From a2b133da344229bd1c535f26d3b181d2c59d5ece Mon Sep 17 00:00:00 2001
From: Martin Urbanec <martin.urbanec@wikimedia.cz>
Date: Sat, 15 May 2021 08:42:46 +0200
Subject: [PATCH] SECURITY: Disable autoblocks for CentralAuth-issued
 suppression blocks

They currently do not work (stacks are at T281972#7078879, T281972#7090229),
and according to T281972#7078969, properly fixing this is not easy.

Bug: T281972
Change-Id: I15d14c88a1e30df92c470bc191c4ee573172d4d1
---
 includes/CentralAuthUser.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/includes/CentralAuthUser.php b/includes/CentralAuthUser.php
index f3714c55..50da78ef 100644
--- a/includes/CentralAuthUser.php
+++ b/includes/CentralAuthUser.php
@@ -1938,7 +1938,10 @@ class CentralAuthUser implements IDBAccessObject {
 				'timestamp' => wfTimestampNow(),
 				'expiry' => $dbw->getInfinity(),
 				'createAccount' => true,
-				'enableAutoblock' => true,
+				// T281972: This is currently disabled because it doesn't work with xwiki blocks
+				// It is fine to disable temporarily, because locks do not have any autoblock mechanism anyway,
+				// and stewards are used to it.
+				'enableAutoblock' => false,
 				'hideName' => true,
 				'blockEmail' => true,
 				'by' => UserIdentityValue::newExternal(
-- 
2.20.1