jenkins-bot has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/348313 )
Change subject: Use IPSet for checking of wgProxyList
......................................................................
Use IPSet for checking of wgProxyList
Instead of using array_* functions, use the IPSet for checking, if a
specific IP address matches a set of addresses.
This also deprecates a backward-compatibility functionality, that
the wgProxyList array could also be an associative array, where the blocked
IP address is set as a key of the array insted of a value. All IP address
keys will be mved to values on-the-fly, however a deprecation warning will
be emitted. A notice in the Release notes was added, too.
Bug: T161580
Change-Id: I69d9534942c415ab044177969ecd54160079b593
---
M RELEASE-NOTES-1.30
M includes/DefaultSettings.php
M includes/user/User.php
M tests/phpunit/includes/user/UserTest.php
4 files changed, 75 insertions(+), 11 deletions(-)
Approvals:
Krinkle: Looks good to me, approved
jenkins-bot: Verified
diff --git a/RELEASE-NOTES-1.30 b/RELEASE-NOTES-1.30
index 3c1ae8d..244bd16 100644
--- a/RELEASE-NOTES-1.30
+++ b/RELEASE-NOTES-1.30
@@ -39,7 +39,9 @@
* …
=== Other changes in 1.30 ===
-* …
+* The use of an associative array for $wgProxyList, where the IP address is in
+ the key instead of the value, is deprecated (e.g. [ '127.0.0.1' => 'value'
]).
+ Please convert these arrays to indexed/sequential ones (e.g. [ '127.0.0.1'
]).
== Compatibility ==
MediaWiki 1.30 requires PHP 5.5.9 or later. There is experimental support for
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 299757c..ac2261c 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -5938,7 +5938,7 @@
*
* This can have the following formats:
* - An array of addresses, either in the values
- * or the keys (for backward compatibility)
+ * or the keys (for backward compatibility, deprecated since 1.30)
* - A string, in that case this is the path to a file
* containing the list of IP addresses, one per line
*/
diff --git a/includes/user/User.php b/includes/user/User.php
index 3edd49f..94da031 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -20,6 +20,7 @@
* @file
*/
+use IPSet\IPSet;
use MediaWiki\MediaWikiServices;
use MediaWiki\Session\SessionManager;
use MediaWiki\Session\Token;
@@ -1854,18 +1855,33 @@
$wgProxyList = array_map( 'trim', file( $wgProxyList )
);
}
- if ( is_array( $wgProxyList ) ) {
- if (
- // Look for IP as value
- array_search( $ip, $wgProxyList ) !== false ||
- // Look for IP as key (for
backwards-compatility)
- array_key_exists( $ip, $wgProxyList )
- ) {
- return true;
+ $resultProxyList = [];
+ $deprecatedIPEntries = [];
+
+ // backward compatibility: move all ip addresses in keys to
values
+ foreach ( $wgProxyList as $key => $value ) {
+ $keyIsIP = IP::isIPAddress( $key );
+ $valueIsIP = IP::isIPAddress( $value );
+ if ( $keyIsIP && !$valueIsIP ) {
+ $deprecatedIPEntries[] = $key;
+ $resultProxyList[] = $key;
+ } elseif ( $keyIsIP && $valueIsIP ) {
+ $deprecatedIPEntries[] = $key;
+ $resultProxyList[] = $key;
+ $resultProxyList[] = $value;
+ } else {
+ $resultProxyList[] = $value;
}
}
- return false;
+ if ( $deprecatedIPEntries ) {
+ wfDeprecated(
+ 'IP addresses in the keys of $wgProxyList
(found the following IP addresses in keys: ' .
+ implode( ', ', $deprecatedIPEntries ) . ',
please move them to values)', '1.30' );
+ }
+
+ $proxyListIPSet = new IPSet( $resultProxyList );
+ return $proxyListIPSet->match( $ip );
}
/**
diff --git a/tests/phpunit/includes/user/UserTest.php
b/tests/phpunit/includes/user/UserTest.php
index 776dda1..a596851 100644
--- a/tests/phpunit/includes/user/UserTest.php
+++ b/tests/phpunit/includes/user/UserTest.php
@@ -934,4 +934,50 @@
$this->assertFalse( $user->getExperienceLevel() );
}
+
+ public static function provideIsLocallBlockedProxy() {
+ return [
+ [ '1.2.3.4', '1.2.3.4' ],
+ [ '1.2.3.4', '1.2.3.0/16' ],
+ ];
+ }
+
+ /**
+ * @dataProvider provideIsLocallBlockedProxy
+ * @covers User::isLocallyBlockedProxy
+ */
+ public function testIsLocallyBlockedProxy( $ip, $blockListEntry ) {
+ $this->setMwGlobals(
+ 'wgProxyList', []
+ );
+ $this->assertFalse( User::isLocallyBlockedProxy( $ip ) );
+
+ $this->setMwGlobals(
+ 'wgProxyList',
+ [
+ $blockListEntry
+ ]
+ );
+ $this->assertTrue( User::isLocallyBlockedProxy( $ip ) );
+
+ $this->setMwGlobals(
+ 'wgProxyList',
+ [
+ 'test' => $blockListEntry
+ ]
+ );
+ $this->assertTrue( User::isLocallyBlockedProxy( $ip ) );
+
+ $this->hideDeprecated(
+ 'IP addresses in the keys of $wgProxyList (found the
following IP ' .
+ 'addresses in keys: ' . $blockListEntry . ', please
move them to values)'
+ );
+ $this->setMwGlobals(
+ 'wgProxyList',
+ [
+ $blockListEntry => 'test'
+ ]
+ );
+ $this->assertTrue( User::isLocallyBlockedProxy( $ip ) );
+ }
}
--
To view, visit https://gerrit.wikimedia.org/r/348313
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I69d9534942c415ab044177969ecd54160079b593
Gerrit-PatchSet: 15
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Florianschmidtwelzow <[email protected]>
Gerrit-Reviewer: Florianschmidtwelzow <[email protected]>
Gerrit-Reviewer: Krinkle <[email protected]>
Gerrit-Reviewer: Reedy <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
