| Index: trunk/extensions/TorBlock/loadExitNodes.php |
| — | — | @@ -1,10 +1,10 @@ |
| 2 | 2 | <?php |
| 3 | 3 | /* |
| 4 | | - * Updates the tor exit node list in |
| | 4 | + * Updates the tor exit node list in |
| 5 | 5 | */ |
| 6 | 6 | |
| 7 | 7 | require_once ( getenv('MW_INSTALL_PATH') !== false |
| 8 | 8 | ? getenv('MW_INSTALL_PATH')."/maintenance/commandLine.inc" |
| 9 | 9 | : dirname( __FILE__ ) . '/../../maintenance/commandLine.inc' ); |
| 10 | 10 | |
| 11 | | -TorBlock::loadExitNodes(); |
| \ No newline at end of file |
| | 11 | +TorBlock::loadExitNodes(); |
| Index: trunk/extensions/TorBlock/TorBlock.class.php |
| — | — | @@ -4,18 +4,18 @@ |
| 5 | 5 | |
| 6 | 6 | class TorBlock { |
| 7 | 7 | public static $mExitNodes; |
| 8 | | - |
| | 8 | + |
| 9 | 9 | public static function onGetUserPermissionsErrorsExpensive( &$title, &$user, &$action, &$result ) { |
| 10 | 10 | global $wgTorAllowedActions; |
| 11 | 11 | if (in_array( $action, $wgTorAllowedActions)) { |
| 12 | 12 | return true; |
| 13 | 13 | } |
| 14 | | - |
| | 14 | + |
| 15 | 15 | wfDebug( "Checking Tor status\n" ); |
| 16 | | - |
| | 16 | + |
| 17 | 17 | if (self::isExitNode()) { |
| 18 | 18 | wfDebug( "-User detected as editing through tor.\n" ); |
| 19 | | - |
| | 19 | + |
| 20 | 20 | global $wgTorBypassPermissions; |
| 21 | 21 | foreach( $wgTorBypassPermissions as $perm) { |
| 22 | 22 | if ($user->isAllowed( $perm )) { |
| — | — | @@ -23,16 +23,16 @@ |
| 24 | 24 | return true; |
| 25 | 25 | } |
| 26 | 26 | } |
| 27 | | - |
| | 27 | + |
| 28 | 28 | $ip = wfGetIp(); |
| 29 | 29 | wfDebug( "-User detected as editing from Tor node. Adding Tor block to permissions errors\n" ); |
| 30 | 30 | wfLoadExtensionMessages( 'TorBlock' ); |
| 31 | | - |
| | 31 | + |
| 32 | 32 | $result[] = array('torblock-blocked', $ip); |
| 33 | | - |
| | 33 | + |
| 34 | 34 | return false; |
| 35 | 35 | } |
| 36 | | - |
| | 36 | + |
| 37 | 37 | return true; |
| 38 | 38 | } |
| 39 | 39 | |
| — | — | @@ -64,15 +64,15 @@ |
| 65 | 65 | } |
| 66 | 66 | |
| 67 | 67 | wfDebug( "Loading Tor exit node list cold.\n" ); |
| 68 | | - |
| | 68 | + |
| 69 | 69 | return self::loadExitNodes(); |
| 70 | 70 | } |
| 71 | | - |
| | 71 | + |
| 72 | 72 | public static function loadExitNodes() { |
| 73 | 73 | wfProfileIn( __METHOD__ ); |
| 74 | | - |
| | 74 | + |
| 75 | 75 | global $wgTorIPs, $wgMemc; |
| 76 | | - |
| | 76 | + |
| 77 | 77 | // Set loading key, to prevent DoS of server. |
| 78 | 78 | |
| 79 | 79 | $wgMemc->set( 'mw-tor-exit-nodes', 'loading', 300 ); |
| — | — | @@ -81,76 +81,76 @@ |
| 82 | 82 | foreach( $wgTorIPs as $ip ) { |
| 83 | 83 | $nodes = array_unique( array_merge( $nodes, self::loadNodesForIP( $ip ) ) ); |
| 84 | 84 | } |
| 85 | | - |
| | 85 | + |
| 86 | 86 | // Save to cache. |
| 87 | 87 | $wgMemc->set( 'mw-tor-exit-nodes', $nodes, 1800 ); // Store for half an hour. |
| 88 | | - |
| | 88 | + |
| 89 | 89 | wfProfileOut( __METHOD__ ); |
| 90 | | - |
| | 90 | + |
