Cryptographic security in Special:Blockme, in response to reports of abuse
This commit is contained in:
Tim Starling
parent
1c2d1a2662
commit
f60cc2f4ca
4 changed files with 15 additions and 10 deletions
|
|
@ -620,6 +620,7 @@ function writeLocalSettings( $conf ) {
|
|||
$convert = ($conf->ImageMagick ? $conf->ImageMagick : "/usr/bin/convert" );
|
||||
$pretty = ($conf->prettyURLs ? "" : "# ");
|
||||
$ugly = ($conf->prettyURLs ? "# " : "");
|
||||
$proxyKey = Parser::getRandomString() . Parser::getRandomString();
|
||||
|
||||
$sep = (DIRECTORY_SEPARATOR == "\\") ? ";" : ":";
|
||||
return "
|
||||
|
|
@ -703,6 +704,7 @@ if ( \$wgUseSmarty ) {
|
|||
|
||||
\$wgLanguageCode = \"{$conf->LanguageCode}\";
|
||||
" . ($conf->Encoding ? "\$wgInputEncoding = \$wgOutputEncoding = \"{$conf->Encoding}\";" : "" ) . "
|
||||
\$wgProxyKey = $proxyKey;
|
||||
|
||||
";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -150,6 +150,7 @@ $wgBlockOpenProxies = false; # Automatic open proxy test on edit
|
|||
$wgProxyPorts = array( 80, 81, 1080, 3128, 6588, 8000, 8080, 8888, 65506 );
|
||||
$wgProxyScriptPath = "$IP/proxy_check.php";
|
||||
$wgProxyMemcExpiry = 86400;
|
||||
$wgProxyKey = "W1svekXc5u6lZllTZOwnzEk1nbs";
|
||||
|
||||
# Client-side caching:
|
||||
$wgCachePages = true; # Allow client-side caching of pages
|
||||
|
|
|
|||
|
|
@ -445,14 +445,16 @@ htmlspecialchars( $wgLang->recodeForEdit( $this->textbox1 ) ) .
|
|||
# Fork the processes
|
||||
if ( !$skip ) {
|
||||
$title = Title::makeTitle( NS_SPECIAL, "Blockme" );
|
||||
$url = $title->getFullURL();
|
||||
$iphash = md5( $wgIP . $wgProxyKey );
|
||||
$url = wfFullUrl( $title->getPrefixedURL(), "ip=$iphash" );
|
||||
|
||||
foreach ( $wgProxyPorts as $port ) {
|
||||
$params = implode( " ", array(
|
||||
escapeshellarg( $wgProxyScriptPath ),
|
||||
escapeshellarg( $wgIP ),
|
||||
escapeshellarg( $port ),
|
||||
escapeshellarg( $url )
|
||||
));
|
||||
escapeshellarg( $wgProxyScriptPath ),
|
||||
escapeshellarg( $wgIP ),
|
||||
escapeshellarg( $port ),
|
||||
escapeshellarg( $url )
|
||||
));
|
||||
exec( "php $params &>/dev/null &" );
|
||||
}
|
||||
# Set MemCached key
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?php
|
||||
function wfSpecialBlockme()
|
||||
{
|
||||
global $wgIP, $wgBlockOpenProxies, $wgOut;
|
||||
global $wgIP, $wgBlockOpenProxies, $wgOut, $wgProxyKey;
|
||||
|
||||
if ( !$wgBlockOpenProxies ) {
|
||||
if ( !$wgBlockOpenProxies || $_REQUEST['ip'] != md5( $wgIP . $wgProxyKey ) ) {
|
||||
$wgOut->addWikiText( wfMsg( "disabled" ) );
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue