Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
0.00% |
0 / 131 |
|
0.00% |
0 / 15 |
CRAP | |
0.00% |
0 / 1 |
TitleBlacklist | |
0.00% |
0 / 131 |
|
0.00% |
0 / 15 |
4422 | |
0.00% |
0 / 1 |
singleton | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
6 | |||
destroySingleton | |
0.00% |
0 / 6 |
|
0.00% |
0 / 1 |
6 | |||
load | |
0.00% |
0 / 18 |
|
0.00% |
0 / 1 |
30 | |||
loadWhitelist | |
0.00% |
0 / 10 |
|
0.00% |
0 / 1 |
20 | |||
getBlacklistText | |
0.00% |
0 / 22 |
|
0.00% |
0 / 1 |
272 | |||
parseBlacklist | |
0.00% |
0 / 7 |
|
0.00% |
0 / 1 |
12 | |||
userCannot | |
0.00% |
0 / 9 |
|
0.00% |
0 / 1 |
42 | |||
isBlacklisted | |
0.00% |
0 / 16 |
|
0.00% |
0 / 1 |
72 | |||
isWhitelisted | |
0.00% |
0 / 7 |
|
0.00% |
0 / 1 |
20 | |||
getBlacklist | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
6 | |||
getWhitelist | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
6 | |||
getHttp | |
0.00% |
0 / 15 |
|
0.00% |
0 / 1 |
30 | |||
invalidate | |
0.00% |
0 / 2 |
|
0.00% |
0 / 1 |
2 | |||
validate | |
0.00% |
0 / 8 |
|
0.00% |
0 / 1 |
12 | |||
userCanOverride | |
0.00% |
0 / 2 |
|
0.00% |
0 / 1 |
12 |
1 | <?php |
2 | /** |
3 | * Title Blacklist class |
4 | * @author Victor Vasiliev |
5 | * @copyright © 2007-2010 Victor Vasiliev et al |
6 | * @license GPL-2.0-or-later |
7 | * @file |
8 | */ |
9 | |
10 | namespace MediaWiki\Extension\TitleBlacklist; |
11 | |
12 | use BadMethodCallException; |
13 | use MediaWiki\MediaWikiServices; |
14 | use MediaWiki\Title\Title; |
15 | use MediaWiki\User\User; |
16 | use ObjectCache; |
17 | use TextContent; |
18 | use Wikimedia\AtEase\AtEase; |
19 | |
20 | /** |
21 | * @ingroup Extensions |
22 | */ |
23 | |
24 | /** |
25 | * Implements a title blacklist for MediaWiki |
26 | */ |
27 | class TitleBlacklist { |
28 | /** @var TitleBlacklistEntry[]|null */ |
29 | private $mBlacklist = null; |
30 | |
31 | /** @var TitleBlacklistEntry[]|null */ |
32 | private $mWhitelist = null; |
33 | |
34 | /** @var TitleBlacklist|null */ |
35 | protected static $instance = null; |
36 | |
37 | /** Blacklist format */ |
38 | public const VERSION = 4; |
39 | |
40 | /** |
41 | * Get an instance of this class |
42 | * |
43 | * @return TitleBlacklist |
44 | */ |
45 | public static function singleton() { |
46 | if ( self::$instance === null ) { |
47 | self::$instance = new self; |
48 | } |
49 | return self::$instance; |
50 | } |
51 | |
52 | /** |
53 | * Destroy/reset the current singleton instance. |
54 | * |
55 | * This is solely for testing and will fail unless MW_PHPUNIT_TEST is |
56 | * defined. |
57 | */ |
58 | public static function destroySingleton() { |
59 | if ( !defined( 'MW_PHPUNIT_TEST' ) ) { |
60 | throw new BadMethodCallException( |
61 | 'Can not invoke ' . __METHOD__ . '() ' . |
62 | 'out of tests (MW_PHPUNIT_TEST not set).' |
63 | ); |
64 | } |
65 | |
66 | self::$instance = null; |
67 | } |
68 | |
69 | /** |
70 | * Load all configured blacklist sources |
71 | */ |
72 | public function load() { |
73 | global $wgTitleBlacklistSources, $wgTitleBlacklistCaching; |
74 | |
75 | $cache = MediaWikiServices::getInstance()->getMainWANObjectCache(); |
76 | // Try to find something in the cache |
77 | $cachedBlacklist = $cache->get( $cache->makeKey( 'title_blacklist_entries' ) ); |
78 | if ( is_array( $cachedBlacklist ) && count( $cachedBlacklist ) > 0 |
79 | && ( $cachedBlacklist[0]->getFormatVersion() == self::VERSION ) |
80 | ) { |
