X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fspecials%2FSpecialBlockip.php;h=438bc358964c0e5a55cbccb147d3bc7ca94e9300;hb=90c703d61c485c633b214f78f48102c2848b82d8;hp=ceef42db2272002b57a75aa67da95132db106d8a;hpb=dae7ffcfc79ceb5b3af59511057497c6e4504989;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/specials/SpecialBlockip.php b/includes/specials/SpecialBlockip.php
index ceef42db22..438bc35896 100644
--- a/includes/specials/SpecialBlockip.php
+++ b/includes/specials/SpecialBlockip.php
@@ -1,52 +1,78 @@
 <?php
 /**
- * Constructor for Special:Blockip page
+ * Implements Special:Blockip
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
  *
  * @file
  * @ingroup SpecialPage
  */
 
 /**
- * Constructor
+ * A special page that allows users with 'block' right to block users from
+ * editing pages and other actions
+ *
+ * @ingroup SpecialPage
  */
-function wfSpecialBlockip( $par ) {
-	global $wgUser, $wgOut, $wgRequest;
+class IPBlockForm extends SpecialPage {
+	var $BlockAddress, $BlockExpiry, $BlockReason, $BlockReasonList, $BlockOther, $BlockAnonOnly, $BlockCreateAccount,
+		$BlockEnableAutoblock, $BlockEmail, $BlockHideName, $BlockAllowUsertalk, $BlockReblock;
+	// The maximum number of edits a user can have and still be hidden
+	const HIDEUSER_CONTRIBLIMIT = 1000;
 
-	# Can't block when the database is locked
-	if( wfReadOnly() ) {
-		$wgOut->readOnlyPage();
-		return;
-	}
-	# Permission check
-	if( !$wgUser->isAllowed( 'block' ) ) {
-		$wgOut->permissionRequired( 'block' );
-		return;
+	public function __construct() {
+		parent::__construct( 'Blockip', 'block' );
 	}
 
-	$ipb = new IPBlockForm( $par );
+	public function execute( $par ) {
+		global $wgUser, $wgOut, $wgRequest;
 
-	$action = $wgRequest->getVal( 'action' );
-	if( 'success' == $action ) {
-		$ipb->showSuccess();
-	} elseif( $wgRequest->wasPosted() && 'submit' == $action &&
-		$wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
-		$ipb->doSubmit();
-	} else {
-		$ipb->showForm( '' );
-	}
-}
+		# Can't block when the database is locked
+		if( wfReadOnly() ) {
+			$wgOut->readOnlyPage();
+			return;
+		}
+		# Permission check
+		if( !$this->userCanExecute( $wgUser ) ) {
+			$wgOut->permissionRequired( 'block' );
+			return;
+		}
 
-/**
- * Form object for the Special:Blockip page.
- *
- * @ingroup SpecialPage
- */
-class IPBlockForm {
-	var $BlockAddress, $BlockExpiry, $BlockReason;
-	// The maximum number of edits a user can have and still be hidden
-	const HIDEUSER_CONTRIBLIMIT = 1000;
+		$this->setup( $par );
+	
+		# bug 15810: blocked admins should have limited access here
+		if ( $wgUser->isBlocked() ) {
+			$status = IPBlockForm::checkUnblockSelf( $this->BlockAddress );
+			if ( $status !== true ) {
+				throw new ErrorPageError( 'badaccess', $status );
+			}
+		}
+
+		$action = $wgRequest->getVal( 'action' );
+		if( 'success' == $action ) {
+			$this->showSuccess();
+		} elseif( $wgRequest->wasPosted() && 'submit' == $action &&
+			$wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
+			$this->doSubmit();
+		} else {
+			$this->showForm( '' );
+		}
+	}
 
-	public function __construct( $par ) {
+	private function setup( $par ) {
 		global $wgRequest, $wgUser, $wgBlockAllowsUTEdit;
 
 		$this->BlockAddress = $wgRequest->getVal( 'wpBlockAddress', $wgRequest->getVal( 'ip', $par ) );
@@ -97,6 +123,9 @@ class IPBlockForm {
 
 		$titleObj = SpecialPage::getTitleFor( 'Blockip' );
 		$user = User::newFromName( $this->BlockAddress );
+		if ( is_object( $user ) || User::isIP( $this->BlockAddress ) ) {
+			$wgUser->getSkin()->setRelevantUser( is_object($user) ? $user : User::newFromName( $this->BlockAddress, false ) );
+		}
 
