Fix hash validation in api

That must be a exact 31 characters, not 31 characters at once in a
longer string

Remove upper characters, because database contains only lower characters
and there is no strtolower

Change-Id: Ic980fd719955842fad30a315eedd71381caf8aa5

diff --git a/includes/api/ApiQueryBase.php b/includes/api/ApiQueryBase.php
index 2c48aca..5f4d9f9 100644 (file)
--- a/includes/api/ApiQueryBase.php
+++ b/includes/api/ApiQueryBase.php
@@ -534,7 +534,7 @@ abstract class ApiQueryBase extends ApiBase {
         * @return bool
         */
        public function validateSha1Hash( $hash ) {
-               return preg_match( '/[a-fA-F0-9]{40}/', $hash );
+               return preg_match( '/^[a-f0-9]{40}$/', $hash );
        }
 
        /**
@@ -542,7 +542,7 @@ abstract class ApiQueryBase extends ApiBase {
         * @return bool
         */
        public function validateSha1Base36Hash( $hash ) {
-               return preg_match( '/[a-zA-Z0-9]{31}/', $hash );
+               return preg_match( '/^[a-z0-9]{31}$/', $hash );
        }
 
        /**