Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes/api/ApiOptions.php

187 lines
5.3 KiB
PHP
Raw Normal View History

(bug 18195) Allow changing preferences via API I have created an API module for changing the preferences. It allows resetting preferences (reset argument) and bulk changes of preferences (change argument) in a format: name1=value1|name2=value2 The change argument has a limitation imposed by the current API implementation as it cannot accept | in values. There is available a pair of arguments optionname and optionvalue, the latter accepts values with |. I have created optionstoken parameter in meta=userinfo to provide a token. There is already preferencestoken there, but I would like to have a consistent naming. Change-Id: I0d6c654a7354ba77e65e338423952a6a78c1150f
2012-04-16 20:02:34 +00:00
<?php
/**
*
*
* Created on Apr 15, 2012
*
* Copyright © 2012 Szymon Świerkosz beau@adres.pl
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
*/
/**
Fix align of block comments Change-Id: I88ea33a125a71671886b49e4ebf4c1d0a1cce572
2013-03-07 16:27:38 +00:00
* API module that facilitates the changing of user's preferences.
* Requires API write mode to be enabled.
*
(bug 18195) Allow changing preferences via API I have created an API module for changing the preferences. It allows resetting preferences (reset argument) and bulk changes of preferences (change argument) in a format: name1=value1|name2=value2 The change argument has a limitation imposed by the current API implementation as it cannot accept | in values. There is available a pair of arguments optionname and optionvalue, the latter accepts values with |. I have created optionstoken parameter in meta=userinfo to provide a token. There is already preferencestoken there, but I would like to have a consistent naming. Change-Id: I0d6c654a7354ba77e65e338423952a6a78c1150f
2012-04-16 20:02:34 +00:00
* @ingroup API
*/
class ApiOptions extends ApiBase {
/**
* Changes preferences of the current user.
*/
public function execute() {
Avoid "CAS updated failed" errors on Special:Preferences double post * This does the same thing ApiOptions does to avoid these errors. A new getInstanceForUpdate() method is now in the User class to simplify this pattern. * Avoid overriding $user in ApiOptions for code readability. * Fixed IDEA errors around Preferences::getFormObject() return type. Bug: T95839 Change-Id: If2385b7486c043bd70d7031ff35e37dfb079a4d2
2015-12-13 04:35:22 +00:00
if ( $this->getUser()->isAnon() ) {
API: i18n for warnings and errors API warnings and error messages are currently hard-coded English strings. This patch changes that. With a few exceptions, this patch should be compatible with non-updated extensions: * The change to ApiBase::$messageMap will blow up anything trying to mess with it. * The changes to the 'ApiCheckCanExecute' hook will cause a wrong (probably unparsed) error message to be emitted for extensions not already using an ApiMessage. Unless they're currently broken like Wikibase. Bug: T37074 Bug: T47843 Depends-On: Ia2b66b57cd4eaddc30b3ffdd7b97d6ca3e02d898 Depends-On: I2e1bb975bb0045476c03ebe6cdec00259bae22ec Depends-On: I53987bf87c48f6c00deec17a8e957d24fcc3eaa6 Depends-On: Ibf93a459eb62d30f7c70d20e91ec9faeb80d10ed Depends-On: I3cf889811f44a15935e454dd42f081164d4a098c Depends-On: Ieae527de86735ddcba34724730e8730fb277b99b Depends-On: I535344c29d51521147c2a26c341dae38cec3e931 Change-Id: Iae0e2ce3bd42dd4776a9779664086119ac188412
2016-10-19 16:54:25 +00:00
$this->dieWithError(
[ 'apierror-mustbeloggedin', $this->msg( 'action-editmyoptions' ) ], 'notloggedin'
);
Add 'viewmyprivateinfo', 'editmyprivateinfo', and 'editmyoptions' rights These are needed for OAuth grants. Note that we don't bother with a 'viewmyoptions' right, since the majority will be determinable from just observing the interface. Note that the fact of having a confirmed email address cannot be reliably hidden, and if the user has 'sendemail' they may be able to determine the real name and email address by sending an email to another account that they control. Change-Id: I3f03dd010020e8d43cc2d3bca7b3ef7196d1c548
2013-06-10 19:30:43 +00:00
}
API: i18n for warnings and errors API warnings and error messages are currently hard-coded English strings. This patch changes that. With a few exceptions, this patch should be compatible with non-updated extensions: * The change to ApiBase::$messageMap will blow up anything trying to mess with it. * The changes to the 'ApiCheckCanExecute' hook will cause a wrong (probably unparsed) error message to be emitted for extensions not already using an ApiMessage. Unless they're currently broken like Wikibase. Bug: T37074 Bug: T47843 Depends-On: Ia2b66b57cd4eaddc30b3ffdd7b97d6ca3e02d898 Depends-On: I2e1bb975bb0045476c03ebe6cdec00259bae22ec Depends-On: I53987bf87c48f6c00deec17a8e957d24fcc3eaa6 Depends-On: Ibf93a459eb62d30f7c70d20e91ec9faeb80d10ed Depends-On: I3cf889811f44a15935e454dd42f081164d4a098c Depends-On: Ieae527de86735ddcba34724730e8730fb277b99b Depends-On: I535344c29d51521147c2a26c341dae38cec3e931 Change-Id: Iae0e2ce3bd42dd4776a9779664086119ac188412
