Пример #1
0
 /**
  * Process the form
  *
  * @param $data Array
  * @param $context IContextSource
  * @throws ErrorPageError
  * @return Array( Array(message key, parameters) ) on failure, True on success
  */
 public static function processUnblock(array $data, IContextSource $context)
 {
     $performer = $context->getUser();
     $target = $data['Target'];
     $block = Block::newFromTarget($data['Target']);
     if (!$block instanceof Block) {
         return array(array('ipb_cant_unblock', $target));
     }
     # bug 15810: blocked admins should have limited access here.  This
     # won't allow sysops to remove autoblocks on themselves, but they
     # should have ipblock-exempt anyway
     $status = SpecialBlock::checkUnblockSelf($target, $performer);
     if ($status !== true) {
         throw new ErrorPageError('badaccess', $status);
     }
     # If the specified IP is a single address, and the block is a range block, don't
     # unblock the whole range.
     list($target, $type) = SpecialBlock::getTargetAndType($target);
     if ($block->getType() == Block::TYPE_RANGE && $type == Block::TYPE_IP) {
         $range = $block->getTarget();
         return array(array('ipb_blocked_as_range', $target, $range));
     }
     # If the name was hidden and the blocking user cannot hide
     # names, then don't allow any block removals...
     if (!$performer->isAllowed('hideuser') && $block->mHideName) {
         return array('unblock-hideuser');
     }
     # Delete block
     if (!$block->delete()) {
         return array('ipb_cant_unblock', htmlspecialchars($block->getTarget()));
     }
     # Unset _deleted fields as needed
     if ($block->mHideName) {
         # Something is deeply FUBAR if this is not a User object, but who knows?
         $id = $block->getTarget() instanceof User ? $block->getTarget()->getID() : User::idFromName($block->getTarget());
         RevisionDeleteUser::unsuppressUserName($block->getTarget(), $id);
     }
     # Redact the name (IP address) for autoblocks
     if ($block->getType() == Block::TYPE_AUTO) {
         $page = Title::makeTitle(NS_USER, '#' . $block->getId());
     } else {
         $page = $block->getTarget() instanceof User ? $block->getTarget()->getUserpage() : Title::makeTitle(NS_USER, $block->getTarget());
     }
     # Make log entry
     $log = new LogPage('block');
     $log->addEntry('unblock', $page, $data['Reason'], array(), $performer);
     return true;
 }
Пример #2
0
 /**
  * Given the form data, actually implement a block
  * @param  $data Array
  * @param  $context IContextSource
  * @return Bool|String
  */
 public static function processForm(array $data, IContextSource $context)
 {
     global $wgBlockAllowsUTEdit;
     $performer = $context->getUser();
     // Handled by field validator callback
     // self::validateTargetField( $data['Target'] );
     # This might have been a hidden field or a checkbox, so interesting data
     # can come from it
     $data['Confirm'] = !in_array($data['Confirm'], array('', '0', null, false), true);
     list($target, $type) = self::getTargetAndType($data['Target']);
     if ($type == Block::TYPE_USER) {
         $user = $target;
         $target = $user->getName();
         $userId = $user->getId();
