Page MenuHomePhabricator

Add size limits and character normalization for the ReadingLists batch APIs
Closed, ResolvedPublic


Since the ReadingLists API uses JSON parameters for batch writes, and that's not natively understood by the API framework, it does not include some things that API modules normally get for free. Specifically:

  • strings in the JSON data should be normalized the same way the API normalizes other parameters (NFC etc)
  • there should be a limit on the number of items that can be included
    • the limit should be expressed in the paraminfo API and in the maxItems field of the Swagger spec (and the Swagger spec could also include the max response size while we are there)
  • there should probably a length limit for the full JSON string, just in case

(This is a follow-up to T182052: Batch reading list operations.)

Event Timeline

the limit should be expressed in the paraminfo API

Punting on that for now. See T187603: Add JSON parameter type to the action API for a proper solution (which is a ton of work).

Change 411569 had a related patch set uploaded (by Gergő Tisza; owner: Gergő Tisza):
[mediawiki/extensions/ReadingLists@master] Improve JSON parameter validation

Change 411569 merged by jenkins-bot:
[mediawiki/extensions/ReadingLists@master] Improve JSON parameter validation