2016-10-19 16:54:25 +00:00
$this->checkUserRightsAny( 'editmyoptions' );
(bug 18195) Allow changing preferences via API I have created an API module for changing the preferences. It allows resetting preferences (reset argument) and bulk changes of preferences (change argument) in a format: name1=value1|name2=value2 The change argument has a limitation imposed by the current API implementation as it cannot accept | in values. There is available a pair of arguments optionname and optionvalue, the latter accepts values with |. I have created optionstoken parameter in meta=userinfo to provide a token. There is already preferencestoken there, but I would like to have a consistent naming. Change-Id: I0d6c654a7354ba77e65e338423952a6a78c1150f
2012-04-16 20:02:34 +00:00
$params = $this->extractRequestParams();
(bug 42202) Validate preference values in action=options Previously, there was no validation whatsoever and the module would happily write any preference you asked it to. This, combined with the fact that the code using the 'editfont' preference didn't perform any validation or escaping, led to a CSS injection vulnerability. Using Preferences::getPreferences breaks some existing test cases because a MockUser doesn't have groups for preferences. Change-Id: I98df55f2b16ac1b6fce578798b6f58b5dad96775
2012-11-16 18:19:15 +00:00
$changed = false;
(bug 18195) Allow changing preferences via API I have created an API module for changing the preferences. It allows resetting preferences (reset argument) and bulk changes of preferences (change argument) in a format: name1=value1|name2=value2 The change argument has a limitation imposed by the current API implementation as it cannot accept | in values. There is available a pair of arguments optionname and optionvalue, the latter accepts values with |. I have created optionstoken parameter in meta=userinfo to provide a token. There is already preferencestoken there, but I would like to have a consistent naming. Change-Id: I0d6c654a7354ba77e65e338423952a6a78c1150f
2012-04-16 20:02:34 +00:00
if ( isset( $params['optionvalue'] ) && !isset( $params['optionname'] ) ) {
API: i18n for warnings and errors API warnings and error messages are currently hard-coded English strings. This patch changes that. With a few exceptions, this patch should be compatible with non-updated extensions: * The change to ApiBase::$messageMap will blow up anything trying to mess with it. * The changes to the 'ApiCheckCanExecute' hook will cause a wrong (probably unparsed) error message to be emitted for extensions not already using an ApiMessage. Unless they're currently broken like Wikibase. Bug: T37074 Bug: T47843 Depends-On: Ia2b66b57cd4eaddc30b3ffdd7b97d6ca3e02d898 Depends-On: I2e1bb975bb0045476c03ebe6cdec00259bae22ec Depends-On: I53987bf87c48f6c00deec17a8e957d24fcc3eaa6 Depends-On: Ibf93a459eb62d30f7c70d20e91ec9faeb80d10ed Depends-On: I3cf889811f44a15935e454dd42f081164d4a098c Depends-On: Ieae527de86735ddcba34724730e8730fb277b99b Depends-On: I535344c29d51521147c2a26c341dae38cec3e931 Change-Id: Iae0e2ce3bd42dd4776a9779664086119ac188412
2016-10-19 16:54:25 +00:00
$this->dieWithError( [ 'apierror-missingparam', 'optionname' ] );
(bug 18195) Allow changing preferences via API I have created an API module for changing the preferences. It allows resetting preferences (reset argument) and bulk changes of preferences (change argument) in a format: name1=value1|name2=value2 The change argument has a limitation imposed by the current API implementation as it cannot accept | in values. There is available a pair of arguments optionname and optionvalue, the latter accepts values with |. I have created optionstoken parameter in meta=userinfo to provide a token. There is already preferencestoken there, but I would like to have a consistent naming. Change-Id: I0d6c654a7354ba77e65e338423952a6a78c1150f
2012-04-16 20:02:34 +00:00
}
Load User via READ_LATEST in ApiOptions to avoid CAS errors Bug: T95839 Change-Id: I3c4cf4347af24f3313e709a996618b755da22dd2
2015-08-26 00:27:46 +00:00
// Load the user from the master to reduce CAS errors on double post (T95839)
