API: Don't allow '#' in title-parts

As-is, this causes loss of a character from the passed-in title leading
to wrong output. But there should never be a '#' in a title-part anyway,
the best thing is to just disallow it completely.

Bug: T38358
Change-Id: Id90bfb9c63a5960e7d2d49350d3e0da0327d0e24

diff --git a/includes/api/ApiQueryBase.php b/includes/api/ApiQueryBase.php
index 998cc91..7414913 100644 (file)
--- a/includes/api/ApiQueryBase.php
+++ b/includes/api/ApiQueryBase.php
@@ -513,7 +513,8 @@ abstract class ApiQueryBase extends ApiBase {
         */
        public function titlePartToKey( $titlePart, $namespace = NS_MAIN ) {
                $t = Title::makeTitleSafe( $namespace, $titlePart . 'x' );
-               if ( !$t ) {
+               if ( !$t || $t->hasFragment() ) {
+                       // Invalid title (e.g. bad chars) or contained a '#'.
                        $this->dieUsageMsg( array( 'invalidtitle', $titlePart ) );
                }
                if ( $namespace != $t->getNamespace() || $t->isExternal() ) {