         # Give admins a heads-up before they go and block themselves.  Much messier
         # to do this for IPs, but it's pretty unlikely they'd ever get the 'block'
         # permission anyway, although the code does allow for it.
         # Note: Important to use $target instead of $data['Target']
         # since both $data['PreviousTarget'] and $target are normalized
         # but $data['target'] gets overriden by (non-normalized) request variable
         # from previous request.
         if ($target === $performer->getName() && ($data['PreviousTarget'] !== $target || !$data['Confirm'])) {
             return array('ipb-blockingself');
         }
     } elseif ($type == Block::TYPE_RANGE) {
         $userId = 0;
     } elseif ($type == Block::TYPE_IP) {
         $target = $target->getName();
         $userId = 0;
     } else {
         # This should have been caught in the form field validation
         return array('badipaddress');
     }
     if (strlen($data['Expiry']) == 0 || strlen($data['Expiry']) > 50 || !self::parseExpiryInput($data['Expiry'])) {
         return array('ipb_expiry_invalid');
     }
     if (!isset($data['DisableEmail'])) {
         $data['DisableEmail'] = false;
     }
     # If the user has done the form 'properly', they won't even have been given the
     # option to suppress-block unless they have the 'hideuser' permission
     if (!isset($data['HideUser'])) {
         $data['HideUser'] = false;
     }
     if ($data['HideUser']) {
         if (!$performer->isAllowed('hideuser')) {
             # this codepath is unreachable except by a malicious user spoofing forms,
             # or by race conditions (user has oversight and sysop, loads block form,
             # and is de-oversighted before submission); so need to fail completely
             # rather than just silently disable hiding
             return array('badaccess-group0');
         }
         # Recheck params here...
         if ($type != Block::TYPE_USER) {
             $data['HideUser'] = false;
             # IP users should not be hidden
         } elseif (!in_array($data['Expiry'], array('infinite', 'infinity', 'indefinite'))) {
             # Bad expiry.
             return array('ipb_expiry_temp');
         } elseif ($user->getEditCount() > self::HIDEUSER_CONTRIBLIMIT) {
             # Typically, the user should have a handful of edits.
             # Disallow hiding users with many edits for performance.
             return array('ipb_hide_invalid');
         } elseif (!$data['Confirm']) {
             return array('ipb-confirmhideuser');
         }
     }
     # Create block object.
     $block = new Block();
     $block->setTarget($target);
     $block->setBlocker($performer);
     $block->mReason = $data['Reason'][0];
     $block->mExpiry = self::parseExpiryInput($data['Expiry']);
     $block->prevents('createaccount', $data['CreateAccount']);
     $block->prevents('editownusertalk', !$wgBlockAllowsUTEdit || $data['DisableUTEdit']);
     $block->prevents('sendemail', $data['DisableEmail']);
     $block->isHardblock($data['HardBlock']);
     $block->isAutoblocking($data['AutoBlock']);
     $block->mHideName = $data['HideUser'];
     if (!wfRunHooks('BlockIp', array(&$block, &$performer))) {
         return array('hookaborted');
     }
     # Try to insert block. Is there a conflicting block?
     $status = $block->insert();
     if (!$status) {
         # Show form unless the user is already aware of this...
         if (!$data['Confirm'] || array_key_exists('PreviousTarget', $data) && $data['PreviousTarget'] !== $target) {
             return array(array('ipb_already_blocked', $block->getTarget()));
             # Otherwise, try to update the block...
         } else {
             # This returns direct blocks before autoblocks/rangeblocks, since we should
             # be sure the user is blocked by now it should work for our purposes
             $currentBlock = Block::newFromTarget($target);
             if ($block->equals($currentBlock)) {
                 return array(array('ipb_already_blocked', $block->getTarget()));
             }
             # If the name was hidden and the blocking user cannot hide
             # names, then don't allow any block changes...
             if ($currentBlock->mHideName && !$performer->isAllowed('hideuser')) {
                 return array('cant-see-hidden-user');
             }
             $currentBlock->delete();
             $status = $block->insert();
             $logaction = 'reblock';
             # Unset _deleted fields if requested
             if ($currentBlock->mHideName && !$data['HideUser']) {
                 RevisionDeleteUser::unsuppressUserName($target, $userId);
             }
             # If hiding/unhiding a name, this should go in the private logs
             if ((bool) $currentBlock->mHideName) {
                 $data['HideUser'] = true;
             }
         }
     } else {
         $logaction = 'block';
     }
     wfRunHooks('BlockIpComplete', array($block, $performer));
     # Set *_deleted fields if requested
     if ($data['HideUser']) {
         RevisionDeleteUser::suppressUserName($target, $userId);
     }
     # Can't watch a rangeblock
     if ($type != Block::TYPE_RANGE && $data['Watch']) {
         $performer->addWatch(Title::makeTitle(NS_USER, $target));
     }
     # Block constructor sanitizes certain block options on insert
     $data['BlockEmail'] = $block->prevents('sendemail');
     $data['AutoBlock'] = $block->isAutoblocking();
     # Prepare log parameters
     $logParams = array();
     $logParams[] = $data['Expiry'];
     $logParams[] = self::blockLogFlags($data, $type);
     # Make log entry, if the name is hidden, put it in the oversight log
     $log_type = $data['HideUser'] ? 'suppress' : 'block';
     $log = new LogPage($log_type);
     $log_id = $log->addEntry($logaction, Title::makeTitle(NS_USER, $target), $data['Reason'][0], $logParams);
     # Relate log ID to block IDs (bug 25763)
     $blockIds = array_merge(array($status['id']), $status['autoIds']);
     $log->addRelations('ipb_id', $blockIds, $log_id);
     # Report to the user
     return true;
 }
Пример #3
0
 /**
  * Given the form data, actually implement a block. This is also called from ApiBlock.
