* The precise format of metric datagrams produced by the UDP profiler and stats counter
may now be specified as $wgUDPProfilerFormatString and $wgStatsFormatString,
respectively.
+* (bug 54597) $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath, and
+ $wgProxyMemcExpiry have been removed, along with the open proxy scanner
+ script they were added for.
=== New features in 1.22 ===
* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and attributes.
'SpecialBlankpage' => 'includes/specials/SpecialBlankpage.php',
'SpecialBlock' => 'includes/specials/SpecialBlock.php',
'SpecialBlockList' => 'includes/specials/SpecialBlockList.php',
- 'SpecialBlockme' => 'includes/specials/SpecialBlockme.php',
'SpecialBookSources' => 'includes/specials/SpecialBooksources.php',
'SpecialCachedPage' => 'includes/specials/SpecialCachedPage.php',
'SpecialCategories' => 'includes/specials/SpecialCategories.php',
'ScriptImporter', // Default user name used by maintenance/importSiteScripts.php
'msg:double-redirect-fixer', // Automatic double redirect fix
'msg:usermessage-editor', // Default user for leaving user messages
- 'msg:proxyblocker', // For Special:Blockme
+ 'msg:proxyblocker', // For $wgProxyList and Special:Blockme (removed in 1.22)
);
/**
* @{
*/
-/**
- * If you enable this, every editor's IP address will be scanned for open HTTP
- * proxies.
- *
- * @warning Don't enable this. Many sysops will report "hostile TCP port scans"
- * to your ISP and ask for your server to be shut down.
- * You have been warned.
- */
-$wgBlockOpenProxies = false;
-
-/**
- * Port we want to scan for a proxy
- */
-$wgProxyPorts = array( 80, 81, 1080, 3128, 6588, 8000, 8080, 8888, 65506 );
-
-/**
- * Script used to scan
- */
-$wgProxyScriptPath = "$IP/maintenance/proxyCheck.php";
-
-/**
- * Expiration time for cached proxy IPs
- */
-$wgProxyMemcExpiry = 86400;
-
/**
* This should always be customised in LocalSettings.php
*/
if ( $this->textbox1 === false ) {
return false;
}
- wfProxyCheck();
return true;
}
in_array( $ip, $wgSquidServersNoPurge );
return $trusted;
}
-
-/**
- * Forks processes to scan the originating IP for an open proxy server
- * MemCached can be used to skip IPs that have already been scanned
- */
-function wfProxyCheck() {
- global $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath;
- global $wgMemc, $wgProxyMemcExpiry, $wgRequest;
- global $wgProxyKey;
-
- if ( !$wgBlockOpenProxies ) {
- return;
- }
-
- $ip = $wgRequest->getIP();
-
- # Get MemCached key
- $mcKey = wfMemcKey( 'proxy', 'ip', $ip );
- $mcValue = $wgMemc->get( $mcKey );
- $skip = (bool)$mcValue;
-
- # Fork the processes
- if ( !$skip ) {
- $title = SpecialPage::getTitleFor( 'Blockme' );
- $iphash = md5( $ip . $wgProxyKey );
- $url = wfExpandUrl( $title->getFullURL( 'ip=' . $iphash ), PROTO_HTTP );
-
- foreach ( $wgProxyPorts as $port ) {
- $params = implode( ' ', array(
- escapeshellarg( $wgProxyScriptPath ),
- escapeshellarg( $ip ),
- escapeshellarg( $port ),
- escapeshellarg( $url )
- ));
- exec( "php $params >" . wfGetNull() . " 2>&1 &" );
- }
- # Set MemCached key
- $wgMemc->set( $mcKey, 1, $wgProxyMemcExpiry );
- }
-}
// Unlisted / redirects
'Blankpage' => 'SpecialBlankpage',
- 'Blockme' => 'SpecialBlockme',
'Emailuser' => 'SpecialEmailUser',
'Movepage' => 'MovePageForm',
'Mycontributions' => 'SpecialMycontributions',
+++ /dev/null
-<?php
-/**
- * Implements Special:Blockme
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- * http://www.gnu.org/copyleft/gpl.html
- *
- * @file
- * @ingroup SpecialPage
- */
-
-/**
- * A special page called by proxyCheck.php to block open proxies
- *
- * @ingroup SpecialPage
- */
-class SpecialBlockme extends UnlistedSpecialPage {
-
- function __construct() {
- parent::__construct( 'Blockme' );
- }
-
- function execute( $par ) {
- global $wgBlockOpenProxies, $wgProxyKey;
-
- $this->setHeaders();
- $this->outputHeader();
-
- $ip = $this->getRequest()->getIP();
- if ( !$wgBlockOpenProxies || $this->getRequest()->getText( 'ip' ) != md5( $ip . $wgProxyKey ) ) {
- $this->getOutput()->addWikiMsg( 'proxyblocker-disabled' );
-
- return;
- }
-
- $user = User::newFromName( $this->msg( 'proxyblocker' )->inContentLanguage()->text() );
- # FIXME: newFromName could return false on a badly configured wiki.
