SECURITY: API: Respect $wgBlockCIDRLimit in action=block

[lhc/web/wiklou.git] / includes / api / ApiBlock.php

diff --git a/includes/api/ApiBlock.php b/includes/api/ApiBlock.php
index f4aea98..85dd2c7 100644 (file)
--- a/includes/api/ApiBlock.php
+++ b/includes/api/ApiBlock.php
@@ -109,6 +109,11 @@ class ApiBlock extends ApiBase {
                        'Tags' => $params['tags'],
                ];
 
+               $status = SpecialBlock::validateTarget( $params['user'], $user );
+               if ( !$status->isOK() ) {
+                       $this->dieStatus( $status );
+               }
+
                $retval = SpecialBlock::processForm( $data, $this->getContext() );
                if ( $retval !== true ) {
                        $this->dieStatus( $this->errorArrayToStatus( $retval ) );
@@ -124,8 +129,8 @@ class ApiBlock extends ApiBase {
                        $res['id'] = $block->getId();
                } else {
                        # should be unreachable
-                       $res['expiry'] = '';
-                       $res['id'] = '';
+                       $res['expiry'] = ''; // @codeCoverageIgnore
+                       $res['id'] = ''; // @codeCoverageIgnore
                }
 
                $res['reason'] = $params['reason'];