From d7b953c25c591e3db72727dc0728123f5aa8621c Mon Sep 17 00:00:00 2001 From: Kevin Israel Date: Sun, 29 Sep 2013 20:26:15 -0400 Subject: [PATCH] Remove proxy check in EditPage.php $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath, and $wgProxyMemcExpiry have been removed, along with the open proxy scanner script they were added for. Bug: 54597 Change-Id: Id4c7521443f04995df3d8762d23629c18ada76f8 --- RELEASE-NOTES-1.22 | 3 ++ includes/AutoLoader.php | 1 - includes/DefaultSettings.php | 27 +---------- includes/EditPage.php | 1 - includes/ProxyTools.php | 40 ---------------- includes/SpecialPageFactory.php | 1 - includes/specials/SpecialBlockme.php | 67 -------------------------- languages/messages/MessagesEn.php | 4 -- languages/messages/MessagesQqq.php | 12 ++--- maintenance/fuzz-tester.php | 22 +-------- maintenance/language/messages.inc | 3 -- maintenance/proxyCheck.php | 70 ---------------------------- 12 files changed, 9 insertions(+), 242 deletions(-) delete mode 100644 includes/specials/SpecialBlockme.php delete mode 100644 maintenance/proxyCheck.php diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22 index b988294e8f..f6848e5083 100644 --- a/RELEASE-NOTES-1.22 +++ b/RELEASE-NOTES-1.22 @@ -61,6 +61,9 @@ production. * The precise format of metric datagrams produced by the UDP profiler and stats counter may now be specified as $wgUDPProfilerFormatString and $wgStatsFormatString, respectively. +* (bug 54597) $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath, and + $wgProxyMemcExpiry have been removed, along with the open proxy scanner + script they were added for. === New features in 1.22 === * (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and attributes. diff --git a/includes/AutoLoader.php b/includes/AutoLoader.php index 652fa5427c..7f1c3b4e28 100644 --- a/includes/AutoLoader.php +++ b/includes/AutoLoader.php @@ -971,7 +971,6 @@ $wgAutoloadLocalClasses = array( 'SpecialBlankpage' => 'includes/specials/SpecialBlankpage.php', 'SpecialBlock' => 'includes/specials/SpecialBlock.php', 'SpecialBlockList' => 'includes/specials/SpecialBlockList.php', - 'SpecialBlockme' => 'includes/specials/SpecialBlockme.php', 'SpecialBookSources' => 'includes/specials/SpecialBooksources.php', 'SpecialCachedPage' => 'includes/specials/SpecialCachedPage.php', 'SpecialCategories' => 'includes/specials/SpecialCategories.php', diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index a0a1b3edb8..880f05a348 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -3936,7 +3936,7 @@ $wgReservedUsernames = array( 'ScriptImporter', // Default user name used by maintenance/importSiteScripts.php 'msg:double-redirect-fixer', // Automatic double redirect fix 'msg:usermessage-editor', // Default user for leaving user messages - 'msg:proxyblocker', // For Special:Blockme + 'msg:proxyblocker', // For $wgProxyList and Special:Blockme (removed in 1.22) ); /** @@ -4695,31 +4695,6 @@ $wgPasswordAttemptThrottle = array( 'count' => 5, 'seconds' => 300 ); * @{ */ -/** - * If you enable this, every editor's IP address will be scanned for open HTTP - * proxies. - * - * @warning Don't enable this. Many sysops will report "hostile TCP port scans" - * to your ISP and ask for your server to be shut down. - * You have been warned. - */ -$wgBlockOpenProxies = false; - -/** - * Port we want to scan for a proxy - */ -$wgProxyPorts = array( 