(bug 32434) API allows reblocking the user without reblock parameter.

This change adds special case in processing of the block form.
An unused parameter 'AlreadyBlocked' was replaced by 'Reblock'.
Parameter 'PreviousTarget' was added so API user can block him/herself.

Change-Id: I29275eb4b5f425b7382ba8b7dec050209878f81b

diff --git a/includes/api/ApiBlock.php b/includes/api/ApiBlock.php
index c879b35..813e4d4 100644 (file)
--- a/includes/api/ApiBlock.php
+++ b/includes/api/ApiBlock.php
@@ -70,6 +70,7 @@ class ApiBlock extends ApiBase {
                }
 
                $data = array(
+                       'PreviousTarget' => $params['user'],
                        'Target' => $params['user'],
                        'Reason' => array(
                                $params['reason'],
@@ -83,7 +84,7 @@ class ApiBlock extends ApiBase {
                        'DisableEmail' => $params['noemail'],
                        'HideUser' => $params['hidename'],
                        'DisableUTEdit' => !$params['allowusertalk'],
-                       'AlreadyBlocked' => $params['reblock'],
+                       'Reblock' => $params['reblock'],
                        'Watch' => $params['watchuser'],
                        'Confirm' => true,
                );

diff --git a/includes/specials/SpecialBlock.php b/includes/specials/SpecialBlock.php
index aae1b34..ec026e8 100644 (file)
--- a/includes/specials/SpecialBlock.php
+++ b/includes/specials/SpecialBlock.php
@@ -693,10 +693,16 @@ class SpecialBlock extends FormSpecialPage {
                # Try to insert block. Is there a conflicting block?
                $status = $block->insert();
                if ( !$status ) {
+                       # Indicates whether the user is confirming the block and is aware of
+                       # the conflict (did not change the block target in the meantime)
+                       $blockNotConfirmed = !$data['Confirm'] || ( array_key_exists( 'PreviousTarget', $data )
+                               && $data['PreviousTarget'] !== $target );
+
+                       # Special case for API - bug 32434
+                       $reblockNotAllowed = ( array_key_exists( 'Reblock', $data ) && !$data['Reblock'] );
+
                        # Show form unless the user is already aware of this...
-                       if ( !$data['Confirm'] || ( array_key_exists( 'PreviousTarget', $data )
-                               && $data['PreviousTarget'] !== $target ) )
-                       {
+                       if( $blockNotConfirmed || $reblockNotAllowed ) {
                                return array( array( 'ipb_already_blocked', $block->getTarget() ) );
                        # Otherwise, try to update the block...
                        } else {