From d01d0edd98571c6af276aa2043cc43744f68c123 Mon Sep 17 00:00:00 2001
From: Ilmari Karonen <vyznev@users.mediawiki.org>
Date: Fri, 10 Oct 2008 17:09:53 +0000
Subject: [PATCH] Use getParameter() for the "maxage" and "smaxage" parameters
 rather than pulling them straight out of the request so that they'll be
 properly validated (and in particular coerced to integers).

---
 RELEASE-NOTES            | 1 +
 includes/api/ApiMain.php | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index e690601f70..a8e2e710f4 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -324,6 +324,7 @@ The following extensions are migrated into MediaWiki 1.14:
 * (bug 15845) Added pageid/fromid parameter to action=delete/move, making
   manipulation of legacy pages with invalid titles possible
 * (bug 15881) Empty or invalid parameters cause database errors 
+* The maxage and smaxage parameters are now properly validated
 
 === Languages updated in 1.14 ===
 
diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index b339f0f049..5c5c0bdbb2 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -290,8 +290,8 @@ class ApiMain extends ApiBase {
 		if($this->mSquidMaxage == -1)
 		{
 			# Nobody called setCacheMaxAge(), use the (s)maxage parameters
-			$smaxage = $this->mRequest->getVal('smaxage', 0);
-			$maxage = $this->mRequest->getVal('maxage', 0);
+			$smaxage = $this->getParameter('smaxage');
+			$maxage = $this->getParameter('maxage');
 		}
 		else
 			$smaxage = $maxage = $this->mSquidMaxage;
-- 
2.20.1