From 381a6ce691840437c6a449fe52bfd6dacb80af2d Mon Sep 17 00:00:00 2001
From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Mon, 4 Jan 2016 10:55:26 -0800
Subject: [PATCH] API: Flag "user" parameters in various modules as type 'user'

The API 'user' type accepts both user names and IP addresses, and
applies normalization but not canonicalization. We should be using this
on basically every user parameter to ensure that e.g. IPv6 usernames get
uppercased.

Bug: T122803
Change-Id: Ic67fb54061ac311e54f325b2a1a4658f43b8fef4
---
 includes/api/ApiBase.php                   | 2 +-
 includes/api/ApiBlock.php                  | 2 +-
 includes/api/ApiQueryBlocks.php            | 1 +
 includes/api/ApiQueryLogEvents.php         | 6 ++++--
 includes/api/ApiQueryUserContributions.php | 1 +
 includes/api/ApiQueryUsers.php             | 1 +
 includes/api/ApiRollback.php               | 2 +-
 includes/api/ApiUserrights.php             | 2 +-
 8 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php
index 56a8a7a2c7..5f67a2265a 100644
--- a/includes/api/ApiBase.php
+++ b/includes/api/ApiBase.php
@@ -79,7 +79,7 @@ abstract class ApiBase extends ContextSource {
 	 * - timestamp: A timestamp in any format recognized by MWTimestamp, or the
 	 *   string 'now' representing the current timestamp. Will be returned in
 	 *   TS_MW format.
-	 * - user: A MediaWiki username. Will be returned normalized but not canonicalized.
+	 * - user: A MediaWiki username or IP. Will be returned normalized but not canonicalized.
 	 * - upload: An uploaded file. Will be returned as a WebRequestUpload object.
 	 *   Cannot be used with PARAM_ISMULTI.
 	 */
diff --git a/includes/api/ApiBlock.php b/includes/api/ApiBlock.php
index 636baa7fef..e3d73a2113 100644
--- a/includes/api/ApiBlock.php
+++ b/includes/api/ApiBlock.php
@@ -141,7 +141,7 @@ class ApiBlock extends ApiBase {
 	public function getAllowedParams() {
 		return array(
 			'user' => array(
-				ApiBase::PARAM_TYPE => 'string',
+				ApiBase::PARAM_TYPE => 'user',
 				ApiBase::PARAM_REQUIRED => true
 			),
 			'expiry' => 'never',
diff --git a/includes/api/ApiQueryBlocks.php b/includes/api/ApiQueryBlocks.php
index d004020db8..229e3d1187 100644
--- a/includes/api/ApiQueryBlocks.php
+++ b/includes/api/ApiQueryBlocks.php
@@ -273,6 +273,7 @@ class ApiQueryBlocks extends ApiQueryBase {
 				ApiBase::PARAM_ISMULTI => true
 			),
 			'users' => array(
+				ApiBase::PARAM_TYPE => 'user',
 				ApiBase::PARAM_ISMULTI => true
 			),
 			'ip' => array(
diff --git a/includes/api/ApiQueryLogEvents.php b/includes/api/ApiQueryLogEvents.php
index 38be99acb7..a76012af80 100644
--- a/includes/api/ApiQueryLogEvents.php
+++ b/includes/api/ApiQueryLogEvents.php
@@ -165,7 +165,7 @@ class ApiQueryLogEvents extends ApiQueryBase {
 			if ( $userid ) {
 				$this->addWhereFld( 'log_user', $userid );
 			} else {
-				$this->addWhereFld( 'log_user_text', IP::sanitizeIP( $user ) );
+				$this->addWhereFld( 'log_user_text', $user );
 			}
 		}
 
@@ -430,7 +430,9 @@ class ApiQueryLogEvents extends ApiQueryBase {
 				),
 				ApiBase::PARAM_HELP_MSG => 'api-help-param-direction',
 			),
-			'user' => null,
+			'user' => array(
+				ApiBase::PARAM_TYPE => 'user',
+			),
 			'title' => null,
 			'namespace' => array(
 				ApiBase::PARAM_TYPE => 'namespace'
diff --git a/includes/api/ApiQueryUserContributions.php b/includes/api/ApiQueryUserContributions.php
index 1ef0f35f95..27a28e13e7 100644
--- a/includes/api/ApiQueryUserContributions.php
+++ b/includes/api/ApiQueryUserContributions.php
@@ -461,6 +461,7 @@ class ApiQueryContributions extends ApiQueryBase {
 				ApiBase::PARAM_HELP_MSG => 'api-help-param-continue',
 			),
 			'user' => array(
+				ApiBase::PARAM_TYPE => 'user',
 				ApiBase::PARAM_ISMULTI => true
 			),
 			'userprefix' => null,
diff --git a/includes/api/ApiQueryUsers.php b/includes/api/ApiQueryUsers.php
index db5fb65621..ea9d48da4b 100644
--- a/includes/api/ApiQueryUsers.php
+++ b/includes/api/ApiQueryUsers.php
@@ -317,6 +317,7 @@ class ApiQueryUsers extends ApiQueryBase {
 			),
 			'attachedwiki' => null,
 			'users' => array(
+				ApiBase::PARAM_TYPE => 'user',
 				ApiBase::PARAM_ISMULTI => true
 			),
 			'token' => array(
diff --git a/includes/api/ApiRollback.php b/includes/api/ApiRollback.php
index 7037fb619a..0fa2e31083 100644
--- a/includes/api/ApiRollback.php
+++ b/includes/api/ApiRollback.php
@@ -126,7 +126,7 @@ class ApiRollback extends ApiBase {
 				ApiBase::PARAM_ISMULTI => true,
 			),
 			'user' => array(
-				ApiBase::PARAM_TYPE => 'string',
+				ApiBase::PARAM_TYPE => 'user',
 				ApiBase::PARAM_REQUIRED => true
 			),
 			'summary' => '',
diff --git a/includes/api/ApiUserrights.php b/includes/api/ApiUserrights.php
index e32b612369..815ef0b757 100644
--- a/includes/api/ApiUserrights.php
+++ b/includes/api/ApiUserrights.php
@@ -112,7 +112,7 @@ class ApiUserrights extends ApiBase {
 	public function getAllowedParams() {
 		return array(
 			'user' => array(
-				ApiBase::PARAM_TYPE => 'string',
+				ApiBase::PARAM_TYPE => 'user',
 			),
 			'userid' => array(
 				ApiBase::PARAM_TYPE => 'integer',
-- 
2.20.1