Page MenuHomePhabricator

api list=deletedrevs errors when drlimit given a float value
Open, Needs TriagePublic

Description

https://fr.wikipedia.org/w/api.php?action=query&list=deletedrevs&titles=Liste_des_officiers_sup%C3%A9rieurs_de_l%27arm%C3%A9e_des_deux_couronnes&drlimit=15.453666427602&drdir=older&drprop=revid%7Cparentid%7Cuser%7Cuserid%7Ccomment%7Cminor%7Clen%7Csha1%7Ccontent&format=jsonfm&continue=

causes an SQL query with a fractional LIMIT. The limit should be better validated before putting into SQL (I already verified you can't do anything evil with this, so its not a high priority)

Event Timeline

Bawolff created this task.Dec 5 2018, 7:25 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 5 2018, 7:25 AM
Anomie moved this task from Unsorted to Needs Code on the MediaWiki-API board.Dec 5 2018, 3:36 PM
Anomie added a subscriber: Anomie.

In the short term, ApiBase::validateLimit() should probably include $value = (int)$value; at the top.

Longer term, https://gerrit.wikimedia.org/r/c/mediawiki/core/+/434718 should do it (or should be made to do it if it doesn't already).

It looks like ApiQueryAllRevisions, ApiQueryDeletedRevisions, and ApiQueryRevisions are affected too, BTW.