From c2f357f1bf993709783c19154e06448c2dc8dd0f Mon Sep 17 00:00:00 2001
From: =?utf8?q?Gerg=C5=91=20Tisza?= <gtisza@wikimedia.org>
Date: Thu, 2 Feb 2017 01:23:01 +0000
Subject: [PATCH] User::isPingLimitable(): handle CIDR notation in
 $wgRateLimitsExcludedIPs

Bug: T156983
Change-Id: I727c19214cb3f9fad558d433bb38fbcf25d8497a
---
 includes/DefaultSettings.php             |  2 +-
 includes/user/User.php                   |  2 +-
 tests/phpunit/includes/user/UserTest.php | 22 ++++++++++++++++++++++
 3 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index c4833660d8..5ecf17cb26 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -5681,7 +5681,7 @@ $wgRateLimits = [
 ];
 
 /**
- * Array of IPs which should be excluded from rate limits.
+ * Array of IPs / CIDR ranges which should be excluded from rate limits.
  * This may be useful for whitelisting NAT gateways for conferences, etc.
  */
 $wgRateLimitsExcludedIPs = [];
diff --git a/includes/user/User.php b/includes/user/User.php
index d0a2f9213f..1b32503a7a 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -1862,7 +1862,7 @@ class User implements IDBAccessObject {
 	 */
 	public function isPingLimitable() {
 		global $wgRateLimitsExcludedIPs;
-		if ( in_array( $this->getRequest()->getIP(), $wgRateLimitsExcludedIPs ) ) {
+		if ( IP::isInRanges( $this->getRequest()->getIP(), $wgRateLimitsExcludedIPs ) ) {
 			// No other good way currently to disable rate limits
 			// for specific IPs. :P
 			// But this is a crappy hack and should die.
diff --git a/tests/phpunit/includes/user/UserTest.php b/tests/phpunit/includes/user/UserTest.php
index deb970820e..615da2ecef 100644
--- a/tests/phpunit/includes/user/UserTest.php
+++ b/tests/phpunit/includes/user/UserTest.php
@@ -862,4 +862,26 @@ class UserTest extends MediaWikiTestCase {
 		// Clean up.
 		$block->delete();
 	}
+
+	public function testIsPingLimitable() {
+		$request = new FauxRequest();
+		$request->setIP( '1.2.3.4' );
+		$user = User::newFromSession( $request );
+
+		$this->setMwGlobals( 'wgRateLimitsExcludedIPs', [] );
+		$this->assertTrue( $user->isPingLimitable() );
+
+		$this->setMwGlobals( 'wgRateLimitsExcludedIPs', [ '1.2.3.4' ] );
+		$this->assertFalse( $user->isPingLimitable() );
+
+		$this->setMwGlobals( 'wgRateLimitsExcludedIPs', [ '1.2.3.0/8' ] );
+		$this->assertFalse( $user->isPingLimitable() );
+
+		$this->setMwGlobals( 'wgRateLimitsExcludedIPs', [] );
+		$noRateLimitUser = $this->getMockBuilder( User::class )->disableOriginalConstructor()
+			->setMethods( [ 'getIP', 'getRights' ] )->getMock();
+		$noRateLimitUser->expects( $this->any() )->method( 'getIP' )->willReturn( '1.2.3.4' );
+		$noRateLimitUser->expects( $this->any() )->method( 'getRights' )->willReturn( [ 'noratelimit' ] );
+		$this->assertFalse( $noRateLimitUser->isPingLimitable() );
+	}
 }
-- 
2.20.1