jenkins-bot has submitted this change and it was merged.
Change subject: Remove proxy check in EditPage.php
......................................................................
Remove proxy check in EditPage.php
$wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath, and
$wgProxyMemcExpiry have been removed, along with the open proxy
scanner script they were added for.
Bug: 54597
Change-Id: Id4c7521443f04995df3d8762d23629c18ada76f8
---
M RELEASE-NOTES-1.22
M includes/AutoLoader.php
M includes/DefaultSettings.php
M includes/EditPage.php
M includes/ProxyTools.php
M includes/SpecialPageFactory.php
D includes/specials/SpecialBlockme.php
M languages/messages/MessagesEn.php
M languages/messages/MessagesQqq.php
M maintenance/fuzz-tester.php
M maintenance/language/messages.inc
D maintenance/proxyCheck.php
12 files changed, 9 insertions(+), 242 deletions(-)
Approvals:
Parent5446: Looks good to me, approved
jenkins-bot: Verified
diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22
index b988294..f6848e5 100644
--- a/RELEASE-NOTES-1.22
+++ b/RELEASE-NOTES-1.22
@@ -61,6 +61,9 @@
* The precise format of metric datagrams produced by the UDP profiler and
stats counter
may now be specified as $wgUDPProfilerFormatString and $wgStatsFormatString,
respectively.
+* (bug 54597) $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath, and
+ $wgProxyMemcExpiry have been removed, along with the open proxy scanner
+ script they were added for.
=== New features in 1.22 ===
* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements
and attributes.
diff --git a/includes/AutoLoader.php b/includes/AutoLoader.php
index 652fa54..7f1c3b4 100644
--- a/includes/AutoLoader.php
+++ b/includes/AutoLoader.php
@@ -971,7 +971,6 @@
'SpecialBlankpage' => 'includes/specials/SpecialBlankpage.php',
'SpecialBlock' => 'includes/specials/SpecialBlock.php',
'SpecialBlockList' => 'includes/specials/SpecialBlockList.php',
- 'SpecialBlockme' => 'includes/specials/SpecialBlockme.php',
'SpecialBookSources' => 'includes/specials/SpecialBooksources.php',
'SpecialCachedPage' => 'includes/specials/SpecialCachedPage.php',
'SpecialCategories' => 'includes/specials/SpecialCategories.php',
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index a0a1b3e..880f05a 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -3936,7 +3936,7 @@
'ScriptImporter', // Default user name used by
maintenance/importSiteScripts.php
'msg:double-redirect-fixer', // Automatic double redirect fix
'msg:usermessage-editor', // Default user for leaving user messages
- 'msg:proxyblocker', // For Special:Blockme
+ 'msg:proxyblocker', // For $wgProxyList and Special:Blockme (removed in
1.22)
);
/**
@@ -4694,31 +4694,6 @@
* @name Proxy scanner settings
* @{
*/
-
-/**
- * If you enable this, every editor's IP address will be scanned for open HTTP
- * proxies.
- *
- * @warning Don't enable this. Many sysops will report "hostile TCP port scans"
- * to your ISP and ask for your server to be shut down.
- * You have been warned.
- */
-$wgBlockOpenProxies = false;
-
-/**
- * Port we want to scan for a proxy
- */
-$wgProxyPorts = array( 80, 81, 1080, 3128, 6588, 8000, 8080, 8888, 65506 );
-
-/**
- * Script used to scan
- */
-$wgProxyScriptPath = "$IP/maintenance/proxyCheck.php";
-
-/**
- * Expiration time for cached proxy IPs
- */
-$wgProxyMemcExpiry = 86400;
/**
* This should always be customised in LocalSettings.php
diff --git a/includes/EditPage.php b/includes/EditPage.php
index 12cd4b3..718fe91 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -840,7 +840,6 @@
if ( $this->textbox1 === false ) {
return false;
}
- wfProxyCheck();
return true;
}
diff --git a/includes/ProxyTools.php b/includes/ProxyTools.php
index b54a9a3..bf1c405 100644
--- a/includes/ProxyTools.php
+++ b/includes/ProxyTools.php
@@ -84,43 +84,3 @@
in_array( $ip, $wgSquidServersNoPurge );
return $trusted;
}
-
