| Index: trunk/phase3/includes/GlobalFunctions.php |
| — | — | @@ -2037,37 +2037,6 @@ |
| 2038 | 2038 | } |
| 2039 | 2039 | } |
| 2040 | 2040 | |
| 2041 | | -/** |
| 2042 | | - * Get the start and end of a range. |
| 2043 | | - * @param $range The range to get the start and end for. |
| 2044 | | - * @return array An array with the first element as the start of the range, as a long, and the second element as the end of the range, also as a long. |
| 2045 | | - * |
| 2046 | | - */ |
| 2047 | | -function wfRangeStartEnd( $range ) { |
| 2048 | | - list( $network, $bits ) = wfParseCIDR( $range ); |
| 2049 | | - if ( $network !== false ) { |
| 2050 | | - $start = sprintf( '%08X', $network ); |
| 2051 | | - $end = sprintf( '%08X', $network + (1 << (32 - $bits)) - 1 ); |
| 2052 | | - return array($start, $end); |
| 2053 | | - } |
| 2054 | | - return false; |
| 2055 | | -} |
| 2056 | | - |
| 2057 | | -/** |
| 2058 | | - * Determine if a given integer IPv4 address is in a given CIDR network |
| 2059 | | - * @param $addr The address to check against the given range. |
| 2060 | | - * @param $range The range to check the given address against. |
| 2061 | | - * @return bool Whether or not the given address is in the given range. |
| 2062 | | - */ |
| 2063 | | -function wfIsAddressInRange( $addr, $range ) { |
| 2064 | | - $unsignedIP = IP::toUnsigned($addr); |
| 2065 | | - $startend = wfRangeStartEnd($range); |
| 2066 | | - $start = $startend[0]; |
| 2067 | | - $end = $startend[1]; |
| 2068 | | - |
| 2069 | | - return (($unsignedIP >= $start) && ($unsignedip <= $end)); |
| 2070 | | -} |
| 2071 | | - |
| 2072 | 2041 | /* |
| 2073 | 2042 | * Get a Database object |
| 2074 | 2043 | * @param integer $db Index of the connection to get. May be DB_MASTER for the |
| Index: trunk/phase3/includes/Block.php |
| — | — | @@ -241,10 +241,10 @@ |
| 242 | 242 | |
| 243 | 243 | /** |
| 244 | 244 | * Determine if a given integer IPv4 address is in a given CIDR network |
| 245 | | - * @deprecated Use wfIsAddressInRange |
| | 245 | + * @deprecated Use IP::isAddressInRange |
| 246 | 246 | */ |
| 247 | 247 | function isAddressInRange( $addr, $range ) { |
| 248 | | - return wfIsAddressInRange( $addr, $range ); |
| | 248 | + return IP::isAddressInRange( $addr, $range ); |
| 249 | 249 | } |
| 250 | 250 | |
| 251 | 251 | function initFromRow( $row ) |
| — | — | @@ -275,9 +275,7 @@ |
| 276 | 276 | $this->mRangeEnd = ''; |
| 277 | 277 | |
| 278 | 278 | if ( $this->mUser == 0 ) { |
| 279 | | - $startend = wfRangeStartEnd($this->mAddress); |
| 280 | | - $this->mRangeStart = $startend[0]; |
| 281 | | - $this->mRangeEnd = $startend[1]; |
| | 279 | + list($this->mRangeStart, $this->mRangeEnd) = IP::parseRange$this->mAddress); |
| 282 | 280 | } |
| 283 | 281 | } |
| 284 | 282 | |
| — | — | @@ -430,47 +428,19 @@ |
| 431 | 429 | |
| 432 | 430 | /** |
| 433 | 431 | * Autoblocks the given IP, referring to this Block. |
| 434 | | - * @param $autoblockip The IP to autoblock. |