Avoid "CAS updated failed" errors on Special:Preferences double post * This does the same thing ApiOptions does to avoid these errors. A new getInstanceForUpdate() method is now in the User class to simplify this pattern. * Avoid overriding $user in ApiOptions for code readability. * Fixed IDEA errors around Preferences::getFormObject() return type. Bug: T95839 Change-Id: If2385b7486c043bd70d7031ff35e37dfb079a4d2
2015-12-13 04:35:22 +00:00
$user = $this->getUser()->getInstanceForUpdate();
if ( !$user ) {
API: i18n for warnings and errors API warnings and error messages are currently hard-coded English strings. This patch changes that. With a few exceptions, this patch should be compatible with non-updated extensions: * The change to ApiBase::$messageMap will blow up anything trying to mess with it. * The changes to the 'ApiCheckCanExecute' hook will cause a wrong (probably unparsed) error message to be emitted for extensions not already using an ApiMessage. Unless they're currently broken like Wikibase. Bug: T37074 Bug: T47843 Depends-On: Ia2b66b57cd4eaddc30b3ffdd7b97d6ca3e02d898 Depends-On: I2e1bb975bb0045476c03ebe6cdec00259bae22ec Depends-On: I53987bf87c48f6c00deec17a8e957d24fcc3eaa6 Depends-On: Ibf93a459eb62d30f7c70d20e91ec9faeb80d10ed Depends-On: I3cf889811f44a15935e454dd42f081164d4a098c Depends-On: Ieae527de86735ddcba34724730e8730fb277b99b Depends-On: I535344c29d51521147c2a26c341dae38cec3e931 Change-Id: Iae0e2ce3bd42dd4776a9779664086119ac188412
2016-10-19 16:54:25 +00:00
$this->dieWithError(
[ 'apierror-mustbeloggedin', $this->msg( 'action-editmyoptions' ) ], 'notloggedin'
);
Load User via READ_LATEST in ApiOptions to avoid CAS errors Bug: T95839 Change-Id: I3c4cf4347af24f3313e709a996618b755da22dd2
2015-08-26 00:27:46 +00:00
}
(bug 18195) Allow changing preferences via API I have created an API module for changing the preferences. It allows resetting preferences (reset argument) and bulk changes of preferences (change argument) in a format: name1=value1|name2=value2 The change argument has a limitation imposed by the current API implementation as it cannot accept | in values. There is available a pair of arguments optionname and optionvalue, the latter accepts values with |. I have created optionstoken parameter in meta=userinfo to provide a token. There is already preferencestoken there, but I would like to have a consistent naming. Change-Id: I0d6c654a7354ba77e65e338423952a6a78c1150f
2012-04-16 20:02:34 +00:00
if ( $params['reset'] ) {
Pass Context to User::resetOptions Change-Id: I0444777697ed9a8b8afdd0e5a96841848b162a7a
2013-10-12 20:48:26 +00:00
$user->resetOptions( $params['resetkinds'], $this->getContext() );
(bug 42202) Validate preference values in action=options Previously, there was no validation whatsoever and the module would happily write any preference you asked it to. This, combined with the fact that the code using the 'editfont' preference didn't perform any validation or escaping, led to a CSS injection vulnerability. Using Preferences::getPreferences breaks some existing test cases because a MockUser doesn't have groups for preferences. Change-Id: I98df55f2b16ac1b6fce578798b6f58b5dad96775
2012-11-16 18:19:15 +00:00
$changed = true;
(bug 18195) Allow changing preferences via API I have created an API module for changing the preferences. It allows resetting preferences (reset argument) and bulk changes of preferences (change argument) in a format: name1=value1|name2=value2 The change argument has a limitation imposed by the current API implementation as it cannot accept | in values. There is available a pair of arguments optionname and optionvalue, the latter accepts values with |. I have created optionstoken parameter in meta=userinfo to provide a token. There is already preferencestoken there, but I would like to have a consistent naming. Change-Id: I0d6c654a7354ba77e65e338423952a6a78c1150f
2012-04-16 20:02:34 +00:00
}
(bug 42202) Validate preference values in action=options Previously, there was no validation whatsoever and the module would happily write any preference you asked it to. This, combined with the fact that the code using the 'editfont' preference didn't perform any validation or escaping, led to a CSS injection vulnerability. Using Preferences::getPreferences breaks some existing test cases because a MockUser doesn't have groups for preferences. Change-Id: I98df55f2b16ac1b6fce578798b6f58b5dad96775
2012-11-16 18:19:15 +00:00
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$changes = [];
API: Account for PHP 7.2 change PHP 7.2 broke existing functionality in making count( null ) raise a warning. So add tests for null all over the place, or change tests where we know the value is null or an array (but not false, empty-string, or 0) to just cast to boolean. Bug: T182004 Change-Id: Idfe23a07daa9f60eee72f2daf04304be87057a29
