r89576 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r89575‎ \| r89576 \| r89577 >
Date:	16:06, 6 June 2011
Author:	reedy
Status:	resolved (Comments)
Tags:
Comment:	Followup r89542, validate hashes
Modified paths:	/trunk/phase3/includes/api/ApiQueryFilearchive.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/api/ApiQueryFilearchive.php
—	—	@@ -95,8 +95,14 @@
96	96
97	97	$sha1 = false;
98	98	if ( $sha1Set ) {
	99	+ if ( !ApiQueryAllimages::validateSha1Hash( $params['sha1'] ) ) {
	100	+ $this->dieUsage( 'The SHA1 hash provided is not valid', 'invalidsha1hash' );
	101	+ }
99	102	$sha1 = wfBaseConvert( $params['sha1'], 16, 36, 31 );
100	103	} elseif ( $sha1base36Set ) {
	104	+ if ( !ApiQueryAllimages::validateSha1Base36Hash( $sha1 ) ) {
	105	+ $this->dieUsage( 'The SHA1Base36 hash provided is not valid', 'invalidsha1base36hash' );
	106	+ }
101	107	$sha1 = $params['sha1base36'];
102	108	}
103	109	if ( $sha1 ) {
—	—	@@ -274,6 +280,8 @@
275	281	return array_merge( parent::getPossibleErrors(), array(
276	282	array( 'code' => 'permissiondenied', 'info' => 'You don\'t have permission to view deleted file information' ),
277	283	array( 'code' => 'hashsearchdisabled', 'info' => 'Search by hash disabled in Miser Mode' ),
	284	+ array( 'code' => 'invalidsha1hash', 'info' => 'The SHA1 hash provided is not valid' ),
	285	+ array( 'code' => 'invalidsha1base36hash', 'info' => 'The SHA1Base36 hash provided is not valid' ),
278	286	) );
279	287	}
280	288

Follow-up revisions

Revision	Commit summary	Author	Date
r90751	Followup r89576, and other related revisions...	reedy	03:50, 25 June 2011

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r89542	* (bug 21346) Make deleted images searchable by hash (disabled in Miser Mode)...	reedy	23:40, 5 June 2011

Comments

#Comment by Bryan (talk | contribs) 08:32, 7 June 2011

ApiQueryAllimages seems to be a rather arbitrary place for validateSha1Base36Hash(). Isn't ApiQueryBase or ApiBase a better location?

#Comment by Reedy (talk | contribs) 09:08, 7 June 2011

Indeed

Well, tbh, we should probably move the whole validation bit up a level or 2, and move the actual validation routines to somewhere in the file/similar classes

#Comment by Reedy (talk | contribs) 09:10, 7 June 2011

But of course, they were put there originally, as that was the only place using them at the time

#Comment by Aaron Schulz (talk | contribs) 21:50, 24 June 2011

Yeah, these functions should be moved up.

Status & tagging log

05:25, 25 June 2011 Aaron Schulz (talk | contribs) changed the status of r89576 [removed: new added: resolved]
03:50, 25 June 2011 Reedy (talk | contribs) changed the status of r89576 [removed: fixme added: new]
21:50, 24 June 2011 Aaron Schulz (talk | contribs) changed the status of r89576 [removed: new added: fixme]