Page MenuHomePhabricator

T152394.patch

Authored By
Daimona
Sep 23 2019, 12:32 PM
Size
4 KB
Referenced Files
None
Subscribers
None

T152394.patch

From 718044add9fa0fcd20fcc73686f1ffb83ef1ff2f Mon Sep 17 00:00:00 2001
From: Daimona Eaytoy <daimona.wiki@gmail.com>
Date: Mon, 23 Sep 2019 14:30:45 +0200
Subject: [PATCH] SECURITY: Use autoblocks in case of account creation
To avoid disclosing the IP address of the creator.
Bug: T152394
Change-Id: I06ce96ff1b90443e71dc9f1cfb98220501679841
---
i18n/en.json | 1 +
i18n/qqq.json | 3 ++-
includes/AbuseFilterRunner.php | 27 +++++++++++++++++++++++++++
3 files changed, 30 insertions(+), 1 deletion(-)
diff --git a/i18n/en.json b/i18n/en.json
index a6ae3549..16a0be11 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -17,6 +17,7 @@
"abusefilter-autopromote-blocked": "This action has been automatically identified as harmful, and it has been disallowed.\nIn addition, as a security measure, some privileges routinely granted to established accounts have been temporarily revoked from your account.\nA brief description of the abuse rule which your action matched is: $1",
"abusefilter-blocker": "Abuse filter",
"abusefilter-blockreason": "Automatically blocked by abuse filter.\nDescription of matched rule: $1",
+ "abusefilter-autoblockreason": "Autoblock issued by the abuse filter on account creation.\nDescription of matched rule: $1",
"abusefilter-degroupreason": "Rights automatically stripped by abuse filter.\nRule description: $1",
"abusefilter-blockautopromotereason": "Autopromotion automatically delayed by abuse filter.\nRule description: $1",
"abusefilter-accountreserved": "This account name is reserved for use by the abuse filter.",
diff --git a/i18n/qqq.json b/i18n/qqq.json
index b029c94d..7be7f8e0 100644
--- a/i18n/qqq.json
+++ b/i18n/qqq.json
@@ -50,7 +50,8 @@
"abusefilter-degrouped": "Message given to user because of a triggered filter. Parameters:\n* $1 is a filter description\n* $2 is the filter id",
"abusefilter-autopromote-blocked": "Message given to user because of a triggered filter. Parameters:\n* $1 is a filter description\n* $2 is the filter id",
"abusefilter-blocker": "Username of reserved user for abuse filter actions.",
- "abusefilter-blockreason": "Message given to user because of a triggered filter. Parameters:\n* $1 is a filter description\n* $2 is the filter id",
+ "abusefilter-blockreason": "Reason used in log entries when blocking a user. Parameters:\n* $1 filter description",
+ "abusefilter-autoblockreason": "Reason used in log entries when autoblocking an IP. Parameters:\n* $1 filter description",
"abusefilter-degroupreason": "Used as log entry when removal of the user from all privileged groups performed by Abuse filter. Parameters:\n* $1 is the filter description (reason)\n* $2 is the filter id",
"abusefilter-blockautopromotereason": "Used as log entry when delaying the autopromotion of a user. Parameters:\n* $1 is the filter description (reason)\n* $2 is the filter id",
"abusefilter-accountreserved": "Message given when trying to register a reserved account name for AbuseFilter actions.",
diff --git a/includes/AbuseFilterRunner.php b/includes/AbuseFilterRunner.php
index 95a39007..5426447e 100644
--- a/includes/AbuseFilterRunner.php
+++ b/includes/AbuseFilterRunner.php
@@ -1055,6 +1055,7 @@ class AbuseFilterRunner {
* @param string $expiry
* @param bool $isAutoBlock
* @param bool $preventEditOwnUserTalk
+ * @fixme Beutify this method as soon as you can publicly see this comment
*/
private function doAbuseFilterBlock(
array $rule,
@@ -1068,7 +1069,15 @@ class AbuseFilterRunner {
'abusefilter-blockreason',
$rule['desc'], $rule['number']
)->inContentLanguage()->text();
+ $action = $this->vars->getVar( 'action' )->toString();
+ $isAccountCreation = strpos( $action, 'createaccount' ) !== false;
+ $autoBlockTarget = null;
+ if ( $this->user->isAnon() && $isAccountCreation ) {
+ // T152394
+ $autoBlockTarget = $target;
+ $target = $this->vars->getVar( 'accountname' )->toString();
+ }
$block = new DatabaseBlock();
$block->setTarget( $target );
$block->setBlocker( $filterUser );
@@ -1081,6 +1090,24 @@ class AbuseFilterRunner {
$success = $block->insert();
+ if ( $success && $autoBlockTarget !== null ) {
+ $abReason = wfMessage(
+ 'abusefilter-autoblockreason',
+ $rule['desc'], $rule['number']
+ )->inContentLanguage()->text();
+
+ $autoblock = new DatabaseBlock();
+ $autoblock->setTarget( $autoBlockTarget );
+ $autoblock->setBlocker( $filterUser );
+ $autoblock->setReason( $abReason );
+ $autoblock->mExpiry = SpecialBlock::parseExpiryInput( $expiry );
+ $autoblock->mAuto = true;
+ $autoblock->isCreateAccountBlocked( true );
+ $autoblock->isUsertalkEditAllowed( !$preventEditOwnUserTalk );
+ $autoblock->mParentBlockId = $success['id'];
+ $autoblock->insert();
+ }
+
if ( $success ) {
// Log it only if the block was successful
$logParams = [];
--
2.22.0.windows.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
8025180
Default Alt Text
T152394.patch (4 KB)

Event Timeline