2017-12-04 18:36:48 +00:00
if ( $params['change'] ) {
(bug 18195) Allow changing preferences via API I have created an API module for changing the preferences. It allows resetting preferences (reset argument) and bulk changes of preferences (change argument) in a format: name1=value1|name2=value2 The change argument has a limitation imposed by the current API implementation as it cannot accept | in values. There is available a pair of arguments optionname and optionvalue, the latter accepts values with |. I have created optionstoken parameter in meta=userinfo to provide a token. There is already preferencestoken there, but I would like to have a consistent naming. Change-Id: I0d6c654a7354ba77e65e338423952a6a78c1150f
2012-04-16 20:02:34 +00:00
foreach ( $params['change'] as $entry ) {
$array = explode( '=', $entry, 2 );
(bug 42202) Validate preference values in action=options Previously, there was no validation whatsoever and the module would happily write any preference you asked it to. This, combined with the fact that the code using the 'editfont' preference didn't perform any validation or escaping, led to a CSS injection vulnerability. Using Preferences::getPreferences breaks some existing test cases because a MockUser doesn't have groups for preferences. Change-Id: I98df55f2b16ac1b6fce578798b6f58b5dad96775
2012-11-16 18:19:15 +00:00
$changes[$array[0]] = isset( $array[1] ) ? $array[1] : null;
(bug 18195) Allow changing preferences via API I have created an API module for changing the preferences. It allows resetting preferences (reset argument) and bulk changes of preferences (change argument) in a format: name1=value1|name2=value2 The change argument has a limitation imposed by the current API implementation as it cannot accept | in values. There is available a pair of arguments optionname and optionvalue, the latter accepts values with |. I have created optionstoken parameter in meta=userinfo to provide a token. There is already preferencestoken there, but I would like to have a consistent naming. Change-Id: I0d6c654a7354ba77e65e338423952a6a78c1150f
2012-04-16 20:02:34 +00:00
}
}
if ( isset( $params['optionname'] ) ) {
$newValue = isset( $params['optionvalue'] ) ? $params['optionvalue'] : null;
(bug 42202) Validate preference values in action=options Previously, there was no validation whatsoever and the module would happily write any preference you asked it to. This, combined with the fact that the code using the 'editfont' preference didn't perform any validation or escaping, led to a CSS injection vulnerability. Using Preferences::getPreferences breaks some existing test cases because a MockUser doesn't have groups for preferences. Change-Id: I98df55f2b16ac1b6fce578798b6f58b5dad96775
2012-11-16 18:19:15 +00:00
$changes[$params['optionname']] = $newValue;
}
(bug 42638) Fix API action=options&reset=1 & unit tests Change I98df55f2 broke action=options&reset=1, causing it to return an error "No changes were requested" rather than resetting the options as it should. Unfortunately, that change also broke the unit test that would have caught this regression. This changeset fixes the bug and the unit tests. Change-Id: I7fe63640d54efab4572538e9d08f5b75c61243a4
2012-12-03 03:40:55 +00:00
if ( !$changed && !count( $changes ) ) {
API: i18n for warnings and errors API warnings and error messages are currently hard-coded English strings. This patch changes that. With a few exceptions, this patch should be compatible with non-updated extensions: * The change to ApiBase::$messageMap will blow up anything trying to mess with it. * The changes to the 'ApiCheckCanExecute' hook will cause a wrong (probably unparsed) error message to be emitted for extensions not already using an ApiMessage. Unless they're currently broken like Wikibase. Bug: T37074 Bug: T47843 Depends-On: Ia2b66b57cd4eaddc30b3ffdd7b97d6ca3e02d898 Depends-On: I2e1bb975bb0045476c03ebe6cdec00259bae22ec Depends-On: I53987bf87c48f6c00deec17a8e957d24fcc3eaa6 Depends-On: Ibf93a459eb62d30f7c70d20e91ec9faeb80d10ed Depends-On: I3cf889811f44a15935e454dd42f081164d4a098c Depends-On: Ieae527de86735ddcba34724730e8730fb277b99b Depends-On: I535344c29d51521147c2a26c341dae38cec3e931 Change-Id: Iae0e2ce3bd42dd4776a9779664086119ac188412
2016-10-19 16:54:25 +00:00
$this->dieWithError( 'apierror-nochanges' );
