What is the problem?
You can submit a block via the API with a non-existent page.
The non-existent page is listed in the API response and in Special:Log?type=block. This is misleading as, even if someone created that page, the user would not be blocked from it. Nor is the user blocked from creating the page.
This might confuse admins as Special:Log might show that someone is blocked from a page even if they are not.
The entry for the page restriction in ipblocks_restrictions database table is 0.
To solve this, we should probably validate that the page exists. This is what we already do for namespace restrictions.
Steps to reproduce problem
- Use the API to submit a block with a non-existent page restriction (e.g. https://en.wikipedia.beta.wmflabs.org/wiki/Special:ApiSandbox#action=block&format=json&user=Drwpb&allowusertalk=1&partial=1&pagerestrictions=nonexistentpage).
- See pagerestrictions in the API response.
- Go to Special:Log?type=block to see block you just made (e.g. https://en.wikipedia.beta.wmflabs.org/wiki/Special:Log?type=block).
Expected behavior: When submitting the API request, some sort of validation error (e.g. Unrecognized value for parameter "namespacerestrictions": Nonexistentpage.
Observed behavior: Non-existent page is listed in API response and Special:Log.
Wiki(s): MediaWiki 1.36.0-alpha (fc4dffd) 09:10, 3 December 2020.
Screenshots (if applicable):
The API request and response:
The entry in Special:Log: