From 6aa1328c24c21006384061b0a27f8b17498b789b Mon Sep 17 00:00:00 2001 From: Brad Jorsch Date: Fri, 15 Mar 2013 14:03:19 -0400 Subject: [PATCH] API: Fix parameter validation in setnotificationtimestamp This was broken in I7a3d7b6e, when the ApiPageSet parameters stopped being returned by getAllowedParams() and so by extractRequestParams(). Although it would be broken differently if they had been. Change-Id: I4b6ec21fd7b7c932856546df1ccad574d996db1f --- includes/api/ApiPageSet.php | 24 ++++++++++++++++++++ includes/api/ApiSetNotificationTimestamp.php | 5 ++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/includes/api/ApiPageSet.php b/includes/api/ApiPageSet.php index bab59b7895..074efe4b62 100644 --- a/includes/api/ApiPageSet.php +++ b/includes/api/ApiPageSet.php @@ -217,6 +217,30 @@ class ApiPageSet extends ApiBase { return $this->mResolveRedirects; } + /** + * Return the parameter name that is the source of data for this PageSet + * + * If multiple source parameters are specified (e.g. titles and pageids), + * one will be named arbitrarily. + * + * @return string|null + */ + public function getDataSource() { + if ( $this->mAllowGenerator && isset( $this->mParams['generator'] ) ) { + return 'generator'; + } + if ( isset( $this->mParams['titles'] ) ) { + return 'titles'; + } + if ( isset( $this->mParams['pageids'] ) ) { + return 'pageids'; + } + if ( isset( $this->mParams['revids'] ) ) { + return 'revids'; + } + return null; + } + /** * Request an additional field from the page table. * Must be called before execute() diff --git a/includes/api/ApiSetNotificationTimestamp.php b/includes/api/ApiSetNotificationTimestamp.php index b40476a52c..58d5d9abe9 100644 --- a/includes/api/ApiSetNotificationTimestamp.php +++ b/includes/api/ApiSetNotificationTimestamp.php @@ -44,8 +44,9 @@ class ApiSetNotificationTimestamp extends ApiBase { $this->requireMaxOneParameter( $params, 'timestamp', 'torevid', 'newerthanrevid' ); $pageSet = $this->getPageSet(); - $args = array_merge( array( $params, 'entirewatchlist' ), array_keys( $pageSet->getAllowedParams() ) ); - call_user_func_array( array( $this, 'requireOnlyOneParameter' ), $args ); + if ( $params['entirewatchlist'] && $pageSet->getDataSource() !== null ) { + $this->dieUsage( "Cannot use 'entirewatchlist' at the same time as '{$pageSet->getDataSource()}'", 'multisource' ); + } $dbw = wfGetDB( DB_MASTER, 'api' ); -- 2.20.1