Security fix for API blocks query -- ipb_anon field wasn't being loaded when querying...

diff --git a/includes/api/ApiQueryBlocks.php b/includes/api/ApiQueryBlocks.php
index f634565..f509d93 100644 (file)
--- a/includes/api/ApiQueryBlocks.php
+++ b/includes/api/ApiQueryBlocks.php
@@ -72,6 +72,8 @@ class ApiQueryBlocks extends ApiQueryBase {
                        $this->addFields('ipb_id');
                if($fld_user)
                        $this->addFields(array('ipb_address', 'ipb_user'));
+               if($fld_user || $fld_flags)
+                       $this->addFields('ipb_auto');
                if($fld_by)
                {
                        $this->addTables('user');
@@ -87,7 +89,7 @@ class ApiQueryBlocks extends ApiQueryBase {
                if($fld_range)
                        $this->addFields(array('ipb_range_start', 'ipb_range_end'));
                if($fld_flags)
-                       $this->addFields(array('ipb_auto', 'ipb_anon_only', 'ipb_create_account', 'ipb_enable_autoblock', 'ipb_block_email', 'ipb_deleted'));
+                       $this->addFields(array('ipb_anon_only', 'ipb_create_account', 'ipb_enable_autoblock', 'ipb_block_email', 'ipb_deleted'));
 
                $this->addOption('LIMIT', $params['limit'] + 1);
                $this->addWhereRange('ipb_timestamp', $params['dir'], $params['start'], $params['end']);