From: Tim Starling <tstarling@users.mediawiki.org>
Date: Tue, 6 Apr 2004 01:25:26 +0000 (+0000)
Subject: Cryptographic security in Special:Blockme, in response to reports of abuse
X-Git-Tag: 1.3.0beta1~588
X-Git-Url: http://git.cyclocoop.org/%22.%24match%5B1%5D.%22?a=commitdiff_plain;h=f60cc2f4cae2d0b1ac29db66b5fff587c31ef368;p=lhc%2Fweb%2Fwiklou.git

Cryptographic security in Special:Blockme, in response to reports of abuse
---

diff --git a/config/index.php b/config/index.php
index b353e5a5d5..dc0d126e01 100644
--- a/config/index.php
+++ b/config/index.php
@@ -620,6 +620,7 @@ function writeLocalSettings( $conf ) {
 	$convert = ($conf->ImageMagick ? $conf->ImageMagick : "/usr/bin/convert" );
 	$pretty = ($conf->prettyURLs ? "" : "# ");
 	$ugly = ($conf->prettyURLs ? "# " : "");
+	$proxyKey = Parser::getRandomString() . Parser::getRandomString();
 	
 	$sep = (DIRECTORY_SEPARATOR == "\\") ? ";" : ":";
 	return "
@@ -703,6 +704,7 @@ if ( \$wgUseSmarty ) {
 
 \$wgLanguageCode = \"{$conf->LanguageCode}\";
 " . ($conf->Encoding ? "\$wgInputEncoding = \$wgOutputEncoding = \"{$conf->Encoding}\";" : "" ) . "
+\$wgProxyKey = $proxyKey;
 
 ";
 }
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 143b74924e..0b7b395679 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -150,6 +150,7 @@ $wgBlockOpenProxies = false; # Automatic open proxy test on edit
 $wgProxyPorts = array( 80, 81, 1080, 3128, 6588, 8000, 8080, 8888, 65506 );
 $wgProxyScriptPath = "$IP/proxy_check.php";
 $wgProxyMemcExpiry = 86400;
+$wgProxyKey = "W1svekXc5u6lZllTZOwnzEk1nbs";
 
 # Client-side caching:
 $wgCachePages       = true; # Allow client-side caching of pages
diff --git a/includes/EditPage.php b/includes/EditPage.php
index e2946a8321..f7149e66b2 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -445,14 +445,16 @@ htmlspecialchars( $wgLang->recodeForEdit( $this->textbox1 ) ) .
 		# Fork the processes
 		if ( !$skip ) {
 			$title = Title::makeTitle( NS_SPECIAL, "Blockme" );
-			$url = $title->getFullURL();
+			$iphash = md5( $wgIP . $wgProxyKey );
+			$url = wfFullUrl( $title->getPrefixedURL(), "ip=$iphash" );
+
 			foreach ( $wgProxyPorts as $port ) {
 				$params = implode( " ", array(
-				  escapeshellarg( $wgProxyScriptPath ),
-				  escapeshellarg( $wgIP ),
-				  escapeshellarg( $port ),
-				  escapeshellarg( $url )
-				));
+							escapeshellarg( $wgProxyScriptPath ),
+							escapeshellarg( $wgIP ),
+							escapeshellarg( $port ),
+							escapeshellarg( $url )
+							));
 				exec( "php $params &>/dev/null &" );
 			}
 			# Set MemCached key
diff --git a/includes/SpecialBlockme.php b/includes/SpecialBlockme.php
index 1ea9f8b31f..fd547bb679 100644
--- a/includes/SpecialBlockme.php
+++ b/includes/SpecialBlockme.php
@@ -1,17 +1,17 @@
 <?php
 function wfSpecialBlockme()
 {
-	global $wgIP, $wgBlockOpenProxies, $wgOut;
+	global $wgIP, $wgBlockOpenProxies, $wgOut, $wgProxyKey;
 
-	if ( !$wgBlockOpenProxies ) {
+	if ( !$wgBlockOpenProxies || $_REQUEST['ip'] != md5( $wgIP . $wgProxyKey ) ) {
 		$wgOut->addWikiText( wfMsg( "disabled" ) );
 		return;
-	}
+	}       
 
 	$blockerName = wfMsg( "proxyblocker" );
 	$reason = wfMsg( "proxyblockreason" );
 	$success = wfMsg( "proxyblocksuccess" );
-	
+
 	$u = User::newFromName( $blockerName );
 	$id = $u->idForName();
 	if ( !$id ) {