MediaWiki  master
ApiQueryBlocks.php
Go to the documentation of this file.
1 <?php
25 
32 
33  public function __construct( ApiQuery $query, $moduleName ) {
34  parent::__construct( $query, $moduleName, 'bk' );
35  }
36 
37  public function execute() {
38  $db = $this->getDB();
39  $commentStore = CommentStore::getStore();
40  $params = $this->extractRequestParams();
41  $this->requireMaxOneParameter( $params, 'users', 'ip' );
42 
43  $prop = array_flip( $params['prop'] );
44  $fld_id = isset( $prop['id'] );
45  $fld_user = isset( $prop['user'] );
46  $fld_userid = isset( $prop['userid'] );
47  $fld_by = isset( $prop['by'] );
48  $fld_byid = isset( $prop['byid'] );
49  $fld_timestamp = isset( $prop['timestamp'] );
50  $fld_expiry = isset( $prop['expiry'] );
51  $fld_reason = isset( $prop['reason'] );
52  $fld_range = isset( $prop['range'] );
53  $fld_flags = isset( $prop['flags'] );
54  $fld_restrictions = isset( $prop['restrictions'] );
55 
56  $result = $this->getResult();
57 
58  $this->addTables( 'ipblocks' );
59  $this->addFields( [ 'ipb_auto', 'ipb_id', 'ipb_timestamp' ] );
60 
61  $this->addFieldsIf( [ 'ipb_address', 'ipb_user' ], $fld_user || $fld_userid );
62  if ( $fld_by || $fld_byid ) {
63  $actorQuery = ActorMigration::newMigration()->getJoin( 'ipb_by' );
64  $this->addTables( $actorQuery['tables'] );
65  $this->addFields( $actorQuery['fields'] );
66  $this->addJoinConds( $actorQuery['joins'] );
67  }
68  $this->addFieldsIf( 'ipb_expiry', $fld_expiry );
69  $this->addFieldsIf( [ 'ipb_range_start', 'ipb_range_end' ], $fld_range );
70  $this->addFieldsIf( [ 'ipb_anon_only', 'ipb_create_account', 'ipb_enable_autoblock',
71  'ipb_block_email', 'ipb_deleted', 'ipb_allow_usertalk', 'ipb_sitewide' ],
72  $fld_flags );
73  $this->addFieldsIf( 'ipb_sitewide', $fld_restrictions );
74 
75  if ( $fld_reason ) {
76  $commentQuery = $commentStore->getJoin( 'ipb_reason' );
77  $this->addTables( $commentQuery['tables'] );
78  $this->addFields( $commentQuery['fields'] );
79  $this->addJoinConds( $commentQuery['joins'] );
80  }
81 
82  $this->addOption( 'LIMIT', $params['limit'] + 1 );
84  'ipb_timestamp',
85  $params['dir'],
86  $params['start'],
87  $params['end']
88  );
89  // Include in ORDER BY for uniqueness
90  $this->addWhereRange( 'ipb_id', $params['dir'], null, null );
91 
92  if ( !is_null( $params['continue'] ) ) {
93  $cont = explode( '|', $params['continue'] );
94  $this->dieContinueUsageIf( count( $cont ) != 2 );
95  $op = ( $params['dir'] == 'newer' ? '>' : '<' );
96  $continueTimestamp = $db->addQuotes( $db->timestamp( $cont[0] ) );
97  $continueId = (int)$cont[1];
98  $this->dieContinueUsageIf( $continueId != $cont[1] );
99  $this->addWhere( "ipb_timestamp $op $continueTimestamp OR " .
100  "(ipb_timestamp = $continueTimestamp AND " .