| 435 | | - * @return bool Whether or not an autoblock was inserted. |
| | 432 | + * @param string $autoblockip The IP to autoblock, dotted-quad. |
| | 433 | + * @return bool True if an autoblock was inserted OR redundant to preexisting block. |
| 436 | 434 | */ |
| 437 | | - function doAutoblock( $autoblockip ) { |
| | 435 | + public function doAutoblock( $autoblockip ) { |
| 438 | 436 | # Check if this IP address is already blocked |
| 439 | 437 | $dbw =& wfGetDb( DB_MASTER ); |
| 440 | 438 | $dbw->begin(); |
| 441 | 439 | |
| 442 | | - # If autoblocks are disabled, go away. |
| 443 | | - if ( !$this->mEnableAutoblock ) { |
| 444 | | - return; |
| | 440 | + # If autoblocks are disabled, or if this IP is whitelisted, go away. |
| | 441 | + if ( !$this->mEnableAutoblock || self::isWhitelistedIp( $autoblockip ) ) { |
| | 442 | + return false; |
| 445 | 443 | } |
| 446 | 444 | |
| 447 | | - # Check for presence on the autoblock whitelist |
| 448 | | - # TODO cache this? |
| 449 | | - $lines = explode( "\n", wfMsgForContentNoTrans( 'autoblock_whitelist' ) ); |
| 450 | | - |
| 451 | | - $ip = wfGetIp(); |
| 452 | | - |
| 453 | | - wfDebug("Checking the autoblock whitelist..\n"); |
| 454 | | - |
| 455 | | - foreach( $lines as $line ) { |
| 456 | | - # List items only |
| 457 | | - if ( substr( $line, 0, 1 ) !== '*' ) { |
| 458 | | - continue; |
| 459 | | - } |
| 460 | | - |
| 461 | | - $wlEntry = substr($line, 1); |
| 462 | | - $wlEntry = trim($wlEntry); |
| 463 | | - |
| 464 | | - wfDebug("Checking $wlEntry\n"); |
| 465 | | - |
| 466 | | - # Is the IP in this range? |
| 467 | | - if (wfIsAddressInRange( $ip, $wlEntry )) { |
| 468 | | - wfDebug("IP $ip matches $wlEntry, not autoblocking\n"); |
| 469 | | - #$autoblockip = null; # Don't autoblock a whitelisted IP. |
| 470 | | - return; #This /SHOULD/ introduce a dummy block - but |
| 471 | | - # I don't know a safe way to do so. -werdna |
| 472 | | - } |
| 473 | | - } |
| 474 | | - |
| 475 | 445 | # It's okay to autoblock. Go ahead and create/insert the block. |
| 476 | 446 | |
| 477 | 447 | $ipblock = Block::newFromDB( $autoblockip ); |
| — | — | @@ -480,11 +450,11 @@ |
| 481 | 451 | # prolong block time |
| 482 | 452 | if ($this->mExpiry && |
| 483 | 453 | ($this->mExpiry < Block::getAutoblockExpiry($ipblock->mTimestamp))) { |
| 484 | | - return; |
| | 454 | + return true; |
| 485 | 455 | } |
| 486 | 456 | # Just update the timestamp |
| 487 | 457 | $ipblock->updateTimestamp(); |
| 488 | | - return; |
| | 458 | + return true; |
| 489 | 459 | } else { |
| 490 | 460 | $ipblock = new Block; |
| 491 | 461 | } |
| — | — | @@ -510,6 +480,38 @@ |
| 511 | 481 | return $ipblock->insert(); |
| 512 | 482 | } |
| 513 | 483 | |
| | 484 | + /** |
| | 485 | + * Checks whether an IP is whitelisted in the autoblock_whitelist message. |
| | 486 | + * @todo Cache this? |
| | 487 | + * |
| | 488 | + * @param string $ip Dotted quad |
| | 489 | + * @return bool |
| | 490 | + */ |
| | 491 | + private static function isWhitelistedIp( $ip ) { |
