* just slightly outta sync and soon corrected - safer to block slightly more that less.
* And it's cheaper to check slave first, then master if needed, than master always.
*/
- function getBlockedStatus( $bFromSlave = false ) {
- global $wgIP, $wgBlockCache, $wgProxyList;
+ function getBlockedStatus() {
+ global $wgIP, $wgBlockCache, $wgProxyList, $wgEnableSorbs;
if ( -1 != $this->mBlockedby ) { return; }
$this->mBlockreason = wfMsg( 'proxyblockreason' );
}
}
+
+ # DNSBL
+ if ( !$this->mBlockedby && $wgEnableSorbs ) {
+ if ( $this->inSorbsBlacklist( $wgIP ) ) {
+ $this->mBlockedBy = wfMsg( 'sorbs' );
+ $this->mBlockereason = wfMsg( 'sorbsreason' );
+ }
+ }
+
}
+ function inSorbsBlacklist( $ip ) {
+ $fname = 'User::inSorbsBlacklist';
+ wfProfileIn( $fname );
+
+ $found = false;
+ $host = '';
+
+ if ( preg_match( '/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/', $ip, $m ) ) {
+ # Make hostname
+ for ( $i=4; $i>=1; $i-- ) {
+ $host .= $m[$i] . '.';
+ }
+ $host .= 'http.dnsbl.sorbs.net.';
+
+ # Send query
+ $ipList = gethostbynamel( $host );
+
+ if ( $ipList ) {
+ wfDebug( "Hostname $host is {$ipList[0]}, it's a proxy!\n" );
+ $found = true;
+ } else {
+ wfDebug( "Requested $host, not found.\n" );
+ }
+ }
+
+ wfProfileOut( $fname );
+ return $found;
+ }
+
/**
* Check if user is blocked
* @return bool True if blocked, false otherwise
'proxyblocker' => 'Proxy blocker',
'proxyblockreason' => 'Your IP address has been blocked because it is an open proxy. Please contact your Internet service provider or tech support and inform them of this serious security problem.',
'proxyblocksuccess' => "Done.\n",
+'sorbs' => 'SORBS DNSBL',
+'sorbsreason' => 'Your IP address is listed as an open proxy in the [http://www.sorbs.net SORBS] DNSBL.',
+
# Developer tools
#
dépôts / lhc / web / wiklou.git / commitdiff