101  "ipb_id $op= $continueId)"
102  );
103  }
104 
105  if ( isset( $params['ids'] ) ) {
106  $this->addWhereIDsFld( 'ipblocks', 'ipb_id', $params['ids'] );
107  }
108  if ( isset( $params['users'] ) ) {
109  $usernames = [];
110  foreach ( (array)$params['users'] as $u ) {
111  $usernames[] = $this->prepareUsername( $u );
112  }
113  $this->addWhereFld( 'ipb_address', $usernames );
114  $this->addWhereFld( 'ipb_auto', 0 );
115  }
116  if ( isset( $params['ip'] ) ) {
117  $blockCIDRLimit = $this->getConfig()->get( 'BlockCIDRLimit' );
118  if ( IP::isIPv4( $params['ip'] ) ) {
119  $type = 'IPv4';
120  $cidrLimit = $blockCIDRLimit['IPv4'];
121  $prefixLen = 0;
122  } elseif ( IP::isIPv6( $params['ip'] ) ) {
123  $type = 'IPv6';
124  $cidrLimit = $blockCIDRLimit['IPv6'];
125  $prefixLen = 3; // IP::toHex output is prefixed with "v6-"
126  } else {
127  $this->dieWithError( 'apierror-badip', 'param_ip' );
128  }
129 
130  # Check range validity, if it's a CIDR
131  list( $ip, $range ) = IP::parseCIDR( $params['ip'] );
132  if ( $ip !== false && $range !== false && $range < $cidrLimit ) {
133  $this->dieWithError( [ 'apierror-cidrtoobroad', $type, $cidrLimit ] );
134  }
135 
136  # Let IP::parseRange handle calculating $upper, instead of duplicating the logic here.
137  list( $lower, $upper ) = IP::parseRange( $params['ip'] );
138 
139  # Extract the common prefix to any rangeblock affecting this IP/CIDR
140  $prefix = substr( $lower, 0, $prefixLen + floor( $cidrLimit / 4 ) );
141 
142  # Fairly hard to make a malicious SQL statement out of hex characters,
143  # but it is good practice to add quotes
144  $lower = $db->addQuotes( $lower );
145  $upper = $db->addQuotes( $upper );
146 
147  $this->addWhere( [
148  'ipb_range_start' . $db->buildLike( $prefix, $db->anyString() ),
149  'ipb_range_start <= ' . $lower,
150  'ipb_range_end >= ' . $upper,
151  'ipb_auto' => 0
152  ] );
153  }
154 
155  if ( !is_null( $params['show'] ) ) {
156  $show = array_flip( $params['show'] );
157 
158  /* Check for conflicting parameters. */
159  if ( ( isset( $show['account'] ) && isset( $show['!account'] ) )
160  || ( isset( $show['ip'] ) && isset( $show['!ip'] ) )
161  || ( isset( $show['range'] ) && isset( $show['!range'] ) )
162  || ( isset( $show['temp'] ) && isset( $show['!temp'] ) )
163  ) {
164  $this->dieWithError( 'apierror-show' );
165  }
166 
167  $this->addWhereIf( 'ipb_user = 0', isset( $show['!account'] ) );
168  $this->addWhereIf( 'ipb_user != 0', isset( $show['account'] ) );
169  $this->addWhereIf( 'ipb_user != 0 OR ipb_range_end > ipb_range_start', isset( $show['!ip'] ) );
170  $this->addWhereIf( 'ipb_user = 0 AND ipb_range_end = ipb_range_start', isset( $show['ip'] ) );
171  $this->addWhereIf( 'ipb_expiry = ' .
172  $db->addQuotes( $db->getInfinity() ), isset( $show['!temp'] ) );
173  $this->addWhereIf( 'ipb_expiry != ' .