80, 81, 1080, 3128, 6588, 8000, 8080, 8888, 65506 ); - -/** - * Script used to scan - */ -$wgProxyScriptPath = "$IP/maintenance/proxyCheck.php"; - -/** - * Expiration time for cached proxy IPs - */ -$wgProxyMemcExpiry = 86400; - /** * This should always be customised in LocalSettings.php */ diff --git a/includes/EditPage.php b/includes/EditPage.php index 12cd4b3d83..718fe911a2 100644 --- a/includes/EditPage.php +++ b/includes/EditPage.php @@ -840,7 +840,6 @@ class EditPage { if ( $this->textbox1 === false ) { return false; } - wfProxyCheck(); return true; } diff --git a/includes/ProxyTools.php b/includes/ProxyTools.php index b54a9a3570..bf1c4059d4 100644 --- a/includes/ProxyTools.php +++ b/includes/ProxyTools.php @@ -84,43 +84,3 @@ function wfIsConfiguredProxy( $ip ) { in_array( $ip, $wgSquidServersNoPurge ); return $trusted; } - -/** - * Forks processes to scan the originating IP for an open proxy server - * MemCached can be used to skip IPs that have already been scanned - */ -function wfProxyCheck() { - global $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath; - global $wgMemc, $wgProxyMemcExpiry, $wgRequest; - global $wgProxyKey; - - if ( !$wgBlockOpenProxies ) { - return; - } - - $ip = $wgRequest->getIP(); - - # Get MemCached key - $mcKey = wfMemcKey( 'proxy', 'ip', $ip ); - $mcValue = $wgMemc->get( $mcKey ); - $skip = (bool)$mcValue; - - # Fork the processes - if ( !$skip ) { - $title = SpecialPage::getTitleFor( 'Blockme' ); - $iphash = md5( $ip . $wgProxyKey ); - $url = wfExpandUrl( $title->getFullURL( 'ip=' . $iphash ), PROTO_HTTP ); - - foreach ( $wgProxyPorts as $port ) { - $params = implode( ' ', array( - escapeshellarg( $wgProxyScriptPath ), - escapeshellarg( $ip ), - escapeshellarg( $port ), - escapeshellarg( $url ) - )); - exec( "php $params >" . wfGetNull() . " 2>&1 &" ); - } - # Set MemCached key - $wgMemc->set( $mcKey, 1, $wgProxyMemcExpiry ); - } -} diff --git a/includes/SpecialPageFactory.php b/includes/SpecialPageFactory.php index c03f1ba5db..11edc8ac84 100644 --- a/includes/SpecialPageFactory.php +++ b/includes/SpecialPageFactory.php @@ -155,7 +155,6 @@ class SpecialPageFactory { // Unlisted / redirects 'Blankpage' => 'SpecialBlankpage', - 'Blockme' => 'SpecialBlockme', 'Emailuser' => 'SpecialEmailUser', 'Movepage' => 'MovePageForm', 'Mycontributions' => 'SpecialMycontributions', diff --git a/includes/specials/SpecialBlockme.php b/includes/specials/SpecialBlockme.php deleted file mode 100644 index c3d6080c22..0000000000 --- a/includes/specials/SpecialBlockme.php +++ /dev/null @@ -1,67 +0,0 @@ -setHeaders(); - $this->outputHeader(); - - $ip = $this->getRequest()->getIP(); - if ( !$wgBlockOpenProxies || $this->getRequest()->getText( 'ip' ) != md5( $ip . $wgProxyKey ) ) { - $this->getOutput()->addWikiMsg( 'proxyblocker-disabled' ); - - return; - } - - $user = User::newFromName( $this->msg( 'proxyblocker' )->inContentLanguage()->text() ); - # FIXME: newFromName could return false on a badly configured wiki. - if ( !