ImageHistoryPseudoPager: Protect against TimestampException from bad user input

[lhc/web/wiklou.git] / includes / page / ImageHistoryPseudoPager.php

diff --git a/includes/page/ImageHistoryPseudoPager.php b/includes/page/ImageHistoryPseudoPager.php
index 4785ef1..799c33a 100644 (file)
--- a/includes/page/ImageHistoryPseudoPager.php
+++ b/includes/page/ImageHistoryPseudoPager.php
@@ -18,6 +18,8 @@
  * @file
  */
 
+use Wikimedia\Timestamp\TimestampException;
+
 class ImageHistoryPseudoPager extends ReverseChronologicalPager {
        protected $preventClickjacking = false;
 
@@ -55,8 +57,7 @@ class ImageHistoryPseudoPager extends ReverseChronologicalPager {
        public function __construct( $imagePage ) {
                parent::__construct( $imagePage->getContext() );
                $this->mImagePage = $imagePage;
-               $this->mTitle = clone $imagePage->getTitle();
-               $this->mTitle->setFragment( '#filehistory' );
+               $this->mTitle = $imagePage->getTitle()->createFragmentTarget( 'filehistory' );
                $this->mImg = null;
                $this->mHist = [];
                $this->mRange = [ 0, 0 ]; // display range
@@ -139,6 +140,14 @@ class ImageHistoryPseudoPager extends ReverseChronologicalPager {
                if ( !$this->mImg->exists() ) {
                        return;
                }
+               // Make sure the date (probably from user input) is valid; if not, drop it.
+               if ( $this->mOffset !== null ) {
+                       try {
+                               $sadlyWeCannotPassThisTimestampDownTheStack = $this->mDb->timestamp( $this->mOffset );
+                       } catch ( TimestampException $e ) {
+                               $this->mOffset = null;
+                       }
+               }
                $queryLimit = $this->mLimit + 1; // limit plus extra row
                if ( $this->mIsBackwards ) {
                        // Fetch the file history