r88174 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r88173‎ \| r88174 \| r88175 >
Date:	13:16, 15 May 2011
Author:	reedy
Status:	ok (Comments)
Tags:
Comment:	* (bug 27593) API: add error message when sha1/sha1base36 is invalid
Modified paths:	/trunk/phase3/RELEASE-NOTES-1.19 (modified) (history) /trunk/phase3/includes/api/ApiQueryAllimages.php (modified) (history)

Diff [purge]

Index: trunk/phase3/RELEASE-NOTES-1.19
—	—	@@ -56,6 +56,7 @@
57	57	=== API changes in 1.19 ===
58	58	* (bug 27790) add query type for querymodules to action=paraminfo
59	59	* (bug 28963) add langbacklinks module to api
	60	+* (bug 27593) API: add error message when sha1/sha1base36 is invalid
60	61
61	62	=== Languages updated in 1.19 ===
62	63
Index: trunk/phase3/includes/api/ApiQueryAllimages.php
—	—	@@ -109,12 +109,18 @@
110	110
111	111	$sha1 = false;
112	112	if ( isset( $params['sha1'] ) ) {
	113	+ if ( !self::validateSha1Hash( $params['sha1'] ) ) {
	114	+ $this->dieUsage( 'The SHA1 hash provided is not valid', 'invalidsha1hash' );
	115	+ }
113	116	$sha1 = wfBaseConvert( $params['sha1'], 16, 36, 31 );
114	117	} elseif ( isset( $params['sha1base36'] ) ) {
115	118	$sha1 = $params['sha1base36'];
	119	+ if ( !self::validateSha1Base36Hash( $sha1 ) ) {
	120	+ $this->dieUsage( 'The SHA1Base36 hash provided is not valid', 'invalidsha1base36hash' );
	121	+ }
116	122	}
117	123	if ( $sha1 ) {
118		~~- $this->addWhere( 'img_sha1=' . $db->addQuotes( $sha1 ) );~~
	124	+ $this->addWhereFld( 'img_sha1', $sha1 );
119	125	}
120	126
121	127	if ( !is_null( $params['mime'] ) ) {
—	—	@@ -175,6 +181,22 @@
176	182	}
177	183	}
178	184
	185	+ /**
	186	+ * @param $hash string
	187	+ * @return bool
	188	+ */
	189	+ public static function validateSha1Hash( $hash ) {
	190	+ return preg_match( '/[a-f0-9]{40}/', $hash );
	191	+ }
	192	+
	193	+ /**
	194	+ * @param $hash string
	195	+ * @return bool
	196	+ */
	197	+ public static function validateSha1Base36Hash( $hash ) {
	198	+ return preg_match( '/[a-z0-9]{31}/', $hash );
	199	+ }
	200	+
179	201	public function getAllowedParams() {
180	202	return array (
181	203	'from' => null,
—	—	@@ -238,6 +260,8 @@
239	261	array( 'code' => 'params', 'info' => 'Use "gaifilterredir=nonredirects" option instead of "redirects" when using allimages as a generator' ),
240	262	array( 'code' => 'unsupportedrepo', 'info' => 'Local file repository does not support querying all images' ),
241	263	array( 'code' => 'mimeearchdisabled', 'info' => 'MIME search disabled in Miser Mode' ),
	264	+ array( 'code' => 'invalidsha1hash', 'info' => 'The SHA1 hash provided is not valid' ),
	265	+ array( 'code' => 'invalidsha1base36hash', 'info' => 'The SHA1Base36 hash provided is not valid' ),
242	266	) );
243	267	}
244	268

Sign-offs

User	Flag	Date
Bryan	inspected	13:28, 15 May 2011

Follow-up revisions

Revision	Commit summary	Author	Date
r88432	Per NikeRabbit on r88174, allow capitals in the regex	reedy	21:43, 19 May 2011
r89636	Fix error noticed in r88174, wasn't actually validating sha1base36 hash	reedy	09:13, 7 June 2011

Comments

#Comment by Nikerabbit (talk | contribs) 09:36, 16 May 2011

Any reason not to allow uppercase letters?

Status & tagging log

19:08, 19 May 2011 Catrope (talk | contribs) changed the status of r88174 [removed: new added: ok]