[MediaWiki-commits] [Gerrit] mediawiki...ORES[master]: Validate $type variable to prevent accidental injection

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged.

Change subject: Validate $type variable to prevent accidental injection
......................................................................


Validate $type variable to prevent accidental injection

Change-Id: I97bd6344580831057fe0b4bc44f7ee9fd978dc76
---
M includes/Hooks.php
1 file changed, 7 insertions(+), 0 deletions(-)

Approvals:
  Catrope: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/includes/Hooks.php b/includes/Hooks.php
index 1a23775..31f5de9 100644
--- a/includes/Hooks.php
+++ b/includes/Hooks.php
@@ -561,6 +561,13 @@
                        return;
                }
 
+               if ( !ctype_lower( $type ) ) {
+                       throw new Exception(
+                               "Invalid value for parameter 'type': '$type'. " 
.
+                               'Restricted to one lower case word to prevent 
accidental injection.'
+                       );
+               }
+
                $dbr = \wfGetDB( DB_REPLICA );
                $threshold = self::getThreshold( $type, $user );
                $tables["ores_${type}_mdl"] = 'ores_model';

-- 
To view, visit https://gerrit.wikimedia.org/r/325302
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I97bd6344580831057fe0b4bc44f7ee9fd978dc76
Gerrit-PatchSet: 3
Gerrit-Project: mediawiki/extensions/ORES
Gerrit-Branch: master
Gerrit-Owner: Sbisson <sbis...@wikimedia.org>
Gerrit-Reviewer: Catrope <r...@wikimedia.org>
Gerrit-Reviewer: Thiemo Mättig (WMDE) <thiemo.maet...@wikimedia.de>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits