From: Brad Jorsch Date: Mon, 2 Dec 2019 14:39:03 +0000 (-0500) Subject: ApiEditPage: Test for bad redirect targets X-Git-Tag: 1.31.6~5 X-Git-Url: http://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=commitdiff_plain;h=a3a7176b6539f97d4f723aaacc20f0c18a48bc1d ApiEditPage: Test for bad redirect targets Apparently everything downstream assumes callers already handled interwiki titles. Bug: T239428 Change-Id: Ie54f366986056c876eade0fcad6c41f70b8b8de8 --- diff --git a/includes/api/ApiEditPage.php b/includes/api/ApiEditPage.php index 83f72e54c1..ad8951ad9b 100644 --- a/includes/api/ApiEditPage.php +++ b/includes/api/ApiEditPage.php @@ -70,6 +70,20 @@ class ApiEditPage extends ApiBase { ]; $titleObj = $newTitle; + + // T239428: Check whether the new title is valid + if ( $titleObj->isExternal() || !$titleObj->canExist() ) { + $redirValues[count( $redirValues ) - 1]['to'] = $titleObj->getFullText(); + $this->dieWithError( + [ + 'apierror-edit-invalidredirect', + Message::plaintextParam( $oldTitle->getPrefixedText() ), + Message::plaintextParam( $titleObj->getFullText() ), + ], + 'edit-invalidredirect', + [ 'redirects' => $redirValues ] + ); + } } ApiResult::setIndexedTagName( $redirValues, 'r' ); diff --git a/includes/api/i18n/en.json b/includes/api/i18n/en.json index 6838e545d6..a57709a0d7 100644 --- a/includes/api/i18n/en.json +++ b/includes/api/i18n/en.json @@ -1694,6 +1694,7 @@ "apierror-databaseerror": "[$1] Database query error.", "apierror-deletedrevs-param-not-1-2": "The $1 parameter cannot be used in modes 1 or 2.", "apierror-deletedrevs-param-not-3": "The $1 parameter cannot be used in mode 3.", + "apierror-edit-invalidredirect": "Cannot edit $1 while following redirects, as target $2 is not valid.", "apierror-emptynewsection": "Creating empty new sections is not possible.", "apierror-emptypage": "Creating new, empty pages is not allowed.", "apierror-exceptioncaught": "[$1] Exception caught: $2", diff --git a/includes/api/i18n/qqq.json b/includes/api/i18n/qqq.json index 594bf8e685..f3978acc8c 100644 --- a/includes/api/i18n/qqq.json +++ b/includes/api/i18n/qqq.json @@ -1582,6 +1582,7 @@ "apierror-databaseerror": "{{doc-apierror}}\n\nParameters:\n* $1 - Exception log ID code. This is meaningless to the end user, but can be used by people with access to the logs to easily find the logged error.", "apierror-deletedrevs-param-not-1-2": "{{doc-apierror}}\n\nParameters:\n* $1 - Parameter name.\n\nSee also:\n* {{msg-mw|apihelp-query+deletedrevs-extended-description}}", "apierror-deletedrevs-param-not-3": "{{doc-apierror}}\n\nParameters:\n* $1 - Parameter name.\n\nSee also:\n* {{msg-mw|apihelp-query+deletedrevs-extended-description}}", + "apierror-edit-invalidredirect": "{{doc-apierror}}\n\nParameters:\n* $1 - Redirect being edited\n* $2 - Target of the redirect that cannot be edited.", "apierror-emptynewsection": "{{doc-apierror}}", "apierror-emptypage": "{{doc-apierror}}", "apierror-exceptioncaught": "{{doc-apierror}}\n\nParameters:\n* $1 - Exception log ID code. This is meaningless to the end user, but can be used by people with access to the logs to easily find the logged error.\n* $2 - Exception message, which may end with punctuation. Probably in English.",