From 5792d17de1b63433702be8a384f635797a92f26f Mon Sep 17 00:00:00 2001 From: Andrew H Date: Wed, 16 Dec 2015 01:03:45 +0000 Subject: [PATCH] Prevent blocked users from modifying change tags Bug: T102063 Change-Id: I030b781175c998dd1553c87042d98ded8eb6bc84 --- includes/api/ApiTag.php | 24 +++++++++++++- includes/changetags/ChangeTags.php | 48 ++++++++++++++++++++------- includes/specials/SpecialEditTags.php | 5 +++ languages/i18n/en.json | 3 ++ languages/i18n/qqq.json | 3 ++ 5 files changed, 70 insertions(+), 13 deletions(-) diff --git a/includes/api/ApiTag.php b/includes/api/ApiTag.php index 527c6cb106..2bba0e221f 100644 --- a/includes/api/ApiTag.php +++ b/includes/api/ApiTag.php @@ -31,13 +31,35 @@ class ApiTag extends ApiBase { public function execute() { $params = $this->extractRequestParams(); + $user = $this->getUser(); // make sure the user is allowed - if ( !$this->getUser()->isAllowed( 'changetags' ) ) { + if ( !$user->isAllowed( 'changetags' ) ) { $this->dieUsage( "You don't have permission to add or remove change tags from individual edits", 'permissiondenied' ); } + if ( $user->isBlocked() ) { + $block = $user->getBlock(); + + // Die using the appropriate messege depending on block type + if ( $block->getType() == TYPE_AUTO ) { + $this->dieUsage( + 'Your IP address has been blocked automatically, because it was used by a blocked user', + 'autoblocked', + 0, + array( 'blockinfo' => ApiQueryUserInfo::getBlockInfo( $block ) ) + ); + } else { + $this->dieUsage( + 'You have been blocked from editing', + 'blocked', + 0, + array( 'blockinfo' => ApiQueryUserInfo::getBlockInfo( $block ) ) + ); + } + } + // validate and process each revid, rcid and logid $this->requireAtLeastOneParameter( $params, 'revid', 'rcid', 'logid' ); $ret = array(); diff --git a/includes/changetags/ChangeTags.php b/includes/changetags/ChangeTags.php index bbb5c8c4fa..5aac495641 100644 --- a/includes/changetags/ChangeTags.php +++ b/includes/changetags/ChangeTags.php @@ -358,8 +358,12 @@ class ChangeTags { public static function canAddTagsAccompanyingChange( array $tags, User $user = null ) { - if ( !is_null( $user ) && !$user->isAllowed( 'applychangetags' ) ) { - return Status::newFatal( 'tags-apply-no-permission' ); + if ( !is_null( $user ) ) { + if ( !$user->isAllowed( 'applychangetags' ) ) { + return Status::newFatal( 'tags-apply-no-permission' ); + } elseif ( $user->isBlocked() ) { + return Status::newFatal( 'tags-apply-blocked' ); + } } // to be applied, a tag has to be explicitly defined @@ -425,8 +429,12 @@ class ChangeTags { public static function canUpdateTags( array $tagsToAdd, array $tagsToRemove, User $user = null ) { - if ( !is_null( $user ) && !$user->isAllowed( 'changetags' ) ) { - return Status::newFatal( 'tags-update-no-permission' ); + if ( !is_null( $user ) ) { + if ( !$user->isAllowed( 'changetags' ) ) { + return Status::newFatal( 'tags-update-no-permission' ); + } elseif ( $user->isBlocked() ) { + return Status::newFatal( 'tags-update-blocked' ); + } } if ( $tagsToAdd ) { @@ -766,8 +774,12 @@ class ChangeTags { * @since 1.25 */ public static function canActivateTag( $tag, User $user = null ) { - if ( !is_null( $user ) && !$user->isAllowed( 'managechangetags' ) ) { - return Status::newFatal( 'tags-manage-no-permission' ); + if ( !is_null( $user ) ) { + if ( !$user->isAllowed( 'managechangetags' ) ) { + return Status::newFatal( 'tags-manage-no-permission' ); + } elseif ( $user->isBlocked() ) { + return Status::newFatal( 'tags-manage-blocked' ); + } } // defined tags cannot be activated (a defined tag is either extension- @@ -830,8 +842,12 @@ class ChangeTags { * @since 1.25 */ public static function canDeactivateTag( $tag, User $user = null ) { - if ( !is_null( $user ) && !$user->isAllowed( 'managechangetags' ) ) { - return Status::newFatal( 'tags-manage-no-permission' ); + if ( !is_null( $user ) ) { + if ( !$user->isAllowed( 'managechangetags' ) ) { + return Status::newFatal( 'tags-manage-no-permission' ); + } elseif ( $user->isBlocked() ) { + return Status::newFatal( 'tags-manage-blocked' ); + } } // only explicitly-defined tags can be deactivated @@ -885,8 +901,12 @@ class ChangeTags { * @since 1.25 */ public static function canCreateTag( $tag, User $user = null ) { - if ( !is_null( $user ) && !$user->isAllowed( 'managechangetags' ) ) { - return Status::newFatal( 'tags-manage-no-permission' ); + if ( !is_null( $user ) ) { + if ( !$user->isAllowed( 'managechangetags' ) ) { + return Status::newFatal( 'tags-manage-no-permission' ); + } elseif ( $user->isBlocked() ) { + return Status::newFatal( 'tags-manage-blocked' ); + } } // no empty tags @@ -1014,8 +1034,12 @@ class ChangeTags { public static function canDeleteTag( $tag, User $user = null ) { $tagUsage = self::tagUsageStatistics(); - if ( !is_null( $user ) && !$user->isAllowed( 'managechangetags' ) ) { - return Status::newFatal( 'tags-manage-no-permission' ); + if ( !is_null( $user ) ) { + if ( !