174  $db->addQuotes( $db->getInfinity() ), isset( $show['temp'] ) );
175  $this->addWhereIf( 'ipb_range_end = ipb_range_start', isset( $show['!range'] ) );
176  $this->addWhereIf( 'ipb_range_end > ipb_range_start', isset( $show['range'] ) );
177  }
178 
179  if ( !$this->getPermissionManager()->userHasRight( $this->getUser(), 'hideuser' ) ) {
180  $this->addWhereFld( 'ipb_deleted', 0 );
181  }
182 
183  # Filter out expired rows
184  $this->addWhere( 'ipb_expiry > ' . $db->addQuotes( $db->timestamp() ) );
185 
186  $res = $this->select( __METHOD__ );
187 
188  $restrictions = [];
189  if ( $fld_restrictions ) {
190  $restrictions = self::getRestrictionData( $res, $params['limit'] );
191  }
192 
193  $count = 0;
194  foreach ( $res as $row ) {
195  if ( ++$count > $params['limit'] ) {
196  // We've had enough
197  $this->setContinueEnumParameter( 'continue', "$row->ipb_timestamp|$row->ipb_id" );
198  break;
199  }
200  $block = [
201  ApiResult::META_TYPE => 'assoc',
202  ];
203  if ( $fld_id ) {
204  $block['id'] = (int)$row->ipb_id;
205  }
206  if ( $fld_user && !$row->ipb_auto ) {
207  $block['user'] = $row->ipb_address;
208  }
209  if ( $fld_userid && !$row->ipb_auto ) {
210  $block['userid'] = (int)$row->ipb_user;
211  }
212  if ( $fld_by ) {
213  $block['by'] = $row->ipb_by_text;
214  }
215  if ( $fld_byid ) {
216  $block['byid'] = (int)$row->ipb_by;
217  }
218  if ( $fld_timestamp ) {
219  $block['timestamp'] = wfTimestamp( TS_ISO_8601, $row->ipb_timestamp );
220  }
221  if ( $fld_expiry ) {
222  $block['expiry'] = ApiResult::formatExpiry( $row->ipb_expiry );
223  }
224  if ( $fld_reason ) {
225  $block['reason'] = $commentStore->getComment( 'ipb_reason', $row )->text;
226  }
227  if ( $fld_range && !$row->ipb_auto ) {
228  $block['rangestart'] = IP::formatHex( $row->ipb_range_start );
229  $block['rangeend'] = IP::formatHex( $row->ipb_range_end );
230  }
231  if ( $fld_flags ) {
232  // For clarity, these flags use the same names as their action=block counterparts
233  $block['automatic'] = (bool)$row->ipb_auto;
234  $block['anononly'] = (bool)$row->ipb_anon_only;
235  $block['nocreate'] = (bool)$row->ipb_create_account;
236  $block['autoblock'] = (bool)$row->ipb_enable_autoblock;
237  $block['noemail'] = (bool)$row->ipb_block_email;
238  $block['hidden'] = (bool)$row->ipb_deleted;
239  $block['allowusertalk'] = (bool)$row->ipb_allow_usertalk;
240  $block['partial'] = !(bool)$row->ipb_sitewide;
241  }
242 
243  if ( $fld_restrictions ) {
244  $block['restrictions'] = [];
245  if ( !$row->ipb_sitewide && isset( $restrictions[$row->ipb_id] ) ) {
246  $block['restrictions'] = $restrictions[$row->ipb_id];
247  }
248  }
249 
250  $fit = $result->addValue( [ 'query', $this->getModuleName() ], null, $block );
251  if ( !$fit ) {
252  $this->setContinueEnumParameter( 'continue', "$row->ipb_timestamp|$row->ipb_id" );
253  break;
254  }
255  }
256  $result->addIndexedTagName( [ 'query', $this->getModuleName() ], 'block' );
257  }
258 
259  protected function prepareUsername( $user ) {
260  if ( !$user ) {
261  $encParamName = $this->encodeParamName( 'users' );
262  $this->dieWithError( [ 'apierror-baduser', $encParamName, wfEscapeWikiText( $user ) ],
263  "baduser_{$encParamName}"
264  );
265  }
266  $name = User::isIP( $user )
267  ? $user
268  : User::getCanonicalName( $user, 'valid' );
269  if ( $name === false ) {
270  $encParamName = $this->encodeParamName( 'users' );
271  $this->dieWithError( [ 'apierror-baduser', $encParamName, wfEscapeWikiText( $user ) ],
272  "baduser_{$encParamName}"
273  );
274  }
275  return $name;
276  }
277 
286  private static function getRestrictionData( IResultWrapper $result, $limit ) {
287  $partialIds = [];
288  $count = 0;
289  foreach ( $result as $row ) {
290  if ( ++$count <= $limit && !$row->ipb_sitewide ) {
291  $partialIds[] = (int)$row->ipb_id;
292  }
293  }
294 
295  $blockRestrictionStore = MediaWikiServices::getInstance()->getBlockRestrictionStore();