| | 492 | + $lines = explode( "\n", wfMsgForContentNoTrans( 'autoblock_whitelist' ) ); |
| | 493 | + |
| | 494 | + wfDebug("Checking the autoblock whitelist..\n"); |
| | 495 | + |
| | 496 | + foreach( $lines as $line ) { |
| | 497 | + # Parse list items only |
| | 498 | + if ( substr( $line, 0, 1 ) !== '*' ) { |
| | 499 | + continue; |
| | 500 | + } |
| | 501 | + |
| | 502 | + $wlEntry = substr($line, 1); |
| | 503 | + $wlEntry = trim($wlEntry); |
| | 504 | + |
| | 505 | + wfDebug("Checking $wlEntry\n"); |
| | 506 | + |
| | 507 | + # Is the IP in this range? |
| | 508 | + if (IP::isAddressInRange( $autoblockip, $wlEntry )) { |
| | 509 | + wfDebug("IP $autoblockip matches $wlEntry, not autoblocking\n"); |
| | 510 | + return true; #This /SHOULD/ introduce a dummy block - but |
| | 511 | + # I don't know a safe way to do so. -werdna |
| | 512 | + } |
| | 513 | + } |
| | 514 | + return false; |
| | 515 | + } |
| 514 | 516 | function deleteIfExpired() |
| 515 | 517 | { |
| 516 | 518 | $fname = 'Block::deleteIfExpired'; |
| Index: trunk/phase3/includes/IP.php |
| — | — | @@ -20,6 +20,7 @@ |
| 21 | 21 | |
| 22 | 22 | /** |
| 23 | 23 | * Validate an IP address. |
| | 24 | + * @param string $ipblock Dotted quad |
| 24 | 25 | * @return boolean True if it is valid. |
| 25 | 26 | */ |
| 26 | 27 | public static function isValid( $ip ) { |
| — | — | @@ -28,6 +29,7 @@ |
| 29 | 30 | |
| 30 | 31 | /** |
| 31 | 32 | * Validate an IP Block. |
| | 33 | + * @param string $ipblock Dotted quad |
| 32 | 34 | * @return boolean True if it is valid. |
| 33 | 35 | */ |
| 34 | 36 | public static function isValidBlock( $ipblock ) { |
| — | — | @@ -38,6 +40,9 @@ |
| 39 | 41 | * Determine if an IP address really is an IP address, and if it is public, |
| 40 | 42 | * i.e. not RFC 1918 or similar |
| 41 | 43 | * Comes from ProxyTools.php |
| | 44 | + * |
| | 45 | + * @param string $ip Dotted quad |
| | 46 | + * @return bool |
| 42 | 47 | */ |
| 43 | 48 | public static function isPublic( $ip ) { |
| 44 | 49 | $n = IP::toUnsigned( $ip ); |
| — | — | @@ -74,10 +79,10 @@ |
| 75 | 80 | |
| 76 | 81 | /** |
| 77 | 82 | * Split out an IP block as an array of 4 bytes and a mask, |
| 78 | | - * return false if it cant be determined |
| | 83 | + * return false if it can't be determined |
| 79 | 84 | * |
| 80 | | - * @parameter $ip string A quad dotted IP address |
| 81 | | - * @return array |
| | 85 | + * @param string $ipblock A quad dotted IP address |
| | 86 | + * @return mixed Array or false |
| 82 | 87 | */ |
| 83 | 88 | public static function toArray( $ipblock ) { |
| 84 | 89 | if(! preg_match( '/^' . RE_IP_ADD . '(?:\/(?:'.RE_IP_PREFIX.'))?' . '$/', $ipblock, $matches ) ) { |
| — | — | @@ -95,7 +100,8 @@ |
| 96 | 101 | * function for an IPv6 address will be prefixed with "v6-", a non- |
| 97 | 102 | * hexadecimal string which sorts after the IPv4 addresses. |
| 98 | 103 | * |
| 99 | | - * @param $ip Quad dotted IP address. |
| | 104 | + * @param string $ip Quad dotted IP address. |
