From aef4cc0a59276938f0f0aec4d67374f578f2117a Mon Sep 17 00:00:00 2001
From: Zach Copley <zach@status.net>
Date: Thu, 3 Dec 2009 17:06:58 -0800
Subject: Make it impossible to block (and thus unsubscribe from your
 self-subscription) via the API.  Additionally, make it impossible to block
 yourself or unsubscribe from yourself, period.

I also made User use the subs.php helper function for unsubscribing
during a block.

Hopefully, these changes will get rid of the problem of people
accidentally deleting their self-subscriptions once and for all
(knock on wood).
---
 actions/apiblockcreate.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'actions')

diff --git a/actions/apiblockcreate.php b/actions/apiblockcreate.php
index 4f941f6c3..e79dec32d 100644
--- a/actions/apiblockcreate.php
+++ b/actions/apiblockcreate.php
@@ -98,6 +98,17 @@ class ApiBlockCreateAction extends ApiAuthAction
             return;
         }
 
+        // Don't allow blocking yourself!
+
+        if ($this->user->id == $this->other->id) {
+            $this->clientError(
+                _("You cannot block yourself!"),
+                403,
+                $this->format
+            );
+            return;
+        }
+
         if ($this->user->hasBlocked($this->other)
             || $this->user->block($this->other)
         ) {
-- 
cgit v1.2.3-54-g00ecf