$user->isLoggedIn() ) { - $user->addToDatabase(); - } - - $block = new Block(); - $block->setTarget( $ip ); - $block->setBlocker( $user ); - $block->mReason = $this->msg( 'proxyblockreason' )->inContentLanguage()->text(); - - $block->insert(); - - $this->getOutput()->addWikiMsg( 'proxyblocksuccess' ); - } - - protected function getGroupName() { - return 'other'; - } -} diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php index e247442023..0ef828ace4 100644 --- a/languages/messages/MessagesEn.php +++ b/languages/messages/MessagesEn.php @@ -392,7 +392,6 @@ $specialPageAliases = array( 'Badtitle' => array( 'Badtitle' ), 'Blankpage' => array( 'BlankPage' ), 'Block' => array( 'Block', 'BlockIP', 'BlockUser' ), - 'Blockme' => array( 'BlockMe' ), 'Booksources' => array( 'BookSources' ), 'BrokenRedirects' => array( 'BrokenRedirects' ), 'Categories' => array( 'Categories' ), @@ -3400,12 +3399,9 @@ See the [[Special:BlockList|block list]] for the list of currently operational b It is, however, blocked as part of the range $2, which can be unblocked.', 'ip_range_invalid' => 'Invalid IP range.', 'ip_range_toolarge' => 'Range blocks larger than /$1 are not allowed.', -'blockme' => 'Block me', 'proxyblocker' => 'Proxy blocker', -'proxyblocker-disabled' => 'This function is disabled.', 'proxyblockreason' => 'Your IP address has been blocked because it is an open proxy. Please contact your Internet service provider or technical support of your organization and inform them of this serious security problem.', -'proxyblocksuccess' => 'Done.', 'sorbs' => 'DNSBL', # only translate this message to other languages if you have to change it 'sorbsreason' => 'Your IP address is listed as an open proxy in the DNSBL used by {{SITENAME}}.', 'sorbs_create_account_reason' => 'Your IP address is listed as an open proxy in the DNSBL used by {{SITENAME}}. diff --git a/languages/messages/MessagesQqq.php b/languages/messages/MessagesQqq.php index 74d13aca4b..6e0798a952 100644 --- a/languages/messages/MessagesQqq.php +++ b/languages/messages/MessagesQqq.php @@ -6619,24 +6619,20 @@ See also: * {{msg-mw|Ip range toolarge}}', 'blockme' => '{{doc-special|BlockMe|unlisted=1}} This feature is disabled by default.', -'proxyblocker' => 'Used in [[Special:BlockMe]]. +'proxyblocker' => 'Username for blocking IP addresses listed in [[mw:Manual:$wgProxyList|$wgProxyList]]. See also: -* {{msg-mw|proxyblocker-disabled}} -* {{msg-mw|proxyblockreason}} -* {{msg-mw|proxyblocksuccess}}', +* {{msg-mw|proxyblockreason}}', 'proxyblocker-disabled' => 'Used in [[Special:BlockMe]]. See also: * {{msg-mw|proxyblocker}} * {{msg-mw|proxyblockreason}} * {{msg-mw|proxyblocksuccess}}', -'proxyblockreason' => 'Used as explanation of the reason in [[Special:BlockMe]]. +'proxyblockreason' => 'Reason for blocking IP addresses listed in [[mw:Manual:$wgProxyList|$wgProxyList]]. See also: -* {{msg-mw|proxyblocker-disabled}} -* {{msg-mw|proxyblocker}} -* {{msg-mw|proxyblocksuccess}}', +* {{msg-mw|proxyblocker}}', 'proxyblocksuccess' => 'Used in [[Special:BlockMe]]. See also: diff --git a/maintenance/fuzz-tester.php b/maintenance/fuzz-tester.php index 6b7f38a8e8..548bb2f2e4 100644 --- a/maintenance/fuzz-tester.php +++ b/maintenance/fuzz-tester.php @@ -118,7 +118,6 @@ Wiki configuration for testing: // Enable weird and wonderful options: // Increase default error reporting level. error_reporting (E_ALL); // At a later date could be increased to E_ALL | E_STRICT - $wgBlockOpenProxies = true; // Some block pages require this to be true in order to test. $wgEnableUploads = true; // enable uploads. $wgDBerrorLog = "/root/mediawiki-db-error-log.txt"; // log DB errors, replace with suitable path. $wgShowSQLErrors = true; // Show SQL errors (instead of saying the query was