From 38ec6d8a344d4eda0307dd3a72653dd2171305d6 Mon Sep 17 00:00:00 2001
From: Umherirrender <umherirrender_de.wp@web.de>
Date: Mon, 25 Mar 2019 21:08:38 +0100
Subject: [PATCH] Always validate uploads over api

filesize and title are validated in UploadBase::verifyUpload with more
accurate error message

Using stashed async with a long title can cause null errors later on

Bug: T208539
Change-Id: I545435e2baa222ae1544673011c5527874d1d2cb
---
 includes/api/ApiUpload.php | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/includes/api/ApiUpload.php b/includes/api/ApiUpload.php
index fc41e4ea6a..f0d271cb04 100644
--- a/includes/api/ApiUpload.php
+++ b/includes/api/ApiUpload.php
@@ -74,20 +74,8 @@ class ApiUpload extends ApiBase {
 		}
 
 		// Check if the uploaded file is sane
-		if ( $this->mParams['chunk'] ) {
-			$maxSize = UploadBase::getMaxUploadSize();
-			if ( $this->mParams['filesize'] > $maxSize ) {
-				$this->dieWithError( 'file-too-large' );
-			}
-			if ( !$this->mUpload->getTitle() ) {
-				$this->dieWithError( 'illegal-filename' );
-			}
-		} elseif ( $this->mParams['async'] && $this->mParams['filekey'] ) {
-			// defer verification to background process
-		} else {
-			wfDebug( __METHOD__ . " about to verify\n" );
-			$this->verifyUpload();
-		}
+		wfDebug( __METHOD__ . " about to verify\n" );
+		$this->verifyUpload();
 
 		// Check if the user has the rights to modify or overwrite the requested title
 		// (This check is irrelevant if stashing is already requested, since the errors
-- 
2.20.1