| | 105 | + * @return mixed String or false |
| 100 | 106 | */ |
| 101 | 107 | public static function toHex( $ip ) { |
| 102 | 108 | $n = self::toUnsigned( $ip ); |
| — | — | @@ -110,6 +116,7 @@ |
| 111 | 117 | * Like ip2long() except that it actually works and has a consistent error return value. |
| 112 | 118 | * Comes from ProxyTools.php |
| 113 | 119 | * @param $ip Quad dotted IP address. |
| | 120 | + * @return mixed Int or false |
| 114 | 121 | */ |
| 115 | 122 | public static function toUnsigned( $ip ) { |
| 116 | 123 | if ( $ip == '255.255.255.255' ) { |
| — | — | @@ -177,6 +184,8 @@ |
| 178 | 185 | * 1.2.3.4/24 CIDR |
| 179 | 186 | * 1.2.3.4 - 1.2.3.5 Explicit range |
| 180 | 187 | * 1.2.3.4 Single IP |
| | 188 | + * @param string $range |
| | 189 | + * @return array (hex string start, hex string end), or (false, false) if an error occurred |
| 181 | 190 | */ |
| 182 | 191 | public static function parseRange( $range ) { |
| 183 | 192 | if ( strpos( $range, '/' ) !== false ) { |
| — | — | @@ -207,5 +216,21 @@ |
| 208 | 217 | return array( $start, $end ); |
| 209 | 218 | } |
| 210 | 219 | } |
| | 220 | + |
| | 221 | + /** |
| | 222 | + * Determine if a given integer IPv4 address is in a given range |
| | 223 | + * @param int $addr |
| | 224 | + * @param string $range (CIDR, hyphenated dotted-quad, or single dotted-quad) |
| | 225 | + * @return bool Whether or not the given address is in the given range. Returns false on error. |
| | 226 | + */ |
| | 227 | + public static function isAddressInRange( $addr, $range ) { |
| | 228 | + $unsignedIP = IP::toUnsigned($addr); |
| | 229 | + list($start, $end) = IP::parseRange($range); |
| | 230 | + |
| | 231 | + if ($start == false || $end == false) |
| | 232 | + return false; |
| | 233 | + else |
| | 234 | + return (($unsignedIP >= $start) && ($unsignedip <= $end)); // string comparison |
| | 235 | + } |
| 211 | 236 | } |
| 212 | 237 | ?> |
| Index: trunk/phase3/languages/messages/MessagesEn.php |
| — | — | @@ -2616,7 +2616,30 @@ |
| 2617 | 2617 | 'autosumm-shortnew' => 'New page: $1', |
| 2618 | 2618 | |
| 2619 | 2619 | # Autoblock whitelist |
| 2620 | | -'autoblock_whitelist' => '', |
| | 2620 | +'autoblock_whitelist' => "AOL http://webmaster.info.aol.com/proxyinfo.html |
| | 2621 | +*64.12.96.0/19 |
| | 2622 | +*149.174.160.0/20 |
| | 2623 | +*152.163.240.0/21 |
| | 2624 | +*152.163.248.0/22 |
| | 2625 | +*152.163.252.0/23 |
| | 2626 | +*152.163.96.0/22 |
| | 2627 | +*152.163.100.0/23 |
| | 2628 | +*195.93.32.0/22 |
| | 2629 | +*195.93.48.0/22 |
| | 2630 | +*195.93.64.0/19 |
| | 2631 | +*195.93.96.0/19 |
| | 2632 | +*195.93.16.0/20 |
| | 2633 | +*198.81.0.0/22 |
| | 2634 | +*198.81.16.0/20 |
| | 2635 | +*198.81.8.0/23 |
| | 2636 | +*202.67.64.128/25 |
| | 2637 | +*205.188.192.0/20 |
| | 2638 | +*205.188.208.0/23 |
| | 2639 | +*205.188.112.0/20 |
| | 2640 | +*205.188.146.144/30 |
| | 2641 | +*207.200.112.0/21 |
| | 2642 | +StarHub |
| | 2643 | +*202.156.6.54/32", |
| 2621 | 2644 | |
| 2622 | 2645 | ); |
| 2623 | 2646 | |