Aude has uploaded a new change for review.
https://gerrit.wikimedia.org/r/63787
Change subject: (bug 48473) validate claim guid in api and return error
......................................................................
(bug 48473) validate claim guid in api and return error
Change-Id: Id388b510a18ddd3ccd899b78c97c77650df4dd2b
---
M lib/WikibaseLib.classes.php
M lib/WikibaseLib.hooks.php
A lib/includes/ClaimGuidValidator.php
A lib/tests/phpunit/ClaimGuidValidatorTest.php
M repo/includes/api/GetClaims.php
M repo/includes/api/RemoveClaims.php
M repo/includes/api/RemoveQualifiers.php
M repo/includes/api/RemoveReferences.php
M repo/includes/api/SetClaimValue.php
M repo/includes/api/SetQualifier.php
M repo/includes/api/SetReference.php
M repo/includes/api/SetStatementRank.php
12 files changed, 177 insertions(+), 5 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Wikibase
refs/changes/87/63787/5
diff --git a/lib/WikibaseLib.classes.php b/lib/WikibaseLib.classes.php
index 6dd483d..ec3aaec 100644
--- a/lib/WikibaseLib.classes.php
+++ b/lib/WikibaseLib.classes.php
@@ -44,6 +44,7 @@
'Wikibase\Lib\V4GuidGenerator' => 'includes/GuidGenerator.php',
'Wikibase\Lib\EntityRetrievingDataTypeLookup' =>
'includes/EntityRetrievingDataTypeLookup.php',
'Wikibase\Lib\ClaimGuidGenerator' =>
'includes/GuidGenerator.php',
+ 'Wikibase\Lib\ClaimGuidValidator' =>
'includes/ClaimGuidValidator.php',
'Wikibase\Lib\InMemoryDataTypeLookup' =>
'includes/InMemoryDataTypeLookup.php',
'Wikibase\LibRegistry' => 'includes/LibRegistry.php',
'Wikibase\Template' => 'includes/TemplateRegistry.php',
diff --git a/lib/WikibaseLib.hooks.php b/lib/WikibaseLib.hooks.php
index dafd214..ed1c5a5 100644
--- a/lib/WikibaseLib.hooks.php
+++ b/lib/WikibaseLib.hooks.php
@@ -70,6 +70,7 @@
'ByPropertyIdArray',
'ChangesTable',
'ClaimDifference',
+ 'ClaimGuidValidator',
'ReferencedEntitiesFinder',
'EntityRetrievingDataTypeLookup',
'InMemoryDataTypeLookup',
diff --git a/lib/includes/ClaimGuidValidator.php
b/lib/includes/ClaimGuidValidator.php
new file mode 100644
index 0000000..a991f37
--- /dev/null
+++ b/lib/includes/ClaimGuidValidator.php
@@ -0,0 +1,54 @@
+<?php
+
+namespace Wikibase\Lib;
+
+/**
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @since 0.4
+ *
+ * @file
+ * @ingroup WikibaseLib
+ *
+ * @licence GNU GPL v2+
+ * @author Katie Filbert < [email protected] >
+ */
+class ClaimGuidValidator {
+
+ /**
+ * Validates a claim guid
+ *
+ * @since 0.4
+ *
+ * @param string $guid
+ *
+ * @return boolean
+ */
+ public function validate( $guid ) {
+ if ( ! is_string( $guid ) ) {
+ return false;
+ }
+
+ $keyParts = explode( '$', $guid );
+
+ if ( count( $keyParts ) !== 2 ) {
+ return false;
+ }
+
+ return true;
+ }
+
+}
diff --git a/lib/tests/phpunit/ClaimGuidValidatorTest.php
b/lib/tests/phpunit/ClaimGuidValidatorTest.php
new file mode 100644
index 0000000..166c976
--- /dev/null
+++ b/lib/tests/phpunit/ClaimGuidValidatorTest.php
@@ -0,0 +1,58 @@
+<?php
+
+namespace Wikibase\Lib\Test;
+
+use Wikibase\Lib\ClaimGuidValidator;
+
+/**
+ * Tests for the ClaimGuidValidator class.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
USA
+ *
+ * @file
+ * @since 0.4
+ *
+ * @ingroup Wikibase
+ * @ingroup Test
+ *
+ * @group Wikibase
+ * @group WikibaseLib
+ *
+ * @licence GNU GPL v2+
+ * @author Katie Filbert < [email protected] >
+ */
+class ClaimGuidValidatorTest extends \PHPUnit_Framework_TestCase {
+
+ public function validateProvider() {
