From 7ca9c71bb91128ad9517e43532636a7ba4b1fb7e Mon Sep 17 00:00:00 2001 From: Thalia Date: Tue, 21 Mar 2023 18:04:44 +0000 Subject: [PATCH] EditPage: Check explicitly for blocks against the global session Permission checks may be performed against a user other than the global session user (e.g. a placeholder temporary user). Do an extra check for blocks when this is the case, e.g. in order to warn the user in advance that their IP address is blocked. Bug: T327307 Change-Id: I9e201399e5a8cde77c3f30d0d6ea0b263a9d1fb8 Depends-On: Ie8dad4be1b8e8f72c6ea9e2876e34ff90c633098 --- includes/editpage/EditPage.php | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/includes/editpage/EditPage.php b/includes/editpage/EditPage.php index ae3e16c2c0a7d..1447f03bed288 100644 --- a/includes/editpage/EditPage.php +++ b/includes/editpage/EditPage.php @@ -564,6 +564,7 @@ public function __construct( Article $article ) { $this->linkBatchFactory = $services->getLinkBatchFactory(); $this->restrictionStore = $services->getRestrictionStore(); $this->commentStore = $services->getCommentStore(); + $this->blockErrorFormatter = $services->getBlockErrorFormatter(); $this->deprecatePublicProperty( 'mArticle', '1.30', __CLASS__ ); $this->deprecatePublicProperty( 'mTitle', '1.30', __CLASS__ ); @@ -695,6 +696,10 @@ public function edit() { } } + // Check permissions after possibly creating a placeholder temp user. + // This allows anonymous users to edit via a temporary account, if the site is + // configured to (1) disallow anonymous editing and (2) autocreate temporary + // accounts on edit. $this->maybeActivateTempUserCreate( !$this->firsttime ); $permErrors = $this->getEditPermissionErrors( @@ -973,13 +978,39 @@ private function getEditPermissionErrors( string $rigor = PermissionManager::RIG if ( $this->preview || $this->diff ) { $ignoredErrors = [ 'blockedtext', 'autoblockedtext', 'systemblockedtext' ]; } - return $this->permManager->getPermissionErrors( + $permErrors = $this->permManager->getPermissionErrors( 'edit', $user, $this->mTitle, $rigor, $ignoredErrors ); + + // Check if the user is blocked from editing. + // This check must be done on the context user, in order to trigger + // checks for blocks against IP address, XFF, etc, until T221067 + if ( !$user->getBlock() ) { + $contextUser = $this->context->getUser(); + if ( + $user->getName() !== $contextUser->getName() && + $this->permManager->isBlockedFrom( + $contextUser, + $this->mTitle, + $rigor !== PermissionManager::RIGOR_SECURE + ) + ) { + $message = $this->blockErrorFormatter->getMessage( + // @phan-suppress-next-line PhanTypeMismatchArgumentNullable User must have a block + $contextUser->getBlock(), + $contextUser, + $this->context->getLanguage(), + $this->context->getRequest()->getIP() + ); + $permErrors[] = array_merge( [ $message->getKey() ], $message->getParams() ); + } + } + + return $permErrors; } /**