r2980 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r2979‎ \| r2980 \| r2981 >
Date:	01:25, 6 April 2004
Author:	timstarling
Status:	old
Tags:
Comment:	Cryptographic security in Special:Blockme, in response to reports of abuse
Modified paths:	/trunk/phase3/config/index.php (modified) (history) /trunk/phase3/includes/DefaultSettings.php (modified) (history) /trunk/phase3/includes/EditPage.php (modified) (history) /trunk/phase3/includes/SpecialBlockme.php (modified) (history)

Diff [purge]

Index: trunk/phase3/config/index.php
—	—	@@ -620,6 +620,7 @@
621	621	$convert = ($conf->ImageMagick ? $conf->ImageMagick : "/usr/bin/convert" );
622	622	$pretty = ($conf->prettyURLs ? "" : "# ");
623	623	$ugly = ($conf->prettyURLs ? "# " : "");
	624	+ $proxyKey = Parser::getRandomString() . Parser::getRandomString();
624	625
625	626	$sep = (DIRECTORY_SEPARATOR == "\\") ? ";" : ":";
626	627	return "
—	—	@@ -703,6 +704,7 @@
704	705
705	706	\$wgLanguageCode = \"{$conf->LanguageCode}\";
706	707	" . ($conf->Encoding ? "\$wgInputEncoding = \$wgOutputEncoding = \"{$conf->Encoding}\";" : "" ) . "
	708	+\$wgProxyKey = $proxyKey;
707	709
708	710	";
709	711	}
Index: trunk/phase3/includes/DefaultSettings.php
—	—	@@ -150,6 +150,7 @@
151	151	$wgProxyPorts = array( 80, 81, 1080, 3128, 6588, 8000, 8080, 8888, 65506 );
152	152	$wgProxyScriptPath = "$IP/proxy_check.php";
153	153	$wgProxyMemcExpiry = 86400;
	154	+$wgProxyKey = "W1svekXc5u6lZllTZOwnzEk1nbs";
154	155
155	156	# Client-side caching:
156	157	$wgCachePages = true; # Allow client-side caching of pages
Index: trunk/phase3/includes/SpecialBlockme.php
—	—	@@ -1,17 +1,17 @@
2	2	<?php
3	3	function wfSpecialBlockme()
4	4	{
5		~~- global $wgIP, $wgBlockOpenProxies, $wgOut;~~
	5	+ global $wgIP, $wgBlockOpenProxies, $wgOut, $wgProxyKey;
6	6
7		~~- if ( !$wgBlockOpenProxies ) {~~
	7	+ if ( !$wgBlockOpenProxies \|\| $_REQUEST['ip'] != md5( $wgIP . $wgProxyKey ) ) {
8	8	$wgOut->addWikiText( wfMsg( "disabled" ) );
9	9	return;
10		~~- }~~
	10	+ }
11	11
12	12	$blockerName = wfMsg( "proxyblocker" );
13	13	$reason = wfMsg( "proxyblockreason" );
14	14	$success = wfMsg( "proxyblocksuccess" );
15		-
	15	+
16	16	$u = User::newFromName( $blockerName );
17	17	$id = $u->idForName();
18	18	if ( !$id ) {
Index: trunk/phase3/includes/EditPage.php
—	—	@@ -445,14 +445,16 @@
446	446	# Fork the processes
447	447	if ( !$skip ) {
448	448	$title = Title::makeTitle( NS_SPECIAL, "Blockme" );
449		~~- $url = $title->getFullURL();~~
	449	+ $iphash = md5( $wgIP . $wgProxyKey );
	450	+ $url = wfFullUrl( $title->getPrefixedURL(), "ip=$iphash" );
	451	+
450	452	foreach ( $wgProxyPorts as $port ) {
451	453	$params = implode( " ", array(
452		~~- escapeshellarg( $wgProxyScriptPath ),~~
453		~~- escapeshellarg( $wgIP ),~~
454		~~- escapeshellarg( $port ),~~
455		~~- escapeshellarg( $url )~~
456		~~- ));~~
	454	+ escapeshellarg( $wgProxyScriptPath ),
	455	+ escapeshellarg( $wgIP ),
	456	+ escapeshellarg( $port ),
	457	+ escapeshellarg( $url )
	458	+ ));
457	459	exec( "php $params &>/dev/null &" );
458	460	}
459	461	# Set MemCached key

Status & tagging log

22:40, 12 October 2010 Reedy (talk | contribs) changed the status of r2980 [removed: new added: old]