From 3d6ca209f3ccf106592f040fedf0da139816547a Mon Sep 17 00:00:00 2001
From: Bryan Tong Minh <btongminh@users.mediawiki.org>
Date: Wed, 28 Oct 2009 22:23:00 +0000
Subject: [PATCH] * Validate sessionkey for stashed uploads * (bug 21235)
 Switch around fetchfileerror to the proper order

---
 includes/api/ApiUpload.php | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/includes/api/ApiUpload.php b/includes/api/ApiUpload.php
index 97da929108..757d21c6aa 100644
--- a/includes/api/ApiUpload.php
+++ b/includes/api/ApiUpload.php
@@ -73,11 +73,13 @@ class ApiUpload extends ApiBase {
 			if( isset( $status['error'] ) )
 				$this->dieUsageMsg( $status['error'] );
 
-		} elseif ( isset( $this->mParams['internalhttpsession'] ) && $this->mParams['internalhttpsession'] ) {
+		} elseif ( !empty( $this->mParams['internalhttpsession'] )  ) {
+			/**
+			 * Internal http mode
+			 */
+			
 			$sd = & $_SESSION['wsDownload'][ $this->mParams['internalhttpsession'] ];
 
-			//wfDebug("InternalHTTP:: " . print_r($this->mParams, true));
-			// get the params from the init session:
 			$this->mUpload = new UploadFromFile();
 
 			$this->mUpload->initialize( $this->mParams['filename'],
@@ -113,6 +115,10 @@ class ApiUpload extends ApiBase {
 			/**
 			 * Upload stashed in a previous request
 			 */
+			// Check the session key
+			if( !isset( $_SESSION['wsUploadData'][$this->mParams['sessionkey']] ) )
+					return $this->dieUsageMsg( array( 'invalid-session-key' ) );
+			
 			$this->mUpload = new UploadFromStash();
 			$this->mUpload->initialize( $this->mParams['filename'],
 					$_SESSION['wsUploadData'][$this->mParams['sessionkey']] );
@@ -148,7 +154,7 @@ class ApiUpload extends ApiBase {
 
 				$status = $this->mUpload->fetchFile();
 				if( !$status->isOK() ) {
-					return $this->dieUsage( 'fetchfileerror', $status->getWikiText() );
+					return $this->dieUsage( $status->getWikiText(),  'fetchfileerror' );
 				}
 
 				// check if we doing a async request set session info and return the upload_session_key)
@@ -164,8 +170,8 @@ class ApiUpload extends ApiBase {
 					$sd['mParams'] = $this->mParams;
 
 					return $this->getResult()->addValue( null, $this->getModuleName(),
-									array( 'upload_session_key' => $upload_session_key
-							));
+									array( 'upload_session_key' => $upload_session_key ) 
+					);
 				}
 			}
 		}
@@ -193,6 +199,7 @@ class ApiUpload extends ApiBase {
 		// Perform the upload
 		$result = $this->performUpload();
 		// Cleanup any temporary mess
+		// FIXME: This should be in a try .. finally block with performUpload
 		$this->mUpload->cleanupTempFile();
 		$this->getResult()->addValue( null, $this->getModuleName(), $result );
 	}
-- 
2.20.1