Aaron Schulz has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/375083 )
Change subject: Sanity check "stashedtexthash" param before checking memcached ...................................................................... Sanity check "stashedtexthash" param before checking memcached The makeKey() method should do escaping and shortening, but it is safest and clearer to not rely on that. Change-Id: Ia4a95e0bb12074d141ddcca2089b920403cab100 --- M includes/api/ApiStashEdit.php 1 file changed, 3 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/83/375083/1 diff --git a/includes/api/ApiStashEdit.php b/includes/api/ApiStashEdit.php index d03fca8..8a9de06 100644 --- a/includes/api/ApiStashEdit.php +++ b/includes/api/ApiStashEdit.php @@ -74,6 +74,9 @@ if ( strlen( $params['stashedtexthash'] ) ) { // Load from cache since the client indicates the text is the same as last stash $textHash = $params['stashedtexthash']; + if ( !preg_match( '/^[0-9a-f]{40}$/', $textHash ) ) { + $this->dieWithError( 'apierror-stashedit-missingtext', 'missingtext' ); + } $textKey = $cache->makeKey( 'stashedit', 'text', $textHash ); $text = $cache->get( $textKey ); if ( !is_string( $text ) ) { -- To view, visit https://gerrit.wikimedia.org/r/375083 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ia4a95e0bb12074d141ddcca2089b920403cab100 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Aaron Schulz <asch...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits