dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
HTML escape parameter 'text' of hook 'SkinEditSectionLinks'
[lhc/web/wiklou.git] / includes / api / ApiBlock.php
1 <?php
2 /**
3 * Copyright © 2007 Roan Kattouw "<Firstname>.<Lastname>@gmail.com"
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 /**
24 * API module that facilitates the blocking of users. Requires API write mode
25 * to be enabled.
26 *
27 * @ingroup API
28 */
29 class ApiBlock extends ApiBase {
30
31 /**
32 * Blocks the user specified in the parameters for the given expiry, with the
33 * given reason, and with all other settings provided in the params. If the block
34 * succeeds, produces a result containing the details of the block and notice
35 * of success. If it fails, the result will specify the nature of the error.
36 */
37 public function execute() {
38 $this->checkUserRightsAny( 'block' );
39
40 $user = $this->getUser();
41 $params = $this->extractRequestParams();
42
43 $this->requireOnlyOneParameter( $params, 'user', 'userid' );
44
45 # T17810: blocked admins should have limited access here
46 $block = $user->getBlock();
47 if ( $block ) {
48 $status = SpecialBlock::checkUnblockSelf( $params['user'], $user );
49 if ( $status !== true ) {
50 $this->dieWithError(
51 $status,
52 null,
53 [ 'blockinfo' => ApiQueryUserInfo::getBlockInfo( $block ) ]
54 );
55 }
56 }
57
58 $editingRestriction = 'sitewide';
59 $pageRestrictions = '';
60 $namespaceRestrictions = '';
61 if ( $this->getConfig()->get( 'EnablePartialBlocks' ) ) {
62 if ( $params['partial'] ) {
63 $editingRestriction = 'partial';
64 }
65
66 $pageRestrictions = implode( "\n", (array)$params['pagerestrictions'] );
67 $namespaceRestrictions = implode( "\n", (array)$params['namespacerestrictions'] );
68 }
69
70 if ( $params['userid'] !== null ) {
71 $username = User::whoIs( $params['userid'] );
72
73 if ( $username === false ) {
74 $this->dieWithError( [ 'apierror-nosuchuserid', $params['userid'] ], 'nosuchuserid' );
75 } else {
76 $params['user'] = $username;
77 }
78 } else {
79 list( $target, $type ) = SpecialBlock::getTargetAndType( $params['user'] );
80
81 // T40633 - if the target is a user (not an IP address), but it
82 // doesn't exist or is unusable, error.
83 if ( $type === Block::TYPE_USER &&
84 ( $target->isAnon() /* doesn't exist */ || !User::isUsableName( $params['user'] ) )
85 ) {
86 $this->dieWithError( [ 'nosuchusershort', $params['user'] ], 'nosuchuser' );
87 }
88 }
89
90 if ( $params['tags'] ) {
91 $ableToTag = ChangeTags::canAddTagsAccompanyingChange( $params['tags'], $user );
92 if ( !$ableToTag->isOK() ) {
93 $this->dieStatus( $ableToTag );
94 }
95 }
96
97 if ( $params['hidename'] && !$user->isAllowed( 'hideuser' ) ) {
98 $this->dieWithError( 'apierror-canthide' );
99 }
100 if ( $params['noemail'] && !SpecialBlock::canBlockEmail( $user ) ) {
101 $this->dieWithError( 'apierror-cantblock-email' );
102 }
103
104 $data = [
105 'PreviousTarget' => $params['user'],
106 'Target' => $params['user'],
107 'Reason' => [
108 $params['reason'],
109 'other',
110 $params['reason']
111 ],
112 'Expiry' => $params['expiry'],
113 'HardBlock' => !$params['anononly'],
114 'CreateAccount' => $params['nocreate'],
115 'AutoBlock' => $params['autoblock'],
116 'DisableEmail' => $params['noemail'],
117 'HideUser' => $params['hidename'],
118 'DisableUTEdit' => !$params['allowusertalk'],
