downloading the XML dump during a transwiki import in seconds.
* Parser limit report is now available in machine-readable format to JavaScript
via mw.config.get('wgPageParseReport').
+* Added $wgSoftBlockRanges, to allow for automatically blocking anonymous edits
+ from certain IP ranges (e.g. private IPs).
=== External library changes in 1.29 ===
*/
$wgProxyWhitelist = [];
+/**
+ * IP ranges that should be considered soft-blocked (anon-only, account
+ * creation allowed). The intent is to use this to prevent anonymous edits from
+ * shared resources such as Wikimedia Labs.
+ * @since 1.29
+ * @var string[]
+ */
+$wgSoftBlockRanges = [];
+
/**
* Whether to look at the X-Forwarded-For header's list of (potentially spoofed)
* IPs and apply IP blocks to them. This allows for IP blocks to work with correctly-configured
protected $queryFlagsUsed = self::READ_NORMAL;
/** @var string Indicates type of block (used for eventlogging)
- * Permitted values: 'cookie-block', 'proxy-block', 'openproxy-block', 'xff-block'
+ * Permitted values: 'cookie-block', 'proxy-block', 'openproxy-block', 'xff-block',
+ * 'config-block'
*/
public $blockTrigger = false;
* Check when actually saving should be done against master.
*/
private function getBlockedStatus( $bFromSlave = true ) {
- global $wgProxyWhitelist, $wgUser, $wgApplyIpBlocksToXff;
+ global $wgProxyWhitelist, $wgUser, $wgApplyIpBlocksToXff, $wgSoftBlockRanges;
if ( -1 != $this->mBlockedby ) {
return;
}
}
+ if ( !$block instanceof Block
+ && $ip !== null
+ && $this->isAnon()
+ && IP::isInRanges( $ip, $wgSoftBlockRanges )
+ ) {
+ $block = new Block( [
+ 'address' => $ip,
+ 'byText' => 'MediaWiki default',
+ 'reason' => wfMessage( 'softblockrangesreason', $ip )->text(),
+ 'anonOnly' => true,
+ 'systemBlock' => 'wgSoftBlockRanges',
+ ] );
+ $this->blockTrigger = 'config-block';
+ }
+
if ( $block instanceof Block ) {
wfDebug( __METHOD__ . ": Found block.\n" );
$this->mBlock = $block;
"sorbs": "DNSBL",
"sorbsreason": "Your IP address is listed as an open proxy in the DNSBL used by {{SITENAME}}.",
"sorbs_create_account_reason": "Your IP address is listed as an open proxy in the DNSBL used by {{SITENAME}}.\nYou cannot create an account.",
+ "softblockrangesreason": "Anonymous contributions are not allowed from your IP address ($1). Please log in.",
"xffblockreason": "An IP address present in the X-Forwarded-For header, either yours or that of a proxy server you are using, has been blocked. The original block reason was: $1",
"cant-see-hidden-user": "The user you are trying to block has already been blocked and hidden.\nSince you do not have the hideuser right, you cannot see or edit the user's block.",
"ipbblocked": "You cannot block or unblock other users because you are yourself blocked.",
"sorbs": "{{optional}}",
"sorbsreason": "See also:\n* {{msg-mw|Sorbsreason}}\n* {{msg-mw|Sorbs create account_reason}}",
"sorbs_create_account_reason": "Used in [[Special:UserLogin]] when creating an account.\n\nSee also:\n* {{msg-mw|Sorbsreason}}\n* {{msg-mw|Sorbs create account_reason}}",
+ "softblockrangesreason": "This text is shown to the user as a block reason and describes that the user is being blocked because the user is not logged in and their IP is in [[mw:Special:MyLanguage/Manual:$wgSoftBlockRanges|$wgSoftBlockRanges]].\n\nParameters:\n* $1 - The IP address that is blocked.",
"xffblockreason": "This text is shown to the user as a block reason and describes that the user is being blocked because an IP in the X-Forwarded-For header (which lists the user's IP as well as all IPs of the transparent proxy servers they went through) sent when they loaded the page has been blocked:\n* $1 is the original block reason for the IP address matched in the X-Forwarded-For header",
"cant-see-hidden-user": "Used as (red) error message on [[Special:Block]] when you try to change (as sysop without the hideuser right) the block of a hidden user.",
"ipbblocked": "Error message shown when a user tries to alter block settings when they are themselves blocked.",
// Clean up.
$block->delete();
}
+
+ public function testSoftBlockRanges() {
+ global $wgUser;
+
+ $this->setMwGlobals( [
+ 'wgSoftBlockRanges' => [ '10.0.0.0/8' ],
+ 'wgUser' => null,
+ ] );
+
+ // IP isn't in $wgSoftBlockRanges
+ $request = new FauxRequest();
+ $request->setIP( '192.168.0.1' );
+ $wgUser = User::newFromSession( $request );
+ $this->assertNull( $wgUser->getBlock() );
+
+ // IP is in $wgSoftBlockRanges
+ $request = new FauxRequest();
+ $request->setIP( '10.20.30.40' );
+ $wgUser = User::newFromSession( $request );
+ $block = $wgUser->getBlock();
+ $this->assertInstanceOf( Block::class, $block );
+ $this->assertSame( 'wgSoftBlockRanges', $block->getSystemBlockType() );
+
+ // Make sure the block is really soft
+ $request->getSession()->setUser( $this->getTestUser()->getUser() );
+ $wgUser = User::newFromSession( $request );
+ $this->assertFalse( $wgUser->isAnon(), 'sanity check' );
+ $this->assertNull( $wgUser->getBlock() );
+ }
+
}