 		$alreadyBlocked = false;
 		$otherBlockedMsgs = array();
@@ -105,7 +134,7 @@ class IPBlockForm {
 			$msg = wfMsgReal( $key, $err );
 			$wgOut->setSubtitle( wfMsgHtml( 'formerror' ) );
 			$wgOut->addHTML( Xml::tags( 'p', array( 'class' => 'error' ), $msg ) );
-		} elseif( $this->BlockAddress ) {
+		} elseif( $this->BlockAddress !== null ) {
 			# Get other blocks, i.e. from GlobalBlocking or TorBlock extension
 			wfRunHooks( 'OtherBlockLogLink', array( &$otherBlockedMsgs, $this->BlockAddress ) );
 
@@ -138,7 +167,7 @@ class IPBlockForm {
 		# Show other blocks from extensions, i.e. GlockBlocking and TorBlock
 		if( count( $otherBlockedMsgs ) ) {
 			$wgOut->addHTML(
-				Html::rawElement( 'h2', array(), wfMsgExt( 'ipb-otherblocks-header', 'parseinline',  count( $otherBlockedMsgs ) ) ) . "\n"
+				Html::rawElement( 'h2', array(), wfMsgExt( 'ipb-otherblocks-header', 'parseinline', count( $otherBlockedMsgs ) ) ) . "\n"
 			);
 			$list = '';
 			foreach( $otherBlockedMsgs as $link ) {
@@ -149,7 +178,7 @@ class IPBlockForm {
 
 		# Username/IP is blocked already locally
 		if( $alreadyBlocked ) {
-			$wgOut->addWikiMsg( 'ipb-needreblock', $this->BlockAddress );
+			$wgOut->wrapWikiMsg( "<div class='mw-ipb-needreblock'>\n$1\n</div>", array( 'ipb-needreblock', $this->BlockAddress ) );
 		}
 
 		$scBlockExpiryOptions = wfMsgForContent( 'ipboptions' );
@@ -163,16 +192,15 @@ class IPBlockForm {
 			list( $show, $value ) = explode( ':', $option );
 			$show = htmlspecialchars( $show );
 			$value = htmlspecialchars( $value );
-			$blockExpiryFormOptions .= Xml::option( $show, $value, $this->BlockExpiry === $value ? true : false ) . "\n";
+			$blockExpiryFormOptions .= Xml::option( $show, $value, $this->BlockExpiry === $value ) . "\n";
 		}
 
 		$reasonDropDown = Xml::listDropDown( 'wpBlockReasonList',
 			wfMsgForContent( 'ipbreason-dropdown' ),
 			wfMsgForContent( 'ipbreasonotherlist' ), $this->BlockReasonList, 'wpBlockDropDown', 4 );
 