296  $restrictions = $blockRestrictionStore->loadByBlockId( $partialIds );
297 
298  $data = [];
299  $keys = [
300  'page' => 'pages',
301  'ns' => 'namespaces',
302  ];
303  foreach ( $restrictions as $restriction ) {
304  $key = $keys[$restriction->getType()];
305  $id = $restriction->getBlockId();
306  switch ( $restriction->getType() ) {
307  case 'page':
309  '@phan-var \MediaWiki\Block\Restriction\PageRestriction $restriction';
310  $value = [ 'id' => $restriction->getValue() ];
311  if ( $restriction->getTitle() ) {
312  self::addTitleInfo( $value, $restriction->getTitle() );
313  }
314  break;
315  default:
316  $value = $restriction->getValue();
317  }
318 
319  if ( !isset( $data[$id][$key] ) ) {
320  $data[$id][$key] = [];
321  ApiResult::setIndexedTagName( $data[$id][$key], $restriction->getType() );
322  }
323  $data[$id][$key][] = $value;
324  }
325 
326  return $data;
327  }
328 
329  public function getAllowedParams() {
330  $blockCIDRLimit = $this->getConfig()->get( 'BlockCIDRLimit' );
331 
332  return [
333  'start' => [
334  ApiBase::PARAM_TYPE => 'timestamp'
335  ],
336  'end' => [
337  ApiBase::PARAM_TYPE => 'timestamp',
338  ],
339  'dir' => [
341  'newer',
342  'older'
343  ],
344  ApiBase::PARAM_DFLT => 'older',
345  ApiBase::PARAM_HELP_MSG => 'api-help-param-direction',
346  ],
347  'ids' => [
348  ApiBase::PARAM_TYPE => 'integer',
350  ],
351  'users' => [
352  ApiBase::PARAM_TYPE => 'user',
354  ],
355  'ip' => [
357  'apihelp-query+blocks-param-ip',
358  $blockCIDRLimit['IPv4'],
359  $blockCIDRLimit['IPv6'],
360  ],
361  ],
362  'limit' => [
363  ApiBase::PARAM_DFLT => 10,
364  ApiBase::PARAM_TYPE => 'limit',
365  ApiBase::PARAM_MIN => 1,
368  ],
369  'prop' => [
370  ApiBase::PARAM_DFLT => 'id|user|by|timestamp|expiry|reason|flags',
372  'id',
373  'user',
374  'userid',
375  'by',
376  'byid',
377  'timestamp',
378  'expiry',
379  'reason',
380  'range',
381  'flags',
382  'restrictions',
383  ],
384  ApiBase::PARAM_ISMULTI => true,
386  ],
387  'show' => [
389  'account',
390  '!account',
391  'temp',
392  '!temp',
393  'ip',
394  '!ip',
395  'range',
396  '!range',
397  ],
399  ],
400  'continue' => [
401  ApiBase::PARAM_HELP_MSG => 'api-help-param-continue',
402  ],
403  ];
404  }
405 
406  protected function getExamplesMessages() {
407  return [
408  'action=query&list=blocks'
409  => 'apihelp-query+blocks-example-simple',
410  'action=query&list=blocks&bkusers=Alice|Bob'
411  => 'apihelp-query+blocks-example-users',
412  ];
413  }
414 
415  public function getHelpUrls() {
416  return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Blocks';
417  }
418 }
select( $method, $extraQuery=[], array &$hookData=null)
Execute a SELECT query based on the values in the internal arrays.
const PARAM_TYPE
(string|string[]) Either an array of allowed value strings, or a string type as described below...
Definition: ApiBase.php:94
getDB()
Get the Query database connection (read-only)
const LIMIT_BIG2
Fast query, apihighlimits limit.
Definition: ApiBase.php:261
wfEscapeWikiText( $text)
Escapes the given text so that it may be output using addWikiText() without any linking, formatting, etc.
getResult()
Get the result object.
Definition: ApiBase.php:640
static parseRange( $range)
Given a string range in a number of formats, return the start and end of the range in hexadecimal...
Definition: IP.php:500
addJoinConds( $join_conds)
Add a set of JOIN conditions to the internal array.
static isIP( $name)
Does the string match an anonymous IP address?
Definition: User.php:891
const PARAM_DFLT
(null|boolean|integer|string) Default value of the parameter.
Definition: ApiBase.php:55
const LIMIT_BIG1
Fast query, standard limit.
Definition: ApiBase.php:259
static getRestrictionData(IResultWrapper $result, $limit)
Retrieves the restrictions based on the query result.
const PARAM_MAX
(integer) Max value allowed for the parameter, for PARAM_TYPE &#39;integer&#39; and &#39;limit&#39;.
