From: Aaron Schulz <aschulz@wikimedia.org>
Date: Thu, 31 Aug 2017 21:35:17 +0000 (-0700)
Subject: Sanity check "stashedtexthash" param before checking memcached
X-Git-Tag: 1.31.0-rc.0~2144^2
X-Git-Url: http://git.cyclocoop.org/%22.%20generer_url_ecrire%28%22sites_tous%22%2C%22%22%29.%20%22?a=commitdiff_plain;h=23cd890fc909dc344c3ff48d4eeb0d30e64c5b69;p=lhc%2Fweb%2Fwiklou.git

Sanity check "stashedtexthash" param before checking memcached

The makeKey() method should do escaping and shortening, but it
is safest and clearer to not rely on that.

Change-Id: Ia4a95e0bb12074d141ddcca2089b920403cab100
---

diff --git a/includes/api/ApiStashEdit.php b/includes/api/ApiStashEdit.php
index d03fca87a0..8a9de064fd 100644
--- a/includes/api/ApiStashEdit.php
+++ b/includes/api/ApiStashEdit.php
@@ -74,6 +74,9 @@ class ApiStashEdit extends ApiBase {
 		if ( strlen( $params['stashedtexthash'] ) ) {
 			// Load from cache since the client indicates the text is the same as last stash
 			$textHash = $params['stashedtexthash'];
+			if ( !preg_match( '/^[0-9a-f]{40}$/', $textHash ) ) {
+				$this->dieWithError( 'apierror-stashedit-missingtext', 'missingtext' );
+			}
 			$textKey = $cache->makeKey( 'stashedit', 'text', $textHash );
 			$text = $cache->get( $textKey );
 			if ( !is_string( $text ) ) {