2007-12-06 16:06:22 +00:00
|
|
|
<?php
|
2010-02-21 12:32:46 +00:00
|
|
|
/**
|
2010-12-22 20:52:06 +00:00
|
|
|
*
|
2007-12-06 16:06:22 +00:00
|
|
|
*
|
2010-08-07 19:59:42 +00:00
|
|
|
* Created on Sep 4, 2007
|
|
|
|
|
*
|
2012-07-15 20:13:02 +00:00
|
|
|
* Copyright © 2007 Roan Kattouw "<Firstname>.<Lastname>@gmail.com"
|
2007-12-06 16:06:22 +00:00
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License along
|
|
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
2010-06-21 13:13:32 +00:00
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
2007-12-06 16:06:22 +00:00
|
|
|
* http://www.gnu.org/copyleft/gpl.html
|
2010-08-07 19:59:42 +00:00
|
|
|
*
|
|
|
|
|
* @file
|
2007-12-06 16:06:22 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/**
|
2013-03-07 16:27:38 +00:00
|
|
|
* API module that facilitates the blocking of users. Requires API write mode
|
|
|
|
|
* to be enabled.
|
|
|
|
|
*
|
WARNING: HUGE COMMIT
Doxygen documentation update:
* Changed alls @addtogroup to @ingroup. @addtogroup adds the comment to the group description, but doesn't add the file, class, function, ... to the group like @ingroup does. See for example http://svn.wikimedia.org/doc/group__SpecialPage.html where it's impossible to see related files, classes, ... that should belong to that group.
* Added @file to file description, it seems that it should be explicitely decalred for file descriptions, otherwise doxygen will think that the comment document the first class, variabled, function, ... that is in that file.
* Removed some empty comments
* Removed some ?>
Added following groups:
* ExternalStorage
* JobQueue
* MaintenanceLanguage
One more thing: there are still a lot of warnings when generating the doc.
2008-05-20 17:13:28 +00:00
|
|
|
* @ingroup API
|
2007-12-06 16:06:22 +00:00
|
|
|
*/
|
|
|
|
|
class ApiBlock extends ApiBase {
|
|
|
|
|
|
2008-01-12 07:08:17 +00:00
|
|
|
/**
|
|
|
|
|
* Blocks the user specified in the parameters for the given expiry, with the
|
|
|
|
|
* given reason, and with all other settings provided in the params. If the block
|
|
|
|
|
* succeeds, produces a result containing the details of the block and notice
|
|
|
|
|
* of success. If it fails, the result will specify the nature of the error.
|
|
|
|
|
*/
|
2007-12-06 16:06:22 +00:00
|
|
|
public function execute() {
|
Clean up handling of 'infinity'
There's a bunch of stuff that probably only works because the database
representation of infinity is actually 'infinity' on all databases
besides Oracle, and Oracle in general isn't maintained.
Generally, we should probably use 'infinity' everywhere except where
directly dealing with the database.
* Many extension callers of Language::formatExpiry() with $format !==
true are assuming it'll return 'infinity', none are checking for
$db->getInfinity().
* And Language::formatExpiry() would choke if passed 'infinity', despite
callers doing this.
* And Language::formatExpiry() could be more useful for the API if we
can override the string returned for infinity.
* As for core, Title is using Language::formatExpiry() with TS_MW which
is going to be changing anyway. Extension callers mostly don't exist.
* Block already normalizes its mExpiry field (and ->getExpiry()),
but some stuff is comparing it with $db->getInfinity() anyway. A few
external users set mExpiry to $db->getInfinity(), but this is mostly
because SpecialBlock::parseExpiryInput() returns $db->getInfinity()
while most callers (including all extensions) are assuming 'infinity'.
* And for that matter, Block should use $db->decodeExpiry() instead of
manually doing it, once we make that safe to call with 'infinity' for
all the extensions passing $db->getInfinity() to Block's contructor.
* WikiPage::doUpdateRestrictions() and some of its callers are using
$db->getInfinity(), when all the inserts using that value are using
$db->encodeExpiry() which will convert 'infinity'.
This also cleans up a slave-lag issue I noticed in ApiBlock while
testing.