| 91 | 91 | return self::$mExitNodes = $nodes; |
| 92 | 92 | } |
| 93 | | - |
| | 93 | + |
| 94 | 94 | public static function loadNodesForIP( $ip ) { |
| 95 | 95 | $url = 'https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip='.$ip; |
| 96 | 96 | $data = Http::get( $url ); |
| 97 | 97 | $lines = explode("\n", $data); |
| 98 | | - |
| | 98 | + |
| 99 | 99 | $nodes = array(); |
| 100 | 100 | foreach( $lines as $line ) { |
| 101 | 101 | if (strpos( $line, '#' )===false) { |
| 102 | 102 | $nodes[] = trim($line); |
| 103 | 103 | } |
| 104 | 104 | } |
| 105 | | - |
| | 105 | + |
| 106 | 106 | return $nodes; |
| 107 | 107 | } |
| 108 | | - |
| | 108 | + |
| 109 | 109 | public static function isExitNode($ip = null) { |
| 110 | 110 | #return true; ## FOR DEBUGGING |
| 111 | 111 | if ($ip == null) { |
| 112 | 112 | $ip = wfGetIp(); |
| 113 | 113 | } |
| 114 | | - |
| | 114 | + |
| 115 | 115 | $nodes = self::getExitNodes(); |
| 116 | | - |
| | 116 | + |
| 117 | 117 | return in_array( $ip, $nodes ); |
| 118 | 118 | } |
| 119 | | - |
| | 119 | + |
| 120 | 120 | public static function onGetBlockedStatus( &$user ) { |
| 121 | 121 | if (self::isExitNode() && $user->mBlock && !$user->mBlock->mUser) { |
| 122 | 122 | wfDebug( "User using Tor node. Disabling IP block as it was probably targetted at the tor node." ); |
| 123 | 123 | // Node is probably blocked for being a Tor node. Remove block. |
| 124 | 124 | $user->mBlockedBy = 0; |
| 125 | 125 | } |
| 126 | | - |
| | 126 | + |
| 127 | 127 | return true; |
| 128 | 128 | } |
| 129 | | - |
| | 129 | + |
| 130 | 130 | public static function onAbortAutoblock( $autoblockip, &$block ) { |
| 131 | 131 | return !self::isExitNode( $autoblockip ); |
| 132 | 132 | } |
| 133 | | - |
| | 133 | + |
| 134 | 134 | public static function onGetAutoPromoteGroups( $user, &$promote ) { |
| 135 | 135 | // Check against stricter requirements for tor nodes. |
| 136 | 136 | // Counterintuitively, we do the requirement checks first. |
| 137 | 137 | // This is so that we don't have to hit memcached to get the |
| 138 | 138 | // exit list, unnecessarily. |
| 139 | | - |
| | 139 | + |
| 140 | 140 | if (!count($promote)) { |
| 141 | 141 | return true; // No groups to promote to anyway |
| 142 | 142 | } |
| 143 | | - |
| | 143 | + |
| 144 | 144 | $age = time() - wfTimestampOrNull( TS_UNIX, $user->getRegistration() ); |
| 145 | 145 | global $wgTorAutoConfirmAge, $wgTorAutoConfirmCount; |
| 146 | | - |
| | 146 | + |
| 147 | 147 | if ($age >= $wgTorAutoConfirmAge && $user->getEditCount() >= $wgTorAutoConfirmCount) { |
| 148 | 148 | return true; // Does match requirements. Don't bother checking if we're an exit node. |
| 149 | 149 | } |
| 150 | | - |
| | 150 | + |
| 151 | 151 | if (self::isExitNode()) { // Tor user, doesn't match the expanded requirements. |
| 152 | 152 | $promote = array(); |
| 153 | 153 | } |
| 154 | | - |
| | 154 | + |
| 155 | 155 | return true; |
| 156 | 156 | } |
| 157 | 157 | } |
| \ No newline at end of file |