Always validate uploads over api

filesize and title are validated in UploadBase::verifyUpload with more
accurate error message

Using stashed async with a long title can cause null errors later on

Bug: T208539
Change-Id: I545435e2baa222ae1544673011c5527874d1d2cb

diff --git a/includes/api/ApiUpload.php b/includes/api/ApiUpload.php
index fc41e4e..f0d271c 100644 (file)
--- a/includes/api/ApiUpload.php
+++ b/includes/api/ApiUpload.php
@@ -74,20 +74,8 @@ class ApiUpload extends ApiBase {
                }
 
                // Check if the uploaded file is sane
-               if ( $this->mParams['chunk'] ) {
-                       $maxSize = UploadBase::getMaxUploadSize();
-                       if ( $this->mParams['filesize'] > $maxSize ) {
-                               $this->dieWithError( 'file-too-large' );
-                       }
-                       if ( !$this->mUpload->getTitle() ) {
-                               $this->dieWithError( 'illegal-filename' );
-                       }
-               } elseif ( $this->mParams['async'] && $this->mParams['filekey'] ) {
-                       // defer verification to background process
-               } else {
-                       wfDebug( __METHOD__ . " about to verify\n" );
-                       $this->verifyUpload();
-               }
+               wfDebug( __METHOD__ . " about to verify\n" );
+               $this->verifyUpload();
 
                // Check if the user has the rights to modify or overwrite the requested title
                // (This check is irrelevant if stashing is already requested, since the errors