-/**
- * Forks processes to scan the originating IP for an open proxy server
- * MemCached can be used to skip IPs that have already been scanned
- */
-function wfProxyCheck() {
- global $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath;
- global $wgMemc, $wgProxyMemcExpiry, $wgRequest;
- global $wgProxyKey;
-
- if ( !$wgBlockOpenProxies ) {
- return;
- }
-
- $ip = $wgRequest->getIP();
-
- # Get MemCached key
- $mcKey = wfMemcKey( 'proxy', 'ip', $ip );
- $mcValue = $wgMemc->get( $mcKey );
- $skip = (bool)$mcValue;
-
- # Fork the processes
- if ( !$skip ) {
- $title = SpecialPage::getTitleFor( 'Blockme' );
- $iphash = md5( $ip . $wgProxyKey );
- $url = wfExpandUrl( $title->getFullURL( 'ip=' . $iphash ),
PROTO_HTTP );
-
- foreach ( $wgProxyPorts as $port ) {
- $params = implode( ' ', array(
- escapeshellarg(
$wgProxyScriptPath ),
- escapeshellarg( $ip ),
- escapeshellarg( $port ),
- escapeshellarg( $url )
- ));
- exec( "php $params >" . wfGetNull() . " 2>&1 &" );
- }
- # Set MemCached key
- $wgMemc->set( $mcKey, 1, $wgProxyMemcExpiry );
- }
-}
diff --git a/includes/SpecialPageFactory.php b/includes/SpecialPageFactory.php
index c03f1ba..11edc8a 100644
--- a/includes/SpecialPageFactory.php
+++ b/includes/SpecialPageFactory.php
@@ -155,7 +155,6 @@
// Unlisted / redirects
'Blankpage' => 'SpecialBlankpage',
- 'Blockme' => 'SpecialBlockme',
'Emailuser' => 'SpecialEmailUser',
'Movepage' => 'MovePageForm',
'Mycontributions' => 'SpecialMycontributions',
diff --git a/includes/specials/SpecialBlockme.php
b/includes/specials/SpecialBlockme.php
deleted file mode 100644
index c3d6080..0000000
--- a/includes/specials/SpecialBlockme.php
+++ /dev/null
@@ -1,67 +0,0 @@
-<?php
-/**
- * Implements Special:Blockme
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- * http://www.gnu.org/copyleft/gpl.html
- *
- * @file
- * @ingroup SpecialPage
- */
-
-/**
- * A special page called by proxyCheck.php to block open proxies
- *
- * @ingroup SpecialPage
- */
-class SpecialBlockme extends UnlistedSpecialPage {
-
- function __construct() {
- parent::__construct( 'Blockme' );
- }
-
- function execute( $par ) {
- global $wgBlockOpenProxies, $wgProxyKey;
-
- $this->setHeaders();
- $this->outputHeader();
-
- $ip = $this->getRequest()->getIP();
- if ( !$wgBlockOpenProxies || $this->getRequest()->getText( 'ip'
) != md5( $ip . $wgProxyKey ) ) {
- $this->getOutput()->addWikiMsg( 'proxyblocker-disabled'
);
-
- return;
- }
-
- $user = User::newFromName( $this->msg( 'proxyblocker'
)->inContentLanguage()->text() );
- # FIXME: newFromName could return false on a badly configured
wiki.
- if ( !$user->isLoggedIn() ) {
- $user->addToDatabase();
- }
-
- $block = new Block();
- $block->setTarget( $ip );
- $block->setBlocker( $user );
- $block->mReason = $this->msg( 'proxyblockreason'
)->inContentLanguage()->text();
-
- $block->insert();
-
- $this->getOutput()->addWikiMsg( 'proxyblocksuccess' );
- }
-
- protected function getGroupName() {
- return 'other';
- }
-}
diff --git a/languages/messages/MessagesEn.php
b/languages/messages/MessagesEn.php
index e247442..0ef828a 100644
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -392,7 +392,6 @@
'Badtitle' => array( 'Badtitle' ),
'Blankpage' => array( 'BlankPage' ),
'Block' => array( 'Block', 'BlockIP', 'BlockUser' ),
- 'Blockme' => array( 'BlockMe' ),
'Booksources' => array( 'BookSources' ),
'BrokenRedirects' => array( 'BrokenRedirects' ),
'Categories' => array( 'Categories' ),
@@ -3400,12 +3399,9 @@
It is, however, blocked as part of the range $2, which can be unblocked.',
'ip_range_invalid' => 'Invalid IP range.',
'ip_range_toolarge' => 'Range blocks larger than /$1 are not
allowed.',
-'blockme' => 'Block me',
'proxyblocker' => 'Proxy blocker',
-'proxyblocker-disabled' => 'This function is disabled.',
'proxyblockreason' => 'Your IP address has been blocked because
it is an open proxy.
