Remove `BLACKLIST_USER_AGENTS`

see #3914

diff --git a/com.woltlab.wcf/option.xml b/com.woltlab.wcf/option.xml
index 1d74ee011c69449b6a2e2127861ac1a49d2640e8..665357f24826bd09d07d27d3c5400f3d06cee3f8 100644 (file)
--- a/com.woltlab.wcf/option.xml
+++ b/com.woltlab.wcf/option.xml
@@ -713,12 +713,6 @@ block:wcf.acp.option.blacklist_sfs_action.block]]></selectoptions>
                                <defaultvalue>disable</defaultvalue>
                        </option>
                        <!-- /security.blacklist.stopforumspam -->
-                       <!-- security.blacklist.custom -->
-                       <option name="blacklist_user_agents">
-                               <categoryname>security.blacklist.custom</categoryname>
-                               <optiontype>textarea</optiontype>
-                       </option>
-                       <!-- /security.blacklist.custom -->
                        <!-- security.antispam.captcha -->
                        <option name="captcha_type">
                                <categoryname>security.antispam.captcha</categoryname>
@@ -1698,5 +1692,6 @@ DESC:wcf.global.sortOrder.descending</selectoptions>
        <delete>
                <option name="module_master_password"/>
                <option name="blacklist_ip_addresses"/>
+               <option name="blacklist_user_agents"/>
        </delete>
 </data>

diff --git a/constants.php b/constants.php
index 46e686a2ee6ad5316e3bc534112079b338d86a84..7b16c0fbeb1c64f7981046dc114a5e689ec7a145 100644 (file)
--- a/constants.php
+++ b/constants.php
@@ -76,7 +76,6 @@
 \define('USER_AUTHENTICATION_FAILURE_USER_CAPTCHA', 3);
 \define('USER_AUTHENTICATION_FAILURE_EXPIRATION', 30);
 \define('SIGNATURE_SECRET', '');
-\define('BLACKLIST_USER_AGENTS', '');
 \define('CAPTCHA_TYPE', 'com.woltlab.wcf.recaptcha');
 \define('REGISTER_USE_CAPTCHA', 1);
 \define('LOST_PASSWORD_USE_CAPTCHA', 1);

diff --git a/wcfsetup/install/files/lib/system/WCF.class.php b/wcfsetup/install/files/lib/system/WCF.class.php
index 5c061c2127a373d68c41cdfdc03375cb11e8c67b..530ce2e027f674a230a36c18b8c6b6be17bf9ff5 100644 (file)
--- a/wcfsetup/install/files/lib/system/WCF.class.php
+++ b/wcfsetup/install/files/lib/system/WCF.class.php
@@ -23,7 +23,6 @@ use wcf\system\exception\ErrorException;
 use wcf\system\exception\IPrintableException;
 use wcf\system\exception\NamedUserException;
 use wcf\system\exception\ParentClassException;
-use wcf\system\exception\PermissionDeniedException;
 use wcf\system\exception\SystemException;
 use wcf\system\language\LanguageFactory;
 use wcf\system\package\PackageInstallationDispatcher;
@@ -40,7 +39,6 @@ use wcf\util\DirectoryUtil;
 use wcf\util\FileUtil;
 use wcf\util\HeaderUtil;
 use wcf\util\StringUtil;
-use wcf\util\UserUtil;
 
 // phpcs:disable PSR1.Files.SideEffects
 
@@ -471,9 +469,10 @@ class WCF
         // https://github.com/WoltLab/WCF/issues/3913
         \define('MODULE_MASTER_PASSWORD', 0);
 
-        // The IP address blocklist was removed in 5.5.
+        // The IP address and User Agent blocklist was removed in 5.5.
         // https://github.com/WoltLab/WCF/issues/3914
         \define('BLACKLIST_IP_ADDRESSES', '');
+        \define('BLACKLIST_USER_AGENTS', '');
     }
 
     /**
@@ -539,19 +538,6 @@ class WCF
     {
         $isAjax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) && ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest');
 
-        if (\defined('BLACKLIST_USER_AGENTS') && BLACKLIST_USER_AGENTS != '') {
-            if (!StringUtil::executeWordFilter(UserUtil::getUserAgent(), BLACKLIST_USER_AGENTS)) {
-                if ($isAjax) {
-                    throw new AJAXException(
-                        self::getLanguage()->getDynamicVariable('wcf.ajax.error.permissionDenied'),
-                        AJAXException::INSUFFICIENT_PERMISSIONS
-                    );
-                } else {
-                    throw new PermissionDeniedException();
-                }
-            }
-        }
-
         // handle banned users
         if (self::getUser()->userID && self::getUser()->banned && !self::getUser()->hasOwnerAccess()) {
             if ($isAjax) {

diff --git a/wcfsetup/install/files/options.inc.php b/wcfsetup/install/files/options.inc.php
index 62041ec59bf70b8c1028f11b804a5abd93eaed37..87e1f5ea2f032e1abf3d6faddb958e0fcdc9f02a 100644 (file)
--- a/wcfsetup/install/files/options.inc.php
+++ b/wcfsetup/install/files/options.inc.php
@@ -24,8 +24,6 @@ if (\file_exists(WCF_DIR . 'cookiePrefix.txt')) {
 
