From: Brian Wolff <bawolff+wn@gmail.com>
Date: Tue, 19 Apr 2016 14:25:43 +0000 (-0400)
Subject: SECURITY: Make blocks log users out if $wgBlockDisablesLogin
X-Git-Tag: 1.31.0-rc.0~5958^2
X-Git-Url: http://git.cyclocoop.org/%27%2C%20%20%20quote_amp%28%24url%29%2C%20%20%20%27?a=commitdiff_plain;h=d2d12dc5785ea3ce7e2a8f1ead410cd866a17be7;p=lhc%2Fweb%2Fwiklou.git

SECURITY: Make blocks log users out if $wgBlockDisablesLogin

Issue originally reported by Multichill

Bug: T129738
Change-Id: Iddc58e504297c60f6d3ca99f21034fe7c5cf9801
---

diff --git a/includes/Block.php b/includes/Block.php
index 93df004c5f..bcbf494e3a 100644
--- a/includes/Block.php
+++ b/includes/Block.php
@@ -457,6 +457,7 @@ class Block {
 	 *	('id' => block ID, 'autoIds' => array of autoblock IDs)
 	 */
 	public function insert( $dbw = null ) {
+		global $wgBlockDisablesLogin;
 		wfDebug( "Block::insert; timestamp {$this->mTimestamp}\n" );
 
 		if ( $dbw === null ) {
@@ -499,6 +500,13 @@ class Block {
 
 		if ( $affected ) {
 			$auto_ipd_ids = $this->doRetroactiveAutoblock();
+
+			if ( $wgBlockDisablesLogin && $this->target instanceof User ) {
+				// Change user login token to force them to be logged out.
+				$this->target->setToken();
+				$this->target->saveSettings();
+			}
+
 			return [ 'id' => $this->mId, 'autoIds' => $auto_ipd_ids ];
 		}