api: Check for post_max_size on api requests

php documentation:
If the size of post data is greater than post_max_size, the $_POST and
$_FILES superglobals are empty.

When the action= and format= are not in the GET data,
the help page is returned in html, breaking the clients expected format.

Return api error with http status 413

Bug: T291754
Change-Id: I5906fb6b4412b161b198df0b51e2476e7e1079b8

1 files changed, 14 insertions, 4 deletions

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 7ea691074831..58810a91b89e 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -1907,10 +1907,20 @@ class ApiMain extends ApiBase {
 			$this->dieWithErrorOrDebug( [ 'apierror-mustbeposted', $this->mAction ] );
 		}
 
-		if ( $request->wasPosted() && !$request->getHeader( 'Content-Type' ) ) {
-			$this->addDeprecation(
-				'apiwarn-deprecation-post-without-content-type', 'post-without-content-type'
-			);
+		if ( $request->wasPosted() ) {
+			if ( !$request->getHeader( 'Content-Type' ) ) {
+				$this->addDeprecation(
+					'apiwarn-deprecation-post-without-content-type', 'post-without-content-type'
+				);
+			}
+			$contentLength = $request->getHeader( 'Content-Length' );
+			$maxPostSize = wfShorthandToInteger( ini_get( 'post_max_size' ), 0 );
+			if ( $maxPostSize && $contentLength > $maxPostSize ) {
+				$this->dieWithError(
+					[ 'apierror-http-contenttoolarge', Message::sizeParam( $maxPostSize ) ],
+					null, null, 413
+				);
+			}
 		}
 
 		// See if custom printer is used