Bug: T92550
Change-Id: I5eb68c1fb6029da8289276ecf7c81330575029ef
2015-03-12 16:37:04 +00:00
|
|
|
global $wgContLang;
|
|
|
|
|
|
2011-10-26 23:27:01 +00:00
|
|
|
$user = $this->getUser();
|
2007-12-06 16:06:22 +00:00
|
|
|
$params = $this->extractRequestParams();
|
|
|
|
|
|
2011-10-26 23:27:01 +00:00
|
|
|
if ( !$user->isAllowed( 'block' ) ) {
|
2011-05-19 17:51:16 +00:00
|
|
|
$this->dieUsageMsg( 'cantblock' );
|
2010-02-21 12:32:46 +00:00
|
|
|
}
|
2012-12-22 19:33:05 +00:00
|
|
|
|
2010-03-26 23:02:10 +00:00
|
|
|
# bug 15810: blocked admins should have limited access here
|
2011-10-26 23:27:01 +00:00
|
|
|
if ( $user->isBlocked() ) {
|
2011-11-13 07:25:56 +00:00
|
|
|
$status = SpecialBlock::checkUnblockSelf( $params['user'], $user );
|
2010-03-27 21:31:10 +00:00
|
|
|
if ( $status !== true ) {
|
2015-05-10 14:05:03 +00:00
|
|
|
$msg = $this->parseMsg( $status );
|
|
|
|
|
$this->dieUsage(
|
|
|
|
|
$msg['info'],
|
|
|
|
|
$msg['code'],
|
|
|
|
|
0,
|
2016-02-17 09:09:32 +00:00
|
|
|
[ 'blockinfo' => ApiQueryUserInfo::getBlockInfo( $user->getBlock() ) ]
|
2015-05-10 14:05:03 +00:00
|
|
|
);
|
2010-03-27 21:31:10 +00:00
|
|
|
}
|
2010-03-26 23:02:10 +00:00
|
|
|
}
|
2012-12-22 19:33:05 +00:00
|
|
|
|
|
|
|
|
$target = User::newFromName( $params['user'] );
|
2013-11-16 19:09:17 +00:00
|
|
|
// Bug 38633 - if the target is a user (not an IP address), but it
|
|
|
|
|
// doesn't exist or is unusable, error.
|
|
|
|
|
if ( $target instanceof User &&
|
|
|
|
|
( $target->isAnon() /* doesn't exist */ || !User::isUsableName( $target->getName() ) )
|
|
|
|
|
) {
|
2016-02-17 09:09:32 +00:00
|
|
|
$this->dieUsageMsg( [ 'nosuchuser', $params['user'] ] );
|
2012-12-22 19:33:05 +00:00
|
|
|
}
|
|
|
|
|
|
2011-10-26 23:27:01 +00:00
|
|
|
if ( $params['hidename'] && !$user->isAllowed( 'hideuser' ) ) {
|
2011-05-19 17:51:16 +00:00
|
|
|
$this->dieUsageMsg( 'canthide' );
|
2010-02-21 12:32:46 +00:00
|
|
|
}
|
2011-10-26 23:27:01 +00:00
|
|
|
if ( $params['noemail'] && !SpecialBlock::canBlockEmail( $user ) ) {
|
2011-05-19 17:51:16 +00:00
|
|
|
$this->dieUsageMsg( 'cantblock-email' );
|
2010-02-21 12:32:46 +00:00
|
|
|
}
|
2007-12-06 16:06:22 +00:00
|
|
|
|
2016-02-17 09:09:32 +00:00
|
|
|
$data = [
|
2012-04-14 21:43:49 +00:00
|
|
|
'PreviousTarget' => $params['user'],
|
2011-03-12 21:54:35 +00:00
|
|
|
'Target' => $params['user'],
|
2016-02-17 09:09:32 +00:00
|
|
|
'Reason' => [
|
2012-07-07 07:12:04 +00:00
|
|
|
$params['reason'],
|
2011-03-12 21:54:35 +00:00
|
|
|
'other',
|
2012-07-07 07:12:04 +00:00
|
|
|
$params['reason']
|
2016-02-17 09:09:32 +00:00
|
|
|
],
|
2014-06-18 02:45:32 +00:00
|
|
|
'Expiry' => $params['expiry'],
|
2011-03-12 21:54:35 +00:00
|
|
|
'HardBlock' => !$params['anononly'],
|
|
|
|
|
'CreateAccount' => $params['nocreate'],
|
|
|
|
|
'AutoBlock' => $params['autoblock'],
|
|
|
|
|
'DisableEmail' => $params['noemail'],
|
|
|
|
|
'HideUser' => $params['hidename'],
|
2011-10-13 22:23:13 +00:00
|
|
|
'DisableUTEdit' => !$params['allowusertalk'],
|
2012-04-14 21:43:49 +00:00
|
|
|
'Reblock' => $params['reblock'],
|
2011-03-12 21:54:35 +00:00
|
|
|
'Watch' => $params['watchuser'],
|
2011-04-07 14:54:38 +00:00
|
|
|
'Confirm' => true,
|
2016-02-17 09:09:32 +00:00
|
|
|
];
|
2007-12-06 16:06:22 +00:00
|
|
|
|
2011-11-13 07:25:56 +00:00
|
|
|
$retval = SpecialBlock::processForm( $data, $this->getContext() );
|
2011-03-12 21:54:35 +00:00
|
|
|
if ( $retval !== true ) {
|
2008-01-18 17:48:03 +00:00
|
|
|
// We don't care about multiple errors, just report one of them
|
2010-01-11 15:55:52 +00:00
|
|
|
$this->dieUsageMsg( $retval );
|
2010-02-21 12:32:46 +00:00
|
|
|
}
|
2008-01-18 17:48:03 +00:00
|
|
|
|
2011-03-21 19:12:41 +00:00
|
|
|
list( $target, /*...*/ ) = SpecialBlock::getTargetAndType( $params['user'] );
|
2007-12-06 16:06:22 +00:00
|
|
|
$res['user'] = $params['user'];
|
2011-03-12 21:54:35 +00:00
|
|
|
$res['userID'] = $target instanceof User ? $target->getId() : 0;
|
|
|
|
|
|
Clean up handling of 'infinity'
There's a bunch of stuff that probably only works because the database
representation of infinity is actually 'infinity' on all databases
besides Oracle, and Oracle in general isn't maintained.
