[MediaWiki-commits] [Gerrit] Add a new configuration variable $wgCheckUserCIDRLimit - change (mediawiki...CheckUser)

[Tim Starling (Code Review)]

Tim Starling has submitted this change and it was merged.

Change subject: Add a new configuration variable $wgCheckUserCIDRLimit
......................................................................


Add a new configuration variable $wgCheckUserCIDRLimit

This determines the sizes of IPv4 and IPv6 ranges that can be checked.
The defaults for IPv4 and IPv6 are left at their previous hard-coded
states.

Change-ID: If21cc97cac3ed4a063e3ab9998215df27914487e
---
M CheckUser.i18n.php
M CheckUser.php
M specials/SpecialCheckUser.php
3 files changed, 17 insertions(+), 6 deletions(-)

Approvals:
  Tim Starling: Verified; Looks good to me, approved



diff --git a/CheckUser.i18n.php b/CheckUser.i18n.php
index b57072c..40c435f 100644
--- a/CheckUser.i18n.php
+++ b/CheckUser.i18n.php
@@ -15,7 +15,7 @@
  */
 $messages['en'] = array(
        'checkuser-summary'          => 'This tool scans recent changes to 
retrieve the IP addresses used by a user or show the edit/user data for an IP 
address.
-Users and edits by a client IP address can be retrieved via XFF headers by 
appending the IP address with "/xff". IPv4 (CIDR 16-32) and IPv6 (CIDR 48-128) 
are supported.
+Users and edits by a client IP address can be retrieved via XFF headers by 
appending the IP address with "/xff". IPv4 (CIDR $1-32) and IPv6 (CIDR $2-128) 
are supported.
 No more than 5,000 edits will be returned for performance reasons.
 Use this in accordance with policy.',
        'checkuser-desc'             => 'Grants users with the appropriate 
permission the ability to check user\'s IP addresses and other information',
diff --git a/CheckUser.php b/CheckUser.php
index 409fbe1..02601e0 100644
--- a/CheckUser.php
+++ b/CheckUser.php
@@ -57,6 +57,12 @@
 // each check they do through Special:CheckUser.
 $wgCheckUserForceSummary = false;
 
+//Shortest CIDR limits that can be checked in any individual range check
+$wgCheckUserCIDRLimit = array(
+       'IPv4'=>16,
+       'IPv6'=>48,
+);
+
 // Public key to encrypt private data that may need to be read later
 // Generate a public key with something like:
 // `openssl genrsa -out cu.key 2048; openssl rsa -in cu.key -pubout > cu.pub`
@@ -105,4 +111,4 @@
 $wgAutoloadClasses['ApiQueryCheckUser'] = "$dir/api/ApiQueryCheckUser.php";
 $wgAPIListModules['checkuser'] = 'ApiQueryCheckUser';
 $wgAutoloadClasses['ApiQueryCheckUserLog'] = 
"$dir/api/ApiQueryCheckUserLog.php";
-$wgAPIListModules['checkuserlog'] = 'ApiQueryCheckUserLog';
+$wgAPIListModules['checkuserlog'] = 'ApiQueryCheckUserLog';
\ No newline at end of file
diff --git a/specials/SpecialCheckUser.php b/specials/SpecialCheckUser.php
index e7b401a..aec7c65 100644
--- a/specials/SpecialCheckUser.php
+++ b/specials/SpecialCheckUser.php
@@ -95,8 +95,12 @@
        }
 
        protected function showGuide() {
-               $this->getOutput()->addWikiText( $this->msg( 
'checkuser-summary' )->text() .
-                       "\n\n[[" . 
$this->getCheckUserLogTitle()->getPrefixedText() .
+               global $wgCheckUserCIDRLimit;
+               $this->getOutput()->addWikiText( 
+                       $this->msg( 'checkuser-summary',
+                               $wgCheckUserCIDRLimit['IPv4'],
+                               $wgCheckUserCIDRLimit['IPv6'] )->text() .
+                               "\n\n[[" . 
$this->getCheckUserLogTitle()->getPrefixedText() .
                                '|' . $this->msg( 'checkuser-showlog' )->text() 
. ']]'
                );
        }
@@ -1334,18 +1338,19 @@
         * @return mixed array/false conditions
         */
        public static function getIpConds( $db, $ip, $xfor = false ) {
+               global $wgCheckUserCIDRLimit;
                $type = ( $xfor ) ? 'xff' : 'ip';
                // IPv4 CIDR, 16-32 bits
                $matches = array();
                if ( preg_match( '#^(\d+\.\d+\.\d+\.\d+)/(\d+)$#', $ip, 
$matches ) ) {
-                       if ( $matches[2] < 16 || $matches[2] > 32 ) {
+                       if ( $matches[2] < $wgCheckUserCIDRLimit['IPv4'] || 
$matches[2] > 32 ) {
                                return false; // invalid
                        }
                        list( $start, $end ) = IP::parseRange( $ip );
                        return array( 'cuc_' . $type . '_hex BETWEEN ' . 
$db->addQuotes( $start ) . ' AND ' . $db->addQuotes( $end ) );
                } elseif ( preg_match( 
'#^\w{1,4}:\w{1,4}:\w{1,4}:\w{1,4}:\w{1,4}:\w{1,4}:\w{1,4}:\w{1,4}/(\d+)$#', 
$ip, $matches ) ) {
                        // IPv6 CIDR, 48-128 bits
-                       if ( $matches[1] < 48 || $matches[1] > 128 ) {
+                       if ( $matches[1] < $wgCheckUserCIDRLimit['IPv6'] || 
$matches[1] > 128 ) {
                                return false; // invalid
                        }
                        list( $start, $end ) = IP::parseRange( $ip );

-- 
To view, visit https://gerrit.wikimedia.org/r/57034
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: If21cc97cac3ed4a063e3ab9998215df27914487e
Gerrit-PatchSet: 8
Gerrit-Project: mediawiki/extensions/CheckUser
Gerrit-Branch: master
Gerrit-Owner: Jasper Deng <jas...@jasperswebsite.com>
Gerrit-Reviewer: Jasper Deng <jas...@jasperswebsite.com>
Gerrit-Reviewer: Jeremyb <jer...@tuxmachine.com>
Gerrit-Reviewer: Legoktm <legoktm.wikipe...@gmail.com>
Gerrit-Reviewer: Nikerabbit <niklas.laxst...@gmail.com>
Gerrit-Reviewer: Petrb <benap...@gmail.com>
Gerrit-Reviewer: Platonides <platoni...@gmail.com>
Gerrit-Reviewer: PleaseStand <pleasest...@live.com>
Gerrit-Reviewer: Tim Starling <tstarl...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits