From: Brad Jorsch Date: Fri, 15 Mar 2013 18:03:19 +0000 (-0400) Subject: API: Fix parameter validation in setnotificationtimestamp X-Git-Tag: 1.31.0-rc.0~20260^2 X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/comptes/ajouter.php?a=commitdiff_plain;h=6aa1328c24c21006384061b0a27f8b17498b789b;p=lhc%2Fweb%2Fwiklou.git API: Fix parameter validation in setnotificationtimestamp This was broken in I7a3d7b6e, when the ApiPageSet parameters stopped being returned by getAllowedParams() and so by extractRequestParams(). Although it would be broken differently if they had been. Change-Id: I4b6ec21fd7b7c932856546df1ccad574d996db1f --- diff --git a/includes/api/ApiPageSet.php b/includes/api/ApiPageSet.php index bab59b7895..074efe4b62 100644 --- a/includes/api/ApiPageSet.php +++ b/includes/api/ApiPageSet.php @@ -217,6 +217,30 @@ class ApiPageSet extends ApiBase { return $this->mResolveRedirects; } + /** + * Return the parameter name that is the source of data for this PageSet + * + * If multiple source parameters are specified (e.g. titles and pageids), + * one will be named arbitrarily. + * + * @return string|null + */ + public function getDataSource() { + if ( $this->mAllowGenerator && isset( $this->mParams['generator'] ) ) { + return 'generator'; + } + if ( isset( $this->mParams['titles'] ) ) { + return 'titles'; + } + if ( isset( $this->mParams['pageids'] ) ) { + return 'pageids'; + } + if ( isset( $this->mParams['revids'] ) ) { + return 'revids'; + } + return null; + } + /** * Request an additional field from the page table. * Must be called before execute() diff --git a/includes/api/ApiSetNotificationTimestamp.php b/includes/api/ApiSetNotificationTimestamp.php index b40476a52c..58d5d9abe9 100644 --- a/includes/api/ApiSetNotificationTimestamp.php +++ b/includes/api/ApiSetNotificationTimestamp.php @@ -44,8 +44,9 @@ class ApiSetNotificationTimestamp extends ApiBase { $this->requireMaxOneParameter( $params, 'timestamp', 'torevid', 'newerthanrevid' ); $pageSet = $this->getPageSet(); - $args = array_merge( array( $params, 'entirewatchlist' ), array_keys( $pageSet->getAllowedParams() ) ); - call_user_func_array( array( $this, 'requireOnlyOneParameter' ), $args ); + if ( $params['entirewatchlist'] && $pageSet->getDataSource() !== null ) { + $this->dieUsage( "Cannot use 'entirewatchlist' at the same time as '{$pageSet->getDataSource()}'", 'multisource' ); + } $dbw = wfGetDB( DB_MASTER, 'api' );