SECURITY: API: Improve validation in chunked uploading

[lhc/web/wiklou.git] / includes / api / ApiQuerySiteinfo.php

diff --git a/includes/api/ApiQuerySiteinfo.php b/includes/api/ApiQuerySiteinfo.php
index 1dc9985..1265155 100644 (file)
--- a/includes/api/ApiQuerySiteinfo.php
+++ b/includes/api/ApiQuerySiteinfo.php
@@ -246,6 +246,7 @@ class ApiQuerySiteinfo extends ApiQueryBase {
                $data['misermode'] = (bool)$config->get( 'MiserMode' );
 
                $data['maxuploadsize'] = UploadBase::getMaxUploadSize();
+               $data['minuploadchunksize'] = (int)$this->getConfig()->get( 'MinUploadChunkSize' );
 
                $data['thumblimits'] = $config->get( 'ThumbLimits' );
                ApiResult::setArrayType( $data['thumblimits'], 'BCassoc' );
@@ -297,6 +298,7 @@ class ApiQuerySiteinfo extends ApiQueryBase {
                        }
                }
 
+               ApiResult::setArrayType( $data, 'assoc' );
                ApiResult::setIndexedTagName( $data, 'ns' );
 
                return $this->getResult()->addValue( 'query', $property, $data );
@@ -511,6 +513,7 @@ class ApiQuerySiteinfo extends ApiQueryBase {
                                        $groups = array_intersect( $rights[$group], $allGroups );
                                        if ( $groups ) {
                                                $arr[$type] = $groups;
+                                               ApiResult::setArrayType( $arr[$type], 'BCarray' );
                                                ApiResult::setIndexedTagName( $arr[$type], 'group' );
                                        }
                                }
@@ -682,6 +685,11 @@ class ApiQuerySiteinfo extends ApiQueryBase {
                        'semiprotectedlevels' => $config->get( 'SemiprotectedRestrictionLevels' ),
                );
 
+               ApiResult::setArrayType( $data['types'], 'BCarray' );
+               ApiResult::setArrayType( $data['levels'], 'BCarray' );
+               ApiResult::setArrayType( $data['cascadinglevels'], 'BCarray' );
+               ApiResult::setArrayType( $data['semiprotectedlevels'], 'BCarray' );
+
                ApiResult::setIndexedTagName( $data['types'], 'type' );
                ApiResult::setIndexedTagName( $data['levels'], 'level' );
                ApiResult::setIndexedTagName( $data['cascadinglevels'], 'level' );
@@ -741,6 +749,7 @@ class ApiQuerySiteinfo extends ApiQueryBase {
                global $wgParser;
                $wgParser->firstCallInit();
                $tags = array_map( array( $this, 'formatParserTags' ), $wgParser->getTags() );
+               ApiResult::setArrayType( $tags, 'BCarray' );
                ApiResult::setIndexedTagName( $tags, 't' );
 
                return $this->getResult()->addValue( 'query', $property, $tags );
@@ -750,6 +759,7 @@ class ApiQuerySiteinfo extends ApiQueryBase {
                global $wgParser;
                $wgParser->firstCallInit();
                $hooks = $wgParser->getFunctionHooks();
+               ApiResult::setArrayType( $hooks, 'BCarray' );
                ApiResult::setIndexedTagName( $hooks, 'h' );
 
                return $this->getResult()->addValue( 'query', $property, $hooks );
@@ -757,6 +767,7 @@ class ApiQuerySiteinfo extends ApiQueryBase {
 
        public function appendVariables( $property ) {
                $variables = MagicWord::getVariableIDs();
+               ApiResult::setArrayType( $variables, 'BCarray' );
                ApiResult::setIndexedTagName( $variables, 'v' );
 
                return $this->getResult()->addValue( 'query', $property, $variables );
@@ -765,6 +776,7 @@ class ApiQuerySiteinfo extends ApiQueryBase {
        public function appendProtocols( $property ) {
                // Make a copy of the global so we don't try to set the _element key of it - bug 45130
                $protocols = array_values( $this->getConfig()->get( 'UrlProtocols' ) );
+               ApiResult::setArrayType( $protocols, 'BCarray' );
                ApiResult::setIndexedTagName( $protocols, 'p' );
 
                return $this->getResult()->addValue( 'query', $property, $protocols );
@@ -792,6 +804,7 @@ class ApiQuerySiteinfo extends ApiQueryBase {
                                'subscribers' => array_map( array( 'SpecialVersion', 'arrayToString' ), $subscribers ),
                        );
 
+                       ApiResult::setArrayType( $arr['subscribers'], 'BCarray' );
                        ApiResult::setIndexedTagName( $arr['subscribers'], 's' );
                        $data[] = $arr;
                }
@@ -842,7 +855,8 @@ class ApiQuerySiteinfo extends ApiQueryBase {
                                        'variables',
                                        'protocols',
                                        'defaultoptions',
-                               )
+                               ),
+                               ApiBase::PARAM_HELP_MSG_PER_VALUE => array(),
                        ),
                        'filteriw' => array(
                                ApiBase::PARAM_TYPE => array(