* @file
*/
-if ( !defined( 'MEDIAWIKI' ) ) {
- // Eclipse helper - will be ignored in production
- require_once( 'ApiQueryBase.php' );
-}
-
/**
* Query module to enumerate all user blocks
*
$this->addOption( 'LIMIT', $params['limit'] + 1 );
$this->addTimestampWhereRange( 'ipb_timestamp', $params['dir'], $params['start'], $params['end'] );
+
+ $db = $this->getDB();
+
if ( isset( $params['ids'] ) ) {
$this->addWhereFld( 'ipb_id', $params['ids'] );
}
}
$prefix = substr( $lower, 0, 4 );
- $db = $this->getDB();
+ # Fairly hard to make a malicious SQL statement out of hex characters,
+ # but it is good practice to add quotes
+ $lower = $db->addQuotes( $lower );
+ $upper = $db->addQuotes( $upper );
+
$this->addWhere( array(
'ipb_range_start' . $db->buildLike( $prefix, $db->anyString() ),
- "ipb_range_start <= '$lower'",
- "ipb_range_end >= '$upper'",
+ 'ipb_range_start <= ' . $lower,
+ 'ipb_range_end >= ' . $upper,
'ipb_auto' => 0
) );
}
$this->addWhereIf( 'ipb_user != 0', isset( $show['account'] ) );
$this->addWhereIf( 'ipb_user != 0 OR ipb_range_end > ipb_range_start', isset( $show['!ip'] ) );
$this->addWhereIf( 'ipb_user = 0 AND ipb_range_end = ipb_range_start', isset( $show['ip'] ) );
- $this->addWhereIf( "ipb_expiry = 'infinity'", isset( $show['!temp'] ) );
- $this->addWhereIf( "ipb_expiry != 'infinity'", isset( $show['temp'] ) );
+ $this->addWhereIf( 'ipb_expiry = '.$db->addQuotes($db->getInfinity()), isset( $show['!temp'] ) );
+ $this->addWhereIf( 'ipb_expiry != '.$db->addQuotes($db->getInfinity()), isset( $show['temp'] ) );
$this->addWhereIf( "ipb_range_end = ipb_range_start", isset( $show['!range'] ) );
$this->addWhereIf( "ipb_range_end > ipb_range_start", isset( $show['range'] ) );
}
}
public function getHelpUrls() {
- return 'http://www.mediawiki.org/wiki/API:Blocks';
+ return 'https://www.mediawiki.org/wiki/API:Blocks';
}
public function getVersion() {
dépôts / lhc / web / wiklou.git / blobdiff