  *
  * @param array $data
  * @param IContextSource $context
  * @return bool|string
  */
 public static function processForm(array $data, IContextSource $context)
 {
     global $wgBlockAllowsUTEdit, $wgHideUserContribLimit, $wgContLang;
     $performer = $context->getUser();
     // Handled by field validator callback
     // self::validateTargetField( $data['Target'] );
     # This might have been a hidden field or a checkbox, so interesting data
     # can come from it
     $data['Confirm'] = !in_array($data['Confirm'], ['', '0', null, false], true);
     /** @var User $target */
     list($target, $type) = self::getTargetAndType($data['Target']);
     if ($type == Block::TYPE_USER) {
         $user = $target;
         $target = $user->getName();
         $userId = $user->getId();
         # Give admins a heads-up before they go and block themselves.  Much messier
         # to do this for IPs, but it's pretty unlikely they'd ever get the 'block'
         # permission anyway, although the code does allow for it.
         # Note: Important to use $target instead of $data['Target']
         # since both $data['PreviousTarget'] and $target are normalized
         # but $data['target'] gets overridden by (non-normalized) request variable
         # from previous request.
         if ($target === $performer->getName() && ($data['PreviousTarget'] !== $target || !$data['Confirm'])) {
             return ['ipb-blockingself', 'ipb-confirmaction'];
         }
     } elseif ($type == Block::TYPE_RANGE) {
         $userId = 0;
     } elseif ($type == Block::TYPE_IP) {
         $target = $target->getName();
         $userId = 0;
     } else {
         # This should have been caught in the form field validation
         return ['badipaddress'];
     }
     $expiryTime = self::parseExpiryInput($data['Expiry']);
     if (strlen($data['Expiry']) == 0 || strlen($data['Expiry']) > 50 || !$expiryTime) {
         return ['ipb_expiry_invalid'];
     }
     // an expiry time should be in the future, not in the
     // past (wouldn't make any sense) - bug T123069
     if ($expiryTime < wfTimestampNow()) {
         return ['ipb_expiry_old'];
     }
     if (!isset($data['DisableEmail'])) {
         $data['DisableEmail'] = false;
     }
     # If the user has done the form 'properly', they won't even have been given the
     # option to suppress-block unless they have the 'hideuser' permission
     if (!isset($data['HideUser'])) {
         $data['HideUser'] = false;
     }
     if ($data['HideUser']) {
         if (!$performer->isAllowed('hideuser')) {
             # this codepath is unreachable except by a malicious user spoofing forms,
             # or by race conditions (user has hideuser and block rights, loads block form,
             # and loses hideuser rights before submission); so need to fail completely
             # rather than just silently disable hiding
             return ['badaccess-group0'];
         }
         # Recheck params here...
         if ($type != Block::TYPE_USER) {
             $data['HideUser'] = false;
             # IP users should not be hidden
         } elseif (!wfIsInfinity($data['Expiry'])) {
             # Bad expiry.
             return ['ipb_expiry_temp'];
         } elseif ($wgHideUserContribLimit !== false && $user->getEditCount() > $wgHideUserContribLimit) {
             # Typically, the user should have a handful of edits.
             # Disallow hiding users with many edits for performance.
             return [['ipb_hide_invalid', Message::numParam($wgHideUserContribLimit)]];
         } elseif (!$data['Confirm']) {
             return ['ipb-confirmhideuser', 'ipb-confirmaction'];
