From 69df5addef0fdd01198e2087ee5f1f6a4eb88377 Mon Sep 17 00:00:00 2001 From: umherirrender Date: Sun, 26 Oct 2014 10:19:31 +0100 Subject: [PATCH] Validate cmstarthexsortkey/cmendhexsortkey to be valid hex Avoids: Warning: pack(): Type H: illegal hex digit N in \includes\api\ApiQueryCategoryMembers.php on line 146 Bug: 40809 Change-Id: I1dd732ccec8e6991d0ceac443226f5c7e59fd853 --- includes/api/ApiQueryCategoryMembers.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/includes/api/ApiQueryCategoryMembers.php b/includes/api/ApiQueryCategoryMembers.php index 5b4a766744..97c292e49a 100644 --- a/includes/api/ApiQueryCategoryMembers.php +++ b/includes/api/ApiQueryCategoryMembers.php @@ -47,6 +47,15 @@ class ApiQueryCategoryMembers extends ApiQueryGeneratorBase { $this->run( $resultPageSet ); } + /** + * @param string $hexSortkey + * @return bool + */ + private function validateHexSortkey( $hexSortkey ) { + // A hex sortkey has an unbound number of 2 letter pairs + return preg_match( '/^(?:[a-fA-F0-9]{2})*$/', $hexSortkey ); + } + /** * @param ApiPageSet $resultPageSet * @return void @@ -128,6 +137,7 @@ class ApiQueryCategoryMembers extends ApiQueryGeneratorBase { $queryTypes = array_slice( $queryTypes, $contTypeIndex ); // Add a WHERE clause for sortkey and from + $this->dieContinueUsageIf( !$this->validateHexSortkey( $cont[1] ) ); // pack( "H*", $foo ) is used to convert hex back to binary $escSortkey = $this->getDB()->addQuotes( pack( 'H*', $cont[1] ) ); $from = intval( $cont[2] ); @@ -143,6 +153,9 @@ class ApiQueryCategoryMembers extends ApiQueryGeneratorBase { if ( $params['startsortkeyprefix'] !== null ) { $startsortkey = Collation::singleton()->getSortkey( $params['startsortkeyprefix'] ); } elseif ( $params['starthexsortkey'] !== null ) { + if ( !$this->validateHexSortkey( $params['starthexsortkey'] ) ) { + $this->dieUsage( 'The starthexsortkey provided is not valid', 'bad_starthexsortkey' ); + } $startsortkey = pack( 'H*', $params['starthexsortkey'] ); } else { $this->logFeatureUsage( 'list=categorymembers&cmstartsortkey' ); @@ -151,6 +164,9 @@ class ApiQueryCategoryMembers extends ApiQueryGeneratorBase { if ( $params['endsortkeyprefix'] !== null ) { $endsortkey = Collation::singleton()->getSortkey( $params['endsortkeyprefix'] ); } elseif ( $params['endhexsortkey'] !== null ) { + if ( !$this->validateHexSortkey( $params['endhexsortkey'] ) ) { + $this->dieUsage( 'The endhexsortkey provided is not valid', 'bad_endhexsortkey' ); + } $endsortkey = pack( 'H*', $params['endhexsortkey'] ); } else { $this->logFeatureUsage( 'list=categorymembers&cmendsortkey' ); -- 2.20.1