(bug 42202) Validate preference values in action=options Previously, there was no validation whatsoever and the module would happily write any preference you asked it to. This, combined with the fact that the code using the 'editfont' preference didn't perform any validation or escaping, led to a CSS injection vulnerability. Using Preferences::getPreferences breaks some existing test cases because a MockUser doesn't have groups for preferences. Change-Id: I98df55f2b16ac1b6fce578798b6f58b5dad96775
2012-11-16 18:19:15 +00:00
}
$prefs = Preferences::getPreferences( $user, $this->getContext() );
(bug 40124) allow arbitrary user preferences prefixed with 'userjs-' Before change I98df55f2 it was possible to set arbitrary preferences (ie. with anything as the key) using the action=options API. That change removed this ability by enforcing full validation of the preferences, also introducing several regressions which were fixed by follow-ups. Per the discussion on bug 40124, this changeset aims to restore this ability, but in a slightly restricted way: arbitrary preferences' names must start with userjs- prefix, to avoid any possibility of conflicting with new MediaWiki versions or extensions. The contents of these preferences is not escaped, sanitized nor validated in any way; script authors are expected to sanitize them themselves to prevent XSS attacks and other security vulnerabilities. This commit also adds the User::getOptionsKinds() method (to determine whether given preference keys are used by MediaWiki itself or an extension, intended to be used via the API, or entirely unknown) and enhances the User::resetOptions() method to allow for resetting only preferences of chosen kinds. These changes allow for fixing of Special:Preferences not to clear those additional fields when saving user settings. Change-Id: I5f9ba5b0dfe7c2ea5458d836f03429cf6d93969d
2012-12-07 21:10:12 +00:00
$prefsKinds = $user->getOptionKinds( $this->getContext(), $changes );
(bug 42639) Fix API action=options for multiselect prefs Preferences options using HTMLForm's "multiselect" type are stored in the user preferences table as one key with a boolean value for each option in the multiselect. The validation code added in change I98df55f2 does not take this into account, and therefore considers all of these option keys invalid. This changeset fixes that, and adds a unit test to verify correct behavior. Change-Id: I137c74a6045c7b39e2119a8edde2705738879bc9
2012-12-03 03:48:57 +00:00
API: Set HTMLForm when validating field in ApiOptions Bug: T96583 Change-Id: I09507990827581b587c14b0f7283cdf0dc21436a
2015-04-20 19:57:42 +00:00
$htmlForm = null;
(bug 42202) Validate preference values in action=options Previously, there was no validation whatsoever and the module would happily write any preference you asked it to. This, combined with the fact that the code using the 'editfont' preference didn't perform any validation or escaping, led to a CSS injection vulnerability. Using Preferences::getPreferences breaks some existing test cases because a MockUser doesn't have groups for preferences. Change-Id: I98df55f2b16ac1b6fce578798b6f58b5dad96775
2012-11-16 18:19:15 +00:00
foreach ( $changes as $key => $value ) {
(bug 40124) allow arbitrary user preferences prefixed with 'userjs-' Before change I98df55f2 it was possible to set arbitrary preferences (ie. with anything as the key) using the action=options API. That change removed this ability by enforcing full validation of the preferences, also introducing several regressions which were fixed by follow-ups. Per the discussion on bug 40124, this changeset aims to restore this ability, but in a slightly restricted way: arbitrary preferences' names must start with userjs- prefix, to avoid any possibility of conflicting with new MediaWiki versions or extensions. The contents of these preferences is not escaped, sanitized nor validated in any way; script authors are expected to sanitize them themselves to prevent XSS attacks and other security vulnerabilities. This commit also adds the User::getOptionsKinds() method (to determine whether given preference keys are used by MediaWiki itself or an extension, intended to be used via the API, or entirely unknown) and enhances the User::resetOptions() method to allow for resetting only preferences of chosen kinds. These changes allow for fixing of Special:Preferences not to clear those additional fields when saving user settings. Change-Id: I5f9ba5b0dfe7c2ea5458d836f03429cf6d93969d
2012-12-07 21:10:12 +00:00
switch ( $prefsKinds[$key] ) {
case 'registered':
// Regular option.
API: Set HTMLForm when validating field in ApiOptions Bug: T96583 Change-Id: I09507990827581b587c14b0f7283cdf0dc21436a
2015-04-20 19:57:42 +00:00
if ( $htmlForm === null ) {
// We need a dummy HTMLForm for the validate callback...
