X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=includes%2Fuser%2FPasswordReset.php;h=dd16fb78ba31655c135073ac106342ec1a5a4695;hp=c1aef22ba19f910a06372af51f658ad4744594ac;hb=f7e1770fb832aa77bf4e16ce8cc815f2b24dd10d;hpb=add4dcc1c0feccc6154ebbc89ef9c3984f83c5a6

diff --git a/includes/user/PasswordReset.php b/includes/user/PasswordReset.php
index c1aef22ba1..dd16fb78ba 100644
--- a/includes/user/PasswordReset.php
+++ b/includes/user/PasswordReset.php
@@ -100,9 +100,10 @@ class PasswordReset implements LoggerAwareInterface {
 			} elseif ( !$user->isAllowed( 'editmyprivateinfo' ) ) {
 				// Maybe not all users have permission to change private data
 				$status = StatusValue::newFatal( 'badaccess' );
-			} elseif ( $user->isBlocked() ) {
+			} elseif ( $this->isBlocked( $user ) ) {
 				// Maybe the user is blocked (check this here rather than relying on the parent
-				// method as we have a more specific error message to use here
+				// method as we have a more specific error message to use here and we want to
+				// ignore some types of blocks)
 				$status = StatusValue::newFatal( 'blocked-mailpassword' );
 			}
 
@@ -176,7 +177,7 @@ class PasswordReset implements LoggerAwareInterface {
 		$firstUser = $users[0];
 
 		if ( !$firstUser instanceof User || !$firstUser->getId() ) {
-			// Don't parse username as wikitext (bug 65501)
+			// Don't parse username as wikitext (T67501)
 			return StatusValue::newFatal( wfMessage( 'nosuchuser', wfEscapeWikiText( $username ) ) );
 		}
 
@@ -192,7 +193,7 @@ class PasswordReset implements LoggerAwareInterface {
 				wfEscapeWikiText( $firstUser->getName() ) ) );
 		}
 
-		// We need to have a valid IP address for the hook, but per bug 18347, we should
+		// We need to have a valid IP address for the hook, but per T20347, we should
 		// send the user's name if they're logged in.
 		$ip = $performingUser->getRequest()->getIP();
 		if ( !$ip ) {
@@ -250,6 +251,37 @@ class PasswordReset implements LoggerAwareInterface {
 		return StatusValue::newGood( $passwords );
 	}
 
+	/**
+	 * Check whether the user is blocked.
+	 * Ignores certain types of system blocks that are only meant to force users to log in.
+	 * @param User $user
+	 * @return bool
+	 * @since 1.30
+	 */
+	protected function isBlocked( User $user ) {
+		$block = $user->getBlock() ?: $user->getGlobalBlock();
+		if ( !$block ) {
+			return false;
+		}
+		$type = $block->getSystemBlockType();
+		if ( in_array( $type, [ null, 'global-block' ], true ) ) {
+			// Normal block. Maybe it was meant for someone else and the user just needs to log in;
+			// or maybe it was issued specifically to prevent some IP from messing with password
+			// reset? Go out on a limb and use the registration allowed flag to decide.
+			return $block->prevents( 'createaccount' );
+		} elseif ( $type === 'proxy' ) {
+			// we disallow actions through proxy even if the user is logged in
+			// so it makes sense to disallow password resets as well
+			return true;
+		} elseif ( in_array( $type, [ 'dnsbl', 'wgSoftBlockRanges' ], true ) ) {
+			// these are just meant to force login so let's not prevent that
+			return false;
+		} else {
+			// some extension - we'll have to guess
+			return true;
+		}
+	}
+
 	/**
 	 * @param string $email
 	 * @return User[]