Merge "Sanity check "stashedtexthash" param before checking memcached"

author jenkins-bot <jenkins-bot@gerrit.wikimedia.org>

Tue, 12 Sep 2017 08:53:45 +0000 (08:53 +0000)

committer Gerrit Code Review <gerrit@wikimedia.org>

Tue, 12 Sep 2017 08:53:45 +0000 (08:53 +0000)
author jenkins-bot <jenkins-bot@gerrit.wikimedia.org>
Tue, 12 Sep 2017 08:53:45 +0000 (08:53 +0000)
committer Gerrit Code Review <gerrit@wikimedia.org>
Tue, 12 Sep 2017 08:53:45 +0000 (08:53 +0000)
diff --git a/includes/api/ApiStashEdit.php b/includes/api/ApiStashEdit.php

index d03fca8..8a9de06 100644 (file)
--- a/includes/api/ApiStashEdit.php
+++ b/includes/api/ApiStashEdit.php
@@ -74,6 +74,9 @@ class ApiStashEdit extends ApiBase {
                 if ( strlen( $params['stashedtexthash'] ) ) {
                         // Load from cache since the client indicates the text is the same as last stash
                         $textHash = $params['stashedtexthash'];
+                       if ( !preg_match( '/^[0-9a-f]{40}$/', $textHash ) ) {
+                               $this->dieWithError( 'apierror-stashedit-missingtext', 'missingtext' );
+                       }
                         $textKey = $cache->makeKey( 'stashedit', 'text', $textHash );
                         $text = $cache->get( $textKey );
                         if ( !is_string( $text ) ) {
author	jenkins-bot <jenkins-bot@gerrit.wikimedia.org>
	Tue, 12 Sep 2017 08:53:45 +0000 (08:53 +0000)
committer	Gerrit Code Review <gerrit@wikimedia.org>
	Tue, 12 Sep 2017 08:53:45 +0000 (08:53 +0000)