From 8ca5464a1671436196c25ca0764b1a1bd3d3f2d5 Mon Sep 17 00:00:00 2001
From: Amir Sarabadani <ladsgroup@gmail.com>
Date: Thu, 12 Jul 2018 15:51:00 +0200
Subject: [PATCH] Security: Disable thank when the user is globally blocked

Bug: T151910
Change-Id: I3f39dd32cb76d1a20c8711d5de88e8fcbc36507d
---
 includes/ApiThank.php    | 2 ++
 includes/ThanksHooks.php | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/includes/ApiThank.php b/includes/ApiThank.php
index 907ad68d..29bb2313 100644
--- a/includes/ApiThank.php
+++ b/includes/ApiThank.php
@@ -13,6 +13,8 @@ abstract class ApiThank extends ApiBase {
 			$this->dieWithError( [ 'thanks-error-ratelimited', $user->getName() ], 'ratelimited' );
 		} elseif ( $user->isBlocked() ) {
 			$this->dieBlocked( $user->getBlock() );
+		} elseif ( $user->isBlockedGlobally() ) {
+			$this->dieBlocked( $user->getGlobalBlock() );
 		}
 	}
 
diff --git a/includes/ThanksHooks.php b/includes/ThanksHooks.php
index 318fd69c..7d742603 100644
--- a/includes/ThanksHooks.php
+++ b/includes/ThanksHooks.php
@@ -54,6 +54,7 @@ class ThanksHooks {
 		if ( !$user->isAnon()
 			&& $recipientId !== $user->getId()
 			&& !$user->isBlocked()
+			&& !$user->isBlockedGlobally()
 			&& self::canReceiveThanks( $recipient )
 			&& !$rev->isDeleted( Revision::DELETED_TEXT )
 			&& ( !$oldRev || $rev->getParentId() == $oldRev->getId() )
@@ -383,7 +384,7 @@ class ThanksHooks {
 		global $wgUser;
 
 		// Don't thank if anonymous or blocked
-		if ( $wgUser->isAnon() || $wgUser->isBlocked() ) {
+		if ( $wgUser->isAnon() || $wgUser->isBlocked() || $wgUser->isBlockedGlobally() ) {
 			return;
 		}