81 | $this->mBlacklist = $cachedBlacklist; |
82 | return; |
83 | } |
84 | |
85 | $sources = $wgTitleBlacklistSources; |
86 | $sources['local'] = [ 'type' => 'message' ]; |
87 | $this->mBlacklist = []; |
88 | foreach ( $sources as $sourceName => $source ) { |
89 | $this->mBlacklist = array_merge( |
90 | $this->mBlacklist, |
91 | self::parseBlacklist( self::getBlacklistText( $source ), $sourceName ) |
92 | ); |
93 | } |
94 | $cache->set( $cache->makeKey( 'title_blacklist_entries' ), |
95 | $this->mBlacklist, $wgTitleBlacklistCaching['expiry'] ); |
96 | wfDebugLog( 'TitleBlacklist-cache', 'Updated ' . $cache->makeKey( 'title_blacklist_entries' ) |
97 | . ' with ' . count( $this->mBlacklist ) . ' entries.' ); |
98 | } |
99 | |
100 | /** |
101 | * Load local whitelist |
102 | */ |
103 | public function loadWhitelist() { |
104 | global $wgTitleBlacklistCaching; |
105 | |
106 | $cache = MediaWikiServices::getInstance()->getMainWANObjectCache(); |
107 | $cachedWhitelist = $cache->get( $cache->makeKey( 'title_whitelist_entries' ) ); |
108 | if ( is_array( $cachedWhitelist ) && count( $cachedWhitelist ) > 0 |
109 | && ( $cachedWhitelist[0]->getFormatVersion() != self::VERSION ) |
110 | ) { |
111 | $this->mWhitelist = $cachedWhitelist; |
112 | return; |
113 | } |
114 | $this->mWhitelist = self::parseBlacklist( wfMessage( 'titlewhitelist' ) |
115 | ->inContentLanguage()->text(), 'whitelist' ); |
116 | $cache->set( $cache->makeKey( 'title_whitelist_entries' ), |
117 | $this->mWhitelist, $wgTitleBlacklistCaching['expiry'] ); |
118 | } |
119 | |
120 | /** |
121 | * Get the text of a blacklist from a specified source |
122 | * |
123 | * @param array $source A blacklist source from $wgTitleBlacklistSources |
124 | * @return string The content of the blacklist source as a string |
125 | */ |
126 | private static function getBlacklistText( $source ) { |
127 | if ( !is_array( $source ) || count( $source ) <= 0 ) { |
128 | // Return empty string in error case |
129 | return ''; |
130 | } |
131 | |
132 | if ( $source['type'] == 'message' ) { |
133 | return wfMessage( 'titleblacklist' )->inContentLanguage()->text(); |
134 | } elseif ( $source['type'] == 'localpage' && count( $source ) >= 2 ) { |
135 | $title = Title::newFromText( $source['src'] ); |
136 | if ( $title === null ) { |
137 | return ''; |
138 | } |
139 | if ( $title->getNamespace() == NS_MEDIAWIKI ) { |
140 | $msg = wfMessage( $title->getText() )->inContentLanguage(); |
141 | return $msg->isDisabled() ? '' : $msg->text(); |
142 | } else { |
143 | $page = MediaWikiServices::getInstance()->getWikiPageFactory()->newFromTitle( $title ); |
144 | if ( $page->exists() ) { |
145 | $content = $page->getContent(); |
146 | return ( $content instanceof TextContent ) ? $content->getText() : ""; |
147 | } |
148 | } |
149 | } elseif ( $source['type'] == 'url' && count( $source ) >= 2 ) { |
150 | return self::getHttp( $source['src'] ); |
151 | } elseif ( $source['type'] == 'file' && count( $source ) >= 2 ) { |
152 | if ( !file_exists( $source['src'] ) ) { |
153 | return ''; |
154 | } |
155 | return file_get_contents( $source['src'] ); |
156 | } |
157 | |
158 | return ''; |
159 | } |
160 | |
161 | /** |
162 | * Parse blacklist from a string |
163 | * |
164 | * @param string $list Text of a blacklist source |
165 | * @param string $sourceName |
166 | * @return TitleBlacklistEntry[] |
167 | */ |
168 | public static function parseBlacklist( $list, $sourceName ) { |