         }
     }
     # Create block object.
     $block = new Block();
     $block->setTarget($target);
     $block->setBlocker($performer);
     # Truncate reason for whole multibyte characters
     $block->mReason = $wgContLang->truncate($data['Reason'][0], 255);
     $block->mExpiry = $expiryTime;
     $block->prevents('createaccount', $data['CreateAccount']);
     $block->prevents('editownusertalk', !$wgBlockAllowsUTEdit || $data['DisableUTEdit']);
     $block->prevents('sendemail', $data['DisableEmail']);
     $block->isHardblock($data['HardBlock']);
     $block->isAutoblocking($data['AutoBlock']);
     $block->mHideName = $data['HideUser'];
     $reason = ['hookaborted'];
     if (!Hooks::run('BlockIp', [&$block, &$performer, &$reason])) {
         return $reason;
     }
     # Try to insert block. Is there a conflicting block?
     $status = $block->insert();
     if (!$status) {
         # Indicates whether the user is confirming the block and is aware of
         # the conflict (did not change the block target in the meantime)
         $blockNotConfirmed = !$data['Confirm'] || array_key_exists('PreviousTarget', $data) && $data['PreviousTarget'] !== $target;
         # Special case for API - bug 32434
         $reblockNotAllowed = array_key_exists('Reblock', $data) && !$data['Reblock'];
         # Show form unless the user is already aware of this...
         if ($blockNotConfirmed || $reblockNotAllowed) {
             return [['ipb_already_blocked', $block->getTarget()]];
             # Otherwise, try to update the block...
         } else {
             # This returns direct blocks before autoblocks/rangeblocks, since we should
             # be sure the user is blocked by now it should work for our purposes
             $currentBlock = Block::newFromTarget($target);
             if ($block->equals($currentBlock)) {
                 return [['ipb_already_blocked', $block->getTarget()]];
             }
             # If the name was hidden and the blocking user cannot hide
             # names, then don't allow any block changes...
             if ($currentBlock->mHideName && !$performer->isAllowed('hideuser')) {
                 return ['cant-see-hidden-user'];
             }
             $currentBlock->isHardblock($block->isHardblock());
             $currentBlock->prevents('createaccount', $block->prevents('createaccount'));
             $currentBlock->mExpiry = $block->mExpiry;
             $currentBlock->isAutoblocking($block->isAutoblocking());
             $currentBlock->mHideName = $block->mHideName;
             $currentBlock->prevents('sendemail', $block->prevents('sendemail'));
             $currentBlock->prevents('editownusertalk', $block->prevents('editownusertalk'));
             $currentBlock->mReason = $block->mReason;
             $status = $currentBlock->update();
             $logaction = 'reblock';
             # Unset _deleted fields if requested
             if ($currentBlock->mHideName && !$data['HideUser']) {
                 RevisionDeleteUser::unsuppressUserName($target, $userId);
             }
             # If hiding/unhiding a name, this should go in the private logs
             if ((bool) $currentBlock->mHideName) {
                 $data['HideUser'] = true;
             }
         }
     } else {
         $logaction = 'block';
     }
     Hooks::run('BlockIpComplete', [$block, $performer]);
     # Set *_deleted fields if requested
     if ($data['HideUser']) {
         RevisionDeleteUser::suppressUserName($target, $userId);
     }
     # Can't watch a rangeblock
     if ($type != Block::TYPE_RANGE && $data['Watch']) {
         WatchAction::doWatch(Title::makeTitle(NS_USER, $target), $performer, User::IGNORE_USER_RIGHTS);
     }
     # Block constructor sanitizes certain block options on insert
     $data['BlockEmail'] = $block->prevents('sendemail');
     $data['AutoBlock'] = $block->isAutoblocking();
     # Prepare log parameters
     $logParams = [];
     $logParams['5::duration'] = $data['Expiry'];
     $logParams['6::flags'] = self::blockLogFlags($data, $type);
     # Make log entry, if the name is hidden, put it in the suppression log
     $log_type = $data['HideUser'] ? 'suppress' : 'block';
     $logEntry = new ManualLogEntry($log_type, $logaction);
     $logEntry->setTarget(Title::makeTitle(NS_USER, $target));
     $logEntry->setComment($data['Reason'][0]);
     $logEntry->setPerformer($performer);
     $logEntry->setParameters($logParams);
     # Relate log ID to block IDs (bug 25763)
     $blockIds = array_merge([$status['id']], $status['autoIds']);
     $logEntry->setRelations(['ipb_id' => $blockIds]);
     $logId = $logEntry->insert();
     $logEntry->publish($logId);
     # Report to the user
     return true;
 }
Пример #4
0
 /**
  * Process the form
  * @return Array( Array(message key, parameters) ) on failure, True on success
  */
 public static function processUnblock(array $data)
 {
     global $wgUser;
     $target = $data['Target'];
     $block = Block::newFromTarget($data['Target']);
     if (!$block instanceof Block) {
         return array(array('ipb_cant_unblock', $target));
