http://www.mediawiki.org/wiki/Special:Code/MediaWiki/88174
Revision: 88174
Author: reedy
Date: 2011-05-15 13:16:13 +0000 (Sun, 15 May 2011)
Log Message:
-----------
* (bug 27593) API: add error message when sha1/sha1base36 is invalid
Modified Paths:
--------------
trunk/phase3/RELEASE-NOTES-1.19
trunk/phase3/includes/api/ApiQueryAllimages.php
Modified: trunk/phase3/RELEASE-NOTES-1.19
===================================================================
--- trunk/phase3/RELEASE-NOTES-1.19 2011-05-15 13:12:19 UTC (rev 88173)
+++ trunk/phase3/RELEASE-NOTES-1.19 2011-05-15 13:16:13 UTC (rev 88174)
@@ -56,6 +56,7 @@
=== API changes in 1.19 ===
* (bug 27790) add query type for querymodules to action=paraminfo
* (bug 28963) add langbacklinks module to api
+* (bug 27593) API: add error message when sha1/sha1base36 is invalid
=== Languages updated in 1.19 ===
Modified: trunk/phase3/includes/api/ApiQueryAllimages.php
===================================================================
--- trunk/phase3/includes/api/ApiQueryAllimages.php 2011-05-15 13:12:19 UTC
(rev 88173)
+++ trunk/phase3/includes/api/ApiQueryAllimages.php 2011-05-15 13:16:13 UTC
(rev 88174)
@@ -109,12 +109,18 @@
$sha1 = false;
if ( isset( $params['sha1'] ) ) {
+ if ( !self::validateSha1Hash( $params['sha1'] ) ) {
+ $this->dieUsage( 'The SHA1 hash provided is not
valid', 'invalidsha1hash' );
+ }
$sha1 = wfBaseConvert( $params['sha1'], 16, 36, 31 );
} elseif ( isset( $params['sha1base36'] ) ) {
$sha1 = $params['sha1base36'];
+ if ( !self::validateSha1Base36Hash( $sha1 ) ) {
+ $this->dieUsage( 'The SHA1Base36 hash provided
is not valid', 'invalidsha1base36hash' );
+ }
}
if ( $sha1 ) {
- $this->addWhere( 'img_sha1=' . $db->addQuotes( $sha1 )
);
+ $this->addWhereFld( 'img_sha1', $sha1 );
}
if ( !is_null( $params['mime'] ) ) {
@@ -175,6 +181,22 @@
}
}
+ /**
+ * @param $hash string
+ * @return bool
+ */
+ public static function validateSha1Hash( $hash ) {
+ return preg_match( '/[a-f0-9]{40}/', $hash );
+ }
+
+ /**
+ * @param $hash string
+ * @return bool
+ */
+ public static function validateSha1Base36Hash( $hash ) {
+ return preg_match( '/[a-z0-9]{31}/', $hash );
+ }
+
public function getAllowedParams() {
return array (
'from' => null,
@@ -238,6 +260,8 @@
array( 'code' => 'params', 'info' => 'Use
"gaifilterredir=nonredirects" option instead of "redirects" when using
allimages as a generator' ),
array( 'code' => 'unsupportedrepo', 'info' => 'Local
file repository does not support querying all images' ),
array( 'code' => 'mimeearchdisabled', 'info' => 'MIME
search disabled in Miser Mode' ),
+ array( 'code' => 'invalidsha1hash', 'info' => 'The SHA1
hash provided is not valid' ),
+ array( 'code' => 'invalidsha1base36hash', 'info' =>
'The SHA1Base36 hash provided is not valid' ),
) );
}
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
