From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Fri, 20 Feb 2015 15:18:00 +0000 (-0500)
Subject: API: Don't allow '#' in title-parts
X-Git-Tag: 1.31.0-rc.0~12332
X-Git-Url: http://git.cyclocoop.org/%27%2C%20%20%20quote_amp%28%24url%29%2C%20%20%20%27?a=commitdiff_plain;h=acc8160705beee69c4fc4f7d16ebfc8d586bc135;p=lhc%2Fweb%2Fwiklou.git

API: Don't allow '#' in title-parts

As-is, this causes loss of a character from the passed-in title leading
to wrong output. But there should never be a '#' in a title-part anyway,
the best thing is to just disallow it completely.

Bug: T38358
Change-Id: Id90bfb9c63a5960e7d2d49350d3e0da0327d0e24
---

diff --git a/includes/api/ApiQueryBase.php b/includes/api/ApiQueryBase.php
index 998cc91c63..7414913ddc 100644
--- a/includes/api/ApiQueryBase.php
+++ b/includes/api/ApiQueryBase.php
@@ -513,7 +513,8 @@ abstract class ApiQueryBase extends ApiBase {
 	 */
 	public function titlePartToKey( $titlePart, $namespace = NS_MAIN ) {
 		$t = Title::makeTitleSafe( $namespace, $titlePart . 'x' );
-		if ( !$t ) {
+		if ( !$t || $t->hasFragment() ) {
+			// Invalid title (e.g. bad chars) or contained a '#'.
 			$this->dieUsageMsg( array( 'invalidtitle', $titlePart ) );
 		}
 		if ( $namespace != $t->getNamespace() || $t->isExternal() ) {