     }
     # If the specified IP is a single address, and the block is a range block, don't
     # unblock the whole range.
     list($target, $type) = SpecialBlock::getTargetAndType($target);
     if ($block->getType() == Block::TYPE_RANGE && $type == Block::TYPE_IP) {
         $range = $block->getTarget();
         return array(array('ipb_blocked_as_range', $target, $range));
     }
     # If the name was hidden and the blocking user cannot hide
     # names, then don't allow any block removals...
     if (!$wgUser->isAllowed('hideuser') && $block->mHideName) {
         return array('unblock-hideuser');
     }
     # Delete block
     if (!$block->delete()) {
         return array('ipb_cant_unblock', htmlspecialchars($block->getTarget()));
     }
     # Unset _deleted fields as needed
     if ($block->mHideName) {
         # Something is deeply FUBAR if this is not a User object, but who knows?
         $id = $block->getTarget() instanceof User ? $block->getTarget()->getID() : User::idFromName($block->getTarget());
         RevisionDeleteUser::unsuppressUserName($block->getTarget(), $id);
     }
     # Redact the name (IP address) for autoblocks
     if ($block->getType() == Block::TYPE_AUTO) {
         $page = Title::makeTitle(NS_USER, '#' . $block->getId());
     } else {
         $page = $block->getTarget() instanceof User ? $block->getTarget()->getUserpage() : Title::makeTitle(NS_USER, $block->getTarget());
     }
     # Make log entry
     $log = new LogPage('block');
     $log->addEntry('unblock', $page, $data['Reason']);
     return true;
 }
 /**
  * Suppresses a local account of a user.
  *
  * @param $suppress Bool
  * @param $wiki String
  * @param $by String
  * @param $reason String
  * @return Array|null Error array on failure
  */
 public function doLocalSuppression($suppress, $wiki, $by, $reason)
 {
     global $wgConf;
     $lb = wfGetLB($wiki);
     $dbw = $lb->getConnection(DB_MASTER, array(), $wiki);
     $data = $this->localUserData($wiki);
     if ($suppress) {
         list(, $lang) = $wgConf->siteFromDB($wiki);
         $langNames = Language::fetchLanguageNames();
         $lang = isset($langNames[$lang]) ? $lang : 'en';
         $blockReason = wfMessage('centralauth-admin-suppressreason', $by, $reason)->inLanguage($lang)->text();
         $block = new Block(array('address' => $this->mName, 'user' => $data['id'], 'reason' => $blockReason, 'timestamp' => wfTimestampNow(), 'expiry' => $dbw->getInfinity(), 'createAccount' => true, 'enableAutoblock' => true, 'hideName' => true, 'blockEmail' => true, 'byText' => $by));
         # On normal block, BlockIp hook would be run here, but doing
         # that from CentralAuth doesn't seem a good idea...
         if (!$block->insert($dbw)) {
             return array('ipb_already_blocked');
         }
         # Ditto for BlockIpComplete hook.
         RevisionDeleteUser::suppressUserName($this->mName, $data['id'], $dbw);
         # Locally log to suppress ?
     } else {
         $dbw->delete('ipblocks', array('ipb_user' => $data['id'], 'ipb_by' => 0, 'ipb_deleted' => true), __METHOD__);
         // Unsuppress only if unblocked
         if ($dbw->affectedRows()) {
             RevisionDeleteUser::unsuppressUserName($this->mName, $data['id'], $dbw);
         }
     }
     return null;
 }