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$htmlForm = new HTMLForm( [], $this );
API: Set HTMLForm when validating field in ApiOptions Bug: T96583 Change-Id: I09507990827581b587c14b0f7283cdf0dc21436a
2015-04-20 19:57:42 +00:00
}
ApiOptions: set form field parent earlier Bug: T134351 Change-Id: I44b9bbd1663c876cf0c6160f10badfd8f380656b
2016-05-04 15:09:18 +00:00
$field = HTMLForm::loadInputFromParameters( $key, $prefs[$key], $htmlForm );
(bug 40124) allow arbitrary user preferences prefixed with 'userjs-' Before change I98df55f2 it was possible to set arbitrary preferences (ie. with anything as the key) using the action=options API. That change removed this ability by enforcing full validation of the preferences, also introducing several regressions which were fixed by follow-ups. Per the discussion on bug 40124, this changeset aims to restore this ability, but in a slightly restricted way: arbitrary preferences' names must start with userjs- prefix, to avoid any possibility of conflicting with new MediaWiki versions or extensions. The contents of these preferences is not escaped, sanitized nor validated in any way; script authors are expected to sanitize them themselves to prevent XSS attacks and other security vulnerabilities. This commit also adds the User::getOptionsKinds() method (to determine whether given preference keys are used by MediaWiki itself or an extension, intended to be used via the API, or entirely unknown) and enhances the User::resetOptions() method to allow for resetting only preferences of chosen kinds. These changes allow for fixing of Special:Preferences not to clear those additional fields when saving user settings. Change-Id: I5f9ba5b0dfe7c2ea5458d836f03429cf6d93969d
2012-12-07 21:10:12 +00:00
$validation = $field->validate( $value, $user->getOptions() );
break;
case 'registered-multiselect':
Adding validation for checkmatrix (same as for multiselect) Change-Id: I825ec8a6094405cf7d74597a0eeda3898981763b
2013-03-07 22:35:48 +00:00
case 'registered-checkmatrix':
// A key for a multiselect or checkmatrix option.
(bug 40124) allow arbitrary user preferences prefixed with 'userjs-' Before change I98df55f2 it was possible to set arbitrary preferences (ie. with anything as the key) using the action=options API. That change removed this ability by enforcing full validation of the preferences, also introducing several regressions which were fixed by follow-ups. Per the discussion on bug 40124, this changeset aims to restore this ability, but in a slightly restricted way: arbitrary preferences' names must start with userjs- prefix, to avoid any possibility of conflicting with new MediaWiki versions or extensions. The contents of these preferences is not escaped, sanitized nor validated in any way; script authors are expected to sanitize them themselves to prevent XSS attacks and other security vulnerabilities. This commit also adds the User::getOptionsKinds() method (to determine whether given preference keys are used by MediaWiki itself or an extension, intended to be used via the API, or entirely unknown) and enhances the User::resetOptions() method to allow for resetting only preferences of chosen kinds. These changes allow for fixing of Special:Preferences not to clear those additional fields when saving user settings. Change-Id: I5f9ba5b0dfe7c2ea5458d836f03429cf6d93969d
2012-12-07 21:10:12 +00:00
$validation = true;
No spaces after (casts) Also removed some unnecessary ones. I think I've caught them all. The spaceless version already appears in core ~300 times (after accounting for false positives when grepping). Some consistency would be nice. Change-Id: I607655b5f4366e66dc78730d5fd2f57ed8776cae
2013-08-31 16:36:02 +00:00
$value = $value !== null ? (bool)$value : null;
(bug 40124) allow arbitrary user preferences prefixed with 'userjs-' Before change I98df55f2 it was possible to set arbitrary preferences (ie. with anything as the key) using the action=options API. That change removed this ability by enforcing full validation of the preferences, also introducing several regressions which were fixed by follow-ups. Per the discussion on bug 40124, this changeset aims to restore this ability, but in a slightly restricted way: arbitrary preferences' names must start with userjs- prefix, to avoid any possibility of conflicting with new MediaWiki versions or extensions. The contents of these preferences is not escaped, sanitized nor validated in any way; script authors are expected to sanitize them themselves to prevent XSS attacks and other security vulnerabilities. This commit also adds the User::getOptionsKinds() method (to determine whether given preference keys are used by MediaWiki itself or an extension, intended to be used via the API, or entirely unknown) and enhances the User::resetOptions() method to allow for resetting only preferences of chosen kinds. These changes allow for fixing of Special:Preferences not to clear those additional fields when saving user settings. Change-Id: I5f9ba5b0dfe7c2ea5458d836f03429cf6d93969d
2012-12-07 21:10:12 +00:00
break;
case 'userjs':
// Allow non-default preferences prefixed with 'userjs-', to be set by user scripts