169 | $lines = preg_split( "/\r?\n/", $list ); |
170 | $result = []; |
171 | foreach ( $lines as $line ) { |
172 | $entry = TitleBlacklistEntry::newFromString( $line, $sourceName ); |
173 | if ( $entry ) { |
174 | $result[] = $entry; |
175 | } |
176 | } |
177 | |
178 | return $result; |
179 | } |
180 | |
181 | /** |
182 | * Check whether the blacklist restricts given user |
183 | * performing a specific action on the given Title |
184 | * |
185 | * @param Title $title Title to check |
186 | * @param User $user User to check |
187 | * @param string $action Action to check; 'edit' if unspecified |
188 | * @param bool $override If set to true, overrides work |
189 | * @return TitleBlacklistEntry|bool The corresponding TitleBlacklistEntry if |
190 | * blacklisted; otherwise false |
191 | */ |
192 | public function userCannot( $title, $user, $action = 'edit', $override = true ) { |
193 | $entry = $this->isBlacklisted( $title, $action ); |
194 | if ( !$entry ) { |
195 | return false; |
196 | } |
197 | $params = $entry->getParams(); |
198 | if ( isset( $params['autoconfirmed'] ) && $user->isAllowed( 'autoconfirmed' ) ) { |
199 | return false; |
200 | } |
201 | if ( $override && self::userCanOverride( $user, $action ) ) { |
202 | return false; |
203 | } |
204 | return $entry; |
205 | } |
206 | |
207 | /** |
208 | * Check whether the blacklist restricts |
209 | * performing a specific action on the given Title |
210 | * |
211 | * @param Title $title Title to check |
212 | * @param string $action Action to check; 'edit' if unspecified |
213 | * @return TitleBlacklistEntry|bool The corresponding TitleBlacklistEntry if blacklisted; |
214 | * otherwise FALSE |
215 | */ |
216 | public function isBlacklisted( $title, $action = 'edit' ) { |
217 | if ( !( $title instanceof Title ) ) { |
218 | $title = Title::newFromText( $title ); |
219 | if ( !( $title instanceof Title ) ) { |
220 | // The fact that the page name is invalid will stop whatever |
221 | // action is going through. No sense in doing more work here. |
222 | return false; |
223 | } |
224 | } |
225 | $blacklist = $this->getBlacklist(); |
226 | $autoconfirmedItem = false; |
227 | foreach ( $blacklist as $item ) { |
228 | if ( $item->matches( $title->getFullText(), $action ) ) { |
229 | if ( $this->isWhitelisted( $title, $action ) ) { |
230 | return false; |
231 | } |
232 | $params = $item->getParams(); |
233 | if ( !isset( $params['autoconfirmed'] ) ) { |
234 | return $item; |
235 | } |
236 | if ( !$autoconfirmedItem ) { |
237 | $autoconfirmedItem = $item; |
238 | } |
239 | } |
240 | } |
241 | return $autoconfirmedItem; |
242 | } |
243 | |
244 | /** |
245 | * Check whether it has been explicitly whitelisted that the |
246 | * current User may perform a specific action on the given Title |
247 | * |
248 | * @param Title $title Title to check |
249 | * @param string $action Action to check; 'edit' if unspecified |
250 | * @return bool True if whitelisted; otherwise false |
251 | */ |
252 | public function isWhitelisted( $title, $action = 'edit' ) { |
253 | if ( !( $title instanceof Title ) ) { |
254 | $title = Title::newFromText( $title ); |
255 | } |
256 | $whitelist = $this->getWhitelist(); |
257 | foreach ( $whitelist as $item ) { |
258 | if ( $item->matches( $title->getFullText(), $action ) ) { |
259 | return true; |
260 | } |
261 | } |
262 | return false; |
263 | } |
264 | |
265 | /** |
266 | * Get the current blacklist |
267 | * |
