These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * |
||
4 | * |
||
5 | * Created on Sep 4, 2007 |
||
6 | * |
||
7 | * Copyright © 2007 Roan Kattouw "<Firstname>.<Lastname>@gmail.com" |
||
8 | * |
||
9 | * This program is free software; you can redistribute it and/or modify |
||
10 | * it under the terms of the GNU General Public License as published by |
||
11 | * the Free Software Foundation; either version 2 of the License, or |
||
12 | * (at your option) any later version. |
||
13 | * |
||
14 | * This program is distributed in the hope that it will be useful, |
||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
17 | * GNU General Public License for more details. |
||
18 | * |
||
19 | * You should have received a copy of the GNU General Public License along |
||
20 | * with this program; if not, write to the Free Software Foundation, Inc., |
||
21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
||
22 | * http://www.gnu.org/copyleft/gpl.html |
||
23 | * |
||
24 | * @file |
||
25 | */ |
||
26 | |||
27 | /** |
||
28 | * API module that facilitates the blocking of users. Requires API write mode |
||
29 | * to be enabled. |
||
30 | * |
||
31 | * @ingroup API |
||
32 | */ |
||
33 | class ApiBlock extends ApiBase { |
||
34 | |||
35 | /** |
||
36 | * Blocks the user specified in the parameters for the given expiry, with the |
||
37 | * given reason, and with all other settings provided in the params. If the block |
||
38 | * succeeds, produces a result containing the details of the block and notice |
||
39 | * of success. If it fails, the result will specify the nature of the error. |
||
40 | */ |
||
41 | public function execute() { |
||
42 | global $wgContLang; |
||
43 | |||
44 | $user = $this->getUser(); |
||
45 | $params = $this->extractRequestParams(); |
||
46 | |||
47 | if ( !$user->isAllowed( 'block' ) ) { |
||
48 | $this->dieUsageMsg( 'cantblock' ); |
||
49 | } |
||
50 | |||
51 | # bug 15810: blocked admins should have limited access here |
||
52 | View Code Duplication | if ( $user->isBlocked() ) { |
|
53 | $status = SpecialBlock::checkUnblockSelf( $params['user'], $user ); |
||
54 | if ( $status !== true ) { |
||
55 | $msg = $this->parseMsg( $status ); |
||
56 | $this->dieUsage( |
||
57 | $msg['info'], |
||
58 | $msg['code'], |
||
59 | 0, |
||
60 | [ 'blockinfo' => ApiQueryUserInfo::getBlockInfo( $user->getBlock() ) ] |
||
61 | ); |
||
62 | } |
||
63 | } |
||
64 | |||
65 | $target = User::newFromName( $params['user'] ); |
||
66 | // Bug 38633 - if the target is a user (not an IP address), but it |
||
67 | // doesn't exist or is unusable, error. |
||
68 | if ( $target instanceof User && |
||
69 | ( $target->isAnon() /* doesn't exist */ || !User::isUsableName( $target->getName() ) ) |
||
70 | ) { |
||
71 | $this->dieUsageMsg( [ 'nosuchuser', $params['user'] ] ); |
||
72 | } |
||
73 | |||
74 | if ( $params['hidename'] && !$user->isAllowed( 'hideuser' ) ) { |
||
75 | $this->dieUsageMsg( 'canthide' ); |
||
76 | } |
||
77 | if ( $params['noemail'] && !SpecialBlock::canBlockEmail( $user ) ) { |
||
78 | $this->dieUsageMsg( 'cantblock-email' ); |
||
79 | } |
||
80 | |||
81 | $data = [ |
||
82 | 'PreviousTarget' => $params['user'], |
||
83 | 'Target' => $params['user'], |
||
84 | 'Reason' => [ |
||
85 | $params['reason'], |
||
86 | 'other', |
||
87 | $params['reason'] |
||
88 | ], |
||
89 | 'Expiry' => $params['expiry'], |
||
