimestamp(TS_ISO_8601, $row->ipb_timestamp); } if ($fld_expiry) { $block['expiry'] = $wgContLang->formatExpiry($row->ipb_expiry, TS_ISO_8601); } if ($fld_reason) { $block['reason'] = $row->ipb_reason; } if ($fld_range && !$row->ipb_auto) { $block['rangestart'] = IP::formatHex($row->ipb_range_start); $block['rangeend'] = IP::formatHex($row->ipb_range_end); } if ($fld_flags) { // For clarity, these flags use the same names as their action=block counterparts if ($row->ipb_auto) { $block['automatic'] = ''; } if ($row->ipb_anon_only) { $block['anononly'] = ''; } if ($row->ipb_create_account) { $block['nocreate'] = ''; } if ($row->ipb_enable_autoblock) { $block['autoblock'] = ''; } if ($row->ipb_block_email) { $block['noemail'] = ''; } if ($row->ipb_deleted) { $block['hidden'] = ''; } if ($row->ipb_allow_usertalk) { $block['allowusertalk'] = ''; } } $fit = $result->addValue(array('query', $this->getModuleName()), null, $block); if (!$fit) { $this->setContinueEnumParameter('start', wfTimestamp(TS_ISO_8601, $row->ipb_timestamp)); break; } } $result->setIndexedTagName_internal(array('query', $this->getModuleName()), 'block'); }
/** * Execute the subpage. * @param $params array Array of subpage parameters. */ function execute( $params ) { global $wgOut, $wgUser, $wgLang; if ( !count( $params ) ) { $wgOut->addWikiMsg( 'securepoll-too-few-params' ); return; } $this->voteId = intval( $params[0] ); $db = $this->context->getDB(); $row = $db->selectRow( array( 'securepoll_votes', 'securepoll_elections', 'securepoll_voters' ), '*', array( 'vote_id' => $this->voteId, 'vote_election=el_entity', 'vote_voter=voter_id', ), __METHOD__ ); if ( !$row ) { $wgOut->addWikiMsg( 'securepoll-invalid-vote', $this->voteId ); return; } $this->election = $this->context->newElectionFromRow( $row ); $this->initLanguage( $wgUser, $this->election ); $this->parent->setSubtitle( array( $this->parent->getTitle( 'list/' . $this->election->getId() ), wfMsg( 'securepoll-list-title', $this->election->getMessage( 'title' ) ) ) ); if ( !$this->election->isAdmin( $wgUser ) ) { $wgOut->addWikiMsg( 'securepoll-need-admin' ); return; } # Show vote properties $wgOut->setPageTitle( wfMsg( 'securepoll-details-title', $this->voteId ) ); $wgOut->addHTML( '<table class="mw-datatable TablePager">' . $this->detailEntry( 'securepoll-header-id', $row->vote_id ) . $this->detailEntry( 'securepoll-header-timestamp', $row->vote_timestamp ) . $this->detailEntry( 'securepoll-header-voter-name', $row->voter_name ) . $this->detailEntry( 'securepoll-header-voter-type', $row->voter_type ) . $this->detailEntry( 'securepoll-header-voter-domain', $row->voter_domain ) . $this->detailEntry( 'securepoll-header-url', $row->voter_url ) . $this->detailEntry( 'securepoll-header-ip', IP::formatHex( $row->vote_ip ) ) . $this->detailEntry( 'securepoll-header-xff', $row->vote_xff ) . $this->detailEntry( 'securepoll-header-ua', $row->vote_ua ) . $this->detailEntry( 'securepoll-header-token-match', $row->vote_token_match ) . '</table>' ); # Show voter properties $wgOut->addHTML( '<h2>' . wfMsgHTML( 'securepoll-voter-properties' ) . "</h2>\n" ); $wgOut->addHTML( '<table class="mw-datatable TablePager">' ); $props = SecurePoll_Voter::decodeProperties( $row->voter_properties ); foreach ( $props as $name => $value ) { if ( is_array( $value ) ) { $value = implode( ', ', $value ); } $wgOut->addHTML( '<td class="securepoll-detail-header">' . htmlspecialchars( $name ) . "</td>\n" . '<td>' . htmlspecialchars( $value ) . "</td></tr>\n" ); } $wgOut->addHTML( '</table>' ); # Show cookie dups $cmTable = $db->tableName( 'securepoll_cookie_match' ); $voterId = intval( $row->voter_id ); $sql = "(SELECT cm_voter_2 as voter, cm_timestamp FROM $cmTable WHERE cm_voter_1=$voterId)" . " UNION " . "(SELECT cm_voter_1 as voter, cm_timestamp FROM $cmTable WHERE cm_voter_2=$voterId)"; $res = $db->query( $sql, __METHOD__ ); if ( $res->numRows() ) { $wgOut->addHTML( '<h2>' . wfMsgHTML( 'securepoll-cookie-dup-list' ) . '</h2>' ); $wgOut->addHTML( '<table class="mw-datatable TablePager">' ); foreach ( $res as $row ) { $voter = $this->context->getVoter( $row->voter ); $wgOut->addHTML( '<tr>' . '<td>' . htmlspecialchars( $wgLang->timeanddate( $row->cm_timestamp ) ) . '</td>' . '<td>' . Xml::element( 'a', array( 'href' => $voter->getUrl() ), $voter->getName() . '@' . $voter->getDomain() ) . '</td></tr>' ); } $wgOut->addHTML( '</table>' ); } # Show strike log $wgOut->addHTML( '<h2>' . wfMsgHTML( 'securepoll-strike-log' ) . "</h2>\n" ); $pager = new SecurePoll_StrikePager( $this, $this->voteId ); $wgOut->addHTML( $pager->getBody() . $pager->getNavigationBar() ); }
function formatValue( $name, $value ) { global $wgLang, $wgScriptPath; $critical = Xml::element( 'img', array( 'src' => "$wgScriptPath/extensions/SecurePoll/resources/critical-32.png" ) ); $voter = SecurePoll_Voter::newFromId( $this->listPage->context, $this->mCurrentRow->vote_voter ); switch ( $name ) { case 'vote_timestamp': return $wgLang->timeanddate( $value ); case 'vote_ip': return IP::formatHex( $value ); case 'vote_cookie_dup': $value = !$value; // fall through case 'vote_token_match': if ( $value ) { return ''; } else { return $critical; } case 'details': $voteId = intval( $this->mCurrentRow->vote_id ); $title = $this->listPage->parent->getTitle( "details/$voteId" ); return Xml::element( 'a', array( 'href' => $title->getLocalUrl() ), wfMsg( 'securepoll-details-link' ) ); break; case 'strike': $voteId = intval( $this->mCurrentRow->vote_id ); if ( $this->mCurrentRow->vote_struck ) { $label = wfMsg( 'securepoll-unstrike-button' ); $action = "'unstrike'"; } else { $label = wfMsg( 'securepoll-strike-button' ); $action = "'strike'"; } $id = 'securepoll-popup-' . $voteId; return Xml::element( 'input', array( 'type' => 'button', 'id' => $id, 'value' => $label, 'onclick' => "securepoll_strike_popup(event, $action, $voteId)" ) ); case 'vote_voter_name': $msg = $voter->isRemote() ? 'securepoll-voter-name-remote' : 'securepoll-voter-name-local'; return wfMsgExt( $msg, 'parseinline', array( $value ) ); default: return htmlspecialchars( $value ); } }