Make history-related blocking respect $wgCrawlerProtectedActions

[Copilot]

Removing 'history' from $wgCrawlerProtectedActions did not actually unblock history for anonymous users: ?action=history still went through, but related URLs (type=revision, diff=N, oldid=N) stayed blocked because those conditions were hardcoded in checkPerformAction.

Changes

• CrawlerProtectionService::checkPerformAction: gate the type === 'revision', diff > 0, and oldid > 0 checks on isProtectedAction('history') so the entire history-viewing surface (action, revisions, diffs, oldid) is controlled by a single config token.
• Tests: added testCheckPerformActionAllowsHistoryRelatedWhenNotConfigured with a data provider covering all four history-related URL shapes against an empty CrawlerProtectedActions. Existing block-tests (which include 'history' in the config) continue to assert the legacy behavior.
• Test stub: added a string return type to User::getName in namespaced-stubs.php so PHPUnit-generated mocks no longer return null into IPUtils::isInRanges, which was masking failures in pre-existing IP-allow-list tests.

Before / after

// Before — diff/oldid/type=revision blocked even with $wgCrawlerProtectedActions = []
if (
    $type === 'revision'
    || $this->isProtectedAction( $action )
    || $diffId > 0
    || $oldId > 0
) { ... }

// After — all history-related checks gated on the 'history' token
$historyProtected = $this->isProtectedAction( 'history' );
if (
    $this->isProtectedAction( $action )
    || ( $historyProtected && (
        $type === 'revision' || $diffId > 0 || $oldId > 0
    ) )
) { ... }