if ( strlen( $key ) > 255 ) {
API: i18n for warnings and errors API warnings and error messages are currently hard-coded English strings. This patch changes that. With a few exceptions, this patch should be compatible with non-updated extensions: * The change to ApiBase::$messageMap will blow up anything trying to mess with it. * The changes to the 'ApiCheckCanExecute' hook will cause a wrong (probably unparsed) error message to be emitted for extensions not already using an ApiMessage. Unless they're currently broken like Wikibase. Bug: T37074 Bug: T47843 Depends-On: Ia2b66b57cd4eaddc30b3ffdd7b97d6ca3e02d898 Depends-On: I2e1bb975bb0045476c03ebe6cdec00259bae22ec Depends-On: I53987bf87c48f6c00deec17a8e957d24fcc3eaa6 Depends-On: Ibf93a459eb62d30f7c70d20e91ec9faeb80d10ed Depends-On: I3cf889811f44a15935e454dd42f081164d4a098c Depends-On: Ieae527de86735ddcba34724730e8730fb277b99b Depends-On: I535344c29d51521147c2a26c341dae38cec3e931 Change-Id: Iae0e2ce3bd42dd4776a9779664086119ac188412
2016-10-19 16:54:25 +00:00
$validation = $this->msg( 'apiwarn-validationfailed-keytoolong', Message::numParam( 255 ) );
Use single quotes in API where possible Change-Id: I972e296f4820f78f5dfcecc27bc4912ca84a3178
2016-03-08 08:04:45 +00:00
} elseif ( preg_match( '/[^a-zA-Z0-9_-]/', $key ) !== 0 ) {
API: i18n for warnings and errors API warnings and error messages are currently hard-coded English strings. This patch changes that. With a few exceptions, this patch should be compatible with non-updated extensions: * The change to ApiBase::$messageMap will blow up anything trying to mess with it. * The changes to the 'ApiCheckCanExecute' hook will cause a wrong (probably unparsed) error message to be emitted for extensions not already using an ApiMessage. Unless they're currently broken like Wikibase. Bug: T37074 Bug: T47843 Depends-On: Ia2b66b57cd4eaddc30b3ffdd7b97d6ca3e02d898 Depends-On: I2e1bb975bb0045476c03ebe6cdec00259bae22ec Depends-On: I53987bf87c48f6c00deec17a8e957d24fcc3eaa6 Depends-On: Ibf93a459eb62d30f7c70d20e91ec9faeb80d10ed Depends-On: I3cf889811f44a15935e454dd42f081164d4a098c Depends-On: Ieae527de86735ddcba34724730e8730fb277b99b Depends-On: I535344c29d51521147c2a26c341dae38cec3e931 Change-Id: Iae0e2ce3bd42dd4776a9779664086119ac188412
2016-10-19 16:54:25 +00:00
$validation = $this->msg( 'apiwarn-validationfailed-badchars' );
(bug 40124) allow arbitrary user preferences prefixed with 'userjs-' Before change I98df55f2 it was possible to set arbitrary preferences (ie. with anything as the key) using the action=options API. That change removed this ability by enforcing full validation of the preferences, also introducing several regressions which were fixed by follow-ups. Per the discussion on bug 40124, this changeset aims to restore this ability, but in a slightly restricted way: arbitrary preferences' names must start with userjs- prefix, to avoid any possibility of conflicting with new MediaWiki versions or extensions. The contents of these preferences is not escaped, sanitized nor validated in any way; script authors are expected to sanitize them themselves to prevent XSS attacks and other security vulnerabilities. This commit also adds the User::getOptionsKinds() method (to determine whether given preference keys are used by MediaWiki itself or an extension, intended to be used via the API, or entirely unknown) and enhances the User::resetOptions() method to allow for resetting only preferences of chosen kinds. These changes allow for fixing of Special:Preferences not to clear those additional fields when saving user settings. Change-Id: I5f9ba5b0dfe7c2ea5458d836f03429cf6d93969d
2012-12-07 21:10:12 +00:00
} else {
$validation = true;
}
break;
API: Handle "special" options in action=options There are certain preferences, such as realname and emailaddress, that are handled specially in Special:Preferences and are not accessible by User::getOptions or User::setOptions. But action=options was allowing a 'dummy' version to be set in User::setOptions. Change-Id: I4c1b3d8e1eae9520228d7b6da9c41ada80f7c387
2013-10-10 14:54:08 +00:00
case 'special':
API: i18n for warnings and errors API warnings and error messages are currently hard-coded English strings. This patch changes that. With a few exceptions, this patch should be compatible with non-updated extensions: * The change to ApiBase::$messageMap will blow up anything trying to mess with it. * The changes to the 'ApiCheckCanExecute' hook will cause a wrong (probably unparsed) error message to be emitted for extensions not already using an ApiMessage. Unless they're currently broken like Wikibase. Bug: T37074 Bug: T47843 Depends-On: Ia2b66b57cd4eaddc30b3ffdd7b97d6ca3e02d898 Depends-On: I2e1bb975bb0045476c03ebe6cdec00259bae22ec Depends-On: I53987bf87c48f6c00deec17a8e957d24fcc3eaa6 Depends-On: Ibf93a459eb62d30f7c70d20e91ec9faeb80d10ed Depends-On: I3cf889811f44a15935e454dd42f081164d4a098c Depends-On: Ieae527de86735ddcba34724730e8730fb277b99b Depends-On: I535344c29d51521147c2a26c341dae38cec3e931 Change-Id: Iae0e2ce3bd42dd4776a9779664086119ac188412
2016-10-19 16:54:25 +00:00
$validation = $this->msg( 'apiwarn-validationfailed-cannotset' );
