SECURITY: API: Respect $wgBlockCIDRLimit in action=block

[lhc/web/wiklou.git] / includes / api / ApiBlock.php

diff --git a/includes/api/ApiBlock.php b/includes/api/ApiBlock.php
index df30a2d..85dd2c7 100644 (file)
--- a/includes/api/ApiBlock.php
+++ b/includes/api/ApiBlock.php
@@ -1,9 +1,5 @@
 <?php
 /**
- *
- *
- * Created on Sep 4, 2007
- *
  * Copyright © 2007 Roan Kattouw "<Firstname>.<Lastname>@gmail.com"
  *
  * This program is free software; you can redistribute it and/or modify
@@ -113,6 +109,11 @@ class ApiBlock extends ApiBase {
                        'Tags' => $params['tags'],
                ];
 
+               $status = SpecialBlock::validateTarget( $params['user'], $user );
+               if ( !$status->isOK() ) {
+                       $this->dieStatus( $status );
+               }
+
                $retval = SpecialBlock::processForm( $data, $this->getContext() );
                if ( $retval !== true ) {
                        $this->dieStatus( $this->errorArrayToStatus( $retval ) );
@@ -128,8 +129,8 @@ class ApiBlock extends ApiBase {
                        $res['id'] = $block->getId();
                } else {
                        # should be unreachable
-                       $res['expiry'] = '';
-                       $res['id'] = '';
+                       $res['expiry'] = ''; // @codeCoverageIgnore
+                       $res['id'] = ''; // @codeCoverageIgnore
                }
 
                $res['reason'] = $params['reason'];