+ return array(
+ array( 'q60$5083E43C-228B-4E3E-B82A-4CB20A22A3FB', true
),
+ array( 'q60$5083E43C-228B-4E3E-B82A-$4CB20A22A3FB',
false ),
+ array( '$q60$5083E43C-228B-4E3E-B82A-4CB20A22A3FB',
false ),
+ array( '5083E43C-228B-4E3E-B82A-4CB20A22A3FB', false ),
+ array( 9000, false )
+ );
+ }
+
+ /**
+ * @dataProvider validateProvider
+ */
+ public function testValidate( $guid, $expected ) {
+ $claimGuidValidator = new ClaimGuidValidator();
+ $isValid = $claimGuidValidator->validate( $guid );
+
+ $this->assertEquals( $expected, $isValid );
+ }
+
+}
diff --git a/repo/includes/api/GetClaims.php b/repo/includes/api/GetClaims.php
index 72d998c..75490b9 100644
--- a/repo/includes/api/GetClaims.php
+++ b/repo/includes/api/GetClaims.php
@@ -5,6 +5,7 @@
use ApiBase;
use MWException;
+use Wikibase\Lib\ClaimGuidValidator;
use Wikibase\Lib\Serializers\ClaimSerializer;
use Wikibase\Lib\Serializers\SerializerFactory;
use Wikibase\EntityId;
@@ -167,6 +168,12 @@
$claimGuid = null;
+ $claimGuidValidator = new ClaimGuidValidator();
+
+ if ( isset( $params['claim'] ) &&
$claimGuidValidator->validate( $params['claim'] ) === false ) {
+ $this->dieUsage( 'Claim guid is invalid',
'getclaims-invalid-guid' );
+ }
+
if ( isset( $params['entity'] ) && isset( $params['claim'] ) ) {
$entityId = Entity::getIdFromClaimGuid(
$params['claim'] );
diff --git a/repo/includes/api/RemoveClaims.php
b/repo/includes/api/RemoveClaims.php
index 814454c..9ff4018 100644
--- a/repo/includes/api/RemoveClaims.php
+++ b/repo/includes/api/RemoveClaims.php
@@ -14,6 +14,8 @@
use Wikibase\Summary;
use Wikibase\PropertyValueSnak;
+use Wikibase\Lib\ClaimGuidValidator;
+
/**
* API module for removing claims.
*
@@ -147,14 +149,18 @@
$guids = array();
+ $claimGuidValidator = new ClaimGuidValidator();
+
foreach ( $params['claim'] as $guid ) {
- $entityId = Entity::getIdFromClaimGuid( $guid );
+ if ( $claimGuidValidator->validate( $guid ) ) {
+ $entityId = Entity::getIdFromClaimGuid( $guid );
- if ( !array_key_exists( $entityId, $guids ) ) {
- $guids[$entityId] = array();
+ if ( !array_key_exists( $entityId, $guids ) ) {
+ $guids[$entityId] = array();
+ }
+
+ $guids[$entityId][] = $guid;
}
-
- $guids[$entityId][] = $guid;
}
return $guids;
diff --git a/repo/includes/api/RemoveQualifiers.php
b/repo/includes/api/RemoveQualifiers.php
index 40b506d..86858d2 100644
--- a/repo/includes/api/RemoveQualifiers.php
+++ b/repo/includes/api/RemoveQualifiers.php
@@ -13,6 +13,8 @@
use Wikibase\Claims;
use Wikibase\Settings;
+use Wikibase\Lib\ClaimGuidValidator;
+
/**
* API module for removing qualifiers from a claim.
*
@@ -72,6 +74,12 @@
protected function getEntityContent() {
$params = $this->extractRequestParams();
+ $claimGuidValidator = new ClaimGuidValidator();
+
+ if ( $claimGuidValidator->validate( $params['claim'] ) ===
false ) {
+ $this->dieUsage( 'Invalid claim guid',
'removequalifiers-invalid-guid' );
+ }
+
$entityId = EntityId::newFromPrefixedId(
Entity::getIdFromClaimGuid( $params['claim'] ) );
$entityTitle =
EntityContentFactory::singleton()->getTitleForId( $entityId );
diff --git a/repo/includes/api/RemoveReferences.php
b/repo/includes/api/RemoveReferences.php
index 7f745ac..9dcbce8 100644
--- a/repo/includes/api/RemoveReferences.php
+++ b/repo/includes/api/RemoveReferences.php
@@ -13,6 +13,8 @@
use Wikibase\Settings;
use Wikibase\Claims;
+use Wikibase\Lib\ClaimGuidValidator;
+
/**
* API module for removing one or more references of the same statement.
