X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=includes%2Fapi%2FApiStashEdit.php;h=d03fca87a0b58efea8c043fa32eb5b21de45f761;hp=92cbe9053a7b666ec7735db8745d7f77d5ec3576;hb=6baf2fb802f20af063cb4fe13cd99c9248aae1cb;hpb=61898ad28ed69c5b391eb43e0db9386279b9612c

diff --git a/includes/api/ApiStashEdit.php b/includes/api/ApiStashEdit.php
index 92cbe9053a..d03fca87a0 100644
--- a/includes/api/ApiStashEdit.php
+++ b/includes/api/ApiStashEdit.php
@@ -16,7 +16,6 @@
  * http://www.gnu.org/copyleft/gpl.html
  *
  * @file
- * @author Aaron Schulz
  */
 
 use MediaWiki\Logger\LoggerFactory;
@@ -45,13 +44,14 @@ class ApiStashEdit extends ApiBase {
 
 	const PRESUME_FRESH_TTL_SEC = 30;
 	const MAX_CACHE_TTL = 300; // 5 minutes
+	const MAX_SIGNATURE_TTL = 60;
 
 	public function execute() {
 		$user = $this->getUser();
 		$params = $this->extractRequestParams();
 
 		if ( $user->isBot() ) { // sanity
-			$this->dieUsage( 'This interface is not supported for bots', 'botsnotsupported' );
+			$this->dieWithError( 'apierror-botsnotsupported' );
 		}
 
 		$cache = ObjectCache::getLocalClusterInstance();
@@ -61,9 +61,14 @@ class ApiStashEdit extends ApiBase {
 		if ( !ContentHandler::getForModelID( $params['contentmodel'] )
 			->isSupportedFormat( $params['contentformat'] )
 		) {
-			$this->dieUsage( 'Unsupported content model/format', 'badmodelformat' );
+			$this->dieWithError(
+				[ 'apierror-badformat-generic', $params['contentformat'], $params['contentmodel'] ],
+				'badmodelformat'
+			);
 		}
 
+		$this->requireAtLeastOneParameter( $params, 'stashedtexthash', 'text' );
+
 		$text = null;
 		$textHash = null;
 		if ( strlen( $params['stashedtexthash'] ) ) {
@@ -72,15 +77,18 @@ class ApiStashEdit extends ApiBase {
 			$textKey = $cache->makeKey( 'stashedit', 'text', $textHash );
 			$text = $cache->get( $textKey );
 			if ( !is_string( $text ) ) {
-				$this->dieUsage( 'No stashed text found with the given hash', 'missingtext' );
+				$this->dieWithError( 'apierror-stashedit-missingtext', 'missingtext' );
 			}
 		} elseif ( $params['text'] !== null ) {
 			// Trim and fix newlines so the key SHA1's match (see WebRequest::getText())
 			$text = rtrim( str_replace( "\r\n", "\n", $params['text'] ) );
 			$textHash = sha1( $text );
 		} else {
-			$this->dieUsage(
-				'The text or stashedtexthash parameter must be given', 'missingtextparam' );
+			$this->dieWithError( [
+				'apierror-missingparam-at-least-one-of',
+				Message::listParam( [ '<var>stashedtexthash</var>', '<var>text</var>' ] ),
+				2,
+			], 'missingparam' );
 		}
 
 		$textContent = ContentHandler::makeContent(
@@ -91,11 +99,11 @@ class ApiStashEdit extends ApiBase {
 			// Page exists: get the merged content with the proposed change
 			$baseRev = Revision::newFromPageId( $page->getId(), $params['baserevid'] );
 			if ( !$baseRev ) {
-				$this->dieUsage( "No revision ID {$params['baserevid']}", 'missingrev' );
+				$this->dieWithError( [ 'apierror-nosuchrevid', $params['baserevid'] ] );
 			}
 			$currentRev = $page->getRevision();
 			if ( !$currentRev ) {
-				$this->dieUsage( "No current revision of page ID {$page->getId()}", 'missingrev' );
+				$this->dieWithError( [ 'apierror-missingrev-pageid', $page->getId() ], 'missingrev' );
 			}
 			// Merge in the new version of the section to get the proposed version
 			$editContent = $page->replaceSectionAtRev(
@@ -105,7 +113,7 @@ class ApiStashEdit extends ApiBase {
 				$baseRev->getId()
 			);
 			if ( !$editContent ) {
-				$this->dieUsage( 'Could not merge updated section.', 'replacefailed' );
+				$this->dieWithError( 'apierror-sectionreplacefailed', 'replacefailed' );
 			}
 			if ( $currentRev->getId() == $baseRev->getId() ) {
 				// Base revision was still the latest; nothing to merge
@@ -115,7 +123,7 @@ class ApiStashEdit extends ApiBase {
 				$baseContent = $baseRev->getContent();
 				$currentContent = $currentRev->getContent();
 				if ( !$baseContent || !$currentContent ) {
-					$this->dieUsage( "Missing content for page ID {$page->getId()}", 'missingrev' );
+					$this->dieWithError( [ 'apierror-missingcontent-pageid', $page->getId() ], 'missingrev' );
 				}
 				$handler = ContentHandler::getForModelID( $baseContent->getModel() );
 				$content = $handler->merge3( $baseContent, $editContent, $currentContent );
@@ -160,7 +168,7 @@ class ApiStashEdit extends ApiBase {
 	 * @param Content $content Edit content
 	 * @param User $user
 	 * @param string $summary Edit summary
-	 * @return integer ApiStashEdit::ERROR_* constant
+	 * @return string ApiStashEdit::ERROR_* constant
 	 * @since 1.25
 	 */
 	public static function parseAndStash( WikiPage $page, Content $content, User $user, $summary ) {
@@ -384,6 +392,12 @@ class ApiStashEdit extends ApiBase {
 		// Put an upper limit on the TTL for sanity to avoid extreme template/file staleness.
 		$since = time() - wfTimestamp( TS_UNIX, $parserOutput->getTimestamp() );
 		$ttl = min( $parserOutput->getCacheExpiry() - $since, self::MAX_CACHE_TTL );
+
+		// Avoid extremely stale user signature timestamps (T84843)
+		if ( $parserOutput->getFlag( 'user-signature' ) ) {
+			$ttl = min( $ttl, self::MAX_SIGNATURE_TTL );
+		}
+
 		if ( $ttl <= 0 ) {
 			return [ null, 0, 'no_ttl' ];
 		}