Page MenuHomePhabricator

GlobalBlocking should use the same conditions as core to decide whether to check for XFF blocks
Open, Needs TriagePublic

Description

Steps to reproduce the problem

  1. Enable temporary accounts
  2. Globally block an IP address
  3. Log out
  4. Try to edit from an unblocked IP address, but with the blocked IP address in your XFF header

Expected: A block message is shown above/in the editor.
Observed: No block message is shown. However, on trying to submit the edit, the XFF IP block prevents it and a block message is shown (which is correct).

Cause of the bug

  • GlobalBlocking only checks for a block against IPs in the XFF header if the user it is passed is the global/context/session user. (MW core used to do this too, but was updated not to do this - see T350116#9359068.)
  • When editing for the first time as a logged out user with temporary accounts enabled, the session user is the IP user, but the user passed to GlobalBlocking is the placeholder temporary account.

How to solve

GlobalBlocking should use the same conditions as core to decide whether to check for XFF blocks, to keep behaviour consistent between local and global block checking.