- if ( !$user->isLoggedIn() ) {
- $user->addToDatabase();
- }
-
- $block = new Block();
- $block->setTarget( $ip );
- $block->setBlocker( $user );
- $block->mReason = $this->msg( 'proxyblockreason' )->inContentLanguage()->text();
-
- $block->insert();
-
- $this->getOutput()->addWikiMsg( 'proxyblocksuccess' );
- }
-
- protected function getGroupName() {
- return 'other';
- }
-}
'Badtitle' => array( 'Badtitle' ),
'Blankpage' => array( 'BlankPage' ),
'Block' => array( 'Block', 'BlockIP', 'BlockUser' ),
- 'Blockme' => array( 'BlockMe' ),
'Booksources' => array( 'BookSources' ),
'BrokenRedirects' => array( 'BrokenRedirects' ),
'Categories' => array( 'Categories' ),
It is, however, blocked as part of the range $2, which can be unblocked.',
'ip_range_invalid' => 'Invalid IP range.',
'ip_range_toolarge' => 'Range blocks larger than /$1 are not allowed.',
-'blockme' => 'Block me',
'proxyblocker' => 'Proxy blocker',
-'proxyblocker-disabled' => 'This function is disabled.',
'proxyblockreason' => 'Your IP address has been blocked because it is an open proxy.
Please contact your Internet service provider or technical support of your organization and inform them of this serious security problem.',
-'proxyblocksuccess' => 'Done.',
'sorbs' => 'DNSBL', # only translate this message to other languages if you have to change it
'sorbsreason' => 'Your IP address is listed as an open proxy in the DNSBL used by {{SITENAME}}.',
'sorbs_create_account_reason' => 'Your IP address is listed as an open proxy in the DNSBL used by {{SITENAME}}.
* {{msg-mw|Ip range toolarge}}',
'blockme' => '{{doc-special|BlockMe|unlisted=1}}
This feature is disabled by default.',
-'proxyblocker' => 'Used in [[Special:BlockMe]].
+'proxyblocker' => 'Username for blocking IP addresses listed in [[mw:Manual:$wgProxyList|$wgProxyList]].
See also:
-* {{msg-mw|proxyblocker-disabled}}
-* {{msg-mw|proxyblockreason}}
-* {{msg-mw|proxyblocksuccess}}',
+* {{msg-mw|proxyblockreason}}',
'proxyblocker-disabled' => 'Used in [[Special:BlockMe]].
See also:
* {{msg-mw|proxyblocker}}
* {{msg-mw|proxyblockreason}}
* {{msg-mw|proxyblocksuccess}}',
-'proxyblockreason' => 'Used as explanation of the reason in [[Special:BlockMe]].
+'proxyblockreason' => 'Reason for blocking IP addresses listed in [[mw:Manual:$wgProxyList|$wgProxyList]].
See also:
-* {{msg-mw|proxyblocker-disabled}}
-* {{msg-mw|proxyblocker}}
-* {{msg-mw|proxyblocksuccess}}',
+* {{msg-mw|proxyblocker}}',
'proxyblocksuccess' => 'Used in [[Special:BlockMe]].
See also:
// Enable weird and wonderful options:
// Increase default error reporting level.
error_reporting (E_ALL); // At a later date could be increased to E_ALL | E_STRICT
- $wgBlockOpenProxies = true; // Some block pages require this to be true in order to test.
$wgEnableUploads = true; // enable uploads.
$wgDBerrorLog = "/root/mediawiki-db-error-log.txt"; // log DB errors, replace with suitable path.
$wgShowSQLErrors = true; // Show SQL errors (instead of saying the query was hidden).
}
}
-
-/**
- ** a page test for "Special:Blockme"
- */
-class specialBlockmeTest extends pageTest {
- function __construct() {
- $this->pagePath = "index.php?title=Special:Blockme";
-
- $this->params = array ();
-
- // sometimes we specify "ip", and sometimes we don't.