Generally, we should probably use 'infinity' everywhere except where
directly dealing with the database.
* Many extension callers of Language::formatExpiry() with $format !==
true are assuming it'll return 'infinity', none are checking for
$db->getInfinity().
* And Language::formatExpiry() would choke if passed 'infinity', despite
callers doing this.
* And Language::formatExpiry() could be more useful for the API if we
can override the string returned for infinity.
* As for core, Title is using Language::formatExpiry() with TS_MW which
is going to be changing anyway. Extension callers mostly don't exist.
* Block already normalizes its mExpiry field (and ->getExpiry()),
but some stuff is comparing it with $db->getInfinity() anyway. A few
external users set mExpiry to $db->getInfinity(), but this is mostly
because SpecialBlock::parseExpiryInput() returns $db->getInfinity()
while most callers (including all extensions) are assuming 'infinity'.
* And for that matter, Block should use $db->decodeExpiry() instead of
manually doing it, once we make that safe to call with 'infinity' for
all the extensions passing $db->getInfinity() to Block's contructor.
* WikiPage::doUpdateRestrictions() and some of its callers are using
$db->getInfinity(), when all the inserts using that value are using
$db->encodeExpiry() which will convert 'infinity'.
This also cleans up a slave-lag issue I noticed in ApiBlock while
testing.
Bug: T92550
Change-Id: I5eb68c1fb6029da8289276ecf7c81330575029ef
2015-03-12 16:37:04 +00:00
|
|
|
$block = Block::newFromTarget( $target, null, true );
|
2013-04-19 18:03:05 +00:00
|
|
|
if ( $block instanceof Block ) {
|
Clean up handling of 'infinity'
There's a bunch of stuff that probably only works because the database
representation of infinity is actually 'infinity' on all databases
besides Oracle, and Oracle in general isn't maintained.
Generally, we should probably use 'infinity' everywhere except where
directly dealing with the database.
* Many extension callers of Language::formatExpiry() with $format !==
true are assuming it'll return 'infinity', none are checking for
$db->getInfinity().
* And Language::formatExpiry() would choke if passed 'infinity', despite
callers doing this.
* And Language::formatExpiry() could be more useful for the API if we
can override the string returned for infinity.
* As for core, Title is using Language::formatExpiry() with TS_MW which
is going to be changing anyway. Extension callers mostly don't exist.
* Block already normalizes its mExpiry field (and ->getExpiry()),
but some stuff is comparing it with $db->getInfinity() anyway. A few
external users set mExpiry to $db->getInfinity(), but this is mostly
because SpecialBlock::parseExpiryInput() returns $db->getInfinity()
while most callers (including all extensions) are assuming 'infinity'.
* And for that matter, Block should use $db->decodeExpiry() instead of
manually doing it, once we make that safe to call with 'infinity' for
all the extensions passing $db->getInfinity() to Block's contructor.
* WikiPage::doUpdateRestrictions() and some of its callers are using
$db->getInfinity(), when all the inserts using that value are using
$db->encodeExpiry() which will convert 'infinity'.
This also cleans up a slave-lag issue I noticed in ApiBlock while
testing.
