Glaisher has uploaded a new change for review.
https://gerrit.wikimedia.org/r/275544
Change subject: Don't allow invalid IP ranges to be entered in ip_in_range()
......................................................................
Don't allow invalid IP ranges to be entered in ip_in_range()
IP::isInRange() can return true for invalid IPs so this can
cause false positives. Instead of letting this happen, don't
allow it in the first place.
See also Ibfe55c2ebac0fccfa8329436
Bug: T124117
Change-Id: Id10552e117ce2b231504e41627b44f8cfb0d4329
---
M AbuseFilter.parser.php
M i18n/en.json
M i18n/qqq.json
3 files changed, 10 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/AbuseFilter
refs/changes/44/275544/1
diff --git a/AbuseFilter.parser.php b/AbuseFilter.parser.php
index 1ef3a1e..bd72c16 100644
--- a/AbuseFilter.parser.php
+++ b/AbuseFilter.parser.php
@@ -1586,6 +1586,14 @@
$ip = $args[0]->toString();
$range = $args[1]->toString();
+ if ( !IP::isValidBlock( $range ) ) {
+ throw new AFPUserVisibleException(
+ 'invalidarg',
+ $this->mCur->pos,
+ array( 'ip_in_range', 2 )
+ );
+ }
+
$result = IP::isInRange( $ip, $range );
return new AFPData( AFPData::DBOOL, $result );
diff --git a/i18n/en.json b/i18n/en.json
index f10ddde..1bdd8d6 100755
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -322,6 +322,7 @@
"abusefilter-exception-overridebuiltin": "Illegal overriding of
built-in variable \"$2\" at character $1.",
"abusefilter-exception-outofbounds": "Requesting non-existent list item
$2 (list size = $3) at character $1.",
"abusefilter-exception-notlist": "Requesting array item of non-array at
character $1.",
+ "abusefilter-exception-invalidarg": "Invalid argument passed to $2 at
character $1.",
"abusefilter-action-tag": "Tag",
"abusefilter-action-throttle": "Throttle",
"abusefilter-action-warn": "Warn",
diff --git a/i18n/qqq.json b/i18n/qqq.json
index 233014b..67cd869 100755
--- a/i18n/qqq.json
+++ b/i18n/qqq.json
@@ -327,6 +327,7 @@
"abusefilter-exception-regexfailure": "Error message from the abuse
filter parser. Parameters:\n* $1 - Position in the string\n* $2 - Error
message\n* $3 - Regular expression",
"abusefilter-exception-overridebuiltin": "Error message from the abuse
filter parser. Parameters:\n* $1 - Position in the string\n* $2 - Built-in
variable",
"abusefilter-exception-outofbounds": "Error message from the abuse
filter parser. Parameters:\n* $1 - Position in the string\n* $2 - Index\n* $3 -
Number of items in list",
+ "abusefilter-exception-invalidarg": "Error message from the abuse
filter parser. Parameters:\n* $1 - Position in the string\n* $2 - Name of the
function",
"abusefilter-exception-notlist": "Error message from the abuse filter
parser. Parameters:\n* $1 - Position in the string",
"abusefilter-action-tag": "{{doc-abusefilter-action}}\n\nThe edit or
change can be 'tagged' with a particular tag, which will be shown on Recent
Changes, contributions, logs, new pages, history, and everywhere else. \n\nThis
is a verb in the imperative form.\n\n{{Identical|Tag}}",
"abusefilter-action-throttle": "{{doc-abusefilter-action}}",
--
To view, visit https://gerrit.wikimedia.org/r/275544
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Id10552e117ce2b231504e41627b44f8cfb0d4329
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/AbuseFilter
Gerrit-Branch: master
Gerrit-Owner: Glaisher <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