-		global $wgStylePath, $wgStyleVersion;
+		$wgOut->addModules( 'mediawiki.legacy.block' );
 		$wgOut->addHTML(
-			Xml::tags( 'script', array( 'type' => 'text/javascript', 'src' => "$wgStylePath/common/block.js?$wgStyleVersion" ), '' ) .
 			Xml::openElement( 'form', array( 'method' => 'post', 'action' => $titleObj->getLocalURL( 'action=submit' ), 'id' => 'blockip' ) ) .
 			Xml::openElement( 'fieldset' ) .
 			Xml::element( 'legend', null, wfMsg( 'blockip-legend' ) ) .
@@ -242,7 +270,7 @@ class IPBlockForm {
 				</td>
 			</tr>
 			<tr id='wpAnonOnlyRow'>
-				<td>&nbsp;</td>
+				<td>&#160;</td>
 				<td class='mw-input'>" .
 				Xml::checkLabel( wfMsg( 'ipbanononly' ),
 						'wpAnonOnly', 'wpAnonOnly', $this->BlockAnonOnly,
@@ -250,7 +278,7 @@ class IPBlockForm {
 				</td>
 			</tr>
 			<tr id='wpCreateAccountRow'>
-				<td>&nbsp;</td>
+				<td>&#160;</td>
 				<td class='mw-input'>" .
 					Xml::checkLabel( wfMsg( 'ipbcreateaccount' ),
 						'wpCreateAccount', 'wpCreateAccount', $this->BlockCreateAccount,
@@ -258,7 +286,7 @@ class IPBlockForm {
 				</td>
 			</tr>
 			<tr id='wpEnableAutoblockRow'>
-				<td>&nbsp;</td>
+				<td>&#160;</td>
 				<td class='mw-input'>" .
 					Xml::checkLabel( wfMsg( 'ipbenableautoblock' ),
 						'wpEnableAutoblock', 'wpEnableAutoblock', $this->BlockEnableAutoblock,
@@ -270,7 +298,7 @@ class IPBlockForm {
 		if( self::canBlockEmail( $wgUser ) ) {
 			$wgOut->addHTML("
 				<tr id='wpEnableEmailBan'>
-					<td>&nbsp;</td>
+					<td>&#160;</td>
 					<td class='mw-input'>" .
 						Xml::checkLabel( wfMsg( 'ipbemailban' ),
 							'wpEmailBan', 'wpEmailBan', $this->BlockEmail,
@@ -284,7 +312,7 @@ class IPBlockForm {
 		if( $wgUser->isAllowed( 'hideuser' ) ) {
 			$wgOut->addHTML("
 				<tr id='wpEnableHideUser'>
-					<td>&nbsp;</td>
+					<td>&#160;</td>
 					<td class='mw-input'><strong>" .
 						Xml::checkLabel( wfMsg( 'ipbhidename' ),
 							'wpHideName', 'wpHideName', $this->BlockHideName,
@@ -299,7 +327,7 @@ class IPBlockForm {
 		if( $wgUser->isLoggedIn() ) {
 			$wgOut->addHTML("
 			<tr id='wpEnableWatchUser'>
-				<td>&nbsp;</td>
+				<td>&#160;</td>
 				<td class='mw-input'>" .
 					Xml::checkLabel( wfMsg( 'ipbwatchuser' ),
 						'wpWatchUser', 'wpWatchUser', $this->BlockWatchUser,
@@ -314,7 +342,7 @@ class IPBlockForm {
 		if( $wgBlockAllowsUTEdit ){
 			$wgOut->addHTML("
 				<tr id='wpAllowUsertalkRow'>
-					<td>&nbsp;</td>
+					<td>&#160;</td>
 					<td class='mw-input'>" .
 						Xml::checkLabel( wfMsg( 'ipballowusertalk' ),
 							'wpAllowUsertalk', 'wpAllowUsertalk', $this->BlockAllowUsertalk,
@@ -326,18 +354,18 @@ class IPBlockForm {
 
 		$wgOut->addHTML("
 			<tr>
-				<td style='padding-top: 1em'>&nbsp;</td>
+				<td style='padding-top: 1em'>&#160;</td>
 				<td  class='mw-submit' style='padding-top: 1em'>" .
 					Xml::submitButton( wfMsg( $alreadyBlocked ? 'ipb-change-block' : 'ipbsubmit' ),
-						array( 'name' => 'wpBlock', 'tabindex' => '13', 'accesskey' => 's' ) ) . "
+						array( 'name' => 'wpBlock', 'tabindex' => '13' )
+							+ $wgUser->getSkin()->tooltipAndAccessKeyAttribs( 'blockip-block' ) ). "
 				</td>
 			</tr>" .
 			Xml::closeElement( 'table' ) .
-			Xml::hidden( 'wpEditToken', $wgUser->editToken() ) .
-			( $alreadyBlocked ? Xml::hidden( 'wpChangeBlock', 1 ) : "" ) .
+			Html::hidden( 'wpEditToken', $wgUser->editToken() ) .
+			( $alreadyBlocked ? Html::hidden( 'wpChangeBlock', 1 ) : "" ) .
 			Xml::closeElement( 'fieldset' ) .
-			Xml::closeElement( 'form' ) .
-			Xml::tags( 'script', array( 'type' => 'text/javascript' ), 'updateBlockOptions()' ) . "\n"
+			Xml::closeElement( 'form' )
 		);
 
 		$wgOut->addHTML( $this->getConvenienceLinks() );
@@ -353,13 +381,39 @@ class IPBlockForm {
 