268 | * @return TitleBlacklistEntry[] |
269 | */ |
270 | public function getBlacklist() { |
271 | if ( $this->mBlacklist === null ) { |
272 | $this->load(); |
273 | } |
274 | return $this->mBlacklist; |
275 | } |
276 | |
277 | /** |
278 | * Get the current whitelist |
279 | * |
280 | * @return TitleBlacklistEntry[] |
281 | */ |
282 | public function getWhitelist() { |
283 | if ( $this->mWhitelist === null ) { |
284 | $this->loadWhitelist(); |
285 | } |
286 | return $this->mWhitelist; |
287 | } |
288 | |
289 | /** |
290 | * Get the text of a blacklist source via HTTP |
291 | * |
292 | * @param string $url URL of the blacklist source |
293 | * @return string The content of the blacklist source as a string |
294 | */ |
295 | private static function getHttp( $url ) { |
296 | global $wgTitleBlacklistCaching, $wgMessageCacheType; |
297 | // FIXME: This is a hack to use Memcached where possible (incl. WMF), |
298 | // but have CACHE_DB as fallback (instead of no cache). |
299 | // This might be a good candidate for T248005. |
300 | $cache = ObjectCache::getInstance( $wgMessageCacheType ); |
301 | |
302 | // Globally shared |
303 | $key = $cache->makeGlobalKey( 'title_blacklist_source', md5( $url ) ); |
304 | // Per-wiki |
305 | $warnkey = $cache->makeKey( 'titleblacklistwarning', md5( $url ) ); |
306 | |
307 | $result = $cache->get( $key ); |
308 | $warn = $cache->get( $warnkey ); |
309 | |
310 | if ( !is_string( $result ) |
311 | || ( !$warn && !mt_rand( 0, $wgTitleBlacklistCaching['warningchance'] ) ) |
312 | ) { |
313 | $result = MediaWikiServices::getInstance()->getHttpRequestFactory() |
314 | ->get( $url, [], __METHOD__ ); |
315 | $cache->set( $warnkey, 1, $wgTitleBlacklistCaching['warningexpiry'] ); |
316 | $cache->set( $key, $result, $wgTitleBlacklistCaching['expiry'] ); |
317 | if ( !$result ) { |
318 | wfDebugLog( 'TitleBlacklist-cache', "Error loading title blacklist from $url\n" ); |
319 | $result = ''; |
320 | } |
321 | } |
322 | |
323 | return $result; |
324 | } |
325 | |
326 | /** |
327 | * Invalidate the blacklist cache |
328 | */ |
329 | public function invalidate() { |
330 | $cache = MediaWikiServices::getInstance()->getMainWANObjectCache(); |
331 | $cache->delete( $cache->makeKey( 'title_blacklist_entries' ) ); |
332 | } |
333 | |
334 | /** |
335 | * Validate a new blacklist |
336 | * |
337 | * @suppress PhanParamSuspiciousOrder The preg_match() params are in the correct order |
338 | * @param TitleBlacklistEntry[] $blacklist |
339 | * @return string[] List of invalid entries; empty array means blacklist is valid |
340 | */ |
341 | public function validate( array $blacklist ) { |
342 | $badEntries = []; |
343 | foreach ( $blacklist as $e ) { |
344 | AtEase::suppressWarnings(); |
345 | $regex = $e->getRegex(); |
346 | // @phan-suppress-next-line SecurityCheck-ReDoS |
347 | if ( preg_match( "/{$regex}/u", '' ) === false ) { |
348 | $badEntries[] = $e->getRaw(); |
349 | } |
350 | AtEase::restoreWarnings(); |
351 | } |
352 | return $badEntries; |
353 | } |
354 | |
355 | /** |
356 | * Indicates whether user can override blacklist on certain action. |
357 | * |
358 | * @param User $user |
359 | * @param string $action |
360 | * |
361 | * @return bool |
362 | */ |
363 | public static function userCanOverride( $user, $action ) { |
364 | return $user->isAllowed( 'tboverride' ) || |
365 | ( $action == 'new-account' && $user->isAllowed( 'tboverride-account' ) ); |
366 | } |
367 | } |