Page MenuHomePhabricator

Invoking Special:Blockme with the requisite ip parameter generates SQL error
Closed, InvalidPublic


Author: nickpj

[[Special:Blockme]], (which appears to allow a user who knows the proxy key the
ability to block themselves) takes a special parameter, "ip", which is
calculated as:
md5 ( your IP address + $wgProxyKey ), which for me on non-accessible private
test wiki equals:
md5 ("" .
"6826d709cefab1ea688cc1295c376fa816ab551b79cf7b29714f6fcd238b507f") =

However using this parameter in a URL (in this example:
), causes the following error:

Database error
A database query syntax error has occurred. This may indicate a bug in the
software. The last attempted database query was:

(SQL query hidden)

from within function "Block::insert". MySQL returned error "1054: Unknown column

'ipb_anon_only' in 'field list' (localhost)".

... and the database error log contains this:

Wed Jul 12 17:29:25 EST 2006 bling Block::insert localhost 1054 Unknown
column 'ipb_anon_only' in 'field list' (localhost) INSERT IGNORE INTO
VALUES (NULL,'','0','10000','Your IP address has been blocked because
it is an open proxy. Please contact your Internet service provider or tech
support and inform them of this serious security


Maybe either update the query, or delete the file if it's not being used? (At
first glance it only appears to be called by includes/ProxyTools.php , but I'm
not quite clear how ProxyTools is called - and if it isn't, and there are no
plans to add it back in, perhaps deletion may be the better option).

Version: 1.8.x
Severity: minor



Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:18 PM
bzimport set Reference to bz6644.
bzimport added a subscriber: Unknown Object (MLST).

It sounds like you just didn't update the ipblocks table
for the latest schema change on trunk. Can you run update.php
and confirm?

nickpj wrote:

You are entirely correct, and that fixed the problem. Sorry!

Marking as resolved, status: INVALID.