ApiFeedContributions: Throw if the username is invalid

Bug: T230239
Change-Id: I4141047c8f1ff73665b79a27a7c5eb995c52ea88

diff --git a/includes/api/ApiFeedContributions.php b/includes/api/ApiFeedContributions.php
index 08be8e0..28b0a4b 100644 (file)
--- a/includes/api/ApiFeedContributions.php
+++ b/includes/api/ApiFeedContributions.php
@@ -34,6 +34,9 @@ class ApiFeedContributions extends ApiBase {
        /** @var RevisionStore */
        private $revisionStore;
 
+       /** @var TitleParser */
+       private $titleParser;
+
        /**
         * This module uses a custom feed wrapper printer.
         *
@@ -45,6 +48,7 @@ class ApiFeedContributions extends ApiBase {
 
        public function execute() {
                $this->revisionStore = MediaWikiServices::getInstance()->getRevisionStore();
+               $this->titleParser = MediaWikiServices::getInstance()->getTitleParser();
 
                $params = $this->extractRequestParams();
 
@@ -67,9 +71,19 @@ class ApiFeedContributions extends ApiBase {
                        ' [' . $config->get( 'LanguageCode' ) . ']';
                $feedUrl = SpecialPage::getTitleFor( 'Contributions', $params['user'] )->getFullURL();
 
-               $target = $params['user'] == 'newbies'
-                       ? 'newbies'
-                       : Title::makeTitleSafe( NS_USER, $params['user'] )->getText();
+               $target = 'newbies';
+               if ( $params['user'] != 'newbies' ) {
+                       try {
+                               $target = $this->titleParser
+                                       ->parseTitle( $params['user'], NS_USER )
+                                       ->getText();
+                       } catch ( MalformedTitleException $e ) {
+                               $this->dieWithError(
+                                       [ 'apierror-baduser', 'user', wfEscapeWikiText( $params['user'] ) ],
+                                       'baduser_' . $this->encodeParamName( 'user' )
+                               );
+                       }
+               }
 
                $feed = new $feedClasses[$params['feedformat']] (
                        $feedTitle,

diff --git a/tests/phpunit/includes/api/ApiFeedContributionsTest.php b/tests/phpunit/includes/api/ApiFeedContributionsTest.php
new file mode 100644 (file)
index 0000000..f3ec565
--- /dev/null
+++ b/tests/phpunit/includes/api/ApiFeedContributionsTest.php
@@ -0,0 +1,19 @@
+<?php
+
+/**
+ * @group API
+ * @group medium
+ *
+ * @covers ApiFeedContributions
+ */
+class ApiFeedContributionsTest extends ApiTestCase {
+
+       public function testInvalidExternalUser() {
+               $this->setExpectedException( ApiUsageException::class,
+                       'Invalid value ">" for user parameter "user"' );
+               $this->doApiRequest( [
+                       'action' => 'feedcontributions',
+                       'user' => '>'
+               ] );
+       }
+}