X-Git-Url: https://scripts.mit.edu/gitweb/autoinstallsdev/mediawiki.git/blobdiff_plain/19e297c21b10b1b8a3acad5e73fc71dcb35db44a..6932310fd58ebef145fa01eb76edf7150284d8ea:/includes/api/ApiBlock.php diff --git a/includes/api/ApiBlock.php b/includes/api/ApiBlock.php index 25506ac0..a8261d21 100644 --- a/includes/api/ApiBlock.php +++ b/includes/api/ApiBlock.php @@ -1,10 +1,10 @@ .@home.nl + * Copyright © 2007 Roan Kattouw ".@gmail.com" * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,26 +24,14 @@ * @file */ -if ( !defined( 'MEDIAWIKI' ) ) { - // Eclipse helper - will be ignored in production - require_once( "ApiBase.php" ); -} - /** -* API module that facilitates the blocking of users. Requires API write mode -* to be enabled. -* + * API module that facilitates the blocking of users. Requires API write mode + * to be enabled. + * * @ingroup API */ class ApiBlock extends ApiBase { - /** - * Std ctor. - */ - public function __construct( $main, $action ) { - parent::__construct( $main, $action ); - } - /** * Blocks the user specified in the parameters for the given expiry, with the * given reason, and with all other settings provided in the params. If the block @@ -51,76 +39,113 @@ class ApiBlock extends ApiBase { * of success. If it fails, the result will specify the nature of the error. */ public function execute() { - global $wgUser, $wgBlockAllowsUTEdit; + $this->checkUserRightsAny( 'block' ); + + $user = $this->getUser(); $params = $this->extractRequestParams(); - if ( $params['gettoken'] ) { - $res['blocktoken'] = $wgUser->editToken(); - $this->getResult()->addValue( null, $this->getModuleName(), $res ); - return; - } + $this->requireOnlyOneParameter( $params, 'user', 'userid' ); - if ( !$wgUser->isAllowed( 'block' ) ) { - $this->dieUsageMsg( array( 'cantblock' ) ); - } - # bug 15810: blocked admins should have limited access here - if ( $wgUser->isBlocked() ) { - $status = IPBlockForm::checkUnblockSelf( $params['user'] ); + # T17810: blocked admins should have limited access here + if ( $user->isBlocked() ) { + $status = SpecialBlock::checkUnblockSelf( $params['user'], $user ); if ( $status !== true ) { - $this->dieUsageMsg( array( $status ) ); + $this->dieWithError( + $status, + null, + [ 'blockinfo' => ApiQueryUserInfo::getBlockInfo( $user->getBlock() ) ] + ); } } - if ( $params['hidename'] && !$wgUser->isAllowed( 'hideuser' ) ) { - $this->dieUsageMsg( array( 'canthide' ) ); - } - if ( $params['noemail'] && !IPBlockForm::canBlockEmail( $wgUser ) ) { - $this->dieUsageMsg( array( 'cantblock-email' ) ); - } - $form = new IPBlockForm( '' ); - $form->BlockAddress = $params['user']; - $form->BlockReason = ( is_null( $params['reason'] ) ? '' : $params['reason'] ); - $form->BlockReasonList = 'other'; - $form->BlockExpiry = ( $params['expiry'] == 'never' ? 'infinite' : $params['expiry'] ); - $form->BlockOther = ''; - $form->BlockAnonOnly = $params['anononly']; - $form->BlockCreateAccount = $params['nocreate']; - $form->BlockEnableAutoblock = $params['autoblock']; - $form->BlockEmail = $params['noemail']; - $form->BlockHideName = $params['hidename']; - $form->BlockAllowUsertalk = $params['allowusertalk'] && $wgBlockAllowsUTEdit; - $form->BlockReblock = $params['reblock']; - - $userID = $expiry = null; - $retval = $form->doBlock( $userID, $expiry ); - if ( count( $retval ) ) { - // We don't care about multiple errors, just report one of them - $this->dieUsageMsg( $retval ); + if ( $params['userid'] !== null ) { + $username = User::whoIs( $params['userid'] ); + + if ( $username === false ) { + $this->dieWithError( [ 'apierror-nosuchuserid', $params['userid'] ], 'nosuchuserid' ); + } else { + $params['user'] = $username; + } + } else { + $target = User::newFromName( $params['user'] ); + + // T40633 - if the target is a user (not an IP address), but it + // doesn't exist or is unusable, error. + if ( $target instanceof User && + ( $target->isAnon() /* doesn't exist */ || !User::isUsableName( $target->getName() ) ) + ) { + $this->dieWithError( [ 'nosuchusershort', $params['user'] ], 'nosuchuser' ); + } } - $res['user'] = $params['user']; - $res['userID'] = intval( $userID ); - $res['expiry'] = ( $expiry == Block::infinity() ? 'infinite' : wfTimestamp( TS_ISO_8601, $expiry ) ); - $res['reason'] = $params['reason']; - if ( $params['anononly'] ) { - $res['anononly'] = ''; + if ( $params['tags'] ) { + $ableToTag = ChangeTags::canAddTagsAccompanyingChange( $params['tags'], $user ); + if ( !$ableToTag->isOK() ) { + $this->dieStatus( $ableToTag ); + } } - if ( $params['nocreate'] ) { - $res['nocreate'] = ''; + + if ( $params['hidename'] && !$user->isAllowed( 'hideuser' ) ) { + $this->dieWithError( 'apierror-canthide' ); } - if ( $params['autoblock'] ) { - $res['autoblock'] = ''; + if ( $params['noemail'] && !SpecialBlock::canBlockEmail( $user ) ) { + $this->dieWithError( 'apierror-cantblock-email' ); } - if ( $params['noemail'] ) { - $res['noemail'] = ''; + + $data = [ + 'PreviousTarget' => $params['user'], + 'Target' => $params['user'], + 'Reason' => [ + $params['reason'], + 'other', + $params['reason'] + ], + 'Expiry' => $params['expiry'], + 'HardBlock' => !