hidden). @@ -1483,24 +1482,6 @@ class watchlistTest extends pageTest { } } - -/** - ** a page test for "Special:Blockme" - */ -class specialBlockmeTest extends pageTest { - function __construct() { - $this->pagePath = "index.php?title=Special:Blockme"; - - $this->params = array (); - - // sometimes we specify "ip", and sometimes we don't. - if ( wikiFuzz::randnum( 1 ) == 0 ) { - $this->params["ip"] = wikiFuzz::chooseInput( array( "10.12.41.213", wikiFuzz::randnum( 8134, -10 ), wikiFuzz::makeFuzz( 2 ) ) ); - } - } -} - - /** ** a page test for "Special:Movepage" */ @@ -2161,7 +2142,7 @@ class GeSHi_Test extends pageTest { /** ** selects a page test to run. * @param $count - * @return \api|\confirmEmail|\contributionsTest|\editPageTest|\imagelistTest|\imagepageTest|\ipblocklistTest|\listusersTest|\mimeSearchTest|\newImagesTest|\pageDeletion|\pageHistoryTest|\pageProtectionForm|\prefixindexTest|\profileInfo|\recentchangesTest|\redirectTest|\searchTest|\specialAllmessagesTest|\specialAllpagesTest|\specialBlockip|\specialBlockmeTest|\specialBooksourcesTest|\specialCategoryTree|\specialChemicalsourcesTest|\specialCitePageTest|\specialExportTest|\specialFilepathPageTest|\specialImportPageTest|\specialLinksearch|\specialLockdbPageTest|\specialLogTest|\specialMovePage|\specialNewpagesPageTest|\specialRenameuserPageTest|\specialRevisionDeletePageTest|\specialUndeletePageTest|\specialUnlockdbPageTest|\specialUserrights|\successfulUserLoginTest|\thumbTest|\userLoginTest|\viewPageTest|\watchlistTest + * @return \api|\confirmEmail|\contributionsTest|\editPageTest|\imagelistTest|\imagepageTest|\ipblocklistTest|\listusersTest|\mimeSearchTest|\newImagesTest|\pageDeletion|\pageHistoryTest|\pageProtectionForm|\prefixindexTest|\profileInfo|\recentchangesTest|\redirectTest|\searchTest|\specialAllmessagesTest|\specialAllpagesTest|\specialBlockip|\specialBooksourcesTest|\specialCategoryTree|\specialChemicalsourcesTest|\specialCitePageTest|\specialExportTest|\specialFilepathPageTest|\specialImportPageTest|\specialLinksearch|\specialLockdbPageTest|\specialLogTest|\specialMovePage|\specialNewpagesPageTest|\specialRenameuserPageTest|\specialRevisionDeletePageTest|\specialUndeletePageTest|\specialUnlockdbPageTest|\specialUserrights|\successfulUserLoginTest|\thumbTest|\userLoginTest|\viewPageTest|\watchlistTest */ function selectPageTest( $count ) { @@ -2197,7 +2178,6 @@ function selectPageTest( $count ) { case 20: return new redirectTest(); case 21: return new confirmEmail(); case 22: return new watchlistTest(); - case 23: return new specialBlockmeTest(); case 24: return new specialUndeletePageTest(); case 25: return new specialMovePage(); case 26: return new specialUnlockdbPageTest(); diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc index ca3a4f554b..a94b6d5451 100644 --- a/maintenance/language/messages.inc +++ b/maintenance/language/messages.inc @@ -2378,11 +2378,8 @@ $wgMessageStructure = array( 'ipb_blocked_as_range', 'ip_range_invalid', 'ip_range_toolarge', - 'blockme', 'proxyblocker', - 'proxyblocker-disabled', 'proxyblockreason', - 'proxyblocksuccess', 'sorbs', 'sorbsreason', 'sorbs_create_account_reason', diff --git a/maintenance/proxyCheck.php b/maintenance/proxyCheck.php deleted file mode 100644 index b52f20fb50..0000000000 --- a/maintenance/proxyCheck.php +++ /dev/null @@ -1,70 +0,0 @@ -> /home/tstarling/open/proxy.log`; -- 2.20.1