(bug 38633) Don't block non-existent users via the API

author Alex Monk <krenair@gmail.com>

Sat, 22 Dec 2012 19:33:05 +0000 (19:33 +0000)

committer Gerrit Code Review <gerrit@wikimedia.org>

Fri, 4 Jan 2013 13:20:16 +0000 (13:20 +0000)
author Alex Monk <krenair@gmail.com>
Sat, 22 Dec 2012 19:33:05 +0000 (19:33 +0000)
committer Gerrit Code Review <gerrit@wikimedia.org>
Fri, 4 Jan 2013 13:20:16 +0000 (13:20 +0000)
diff --git a/includes/api/ApiBlock.php b/includes/api/ApiBlock.php

index 813e4d4..4779067 100644 (file)
--- a/includes/api/ApiBlock.php
+++ b/includes/api/ApiBlock.php
@@ -55,6 +55,7 @@ class ApiBlock extends ApiBase {
                 if ( !$user->isAllowed( 'block' ) ) {
                         $this->dieUsageMsg( 'cantblock' );
                 }
+
                 # bug 15810: blocked admins should have limited access here
                 if ( $user->isBlocked() ) {
                         $status = SpecialBlock::checkUnblockSelf( $params['user'], $user );
@@ -62,6 +63,13 @@ class ApiBlock extends ApiBase {
                                 $this->dieUsageMsg( array( $status ) );
                         }
                 }
+
+               $target = User::newFromName( $params['user'] );
+               // Bug 38633 - if the target is a user (not an IP address), but it doesn't exist or is unusable, error.
+               if ( $target instanceof User && ( $target->isAnon() /* doesn't exist */ || !User::isUsableName( $target->getName() ) ) ) {
+                       $this->dieUsageMsg( array( 'nosuchuser', $params['user'] ) );
+               }
+
                 if ( $params['hidename'] && !$user->isAllowed( 'hideuser' ) ) {
                         $this->dieUsageMsg( 'canthide' );
                 }
author	Alex Monk <krenair@gmail.com>
	Sat, 22 Dec 2012 19:33:05 +0000 (19:33 +0000)
committer	Gerrit Code Review <gerrit@wikimedia.org>
	Fri, 4 Jan 2013 13:20:16 +0000 (13:20 +0000)