 	/**
 	 * Can we do an email block?
-	 * @param User $user The sysop wanting to make a block
-	 * @return boolean
+	 * @param $user User: the sysop wanting to make a block
+	 * @return Boolean
 	 */
 	public static function canBlockEmail( $user ) {
 		global $wgEnableUserEmail, $wgSysopEmailBans;
 		return ( $wgEnableUserEmail && $wgSysopEmailBans && $user->isAllowed( 'blockemail' ) );
 	}
+	
+	/**
+	 * bug 15810: blocked admins should not be able to block/unblock
+	 * others, and probably shouldn't be able to unblock themselves
+	 * either.
+	 * @param $user User, Int or String
+	 */
+	public static function checkUnblockSelf( $user ) {
+		global $wgUser;
+		if ( is_int( $user ) ) {
+			$user = User::newFromId( $user );
+		} elseif ( is_string( $user ) ) {
+			$user = User::newFromName( $user );
+		}
+		if( $user instanceof User && $user->getId() == $wgUser->getId() ) {
+			# User is trying to unblock themselves
+			if ( $wgUser->isAllowed( 'unblockself' ) ) {
+				return true;
+			} else {
+				return 'ipbnounblockself';
+			}
+		} else {
+			# User is trying to block/unblock someone else
+			return 'ipbblocked';
+		}
+	}
 
 	/**
 	 * Backend block code.
@@ -410,7 +464,7 @@ class IPBlockForm {
 				# Username block
 				if( $wgSysopUserBans ) {
 					$user = User::newFromName( $this->BlockAddress );
-					if( !is_null( $user ) && $user->getId() ) {
+					if( $user instanceof User && $user->getId() ) {
 						# Use canonical name
 						$userId = $user->getId();
 						$this->BlockAddress = $user->getName();
@@ -539,19 +593,20 @@ class IPBlockForm {
 		}
 	}
 
-	public static function suppressUserName( $name, $userId ) {
+	public static function suppressUserName( $name, $userId, $dbw = null ) {
 		$op = '|'; // bitwise OR
-		return self::setUsernameBitfields( $name, $userId, $op );
+		return self::setUsernameBitfields( $name, $userId, $op, $dbw );
 	}
 
-	public static function unsuppressUserName( $name, $userId ) {
+	public static function unsuppressUserName( $name, $userId, $dbw = null ) {
 		$op = '&'; // bitwise AND
-		return self::setUsernameBitfields( $name, $userId, $op );
+		return self::setUsernameBitfields( $name, $userId, $op, $dbw );
 	}
 
-	private static function setUsernameBitfields( $name, $userId, $op ) {
+	private static function setUsernameBitfields( $name, $userId, $op, $dbw ) {
 		if( $op !== '|' && $op !== '&' ) return false; // sanity check
-		$dbw = wfGetDB( DB_MASTER );
+		if( !$dbw )
+			$dbw = wfGetDB( DB_MASTER );
 		$delUser = Revision::DELETED_USER | Revision::DELETED_RESTRICTED;
 		$delAction = LogPage::DELETED_ACTION | Revision::DELETED_RESTRICTED;
 		# Normalize user name
@@ -641,7 +696,7 @@ class IPBlockForm {
 		);
 
 		// Add suppression block entries if allowed
-		if( $wgUser->isAllowed( 'hideuser' ) ) {
+		if( $wgUser->isAllowed( 'suppressionlog' ) ) {
 			LogEventsList::showLogExtract( $out, 'suppress', $title->getPrefixedText(), '',
 				array(
 					'lim' => 10,
@@ -758,32 +813,20 @@ class IPBlockForm {
 	 * @return string
 	 */
 	private function getBlockListLink( $skin ) {
-		$list = SpecialPage::getTitleFor( 'Ipblocklist' );
-		$query = array();
-
-		if( $this->BlockAddress ) {
-			$addr = strtr( $this->BlockAddress, '_', ' ' );
-			$message = wfMsg( 'ipb-blocklist-addr', $addr );
-			$query['ip'] = $this->BlockAddress;
-		} else {
-			$message = wfMsg( 'ipb-blocklist' );
-		}
-
 		return $skin->linkKnown(
-			$list,
-			htmlspecialchars( $message ),
-			array(),
-			$query
+			SpecialPage::getTitleFor( 'Ipblocklist' ),
+			wfMsg( 'ipb-blocklist' )
 		);
 	}
 
 	/**
 	 * Block a list of selected users
-	 * @param array $users
-	 * @param string $reason
-	 * @param string $tag replaces user pages
-	 * @param string $talkTag replaces user talk pages
-	 * @returns array, list of html-safe usernames
+	 *
+	 * @param $users Array
+	 * @param $reason String
+	 * @param $tag String: replaces user pages
+	 * @param $talkTag String: replaces user talk pages
+	 * @return Array: list of html-safe usernames
 	 */
 	public static function doMassUserBlock( $users, $reason = '', $tag = '', $talkTag = '' ) {
 		global $wgUser;