Bug: T92550
Change-Id: I5eb68c1fb6029da8289276ecf7c81330575029ef
2015-03-12 16:37:04 +00:00
|
|
|
$res['expiry'] = $wgContLang->formatExpiry( $block->mExpiry, TS_ISO_8601, 'infinite' );
|
2012-04-22 12:20:46 +00:00
|
|
|
$res['id'] = $block->getId();
|
2011-03-12 21:54:35 +00:00
|
|
|
} else {
|
|
|
|
|
# should be unreachable
|
|
|
|
|
$res['expiry'] = '';
|
2012-04-22 12:20:46 +00:00
|
|
|
$res['id'] = '';
|
2011-03-12 21:54:35 +00:00
|
|
|
}
|
|
|
|
|
|
2007-12-06 16:06:22 +00:00
|
|
|
$res['reason'] = $params['reason'];
|
2015-01-16 19:00:07 +00:00
|
|
|
$res['anononly'] = $params['anononly'];
|
|
|
|
|
$res['nocreate'] = $params['nocreate'];
|
|
|
|
|
$res['autoblock'] = $params['autoblock'];
|
|
|
|
|
$res['noemail'] = $params['noemail'];
|
|
|
|
|
$res['hidename'] = $params['hidename'];
|
|
|
|
|
$res['allowusertalk'] = $params['allowusertalk'];
|
|
|
|
|
$res['watchuser'] = $params['watchuser'];
|
2007-12-06 16:06:22 +00:00
|
|
|
|
2010-01-11 15:55:52 +00:00
|
|
|
$this->getResult()->addValue( null, $this->getModuleName(), $res );
|
2007-12-06 16:06:22 +00:00
|
|
|
}
|
|
|
|
|
|
2010-02-14 21:12:11 +00:00
|
|
|
public function mustBePosted() {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
2008-01-18 20:43:59 +00:00
|
|
|
|
2009-03-06 13:49:44 +00:00
|
|
|
public function isWriteMode() {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2008-01-28 19:05:26 +00:00
|
|
|
public function getAllowedParams() {
|
2016-02-17 09:09:32 +00:00
|
|
|
return [
|
|
|
|
|
'user' => [
|
2016-01-04 18:55:26 +00:00
|
|
|
ApiBase::PARAM_TYPE => 'user',
|
2010-08-04 14:29:39 +00:00
|
|
|
ApiBase::PARAM_REQUIRED => true
|
2016-02-17 09:09:32 +00:00
|
|
|
],
|
2007-12-06 16:06:22 +00:00
|
|
|
'expiry' => 'never',
|
2012-07-07 07:12:04 +00:00
|
|
|
'reason' => '',
|
2007-12-06 16:06:22 +00:00
|
|
|
'anononly' => false,
|
|
|
|
|
'nocreate' => false,
|
|
|
|
|
'autoblock' => false,
|
|
|
|
|
'noemail' => false,
|
|
|
|
|
'hidename' => false,
|
2008-10-26 10:47:13 +00:00
|
|
|
'allowusertalk' => false,
|
2008-11-18 15:21:04 +00:00
|
|
|
'reblock' => false,
|
2011-01-02 19:58:27 +00:00
|
|
|
'watchuser' => false,
|
2016-02-17 09:09:32 +00:00
|
|
|
];
|
2007-12-06 16:06:22 +00:00
|
|
|
}
|
|
|
|
|
|
2010-10-01 20:12:50 +00:00
|
|
|
public function needsToken() {
|
2014-08-08 16:56:07 +00:00
|
|
|
return 'csrf';
|
2010-02-14 22:20:27 +00:00
|
|
|
}
|
2007-12-06 16:06:22 +00:00
|
|
|
|
2014-10-28 17:17:02 +00:00
|
|
|
protected function getExamplesMessages() {
|
2015-10-03 12:52:08 +00:00
|
|
|
// @codingStandardsIgnoreStart Generic.Files.LineLength
|
2010-02-21 12:32:46 +00:00
|
|
|
return array(
|
2014-09-18 17:38:23 +00:00
|
|
|
'action=block&user=192.0.2.5&expiry=3%20days&reason=First%20strike&token=123ABC'
|
|
|
|
|
=> 'apihelp-block-example-ip-simple',
|
|
|
|
|
'action=block&user=Vandal&expiry=never&reason=Vandalism&nocreate=&autoblock=&noemail=&token=123ABC'
|
|
|
|
|
=> 'apihelp-block-example-user-complex',
|
2007-12-06 16:06:22 +00:00
|
|
|
);
|
2015-10-03 12:52:08 +00:00
|
|
|
// @codingStandardsIgnoreEnd
|
2007-12-06 16:06:22 +00:00
|
|
|
}
|
|
|
|
|
|
2011-07-17 16:38:24 +00:00
|
|
|
public function getHelpUrls() {
|
2011-11-28 15:43:11 +00:00
|
|
|
return 'https://www.mediawiki.org/wiki/API:Block';
|
2011-07-17 16:38:24 +00:00
|
|
|
}
|
2007-12-06 16:06:22 +00:00
|
|
|
}
|