Please contact your Internet service provider or technical support of your
organization and inform them of this serious security problem.',
-'proxyblocksuccess' => 'Done.',
'sorbs' => 'DNSBL', # only translate this message to
other languages if you have to change it
'sorbsreason' => 'Your IP address is listed as an open
proxy in the DNSBL used by {{SITENAME}}.',
'sorbs_create_account_reason' => 'Your IP address is listed as an open
proxy in the DNSBL used by {{SITENAME}}.
diff --git a/languages/messages/MessagesQqq.php
b/languages/messages/MessagesQqq.php
index 74d13ac..6e0798a 100644
--- a/languages/messages/MessagesQqq.php
+++ b/languages/messages/MessagesQqq.php
@@ -6619,24 +6619,20 @@
* {{msg-mw|Ip range toolarge}}',
'blockme' => '{{doc-special|BlockMe|unlisted=1}}
This feature is disabled by default.',
-'proxyblocker' => 'Used in [[Special:BlockMe]].
+'proxyblocker' => 'Username for blocking IP addresses listed in
[[mw:Manual:$wgProxyList|$wgProxyList]].
See also:
-* {{msg-mw|proxyblocker-disabled}}
-* {{msg-mw|proxyblockreason}}
-* {{msg-mw|proxyblocksuccess}}',
+* {{msg-mw|proxyblockreason}}',
'proxyblocker-disabled' => 'Used in [[Special:BlockMe]].
See also:
* {{msg-mw|proxyblocker}}
* {{msg-mw|proxyblockreason}}
* {{msg-mw|proxyblocksuccess}}',
-'proxyblockreason' => 'Used as explanation of the reason in
[[Special:BlockMe]].
+'proxyblockreason' => 'Reason for blocking IP addresses listed in
[[mw:Manual:$wgProxyList|$wgProxyList]].
See also:
-* {{msg-mw|proxyblocker-disabled}}
-* {{msg-mw|proxyblocker}}
-* {{msg-mw|proxyblocksuccess}}',
+* {{msg-mw|proxyblocker}}',
'proxyblocksuccess' => 'Used in [[Special:BlockMe]].
See also:
diff --git a/maintenance/fuzz-tester.php b/maintenance/fuzz-tester.php
index 6b7f38a..548bb2f 100644
--- a/maintenance/fuzz-tester.php
+++ b/maintenance/fuzz-tester.php
@@ -118,7 +118,6 @@
// Enable weird and wonderful options:
// Increase default
error reporting level.
error_reporting (E_ALL); // At a later date could be increased to E_ALL |
E_STRICT
- $wgBlockOpenProxies = true; // Some block pages require this to be true in
order to test.
$wgEnableUploads = true; // enable uploads.
$wgDBerrorLog = "/root/mediawiki-db-error-log.txt"; // log DB errors,
replace with suitable path.
$wgShowSQLErrors = true; // Show SQL errors (instead of saying the query
was hidden).
@@ -1483,24 +1482,6 @@
}
}
-
-/**
- ** a page test for "Special:Blockme"
- */
-class specialBlockmeTest extends pageTest {
- function __construct() {
- $this->pagePath = "index.php?title=Special:Blockme";
-
- $this->params = array ();
-
- // sometimes we specify "ip", and sometimes we don't.
- if ( wikiFuzz::randnum( 1 ) == 0 ) {
- $this->params["ip"] = wikiFuzz::chooseInput( array(
"10.12.41.213", wikiFuzz::randnum( 8134, -10 ), wikiFuzz::makeFuzz( 2 ) ) );
