X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fuser%2FPasswordReset.php;h=faf09eefef91e1ac3833a9a3c460ba9881abc6b0;hb=7babd362babcbf7f20adb8e12edb4f4bc1d4249f;hp=4ee256c495bf84f77cdf216daddead8c46c3a5b9;hpb=c584722cc2e3d33edae58d46c2149063b3fc6d72;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/user/PasswordReset.php b/includes/user/PasswordReset.php
index 4ee256c495..faf09eefef 100644
--- a/includes/user/PasswordReset.php
+++ b/includes/user/PasswordReset.php
@@ -100,9 +100,10 @@ class PasswordReset implements LoggerAwareInterface {
 			} elseif ( !$user->isAllowed( 'editmyprivateinfo' ) ) {
 				// Maybe not all users have permission to change private data
 				$status = StatusValue::newFatal( 'badaccess' );
-			} elseif ( $user->isBlocked() ) {
+			} elseif ( $this->isBlocked( $user ) ) {
 				// Maybe the user is blocked (check this here rather than relying on the parent
-				// method as we have a more specific error message to use here
+				// method as we have a more specific error message to use here and we want to
+				// ignore some types of blocks)
 				$status = StatusValue::newFatal( 'blocked-mailpassword' );
 			}
 
@@ -250,17 +251,51 @@ class PasswordReset implements LoggerAwareInterface {
 		return StatusValue::newGood( $passwords );
 	}
 
+	/**
+	 * Check whether the user is blocked.
+	 * Ignores certain types of system blocks that are only meant to force users to log in.
+	 * @param User $user
+	 * @return bool
+	 * @since 1.30
+	 */
+	protected function isBlocked( User $user ) {
+		$block = $user->getBlock() ?: $user->getGlobalBlock();
+		if ( !$block ) {
+			return false;
+		}
+		$type = $block->getSystemBlockType();
+		if ( in_array( $type, [ null, 'global-block' ], true ) ) {
+			// Normal block. Maybe it was meant for someone else and the user just needs to log in;
+			// or maybe it was issued specifically to prevent some IP from messing with password
+			// reset? Go out on a limb and use the registration allowed flag to decide.
+			return $block->prevents( 'createaccount' );
+		} elseif ( $type === 'proxy' ) {
+			// we disallow actions through proxy even if the user is logged in
+			// so it makes sense to disallow password resets as well
+			return true;
+		} elseif ( in_array( $type, [ 'dnsbl', 'wgSoftBlockRanges' ], true ) ) {
+			// these are just meant to force login so let's not prevent that
+			return false;
+		} else {
+			// some extension - we'll have to guess
+			return true;
+		}
+	}
+
 	/**
 	 * @param string $email
 	 * @return User[]
 	 * @throws MWException On unexpected database errors
 	 */
 	protected function getUsersByEmail( $email ) {
+		$userQuery = User::getQueryInfo();
 		$res = wfGetDB( DB_REPLICA )->select(
-			'user',
-			User::selectFields(),
+			$userQuery['tables'],
+			$userQuery['fields'],
 			[ 'user_email' => $email ],
-			__METHOD__
+			__METHOD__,
+			[],
+			$userQuery['joins']
 		);
 
 		if ( !$res ) {