Validate cmstarthexsortkey/cmendhexsortkey to be valid hex

Avoids: Warning: pack(): Type H: illegal hex digit N in
\includes\api\ApiQueryCategoryMembers.php on line 146

Bug: 40809
Change-Id: I1dd732ccec8e6991d0ceac443226f5c7e59fd853

diff --git a/includes/api/ApiQueryCategoryMembers.php b/includes/api/ApiQueryCategoryMembers.php
index 5b4a766..97c292e 100644 (file)
--- a/includes/api/ApiQueryCategoryMembers.php
+++ b/includes/api/ApiQueryCategoryMembers.php
@@ -47,6 +47,15 @@ class ApiQueryCategoryMembers extends ApiQueryGeneratorBase {
                $this->run( $resultPageSet );
        }
 
+       /**
+        * @param string $hexSortkey
+        * @return bool
+        */
+       private function validateHexSortkey( $hexSortkey ) {
+               // A hex sortkey has an unbound number of 2 letter pairs
+               return preg_match( '/^(?:[a-fA-F0-9]{2})*$/', $hexSortkey );
+       }
+
        /**
         * @param ApiPageSet $resultPageSet
         * @return void
@@ -128,6 +137,7 @@ class ApiQueryCategoryMembers extends ApiQueryGeneratorBase {
                                $queryTypes = array_slice( $queryTypes, $contTypeIndex );
 
                                // Add a WHERE clause for sortkey and from
+                               $this->dieContinueUsageIf( !$this->validateHexSortkey( $cont[1] ) );
                                // pack( "H*", $foo ) is used to convert hex back to binary
                                $escSortkey = $this->getDB()->addQuotes( pack( 'H*', $cont[1] ) );
                                $from = intval( $cont[2] );
@@ -143,6 +153,9 @@ class ApiQueryCategoryMembers extends ApiQueryGeneratorBase {
                                if ( $params['startsortkeyprefix'] !== null ) {
                                        $startsortkey = Collation::singleton()->getSortkey( $params['startsortkeyprefix'] );
                                } elseif ( $params['starthexsortkey'] !== null ) {
+                                       if ( !$this->validateHexSortkey( $params['starthexsortkey'] ) ) {
+                                               $this->dieUsage( 'The starthexsortkey provided is not valid', 'bad_starthexsortkey' );
+                                       }
                                        $startsortkey = pack( 'H*', $params['starthexsortkey'] );
                                } else {
                                        $this->logFeatureUsage( 'list=categorymembers&cmstartsortkey' );
@@ -151,6 +164,9 @@ class ApiQueryCategoryMembers extends ApiQueryGeneratorBase {
                                if ( $params['endsortkeyprefix'] !== null ) {
                                        $endsortkey = Collation::singleton()->getSortkey( $params['endsortkeyprefix'] );
                                } elseif ( $params['endhexsortkey'] !== null ) {
+                                       if ( !$this->validateHexSortkey( $params['endhexsortkey'] ) ) {
+                                               $this->dieUsage( 'The endhexsortkey provided is not valid', 'bad_endhexsortkey' );
+                                       }
                                        $endsortkey = pack( 'H*', $params['endhexsortkey'] );
                                } else {
                                        $this->logFeatureUsage( 'list=categorymembers&cmendsortkey' );