$params['anononly'], + 'CreateAccount' => $params['nocreate'], + 'AutoBlock' => $params['autoblock'], + 'DisableEmail' => $params['noemail'], + 'HideUser' => $params['hidename'], + 'DisableUTEdit' => !$params['allowusertalk'], + 'Reblock' => $params['reblock'], + 'Watch' => $params['watchuser'], + 'Confirm' => true, + 'Tags' => $params['tags'], + ]; + + $status = SpecialBlock::validateTarget( $params['user'], $user ); + if ( !$status->isOK() ) { + $this->dieStatus( $status ); } - if ( $params['hidename'] ) { - $res['hidename'] = ''; + + $retval = SpecialBlock::processForm( $data, $this->getContext() ); + if ( $retval !== true ) { + $this->dieStatus( $this->errorArrayToStatus( $retval ) ); } - if ( $params['allowusertalk'] ) { - $res['allowusertalk'] = ''; + + list( $target, /*...*/ ) = SpecialBlock::getTargetAndType( $params['user'] ); + $res['user'] = $params['user']; + $res['userID'] = $target instanceof User ? $target->getId() : 0; + + $block = Block::newFromTarget( $target, null, true ); + if ( $block instanceof Block ) { + $res['expiry'] = ApiResult::formatExpiry( $block->mExpiry, 'infinite' ); + $res['id'] = $block->getId(); + } else { + # should be unreachable + $res['expiry'] = ''; + $res['id'] = ''; } + $res['reason'] = $params['reason']; + $res['anononly'] = $params['anononly']; + $res['nocreate'] = $params['nocreate']; + $res['autoblock'] = $params['autoblock']; + $res['noemail'] = $params['noemail']; + $res['hidename'] = $params['hidename']; + $res['allowusertalk'] = $params['allowusertalk']; + $res['watchuser'] = $params['watchuser']; + $this->getResult()->addValue( null, $this->getModuleName(), $res ); } @@ -133,15 +158,15 @@ class ApiBlock extends ApiBase { } public function getAllowedParams() { - return array( - 'user' => array( - ApiBase::PARAM_TYPE => 'string', - ApiBase::PARAM_REQUIRED => true - ), - 'token' => null, - 'gettoken' => false, + return [ + 'user' => [ + ApiBase::PARAM_TYPE => 'user', + ], + 'userid' => [ + ApiBase::PARAM_TYPE => 'integer', + ], 'expiry' => 'never', - 'reason' => null, + 'reason' => '', 'anononly' => false, 'nocreate' => false, 'autoblock' => false, @@ -149,56 +174,30 @@ class ApiBlock extends ApiBase { 'hidename' => false, 'allowusertalk' => false, 'reblock' => false, - ); - } - - public function getParamDescription() { - return array( - 'user' => 'Username, IP address or IP range you want to block', - 'token' => 'A block token previously obtained through the gettoken parameter or prop=info', - 'gettoken' => 'If set, a block token will be returned, and no other action will be taken', - 'expiry' => 'Relative expiry time, e.g. \'5 months\' or \'2 weeks\'. If set to \'infinite\', \'indefinite\' or \'never\', the block will never expire.', - 'reason' => 'Reason for block (optional)', - 'anononly' => 'Block anonymous users only (i.e. disable anonymous edits for this IP)', - 'nocreate' => 'Prevent account creation', - 'autoblock' => 'Automatically block the last used IP address, and any subsequent IP addresses they try to login from', - 'noemail' => 'Prevent user from sending e-mail through the wiki. (Requires the "blockemail" right.)', - 'hidename' => 'Hide the username from the block log. (Requires the "hideuser" right.)', - 'allowusertalk' => 'Allow the user to edit their own talk page (depends on $wgBlockAllowsUTEdit)', - 'reblock' => 'If the user is already blocked, overwrite the existing block', - ); - } - - public function getDescription() { - return 'Block a user'; - } - - public function getPossibleErrors() { - return array_merge( parent::getPossibleErrors(), array( - array( 'cantblock' ), - array( 'canthide' ), - array( 'cantblock-email' ), - array( 'ipbblocked' ), - array( 'ipbnounblockself' ), - ) ); + 'watchuser' => false, + 'tags' => [ + ApiBase::PARAM_TYPE => 'tags', + ApiBase::PARAM_ISMULTI => true, + ], + ]; } public function needsToken() { - return true; - } - - public function getTokenSalt() { - return ''; + return 'csrf'; } - protected function getExamples() { - return array( - 'api.php?action=block&user=123.5.5.12&expiry=3%20days&reason=First%20strike', - 'api.php?action=block&user=Vandal&expiry=never&reason=Vandalism&nocreate=&autoblock=&noemail=' - ); + protected function getExamplesMessages() { + // @codingStandardsIgnoreStart Generic.Files.LineLength + return [ + 'action=block&user=192.0.2.5&expiry=3%20days&reason=First%20strike&token=123ABC' + => 'apihelp-block-example-ip-simple', + 'action=block&user=Vandal&expiry=never&reason=Vandalism&nocreate=&autoblock=&noemail=&token=123ABC' + => 'apihelp-block-example-user-complex', + ]; + // @codingStandardsIgnoreEnd } - public function getVersion() { - return __CLASS__ . ': $Id$'; + public function getHelpUrls() { + return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Block'; } }