119 'Reblock' => $params['reblock'],
120 'Watch' => $params['watchuser'],
121 'Confirm' => true,
122 'Tags' => $params['tags'],
123 'EditingRestriction' => $editingRestriction,
124 'PageRestrictions' => $pageRestrictions,
125 'NamespaceRestrictions' => $namespaceRestrictions,
126 ];
127
128 $retval = SpecialBlock::processForm( $data, $this->getContext() );
129 if ( $retval !== true ) {
130 $this->dieStatus( $this->errorArrayToStatus( $retval ) );
131 }
132
133 list( $target, /*...*/ ) = SpecialBlock::getTargetAndType( $params['user'] );
134 $res['user'] = $params['user'];
135 $res['userID'] = $target instanceof User ? $target->getId() : 0;
136
137 $block = Block::newFromTarget( $target, null, true );
138 if ( $block instanceof Block ) {
139 $res['expiry'] = ApiResult::formatExpiry( $block->getExpiry(), 'infinite' );
140 $res['id'] = $block->getId();
141 } else {
142 # should be unreachable
143 $res['expiry'] = ''; // @codeCoverageIgnore
144 $res['id'] = ''; // @codeCoverageIgnore
145 }
146
147 $res['reason'] = $params['reason'];
148 $res['anononly'] = $params['anononly'];
149 $res['nocreate'] = $params['nocreate'];
150 $res['autoblock'] = $params['autoblock'];
151 $res['noemail'] = $params['noemail'];
152 $res['hidename'] = $params['hidename'];
153 $res['allowusertalk'] = $params['allowusertalk'];
154 $res['watchuser'] = $params['watchuser'];
155
156 if ( $this->getConfig()->get( 'EnablePartialBlocks' ) ) {
157 $res['partial'] = $params['partial'];
158 $res['pagerestrictions'] = $params['pagerestrictions'];
159 $res['namespacerestrictions'] = $params['namespacerestrictions'];
160 }
161
162 $this->getResult()->addValue( null, $this->getModuleName(), $res );
163 }
164
165 public function mustBePosted() {
166 return true;
167 }
168
169 public function isWriteMode() {
170 return true;
171 }
172
173 public function getAllowedParams() {
174 $params = [
175 'user' => [
176 ApiBase::PARAM_TYPE => 'user',
177 ],
178 'userid' => [
179 ApiBase::PARAM_TYPE => 'integer',
180 ],
181 'expiry' => 'never',
182 'reason' => '',
183 'anononly' => false,
184 'nocreate' => false,
185 'autoblock' => false,
186 'noemail' => false,
187 'hidename' => false,
188 'allowusertalk' => false,
189 'reblock' => false,
190 'watchuser' => false,
191 'tags' => [
192 ApiBase::PARAM_TYPE => 'tags',
193 ApiBase::PARAM_ISMULTI => true,
194 ],
195 ];
196
197 if ( $this->getConfig()->get( 'EnablePartialBlocks' ) ) {
198 $params['partial'] = false;
199 $params['pagerestrictions'] = [
200 ApiBase::PARAM_ISMULTI => true,
201 ApiBase::PARAM_ISMULTI_LIMIT1 => 10,
202 ApiBase::PARAM_ISMULTI_LIMIT2 => 10,
203 ];
204 $params['namespacerestrictions'] = [
205 ApiBase::PARAM_ISMULTI => true,
206 ApiBase::PARAM_TYPE => 'namespace',
207 ];
208 }
209
210 return $params;
211 }
212
213 public function needsToken() {
214 return 'csrf';
215 }
216
217 protected function getExamplesMessages() {
218 // phpcs:disable Generic.Files.LineLength
219 return [
220 'action=block&user=192.0.2.5&expiry=3%20days&reason=First%20strike&token=123ABC'
221 => 'apihelp-block-example-ip-simple',
222 'action=block&user=Vandal&expiry=never&reason=Vandalism&nocreate=&autoblock=&noemail=&token=123ABC'
223 => 'apihelp-block-example-user-complex',
224 ];
225 // phpcs:enable
226 }
227
228 public function getHelpUrls() {
229 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Block';
230 }
231 }
Wiklou, le Wiki du Wiklou