X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=includes%2Fapi%2FApiBase.php;h=83d2ae9bea6088fc5fa7b7261e3dae3310dd310f;hb=1ec7e520d388b7cf23e116ac8f7a5a89ab613f9e;hp=034d24360f3141540ec5d1d104c6a5effab83802;hpb=a00e369aff80b2b338f26829b27cdeb8c66bf291;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php index 034d24360f..83d2ae9bea 100644 --- a/includes/api/ApiBase.php +++ b/includes/api/ApiBase.php @@ -204,6 +204,31 @@ abstract class ApiBase extends ContextSource { */ const PARAM_DEPRECATED_VALUES = 20; + /** + * (integer) Maximum number of values, for normal users. Must be used with PARAM_ISMULTI. + * @since 1.30 + */ + const PARAM_ISMULTI_LIMIT1 = 21; + + /** + * (integer) Maximum number of values, for users with the apihighimits right. + * Must be used with PARAM_ISMULTI. + * @since 1.30 + */ + const PARAM_ISMULTI_LIMIT2 = 22; + + /** + * (integer) Maximum length of a string in bytes (in UTF-8 encoding). + * @since 1.31 + */ + const PARAM_MAX_BYTES = 23; + + /** + * (integer) Maximum length of a string in characters (unicode codepoints). + * @since 1.31 + */ + const PARAM_MAX_CHARS = 24; + /**@}*/ const ALL_DEFAULT_STRING = '*'; @@ -668,7 +693,7 @@ abstract class ApiBase extends ContextSource { /** * Set the continuation manager - * @param ApiContinuationManager|null + * @param ApiContinuationManager|null $manager */ public function setContinuationManager( $manager ) { // Main module has setContinuationManager() method overridden @@ -1024,6 +1049,12 @@ abstract class ApiBase extends ContextSource { $multi = isset( $paramSettings[self::PARAM_ISMULTI] ) ? $paramSettings[self::PARAM_ISMULTI] : false; + $multiLimit1 = isset( $paramSettings[self::PARAM_ISMULTI_LIMIT1] ) + ? $paramSettings[self::PARAM_ISMULTI_LIMIT1] + : null; + $multiLimit2 = isset( $paramSettings[self::PARAM_ISMULTI_LIMIT2] ) + ? $paramSettings[self::PARAM_ISMULTI_LIMIT2] + : null; $type = isset( $paramSettings[self::PARAM_TYPE] ) ? $paramSettings[self::PARAM_TYPE] : null; @@ -1050,10 +1081,10 @@ abstract class ApiBase extends ContextSource { } else { $type = 'NULL'; // allow everything } + } - if ( $type == 'password' || !empty( $paramSettings[self::PARAM_SENSITIVE] ) ) { - $this->getMain()->markParamsSensitive( $encParamName ); - } + if ( $type == 'password' || !empty( $paramSettings[self::PARAM_SENSITIVE] ) ) { + $this->getMain()->markParamsSensitive( $encParamName ); } if ( $type == 'boolean' ) { @@ -1148,13 +1179,15 @@ abstract class ApiBase extends ContextSource { $value, $multi, is_array( $type ) ? $type : null, - $allowAll ? $allSpecifier : null + $allowAll ? $allSpecifier : null, + $multiLimit1, + $multiLimit2 ); } - // More validation only when choices were not given - // choices were validated in parseMultiValue() if ( isset( $value ) ) { + // More validation only when choices were not given + // choices were validated in parseMultiValue() if ( !is_array( $type ) ) { switch ( $type ) { case 'NULL': // nothing to do @@ -1264,6 +1297,23 @@ abstract class ApiBase extends ContextSource { $value = array_unique( $value ); } + if ( in_array( $type, [ 'NULL', 'string', 'text', 'password' ], true ) ) { + foreach ( (array)$value as $val ) { + if ( isset( $paramSettings[self::PARAM_MAX_BYTES] ) + && strlen( $val ) > $paramSettings[self::PARAM_MAX_BYTES] + ) { + $this->dieWithError( [ 'apierror-maxbytes', $encParamName, + $paramSettings[self::PARAM_MAX_BYTES] ] ); + } + if ( isset( $paramSettings[self::PARAM_MAX_CHARS] ) + && mb_strlen( $val, 'UTF-8' ) > $paramSettings[self::PARAM_MAX_CHARS] + ) { + $this->dieWithError( [ 'apierror-maxchars', $encParamName, + $paramSettings[self::PARAM_MAX_CHARS] ] ); + } + } + } + // Set a warning if a deprecated parameter has been passed if ( $deprecated && $value !== false ) { $feature = $encParamName; @@ -1350,21 +1400,25 @@ abstract class ApiBase extends ContextSource { * null, all values are accepted. * @param string|null $allSpecifier String to use to specify all allowed values, or null * if this behavior should not be allowed + * @param int|null $limit1 Maximum number of values, for normal users. + * @param int|null $limit2 Maximum number of values, for users with the apihighlimits right. * @return string|string[] (allowMultiple ? an_array_of_values : a_single_value) */ protected function parseMultiValue( $valueName, $value, $allowMultiple, $allowedValues, - $allSpecifier = null + $allSpecifier = null, $limit1 = null, $limit2 = null ) { if ( ( trim( $value ) === '' || trim( $value ) === "\x1f" ) && $allowMultiple ) { return []; } + $limit1 = $limit1 ?: self::LIMIT_SML1; + $limit2 = $limit2 ?: self::LIMIT_SML2; // This is a bit awkward, but we want to avoid calling canApiHighLimits() // because it unstubs $wgUser - $valuesList = $this->explodeMultiValue( $value, self::LIMIT_SML2 + 1 ); - $sizeLimit = count( $valuesList ) > self::LIMIT_SML1 && $this->mMainModule->canApiHighLimits() - ? self::LIMIT_SML2 - : self::LIMIT_SML1; + $valuesList = $this->explodeMultiValue( $value, $limit2 + 1 ); + $sizeLimit = count( $valuesList ) > $limit1 && $this->mMainModule->canApiHighLimits() + ? $limit2 + : $limit1; if ( $allowMultiple && is_array( $allowedValues ) && $allSpecifier && count( $valuesList ) === 1 && $valuesList[0] === $allSpecifier @@ -1432,7 +1486,7 @@ abstract class ApiBase extends ContextSource { * Validate the value against the minimum and user/bot maximum limits. * Prints usage info on failure. * @param string $paramName Parameter name - * @param int $value Parameter value + * @param int &$value Parameter value * @param int|null $min Minimum value * @param int|null $max Maximum value for users * @param int $botMax Maximum value for sysops/bots @@ -1599,7 +1653,7 @@ abstract class ApiBase extends ContextSource { /** * Truncate an array to a certain length. - * @param array $arr Array to truncate + * @param array &$arr Array to truncate * @param int $limit Maximum length * @return bool True if the array was truncated, false otherwise */ @@ -2860,7 +2914,7 @@ abstract class ApiBase extends ContextSource { * Return the error message related to a certain array * @deprecated since 1.29 * @param array|string|MessageSpecifier $error Element of a getUserPermissionsErrors()-style array - * @return [ 'code' => code, 'info' => info ] + * @return array [ 'code' => code, 'info' => info ] */ public function parseMsg( $error ) { wfDeprecated( __METHOD__, '1.29' );