 \define('HTTP_SEND_X_FRAME_OPTIONS', 0);
 
-\define('BLACKLIST_USER_AGENTS', '');
-
 \define('CACHE_SOURCE_TYPE', 'disk');
 \define('IMAGE_ADAPTER_TYPE', 'gd');
 \define('TIMEZONE', 'Europe/Berlin');

diff --git a/wcfsetup/install/lang/de.xml b/wcfsetup/install/lang/de.xml
index 51400b1a1ebe00ea4a64c47d3ab05166f1ebb78d..1bd69fa451a68581ad047f46fd45ba6fe2bd43b2 100644 (file)
--- a/wcfsetup/install/lang/de.xml
+++ b/wcfsetup/install/lang/de.xml
@@ -1257,8 +1257,6 @@ ACHTUNG: Die oben genannten Meldungen sind stark gekürzt. Sie können Details z
                <item name="wcf.acp.notice.showOrder.description"><![CDATA[Legt die Reihenfolge fest, in der die Hinweise angezeigt werden.]]></item>
        </category>
        <category name="wcf.acp.option">
-               <item name="wcf.acp.option.blacklist_user_agents"><![CDATA[Browser-Kennung ausschließen (Obsolet)]]></item>
-               <item name="wcf.acp.option.blacklist_user_agents.description"><![CDATA[Browser-Kennungen können durch Angreifer leicht gefälscht werden und sind kein zuverlässiger Indikator für die Identität des Anfragestellers. Falls ein Ausschluss dennoch gewünscht ist, erfolgt ein Ausschluss von Browser-Kenunngen leistungsfähiger auf Ebene des Webservers. Diese Option ist obsolet und wird mit einer zukünftigen Version entfernt.]]></item>
                <item name="wcf.acp.option.cache_source_memcached_host"><![CDATA[Memcached-Server]]></item>
                <item name="wcf.acp.option.cache_source_memcached_host.description"/>
                <item name="wcf.acp.option.cache_source_redis_host"><![CDATA[Redis-Server]]></item>
@@ -5540,5 +5538,7 @@ Benachrichtigungen auf <a href="{link isHtmlEmail=true}{/link}">{PAGE_TITLE|lang
        <item name="wcf.acp.option.module_master_password.description"/>
        <item name="wcf.acp.option.blacklist_ip_addresses"/>
        <item name="wcf.acp.option.blacklist_ip_addresses.description"/>
+       <item name="wcf.acp.option.blacklist_user_agents"/>
+       <item name="wcf.acp.option.blacklist_user_agents.description"/>
 </delete>
 </language>

diff --git a/wcfsetup/install/lang/en.xml b/wcfsetup/install/lang/en.xml
index 05c4b8cfa82de6feff0d307a08cc3a65b38b769f..658b49c14c52fc029a5b56bbc1ad1ae954144c4b 100644 (file)
--- a/wcfsetup/install/lang/en.xml
+++ b/wcfsetup/install/lang/en.xml
@@ -1235,8 +1235,6 @@ ATTENTION: The messages listed above are greatly shortened. You can view details
                <item name="wcf.acp.notice.showOrder.description"><![CDATA[Choose display order of notices.]]></item>
        </category>
        <category name="wcf.acp.option">
-               <item name="wcf.acp.option.blacklist_user_agents"><![CDATA[Block by User-Agent (Not Recommended)]]></item>
-               <item name="wcf.acp.option.blacklist_user_agents.description"><![CDATA[User-Agents are easily faked by an attacker and not a reliable indicator of the client’s identity. If a block based on the User-Agent is desired nonetheless, it is achieve more performant at the web server level. Use of this blocklist is not recommended and this option will be removed in a future version.]]></item>
                <item name="wcf.acp.option.cache_source_memcached_host"><![CDATA[Memcached-Server]]></item>
                <item name="wcf.acp.option.cache_source_memcached_host.description"/>
                <item name="wcf.acp.option.cache_source_redis_host"><![CDATA[Redis-Server]]></item>
@@ -5541,5 +5539,7 @@ your notifications on <a href="{link isHtmlEmail=true}{/link}">{PAGE_TITLE|langu
        <item name="wcf.acp.option.module_master_password.description"/>
        <item name="wcf.acp.option.blacklist_ip_addresses"/>
        <item name="wcf.acp.option.blacklist_ip_addresses.description"/>
+       <item name="wcf.acp.option.blacklist_user_agents"/>
+       <item name="wcf.acp.option.blacklist_user_agents.description"/>
 </delete>
 </language>