https://bugzilla.wikimedia.org/show_bug.cgi?id=39830
Web browser: ---
Bug #: 39830
Summary: Insufficient param validation
Product: MediaWiki
Version: 1.20-git
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: API
AssignedTo: [email protected]
ReportedBy: [email protected]
CC: [email protected], [email protected],
[email protected], [email protected]
Blocks: 22510
Classification: Unclassified
Mobile Platform: ---
LQT has the following declaration:
'type' => array (
ApiBase :: PARAM_DFLT => 'newthreads',
ApiBase :: PARAM_TYPE => array( 'replies', 'newthreads' ),
ApiBase :: PARAM_ISMULTI => true,
),
With invalid input the value of 'type' is array(). This is unexpected. It
should either complain that the value(s) are not one of the allowed values
(preferred), or use the default value 'newthreads' (less preferred).
PARAM_ISMULTI seems to bypass the regular checks.
This causes exceptions in other code in LiquidhThreads which excepts that the
values are sane. I believe this is an issue that should be fixed in core.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
