From acc8160705beee69c4fc4f7d16ebfc8d586bc135 Mon Sep 17 00:00:00 2001
From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Fri, 20 Feb 2015 10:18:00 -0500
Subject: [PATCH] API: Don't allow '#' in title-parts

As-is, this causes loss of a character from the passed-in title leading
to wrong output. But there should never be a '#' in a title-part anyway,
the best thing is to just disallow it completely.

Bug: T38358
Change-Id: Id90bfb9c63a5960e7d2d49350d3e0da0327d0e24
---
 includes/api/ApiQueryBase.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/includes/api/ApiQueryBase.php b/includes/api/ApiQueryBase.php
index 998cc91c63..7414913ddc 100644
--- a/includes/api/ApiQueryBase.php
+++ b/includes/api/ApiQueryBase.php
@@ -513,7 +513,8 @@ abstract class ApiQueryBase extends ApiBase {
 	 */
 	public function titlePartToKey( $titlePart, $namespace = NS_MAIN ) {
 		$t = Title::makeTitleSafe( $namespace, $titlePart . 'x' );
-		if ( !$t ) {
+		if ( !$t || $t->hasFragment() ) {
+			// Invalid title (e.g. bad chars) or contained a '#'.
 			$this->dieUsageMsg( array( 'invalidtitle', $titlePart ) );
 		}
 		if ( $namespace != $t->getNamespace() || $t->isExternal() ) {
-- 
2.20.1