*
@@ -82,6 +84,12 @@
protected function getEntityContent() {
$params = $this->extractRequestParams();
+ $claimGuidValidator = new ClaimGuidValidator();
+
+ if ( $claimGuidValidator->validate( $params['statement'] ) ===
false ) {
+ $this->dieUsage( 'Invalid claim guid',
'removereferences-invalid-guid' );
+ }
+
$entityId = EntityId::newFromPrefixedId(
Entity::getIdFromClaimGuid( $params['statement'] ) );
$entityTitle =
EntityContentFactory::singleton()->getTitleForId( $entityId );
diff --git a/repo/includes/api/SetClaimValue.php
b/repo/includes/api/SetClaimValue.php
index 3033b60..d76b4a4 100644
--- a/repo/includes/api/SetClaimValue.php
+++ b/repo/includes/api/SetClaimValue.php
@@ -13,6 +13,8 @@
use Wikibase\Claim;
use Wikibase\Claims;
+use Wikibase\Lib\ClaimGuidValidator;
+
/**
* API module for setting the DataValue contained by the main snak of a claim.
*
@@ -80,6 +82,12 @@
protected function getEntityContent() {
$params = $this->extractRequestParams();
+ $claimGuidValidator = new ClaimGuidValidator();
+
+ if ( $claimGuidValidator->validate( $params['claim'] ) ===
false ) {
+ $this->dieUsage( 'Invalid claim guid',
'setclaimvalue-invalid-guid' );
+ }
+
$entityId = EntityId::newFromPrefixedId(
Entity::getIdFromClaimGuid( $params['claim'] ) );
$entityTitle =
EntityContentFactory::singleton()->getTitleForId( $entityId );
diff --git a/repo/includes/api/SetQualifier.php
b/repo/includes/api/SetQualifier.php
index a19e09a..04e0b12 100644
--- a/repo/includes/api/SetQualifier.php
+++ b/repo/includes/api/SetQualifier.php
@@ -18,6 +18,7 @@
use Wikibase\LibRegistry;
use Wikibase\Settings;
+use Wikibase\Lib\ClaimGuidValidator;
/**
* API module for creating a qualifier or setting the value of an existing one.
@@ -118,6 +119,12 @@
protected function getEntityContent() {
$params = $this->extractRequestParams();
+ $claimGuidValidator = new ClaimGuidValidator();
+
+ if ( $claimGuidValidator->validate( $params['claim'] ) ===
false ) {
+ $this->dieUsage( 'Invalid claim guid',
'setqualifier-invalid-guid' );
+ }
+
$entityId = EntityId::newFromPrefixedId(
Entity::getIdFromClaimGuid( $params['claim'] ) );
$entityTitle =
EntityContentFactory::singleton()->getTitleForId( $entityId );
diff --git a/repo/includes/api/SetReference.php
b/repo/includes/api/SetReference.php
index 3bfb47b..4e5d5b0 100644
--- a/repo/includes/api/SetReference.php
+++ b/repo/includes/api/SetReference.php
@@ -14,6 +14,7 @@
use Wikibase\SnakList;
use Wikibase\Claims;
use Wikibase\Settings;
+use Wikibase\Lib\ClaimGuidValidator;
/**
* API module for creating a reference or setting the value of an existing one.
@@ -81,6 +82,12 @@
protected function getEntityContent() {
$params = $this->extractRequestParams();
+ $claimGuidValidator = new ClaimGuidValidator();
+
+ if ( $claimGuidValidator->validate( $params['statement'] ) ===
false ) {
+ $this->dieUsage( 'Invalid guid',
'setreference-invalid-guid' );
+ }
+
$entityId = EntityId::newFromPrefixedId(
Entity::getIdFromClaimGuid( $params['statement'] ) );
if ( $entityId === null ) {
diff --git a/repo/includes/api/SetStatementRank.php
b/repo/includes/api/SetStatementRank.php
index dc61b11..94f04c2 100644
--- a/repo/includes/api/SetStatementRank.php
+++ b/repo/includes/api/SetStatementRank.php
@@ -12,6 +12,7 @@
use Wikibase\Statement;
use Wikibase\Settings;
+use Wikibase\Lib\ClaimGuidValidator;
use Wikibase\Lib\Serializers\ClaimSerializer;
/**
@@ -85,6 +86,12 @@
protected function getEntityContent() {
$params = $this->extractRequestParams();
+ $claimGuidValidator = new ClaimGuidValidator();
+
+ if ( $claimGuidValidator->validate( $params['statement'] ) ===
false ) {
+ $this->dieUsage( 'Invalid claim guid',
'setstatementrank-invalid-guid' );
+ }
+
$entityId = EntityId::newFromPrefixedId(
Entity::getIdFromClaimGuid( $params['statement'] ) );
$entityTitle =
EntityContentFactory::singleton()->getTitleForId( $entityId );
--
To view, visit https://gerrit.wikimedia.org/r/63787
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Id388b510a18ddd3ccd899b78c97c77650df4dd2b
Gerrit-PatchSet: 5
Gerrit-Project: mediawiki/extensions/Wikibase
Gerrit-Branch: master
Gerrit-Owner: Aude <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