- }
- }
-}
-
-
/**
** a page test for "Special:Movepage"
*/
@@ -2161,7 +2142,7 @@
/**
** selects a page test to run.
* @param $count
- * @return
\api|\confirmEmail|\contributionsTest|\editPageTest|\imagelistTest|\imagepageTest|\ipblocklistTest|\listusersTest|\mimeSearchTest|\newImagesTest|\pageDeletion|\pageHistoryTest|\pageProtectionForm|\prefixindexTest|\profileInfo|\recentchangesTest|\redirectTest|\searchTest|\specialAllmessagesTest|\specialAllpagesTest|\specialBlockip|\specialBlockmeTest|\specialBooksourcesTest|\specialCategoryTree|\specialChemicalsourcesTest|\specialCitePageTest|\specialExportTest|\specialFilepathPageTest|\specialImportPageTest|\specialLinksearch|\specialLockdbPageTest|\specialLogTest|\specialMovePage|\specialNewpagesPageTest|\specialRenameuserPageTest|\specialRevisionDeletePageTest|\specialUndeletePageTest|\specialUnlockdbPageTest|\specialUserrights|\successfulUserLoginTest|\thumbTest|\userLoginTest|\viewPageTest|\watchlistTest
+ * @return
\api|\confirmEmail|\contributionsTest|\editPageTest|\imagelistTest|\imagepageTest|\ipblocklistTest|\listusersTest|\mimeSearchTest|\newImagesTest|\pageDeletion|\pageHistoryTest|\pageProtectionForm|\prefixindexTest|\profileInfo|\recentchangesTest|\redirectTest|\searchTest|\specialAllmessagesTest|\specialAllpagesTest|\specialBlockip|\specialBooksourcesTest|\specialCategoryTree|\specialChemicalsourcesTest|\specialCitePageTest|\specialExportTest|\specialFilepathPageTest|\specialImportPageTest|\specialLinksearch|\specialLockdbPageTest|\specialLogTest|\specialMovePage|\specialNewpagesPageTest|\specialRenameuserPageTest|\specialRevisionDeletePageTest|\specialUndeletePageTest|\specialUnlockdbPageTest|\specialUserrights|\successfulUserLoginTest|\thumbTest|\userLoginTest|\viewPageTest|\watchlistTest
*/
function selectPageTest( $count ) {
@@ -2197,7 +2178,6 @@
case 20: return new redirectTest();
case 21: return new confirmEmail();
case 22: return new watchlistTest();
- case 23: return new specialBlockmeTest();
case 24: return new specialUndeletePageTest();
case 25: return new specialMovePage();
case 26: return new specialUnlockdbPageTest();
diff --git a/maintenance/language/messages.inc
b/maintenance/language/messages.inc
index ca3a4f5..a94b6d5 100644
--- a/maintenance/language/messages.inc
+++ b/maintenance/language/messages.inc
@@ -2378,11 +2378,8 @@
'ipb_blocked_as_range',
'ip_range_invalid',
'ip_range_toolarge',
- 'blockme',
'proxyblocker',
- 'proxyblocker-disabled',
'proxyblockreason',
- 'proxyblocksuccess',
'sorbs',
'sorbsreason',
'sorbs_create_account_reason',
diff --git a/maintenance/proxyCheck.php b/maintenance/proxyCheck.php
deleted file mode 100644
index b52f20f..0000000
--- a/maintenance/proxyCheck.php
+++ /dev/null
@@ -1,70 +0,0 @@
-<?php
-/**
- * Command line script to check for an open proxy at a specified location.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- * http://www.gnu.org/copyleft/gpl.html
- *
- * @file
- * @ingroup Maintenance
- */
-
-if ( PHP_SAPI != 'cli' ) {
- die( 1 );
-}
-
-/**
- *
- */
-$output = '';
-
-/**
- * Exit if there are not enough parameters, or if it's not command line mode
- */
-if ( ( isset( $_REQUEST ) && array_key_exists( 'argv', $_REQUEST ) ) || count(
$argv ) < 4 ) {
- $output .= "Incorrect parameters\n";
-} else {
- /**
- * Get parameters
- */
- $ip = $argv[1];
- $port = $argv[2];
- $url = $argv[3];
- $host = trim( `hostname` );
- $output = "Connecting to $ip:$port, target $url, this hostname $host\n";
-
- # Open socket
- $sock = @fsockopen( $ip, $port, $errno, $errstr, 5 );
- if ( $errno == 0 ) {
- $output .= "Connected\n";
- # Send payload
- $request = "GET $url HTTP/1.0\r\n";
-# $request .= "Proxy-Connection: Keep-Alive\r\n";
-# $request .= "Pragma: no-cache\r\n";
-# $request .= "Host: ".$url."\r\n";
-# $request .= "User-Agent: MediaWiki open proxy check\r\n";
- $request .= "\r\n";
- @fputs( $sock, $request );
- $response = fgets( $sock, 65536 );
- $output .= $response;
- @fclose( $sock );
- } else {
- $output .= "No connection\n";
- }
-}
-
-$output = escapeshellarg( $output );
-
-#`echo $output >> /home/tstarling/open/proxy.log`;
--
To view, visit https://gerrit.wikimedia.org/r/87302
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Id4c7521443f04995df3d8762d23629c18ada76f8
Gerrit-PatchSet: 4
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: PleaseStand <[email protected]>
Gerrit-Reviewer: Bartosz DziewoĆski <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
Gerrit-Reviewer: Parent5446 <[email protected]>
Gerrit-Reviewer: PleaseStand <[email protected]>
Gerrit-Reviewer: Siebrand <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
