The current username validation lets any invalid username through, on
the assumption that it's an IP address. We can do better: call the
backend to get the actual type and target, and reject anything with
TYPE_USER where the actual input name is invalid (regardless of
underlying mangling for stuff like T31797).
Bug: T183211
Change-Id: I676642eee1222447df22a1c32b24f55e6273bcec
$params['user'] = $username;
}
} else {
- $target = User::newFromName( $params['user'] );
+ list( $target, $type ) = SpecialBlock::getTargetAndType( $params['user'] );
// T40633 - if the target is a user (not an IP address), but it
// doesn't exist or is unusable, error.
- if ( $target instanceof User &&
- ( $target->isAnon() /* doesn't exist */ || !User::isUsableName( $target->getName() ) )
+ if ( $type === Block::TYPE_USER &&
+ ( $target->isAnon() /* doesn't exist */ || !User::isUsableName( $params['user'] ) )
) {
$this->dieWithError( [ 'nosuchusershort', $params['user'] ], 'nosuchuser' );
}