90 | 'HardBlock' => !$params['anononly'], |
||
91 | 'CreateAccount' => $params['nocreate'], |
||
92 | 'AutoBlock' => $params['autoblock'], |
||
93 | 'DisableEmail' => $params['noemail'], |
||
94 | 'HideUser' => $params['hidename'], |
||
95 | 'DisableUTEdit' => !$params['allowusertalk'], |
||
96 | 'Reblock' => $params['reblock'], |
||
97 | 'Watch' => $params['watchuser'], |
||
98 | 'Confirm' => true, |
||
99 | ]; |
||
100 | |||
101 | $retval = SpecialBlock::processForm( $data, $this->getContext() ); |
||
102 | if ( $retval !== true ) { |
||
103 | // We don't care about multiple errors, just report one of them |
||
104 | $this->dieUsageMsg( $retval ); |
||
0 ignored issues
–
show
|
|||
105 | } |
||
106 | |||
107 | list( $target, /*...*/ ) = SpecialBlock::getTargetAndType( $params['user'] ); |
||
108 | $res['user'] = $params['user']; |
||
109 | $res['userID'] = $target instanceof User ? $target->getId() : 0; |
||
110 | |||
111 | $block = Block::newFromTarget( $target, null, true ); |
||
112 | if ( $block instanceof Block ) { |
||
113 | $res['expiry'] = $wgContLang->formatExpiry( $block->mExpiry, TS_ISO_8601, 'infinite' ); |
||
114 | $res['id'] = $block->getId(); |
||
115 | } else { |
||
116 | # should be unreachable |
||
117 | $res['expiry'] = ''; |
||
118 | $res['id'] = ''; |
||
119 | } |
||
120 | |||
121 | $res['reason'] = $params['reason']; |
||
122 | $res['anononly'] = $params['anononly']; |
||
123 | $res['nocreate'] = $params['nocreate']; |
||
124 | $res['autoblock'] = $params['autoblock']; |
||
125 | $res['noemail'] = $params['noemail']; |
||
126 | $res['hidename'] = $params['hidename']; |
||
127 | $res['allowusertalk'] = $params['allowusertalk']; |
||
128 | $res['watchuser'] = $params['watchuser']; |
||
129 | |||
130 | $this->getResult()->addValue( null, $this->getModuleName(), $res ); |
||
131 | } |
||
132 | |||
133 | public function mustBePosted() { |
||
134 | return true; |
||
135 | } |
||
136 | |||
137 | public function isWriteMode() { |
||
138 | return true; |
||
139 | } |
||
140 | |||
141 | public function getAllowedParams() { |
||
142 | return [ |
||
143 | 'user' => [ |
||
144 | ApiBase::PARAM_TYPE => 'user', |
||
145 | ApiBase::PARAM_REQUIRED => true |
||
146 | ], |
||
147 | 'expiry' => 'never', |
||
148 | 'reason' => '', |
||
149 | 'anononly' => false, |
||
150 | 'nocreate' => false, |
||
151 | 'autoblock' => false, |
||
152 | 'noemail' => false, |
||
153 | 'hidename' => false, |
||
154 | 'allowusertalk' => false, |
||
155 | 'reblock' => false, |
||
156 | 'watchuser' => false, |
||
157 | ]; |
||
158 | } |
||
159 | |||
160 | public function needsToken() { |
||
161 | return 'csrf'; |
||
162 | } |
||
163 | |||
164 | protected function getExamplesMessages() { |
||
165 | // @codingStandardsIgnoreStart Generic.Files.LineLength |
||
166 | return [ |
||
167 | 'action=block&user=192.0.2.5&expiry=3%20days&reason=First%20strike&token=123ABC' |
||
168 | => 'apihelp-block-example-ip-simple', |
||
169 | 'action=block&user=Vandal&expiry=never&reason=Vandalism&nocreate=&autoblock=&noemail=&token=123ABC' |
||
170 | => 'apihelp-block-example-user-complex', |
||
171 | ]; |
||
172 | // @codingStandardsIgnoreEnd |
||
173 | } |
||
174 | |||
175 | public function getHelpUrls() { |
||
176 | return 'https://www.mediawiki.org/wiki/API:Block'; |
||
177 | } |
||
178 | } |
||
179 |
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check:
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.