Compatibility

Default config (['history']) is unchanged in behavior. Operators who had already customized $wgCrawlerProtectedActions to exclude 'history' will now see the additional unblocking they likely expected.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/PHPCSStandards/PHPCSExtra/zipball/746c3190ba8eb2f212087c947ba75f4f5b9a58d5
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/wFdst0 /usr/bin/composer install --no-interaction (http block)
• https://api.github.com/repos/PHPCSStandards/PHPCSUtils/zipball/908247bc65010c7b7541a9551e002db12e9dae70
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/wFdst0 /usr/bin/composer install --no-interaction (http block)
• https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/14f5fff1e64118595db5408e946f3a22c75807f7
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/wFdst0 /usr/bin/composer install --no-interaction (http block)
• https://api.github.com/repos/PHPCSStandards/composer-installer/zipball/963f0c67bffde0eac41b56be71ac0e8ba132f0bd
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/wFdst0 /usr/bin/composer install --no-interaction (http block)
• https://api.github.com/repos/composer/semver/zipball/35e8d0af4486141bc745f23a29cc2091eb624a32
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/wFdst0 /usr/bin/composer install --no-interaction (http block)
• https://api.github.com/repos/composer/spdx-licenses/zipball/e886f5201b27ad5bc3f9967b83394740722e5473
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/wFdst0 /usr/bin/composer install --no-interaction (http block)
• https://api.github.com/repos/doctrine/instantiator/zipball/c6222283fa3f4ac679f8b9ced9a4e23f163e80d0
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/myclabs/DeepCopy/zipball/07d290f0c47959fd5eed98c95ee5602db07e0b6a
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/nikic/PHP-Parser/zipball/dca41cd15c2ac9d055ad70dbfd011130757d1f82
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/phar-io/manifest/zipball/54750ef60c58e43759730615a392c31c80e23176
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/phar-io/version/zipball/4f7fd7836c6f332bb2933569e566a0d6c4cbed74
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/php-fig/container/zipball/c71ecc56dfe541dbd90c5360474fbc405f8d5963
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/php-parallel-lint/PHP-Console-Color/zipball/7adfefd530aa2d7570ba87100a99e2483a543b88
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/php-parallel-lint/PHP-Console-Highlighter/zipball/5b4803384d3303cf8e84141039ef56c8a123138d
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/php-parallel-lint/PHP-Parallel-Lint/zipball/6db563514f27e19595a19f45a4bf757b6401194e
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/cli-parser/zipball/2b56bea83a09de3ac06bb18b92f068e60cc6f50b
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/code-unit-reverse-lookup/zipball/ac91f01ccec49fb77bdc6fd1e548bc70f7faa3e5
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/code-unit/zipball/1fc9f64c0927627ef78ba436c9b17d967e68e120
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/comparator/zipball/e4df00b9b3571187db2831ae9aada2c6efbd715d
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/complexity/zipball/25f207c40d62b8b7aa32f5ab026c53561964053a
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/diff/zipball/ba01945089c3a293b01ba9badc29ad55b106b0bc
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/environment/zipball/830c43a844f1f8d5b7a1f6d6076b784454d8b7ed
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/exporter/zipball/14c6ba52f95a36c3d27c835d65efc7123c446e8c
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/global-state/zipball/b6781316bdcd28260904e7cc18ec983d0d2ef4f6
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/lines-of-code/zipball/e1e4a170560925c26d424b6a03aed157e7dcc5c5
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/object-enumerator/zipball/5c9eeac41b290a3712d88851518825ad78f45c71
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/object-reflector/zipball/b4f479ebdbf63ac605d183ece17d8d7fe49c15c7
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/85402a822d1ecf1db1096959413d35e1c37cf1a5
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/cf1c2e7c203ac650e352f4cc675a7021e7d1b3cf
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/php-invoker/zipball/5a10147d0aaf65b58940a0b72f71c9ac0423cc67
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/php-text-template/zipball/5da5f67fc95621df9ff4c4e5a84d6a8a2acf7c28
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/php-timer/zipball/5a63ce20ed1b5bf577850e2c4e87f4aa902afbd2
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/phpunit/zipball/b36f02317466907a230d3aa1d34467041271ef4a
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/recursion-context/zipball/539c6691e0623af6dc6f9c20384c120f963465a0
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/05d5692a7993ecccd56a03e40cd7e5b09b1d404e
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/type/zipball/75e2c2a32f5e0b3aef905b9ed0b179b953b3d7c7
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/sebastianbergmann/version/zipball/c6c1022351a901512170118436c764e473f6de8c
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/symfony/console/zipball/ed0107e43ab452aa77ae99e005b95e56b556e075
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/symfony/deprecation-contracts/zipball/50f59d1f3ca46d41ac911f97a78626b6756af35b
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/symfony/polyfill-ctype/zipball/141046a8f9477948ff284fa65be2095baafb94f2
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/4864388bfbd3001ce88e234fab652acd91fdc57e
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/3833d7255cc303546435cb650316bff708a1c75c
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/symfony/polyfill-mbstring/zipball/6a21eb99c6973357967f6ce3708cd55a6bec6315
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/wFdst0 /usr/bin/composer install --no-interaction (http block)
• https://api.github.com/repos/symfony/polyfill-php80/zipball/dfb55726c3a76ea3b6459fcfda1ec2d80a682411
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/wFdst0 /usr/bin/composer install --no-interaction (http block)
• https://api.github.com/repos/symfony/service-contracts/zipball/d25d82433a80eba6aa0e6c24b61d7370d99e444a
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/symfony/string/zipball/965f7306a43383d02c6aca1e3f3bd2f0ea5dee15
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/theseer/tokenizer/zipball/b7489ce515e168639d17feec34b8847c326b0b3c
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/wikimedia/IPSet/zipball/5c55f38f79dac6b5ba88502a76f865ad1f615f4a
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/AHq9jm /usr/bin/composer require --dev wikimedia/ip-utils:^4.0 --no-interaction git@github.com:sremote tnet/tools/git git bran�� -r sh e/git k/CrawlerProtectgit ge.git /bin/sh e/git (http block)
• https://api.github.com/repos/wikimedia/base-convert/zipball/aa997185e0b42c1f61a11f3e1980cad144175111
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/AHq9jm /usr/bin/composer require --dev wikimedia/ip-utils:^4.0 --no-interaction git@github.com:sremote tnet/tools/git git bran�� -r sh e/git k/CrawlerProtectgit ge.git /bin/sh e/git (http block)
• https://api.github.com/repos/wikimedia/mediawiki-libs-IPUtils/zipball/b79fd7bd8b74996aa7c284427e31027554f35cd2
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/AHq9jm /usr/bin/composer require --dev wikimedia/ip-utils:^4.0 --no-interaction git@github.com:sremote tnet/tools/git git bran�� -r sh e/git k/CrawlerProtectgit ge.git /bin/sh e/git (http block)
• https://api.github.com/repos/wikimedia/mediawiki-tools-codesniffer/zipball/c559bc02e87b0a969b6ed7380d7fa1d02738158b
  • Triggering command: REDACTED, pid is -1 (http block)
• https://api.github.com/repos/wikimedia/mediawiki-tools-minus-x/zipball/553f920ad53f78b33ea654f8623c2a50b5ac7efd
  • Triggering command: REDACTED, pid is -1 (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)