From 2fbf8e57b7142afffd306f53fefce9bfd3efd001 Mon Sep 17 00:00:00 2001
From: umherirrender <umherirrender_de.wp@web.de>
Date: Sat, 17 Nov 2012 22:43:12 +0100
Subject: [PATCH] Fix hash validation in api

That must be a exact 31 characters, not 31 characters at once in a
longer string

Remove upper characters, because database contains only lower characters
and there is no strtolower

Change-Id: Ic980fd719955842fad30a315eedd71381caf8aa5
---
 includes/api/ApiQueryBase.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/api/ApiQueryBase.php b/includes/api/ApiQueryBase.php
index 2c48aca0b4..5f4d9f9ce7 100644
--- a/includes/api/ApiQueryBase.php
+++ b/includes/api/ApiQueryBase.php
@@ -534,7 +534,7 @@ abstract class ApiQueryBase extends ApiBase {
 	 * @return bool
 	 */
 	public function validateSha1Hash( $hash ) {
-		return preg_match( '/[a-fA-F0-9]{40}/', $hash );
+		return preg_match( '/^[a-f0-9]{40}$/', $hash );
 	}
 
 	/**
@@ -542,7 +542,7 @@ abstract class ApiQueryBase extends ApiBase {
 	 * @return bool
 	 */
 	public function validateSha1Base36Hash( $hash ) {
-		return preg_match( '/[a-zA-Z0-9]{31}/', $hash );
+		return preg_match( '/^[a-z0-9]{31}$/', $hash );
 	}
 
 	/**
-- 
2.20.1