$user->isAllowed( 'managechangetags' ) ) { + return Status::newFatal( 'tags-manage-no-permission' ); + } elseif ( $user->isBlocked() ) { + return Status::newFatal( 'tags-manage-blocked' ); + } } if ( !isset( $tagUsage[$tag] ) && !in_array( $tag, self::listDefinedTags() ) ) { diff --git a/includes/specials/SpecialEditTags.php b/includes/specials/SpecialEditTags.php index 6545541a09..97b04c23f5 100644 --- a/includes/specials/SpecialEditTags.php +++ b/includes/specials/SpecialEditTags.php @@ -63,6 +63,11 @@ class SpecialEditTags extends UnlistedSpecialPage { $user = $this->getUser(); $request = $this->getRequest(); + // Check blocks + if ( $user->isBlocked() ) { + throw new UserBlockedError( $user->getBlock() ); + } + $this->setHeaders(); $this->outputHeader(); diff --git a/languages/i18n/en.json b/languages/i18n/en.json index 5603100286..0c72d7760c 100644 --- a/languages/i18n/en.json +++ b/languages/i18n/en.json @@ -3528,6 +3528,7 @@ "tags-deactivate": "deactivate", "tags-hitcount": "$1 {{PLURAL:$1|change|changes}}", "tags-manage-no-permission": "You do not have permission to manage change tags.", + "tags-manage-blocked": "You cannot manage change tags while blocked.", "tags-create-heading": "Create a new tag", "tags-create-explanation": "By default, newly created tags will be made available for use by users and bots.", "tags-create-tag-name": "Tag name:", @@ -3562,9 +3563,11 @@ "tags-deactivate-not-allowed": "It is not possible to deactivate the tag \"$1\".", "tags-deactivate-submit": "Deactivate", "tags-apply-no-permission": "You do not have permission to apply change tags along with your changes.", + "tags-apply-blocked": "You cannot apply change tags along with your changes while blocked.", "tags-apply-not-allowed-one": "The tag \"$1\" is not allowed to be manually applied.", "tags-apply-not-allowed-multi": "The following {{PLURAL:$2|tag is|tags are}} not allowed to be manually applied: $1", "tags-update-no-permission": "You do not have permission to add or remove change tags from individual revisions or log entries.", + "tags-update-blocked": "You cannot add or remove change tags while blocked.", "tags-update-add-not-allowed-one": "The tag \"$1\" is not allowed to be manually added.", "tags-update-add-not-allowed-multi": "The following {{PLURAL:$2|tag is|tags are}} not allowed to be manually added: $1", "tags-update-remove-not-allowed-one": "The tag \"$1\" is not allowed to be removed.", diff --git a/languages/i18n/qqq.json b/languages/i18n/qqq.json index daa5b20852..329e901963 100644 --- a/languages/i18n/qqq.json +++ b/languages/i18n/qqq.json @@ -3703,6 +3703,7 @@ "tags-deactivate": "Used on [[Special:Tags]]. Verb. Used as display text on a link to deactivate a tag.\n{{Identical|Delete}}", "tags-hitcount": "Shown in the \"{{msg-mw|Tags-hitcount-header}}\" column in [[Special:Tags]]. For more information on tags see [[mw:Manual:Tags|MediaWiki]].\n\nParameters:\n* $1 - the number of changes marked with the tag", "tags-manage-no-permission": "Error message on [[Special:Tags]]", + "tags-manage-blocked": "Error message on [[Special:Tags]]", "tags-create-heading": "The title of a fieldset, beneath which lies a form used to create a tag. For more information on tags see [[mw:Manual:Tags|MediaWiki]].", "tags-create-explanation": "The first paragraph of an explanation to tell users what they are about to do.", "tags-create-tag-name": "Form field label for the name of the tag to be created.", @@ -3737,9 +3738,11 @@ "tags-deactivate-not-allowed": "Error message on [[Special:Tags]]", "tags-deactivate-submit": "The label of the form \"submit\" button when the user is about to deactivate a tag.\n{{Identical|Deactivate}}", "tags-apply-no-permission": "Error message seen via the API when a user lacks the permission to apply change tags.", + "tags-apply-blocked": "Error message seen via the API when a user is blocked and attempted to apply change tags.", "tags-apply-not-allowed-one": "Error message seen via the API when a user tries to apply a single tag that is not properly defined. This message is only ever used in the case of 1 tag.\n\nParameters:\n* $1 - tag name", "tags-apply-not-allowed-multi": "Error message seen via the API when a user tries to apply more than one tag that is not properly defined.\n\nParameters:\n* $1 - comma-separated list of tag names\n* $2 - number of tags", "tags-update-no-permission": "Error message seen via the API when a user lacks the permission to add or remove change tags after the fact.", + "tags-update-blocked": "Error message seen via the API when a user is blocked and attempted to add or remove change tags after the fact.", "tags-update-add-not-allowed-one": "Error message seen via the API when a user tries to add a single tag that is not properly defined. This message is only ever used in the case of 1 tag.\n\nParameters:\n* $1 - tag name", "tags-update-add-not-allowed-multi": "Error message seen via the API when a user tries to add more than one tag that is not properly defined.\n\nParameters:\n* $1 - comma-separated list of tag names\n* $2 - number of tags", "tags-update-remove-not-allowed-one": "Error message seen via the API when a user tries to remove a single tag that is not properly defined. This message is only ever used in the case of 1 tag.\n\nParameters:\n* $1 - tag name", -- 2.20.1