*/
const PARAM_DEPRECATED_VALUES = 20;
+ /**
+ * (integer) Maximum number of values, for normal users. Must be used with PARAM_ISMULTI.
+ * @since 1.30
+ */
+ const PARAM_ISMULTI_LIMIT1 = 21;
+
+ /**
+ * (integer) Maximum number of values, for users with the apihighimits right.
+ * Must be used with PARAM_ISMULTI.
+ * @since 1.30
+ */
+ const PARAM_ISMULTI_LIMIT2 = 22;
+
+ /**
+ * (integer) Maximum length of a string in bytes (in UTF-8 encoding).
+ * @since 1.31
+ */
+ const PARAM_MAX_BYTES = 23;
+
+ /**
+ * (integer) Maximum length of a string in characters (unicode codepoints).
+ * @since 1.31
+ */
+ const PARAM_MAX_CHARS = 24;
+
/**@}*/
const ALL_DEFAULT_STRING = '*';
$multi = isset( $paramSettings[self::PARAM_ISMULTI] )
? $paramSettings[self::PARAM_ISMULTI]
: false;
+ $multiLimit1 = isset( $paramSettings[self::PARAM_ISMULTI_LIMIT1] )
+ ? $paramSettings[self::PARAM_ISMULTI_LIMIT1]
+ : null;
+ $multiLimit2 = isset( $paramSettings[self::PARAM_ISMULTI_LIMIT2] )
+ ? $paramSettings[self::PARAM_ISMULTI_LIMIT2]
+ : null;
$type = isset( $paramSettings[self::PARAM_TYPE] )
? $paramSettings[self::PARAM_TYPE]
: null;
} else {
$type = 'NULL'; // allow everything
}
+ }
- if ( $type == 'password' || !empty( $paramSettings[self::PARAM_SENSITIVE] ) ) {
- $this->getMain()->markParamsSensitive( $encParamName );
- }
+ if ( $type == 'password' || !empty( $paramSettings[self::PARAM_SENSITIVE] ) ) {
+ $this->getMain()->markParamsSensitive( $encParamName );
}
if ( $type == 'boolean' ) {
$value,
$multi,
is_array( $type ) ? $type : null,
- $allowAll ? $allSpecifier : null
+ $allowAll ? $allSpecifier : null,
+ $multiLimit1,
+ $multiLimit2
);
}
- // More validation only when choices were not given
- // choices were validated in parseMultiValue()
if ( isset( $value ) ) {
+ // More validation only when choices were not given
+ // choices were validated in parseMultiValue()
if ( !is_array( $type ) ) {
switch ( $type ) {
case 'NULL': // nothing to do
$value = array_unique( $value );
}
+ if ( in_array( $type, [ 'NULL', 'string', 'text', 'password' ], true ) ) {
+ foreach ( (array)$value as $val ) {
+ if ( isset( $paramSettings[self::PARAM_MAX_BYTES] )
+ && strlen( $val ) > $paramSettings[self::PARAM_MAX_BYTES]
+ ) {
+ $this->dieWithError( [ 'apierror-maxbytes', $encParamName,
+ $paramSettings[self::PARAM_MAX_BYTES] ] );
+ }
+ if ( isset( $paramSettings[self::PARAM_MAX_CHARS] )
+ && mb_strlen( $val, 'UTF-8' ) > $paramSettings[self::PARAM_MAX_CHARS]
+ ) {
+ $this->dieWithError( [ 'apierror-maxchars', $encParamName,
+ $paramSettings[self::PARAM_MAX_CHARS] ] );
+ }
+ }
+ }
+
// Set a warning if a deprecated parameter has been passed
if ( $deprecated && $value !== false ) {
$feature = $encParamName;
* null, all values are accepted.
* @param string|null $allSpecifier String to use to specify all allowed values, or null
* if this behavior should not be allowed
+ * @param int|null $limit1 Maximum number of values, for normal users.
+ * @param int|null $limit2 Maximum number of values, for users with the apihighlimits right.
* @return string|string[] (allowMultiple ? an_array_of_values : a_single_value)
*/
protected function parseMultiValue( $valueName, $value, $allowMultiple, $allowedValues,
- $allSpecifier = null
+ $allSpecifier = null, $limit1 = null, $limit2 = null
) {
if ( ( trim( $value ) === '' || trim( $value ) === "\x1f" ) && $allowMultiple ) {
return [];
}
+ $limit1 = $limit1 ?: self::LIMIT_SML1;
+ $limit2 = $limit2 ?: self::LIMIT_SML2;
// This is a bit awkward, but we want to avoid calling canApiHighLimits()
// because it unstubs $wgUser
- $valuesList = $this->explodeMultiValue( $value, self::LIMIT_SML2 + 1 );
- $sizeLimit = count( $valuesList ) > self::LIMIT_SML1 && $this->mMainModule->canApiHighLimits()
- ? self::LIMIT_SML2
- : self::LIMIT_SML1;
+ $valuesList = $this->explodeMultiValue( $value, $limit2 + 1 );
+ $sizeLimit = count( $valuesList ) > $limit1 && $this->mMainModule->canApiHighLimits()
+ ? $limit2
+ : $limit1;
if ( $allowMultiple && is_array( $allowedValues ) && $allSpecifier &&
count( $valuesList ) === 1 && $valuesList[0] === $allSpecifier
dépôts / lhc / web / wiklou.git / blobdiff