SECURITY: rate-limit and prevent blocked users from changing email

[lhc/web/wiklou.git] / includes / api / ApiFormatPhp.php

diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php
index cc0f159..616b341 100644 (file)
--- a/includes/api/ApiFormatPhp.php
+++ b/includes/api/ApiFormatPhp.php
@@ -30,6 +30,9 @@ class ApiFormatPhp extends ApiFormatBase {
                return 'application/vnd.php.serialized';
        }
 
+       /**
+        * @suppress SecurityCheck-XSS Output type is not text/html
+        */
        public function execute() {
                $params = $this->extractRequestParams();
 
@@ -73,8 +76,8 @@ class ApiFormatPhp extends ApiFormatBase {
        public function getAllowedParams() {
                $ret = parent::getAllowedParams() + [
                        'formatversion' => [
-                               ApiBase::PARAM_TYPE => [ 1, 2, 'latest' ],
-                               ApiBase::PARAM_DFLT => 1,
+                               ApiBase::PARAM_TYPE => [ '1', '2', 'latest' ],
+                               ApiBase::PARAM_DFLT => '1',
                                ApiBase::PARAM_HELP_MSG => 'apihelp-php-param-formatversion',
                        ],
                ];