From: Umherirrender <umherirrender_de.wp@web.de>
Date: Mon, 25 Mar 2019 20:08:38 +0000 (+0100)
Subject: Always validate uploads over api
X-Git-Tag: 1.34.0-rc.0~1729^2
X-Git-Url: https://git.cyclocoop.org/%27.WWW_URL.%27admin/?a=commitdiff_plain;h=38ec6d8a344d4eda0307dd3a72653dd2171305d6;p=lhc%2Fweb%2Fwiklou.git

Always validate uploads over api

filesize and title are validated in UploadBase::verifyUpload with more
accurate error message

Using stashed async with a long title can cause null errors later on

Bug: T208539
Change-Id: I545435e2baa222ae1544673011c5527874d1d2cb
---

diff --git a/includes/api/ApiUpload.php b/includes/api/ApiUpload.php
index fc41e4ea6a..f0d271cb04 100644
--- a/includes/api/ApiUpload.php
+++ b/includes/api/ApiUpload.php
@@ -74,20 +74,8 @@ class ApiUpload extends ApiBase {
 		}
 
 		// Check if the uploaded file is sane
-		if ( $this->mParams['chunk'] ) {
-			$maxSize = UploadBase::getMaxUploadSize();
-			if ( $this->mParams['filesize'] > $maxSize ) {
-				$this->dieWithError( 'file-too-large' );
-			}
-			if ( !$this->mUpload->getTitle() ) {
-				$this->dieWithError( 'illegal-filename' );
-			}
-		} elseif ( $this->mParams['async'] && $this->mParams['filekey'] ) {
-			// defer verification to background process
-		} else {
-			wfDebug( __METHOD__ . " about to verify\n" );
-			$this->verifyUpload();
-		}
+		wfDebug( __METHOD__ . " about to verify\n" );
+		$this->verifyUpload();
 
 		// Check if the user has the rights to modify or overwrite the requested title
 		// (This check is irrelevant if stashing is already requested, since the errors