- if ( wikiFuzz::randnum( 1 ) == 0 ) {
- $this->params["ip"] = wikiFuzz::chooseInput( array( "10.12.41.213", wikiFuzz::randnum( 8134, -10 ), wikiFuzz::makeFuzz( 2 ) ) );
- }
- }
-}
-
-
/**
** a page test for "Special:Movepage"
*/
/**
** selects a page test to run.
* @param $count
- * @return \api|\confirmEmail|\contributionsTest|\editPageTest|\imagelistTest|\imagepageTest|\ipblocklistTest|\listusersTest|\mimeSearchTest|\newImagesTest|\pageDeletion|\pageHistoryTest|\pageProtectionForm|\prefixindexTest|\profileInfo|\recentchangesTest|\redirectTest|\searchTest|\specialAllmessagesTest|\specialAllpagesTest|\specialBlockip|\specialBlockmeTest|\specialBooksourcesTest|\specialCategoryTree|\specialChemicalsourcesTest|\specialCitePageTest|\specialExportTest|\specialFilepathPageTest|\specialImportPageTest|\specialLinksearch|\specialLockdbPageTest|\specialLogTest|\specialMovePage|\specialNewpagesPageTest|\specialRenameuserPageTest|\specialRevisionDeletePageTest|\specialUndeletePageTest|\specialUnlockdbPageTest|\specialUserrights|\successfulUserLoginTest|\thumbTest|\userLoginTest|\viewPageTest|\watchlistTest
+ * @return \api|\confirmEmail|\contributionsTest|\editPageTest|\imagelistTest|\imagepageTest|\ipblocklistTest|\listusersTest|\mimeSearchTest|\newImagesTest|\pageDeletion|\pageHistoryTest|\pageProtectionForm|\prefixindexTest|\profileInfo|\recentchangesTest|\redirectTest|\searchTest|\specialAllmessagesTest|\specialAllpagesTest|\specialBlockip|\specialBooksourcesTest|\specialCategoryTree|\specialChemicalsourcesTest|\specialCitePageTest|\specialExportTest|\specialFilepathPageTest|\specialImportPageTest|\specialLinksearch|\specialLockdbPageTest|\specialLogTest|\specialMovePage|\specialNewpagesPageTest|\specialRenameuserPageTest|\specialRevisionDeletePageTest|\specialUndeletePageTest|\specialUnlockdbPageTest|\specialUserrights|\successfulUserLoginTest|\thumbTest|\userLoginTest|\viewPageTest|\watchlistTest
*/
function selectPageTest( $count ) {
case 20: return new redirectTest();
case 21: return new confirmEmail();
case 22: return new watchlistTest();
- case 23: return new specialBlockmeTest();
case 24: return new specialUndeletePageTest();
case 25: return new specialMovePage();
case 26: return new specialUnlockdbPageTest();
'ipb_blocked_as_range',
'ip_range_invalid',
'ip_range_toolarge',
- 'blockme',
'proxyblocker',
- 'proxyblocker-disabled',
'proxyblockreason',
- 'proxyblocksuccess',
'sorbs',
'sorbsreason',
'sorbs_create_account_reason',
+++ /dev/null
-<?php
-/**
- * Command line script to check for an open proxy at a specified location.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- * http://www.gnu.org/copyleft/gpl.html
- *
- * @file
- * @ingroup Maintenance
- */
-
-if ( PHP_SAPI != 'cli' ) {
- die( 1 );
-}
-
-/**
- *
- */
-$output = '';
-
-/**
- * Exit if there are not enough parameters, or if it's not command line mode
- */
-if ( ( isset( $_REQUEST ) && array_key_exists( 'argv', $_REQUEST ) ) || count( $argv ) < 4 ) {
- $output .= "Incorrect parameters\n";
-} else {
- /**
- * Get parameters
- */
- $ip = $argv[1];
- $port = $argv[2];
- $url = $argv[3];
- $host = trim( `hostname` );
- $output = "Connecting to $ip:$port, target $url, this hostname $host\n";
-
- # Open socket
- $sock = @fsockopen( $ip, $port, $errno, $errstr, 5 );
- if ( $errno == 0 ) {
- $output .= "Connected\n";
- # Send payload
- $request = "GET $url HTTP/1.0\r\n";
-# $request .= "Proxy-Connection: Keep-Alive\r\n";
-# $request .= "Pragma: no-cache\r\n";
-# $request .= "Host: ".$url."\r\n";
-# $request .= "User-Agent: MediaWiki open proxy check\r\n";
- $request .= "\r\n";
- @fputs( $sock, $request );
- $response = fgets( $sock, 65536 );
- $output .= $response;
- @fclose( $sock );
- } else {
- $output .= "No connection\n";
- }
-}
-
-$output = escapeshellarg( $output );
-
-#`echo $output >> /home/tstarling/open/proxy.log`;