From 63111d750d3222629f725405c67d5ef9b3438e7b Mon Sep 17 00:00:00 2001
From: Sam Reed <reedy@users.mediawiki.org>
Date: Mon, 6 Jun 2011 16:06:59 +0000
Subject: [PATCH] Followup r89542, validate hashes

---
 includes/api/ApiQueryFilearchive.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/includes/api/ApiQueryFilearchive.php b/includes/api/ApiQueryFilearchive.php
index 5f4de5d3c3..a5462b9e13 100644
--- a/includes/api/ApiQueryFilearchive.php
+++ b/includes/api/ApiQueryFilearchive.php
@@ -95,8 +95,14 @@ class ApiQueryFilearchive extends ApiQueryBase {
 
 			$sha1 = false;
 			if ( $sha1Set ) {
+				if ( !ApiQueryAllimages::validateSha1Hash( $params['sha1'] ) ) {
+					$this->dieUsage( 'The SHA1 hash provided is not valid', 'invalidsha1hash' );
+				}
 				$sha1 = wfBaseConvert( $params['sha1'], 16, 36, 31 );
 			} elseif ( $sha1base36Set ) {
+				if ( !ApiQueryAllimages::validateSha1Base36Hash( $sha1 ) ) {
+					$this->dieUsage( 'The SHA1Base36 hash provided is not valid', 'invalidsha1base36hash' );
+				}
 				$sha1 = $params['sha1base36'];
 			}
 			if ( $sha1 ) {
@@ -274,6 +280,8 @@ class ApiQueryFilearchive extends ApiQueryBase {
 		return array_merge( parent::getPossibleErrors(), array(
 			array( 'code' => 'permissiondenied', 'info' => 'You don\'t have permission to view deleted file information' ),
 			array( 'code' => 'hashsearchdisabled', 'info' => 'Search by hash disabled in Miser Mode' ),
+			array( 'code' => 'invalidsha1hash', 'info' => 'The SHA1 hash provided is not valid' ),
+			array( 'code' => 'invalidsha1base36hash', 'info' => 'The SHA1Base36 hash provided is not valid' ),
 		) );
 	}
 
-- 
2.20.1