ApiEditPage: Test for bad redirect targets

Apparently everything downstream assumes callers already handled
interwiki titles.

Bug: T239428
Change-Id: Ie54f366986056c876eade0fcad6c41f70b8b8de8

diff --git a/includes/api/ApiEditPage.php b/includes/api/ApiEditPage.php
index 83f72e5..ad8951a 100644 (file)
--- a/includes/api/ApiEditPage.php
+++ b/includes/api/ApiEditPage.php
@@ -70,6 +70,20 @@ class ApiEditPage extends ApiBase {
                                        ];
 
                                        $titleObj = $newTitle;
+
+                                       // T239428: Check whether the new title is valid
+                                       if ( $titleObj->isExternal() || !$titleObj->canExist() ) {
+                                               $redirValues[count( $redirValues ) - 1]['to'] = $titleObj->getFullText();
+                                               $this->dieWithError(
+                                                       [
+                                                               'apierror-edit-invalidredirect',
+                                                               Message::plaintextParam( $oldTitle->getPrefixedText() ),
+                                                               Message::plaintextParam( $titleObj->getFullText() ),
+                                                       ],
+                                                       'edit-invalidredirect',
+                                                       [ 'redirects' => $redirValues ]
+                                               );
+                                       }
                                }
 
                                ApiResult::setIndexedTagName( $redirValues, 'r' );

diff --git a/includes/api/i18n/en.json b/includes/api/i18n/en.json
index 6838e54..a57709a 100644 (file)
--- a/includes/api/i18n/en.json
+++ b/includes/api/i18n/en.json
@@ -1694,6 +1694,7 @@
        "apierror-databaseerror": "[$1] Database query error.",
        "apierror-deletedrevs-param-not-1-2": "The <var>$1</var> parameter cannot be used in modes 1 or 2.",
        "apierror-deletedrevs-param-not-3": "The <var>$1</var> parameter cannot be used in mode 3.",
+       "apierror-edit-invalidredirect": "Cannot edit <kbd>$1</kbd> while following redirects, as target <kbd>$2</kbd> is not valid.",
        "apierror-emptynewsection": "Creating empty new sections is not possible.",
        "apierror-emptypage": "Creating new, empty pages is not allowed.",
        "apierror-exceptioncaught": "[$1] Exception caught: $2",

diff --git a/includes/api/i18n/qqq.json b/includes/api/i18n/qqq.json
index 594bf8e..f3978ac 100644 (file)
--- a/includes/api/i18n/qqq.json
+++ b/includes/api/i18n/qqq.json
@@ -1582,6 +1582,7 @@
        "apierror-databaseerror": "{{doc-apierror}}\n\nParameters:\n* $1 - Exception log ID code. This is meaningless to the end user, but can be used by people with access to the logs to easily find the logged error.",
        "apierror-deletedrevs-param-not-1-2": "{{doc-apierror}}\n\nParameters:\n* $1 - Parameter name.\n\nSee also:\n* {{msg-mw|apihelp-query+deletedrevs-extended-description}}",
        "apierror-deletedrevs-param-not-3": "{{doc-apierror}}\n\nParameters:\n* $1 - Parameter name.\n\nSee also:\n* {{msg-mw|apihelp-query+deletedrevs-extended-description}}",
+       "apierror-edit-invalidredirect": "{{doc-apierror}}\n\nParameters:\n* $1 - Redirect being edited\n* $2 - Target of the redirect that cannot be edited.",
        "apierror-emptynewsection": "{{doc-apierror}}",
        "apierror-emptypage": "{{doc-apierror}}",
        "apierror-exceptioncaught": "{{doc-apierror}}\n\nParameters:\n* $1 - Exception log ID code. This is meaningless to the end user, but can be used by people with access to the logs to easily find the logged error.\n* $2 - Exception message, which may end with punctuation. Probably in English.",