Definition: ApiBase.php:97
This is a base class for all Query modules.
dieWithError( $msg, $code=null, $data=null, $httpCode=null)
Abort execution with an error.
Definition: ApiBase.php:2005
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user...
Definition: ApiBase.php:761
const META_TYPE
Key for the &#39;type&#39; metadata item.
Definition: ApiResult.php:110
const PARAM_HELP_MSG_PER_VALUE
((string|array|Message)[]) When PARAM_TYPE is an array, this is an array mapping those values to $msg...
Definition: ApiBase.php:164
prepareUsername( $user)
static setIndexedTagName(array &$arr, $tag)
Set the tag name for numeric-keyed values in XML format.
Definition: ApiResult.php:616
static formatExpiry( $expiry, $infinity='infinity')
Format an expiry timestamp for API output.
Definition: ApiResult.php:1205
static getCanonicalName( $name, $validate='valid')
Given unvalidated user input, return a canonical username, or false if the username is invalid...
Definition: User.php:1139
wfTimestamp( $outputtype=TS_UNIX, $ts=0)
Get a timestamp string in one of various formats.
static newMigration()
Static constructor.
addTables( $tables, $alias=null)
Add a set of tables to the internal array.
addWhereIf( $value, $condition)
Same as addWhere(), but add the WHERE clauses only if a condition is met.
dieContinueUsageIf( $condition)
Die with the &#39;badcontinue&#39; error.
Definition: ApiBase.php:2199
__construct(ApiQuery $query, $moduleName)
Result wrapper for grabbing data queried from an IDatabase object.
getModuleName()
Get the name of the module being executed by this instance.
Definition: ApiBase.php:520
addFields( $value)
Add a set of fields to select to the internal array.
const PARAM_MAX2
(integer) Max value allowed for the parameter for users with the apihighlimits right, for PARAM_TYPE &#39;limit&#39;.
Definition: ApiBase.php:103
This is the main query class.
Definition: ApiQuery.php:37
const PARAM_HELP_MSG
(string|array|Message) Specify an alternative i18n documentation message for this parameter...
Definition: ApiBase.php:131
addTimestampWhereRange( $field, $dir, $start, $end, $sort=true)
Add a WHERE clause corresponding to a range, similar to addWhereRange, but converts $start and $end t...
encodeParamName( $paramName)
This method mangles parameter name based on the prefix supplied to the constructor.
Definition: ApiBase.php:739
static isIPv6( $ip)
Given a string, determine if it as valid IP in IPv6 only.
Definition: IP.php:88
static getStore()
addWhere( $value)
Add a set of WHERE clauses to the internal array.
const PARAM_ISMULTI
(boolean) Accept multiple pipe-separated values for this parameter (e.g.
Definition: ApiBase.php:58
static isIPv4( $ip)
Given a string, determine if it as valid IP in IPv4 only.
Definition: IP.php:99
getPermissionManager()
Obtain a PermissionManager instance that subclasses may use in their authorization checks...
Definition: ApiBase.php:710
addWhereFld( $field, $value)
Equivalent to addWhere( [ $field => $value ] )
addFieldsIf( $value, $condition)
Same as addFields(), but add the fields only if a condition is met.
addOption( $name, $value=null)
Add an option such as LIMIT or USE INDEX.
const PARAM_MIN
(integer) Lowest value allowed for the parameter, for PARAM_TYPE &#39;integer&#39; and &#39;limit&#39;.
Definition: ApiBase.php:106
Query module to enumerate all user blocks.
requireMaxOneParameter( $params,... $required)
Die if more than one of a certain set of parameters is set and not false.
Definition: ApiBase.php:928
static parseCIDR( $range)
Convert a network specification in CIDR notation to an integer network and a number of bits...
Definition: IP.php:457
static formatHex( $hex)
Convert an IPv4 or IPv6 hexadecimal representation back to readable format.
Definition: IP.php:319
return true
Definition: router.php:92
addWhereIDsFld( $table, $field, $ids)
Like addWhereFld for an integer list of IDs.
addWhereRange( $field, $dir, $start, $end, $sort=true)
Add a WHERE clause corresponding to a range, and an ORDER BY clause to sort in the right direction...
setContinueEnumParameter( $paramName, $paramValue)
Set a query-continue value.