API: Handle "special" options in action=options There are certain preferences, such as realname and emailaddress, that are handled specially in Special:Preferences and are not accessible by User::getOptions or User::setOptions. But action=options was allowing a 'dummy' version to be set in User::setOptions. Change-Id: I4c1b3d8e1eae9520228d7b6da9c41ada80f7c387
2013-10-10 14:54:08 +00:00
break;
(bug 40124) allow arbitrary user preferences prefixed with 'userjs-' Before change I98df55f2 it was possible to set arbitrary preferences (ie. with anything as the key) using the action=options API. That change removed this ability by enforcing full validation of the preferences, also introducing several regressions which were fixed by follow-ups. Per the discussion on bug 40124, this changeset aims to restore this ability, but in a slightly restricted way: arbitrary preferences' names must start with userjs- prefix, to avoid any possibility of conflicting with new MediaWiki versions or extensions. The contents of these preferences is not escaped, sanitized nor validated in any way; script authors are expected to sanitize them themselves to prevent XSS attacks and other security vulnerabilities. This commit also adds the User::getOptionsKinds() method (to determine whether given preference keys are used by MediaWiki itself or an extension, intended to be used via the API, or entirely unknown) and enhances the User::resetOptions() method to allow for resetting only preferences of chosen kinds. These changes allow for fixing of Special:Preferences not to clear those additional fields when saving user settings. Change-Id: I5f9ba5b0dfe7c2ea5458d836f03429cf6d93969d
2012-12-07 21:10:12 +00:00
case 'unused':
default:
API: i18n for warnings and errors API warnings and error messages are currently hard-coded English strings. This patch changes that. With a few exceptions, this patch should be compatible with non-updated extensions: * The change to ApiBase::$messageMap will blow up anything trying to mess with it. * The changes to the 'ApiCheckCanExecute' hook will cause a wrong (probably unparsed) error message to be emitted for extensions not already using an ApiMessage. Unless they're currently broken like Wikibase. Bug: T37074 Bug: T47843 Depends-On: Ia2b66b57cd4eaddc30b3ffdd7b97d6ca3e02d898 Depends-On: I2e1bb975bb0045476c03ebe6cdec00259bae22ec Depends-On: I53987bf87c48f6c00deec17a8e957d24fcc3eaa6 Depends-On: Ibf93a459eb62d30f7c70d20e91ec9faeb80d10ed Depends-On: I3cf889811f44a15935e454dd42f081164d4a098c Depends-On: Ieae527de86735ddcba34724730e8730fb277b99b Depends-On: I535344c29d51521147c2a26c341dae38cec3e931 Change-Id: Iae0e2ce3bd42dd4776a9779664086119ac188412
2016-10-19 16:54:25 +00:00
$validation = $this->msg( 'apiwarn-validationfailed-badpref' );
(bug 40124) allow arbitrary user preferences prefixed with 'userjs-' Before change I98df55f2 it was possible to set arbitrary preferences (ie. with anything as the key) using the action=options API. That change removed this ability by enforcing full validation of the preferences, also introducing several regressions which were fixed by follow-ups. Per the discussion on bug 40124, this changeset aims to restore this ability, but in a slightly restricted way: arbitrary preferences' names must start with userjs- prefix, to avoid any possibility of conflicting with new MediaWiki versions or extensions. The contents of these preferences is not escaped, sanitized nor validated in any way; script authors are expected to sanitize them themselves to prevent XSS attacks and other security vulnerabilities. This commit also adds the User::getOptionsKinds() method (to determine whether given preference keys are used by MediaWiki itself or an extension, intended to be used via the API, or entirely unknown) and enhances the User::resetOptions() method to allow for resetting only preferences of chosen kinds. These changes allow for fixing of Special:Preferences not to clear those additional fields when saving user settings. Change-Id: I5f9ba5b0dfe7c2ea5458d836f03429cf6d93969d
2012-12-07 21:10:12 +00:00
break;
(bug 42202) Validate preference values in action=options Previously, there was no validation whatsoever and the module would happily write any preference you asked it to. This, combined with the fact that the code using the 'editfont' preference didn't perform any validation or escaping, led to a CSS injection vulnerability. Using Preferences::getPreferences breaks some existing test cases because a MockUser doesn't have groups for preferences. Change-Id: I98df55f2b16ac1b6fce578798b6f58b5dad96775
2012-11-16 18:19:15 +00:00
}
if ( $validation === true ) {
$user->setOption( $key, $value );
$changed = true;
} else {
API: i18n for warnings and errors API warnings and error messages are currently hard-coded English strings. This patch changes that. With a few exceptions, this patch should be compatible with non-updated extensions: * The change to ApiBase::$messageMap will blow up anything trying to mess with it. * The changes to the 'ApiCheckCanExecute' hook will cause a wrong (probably unparsed) error message to be emitted for extensions not already using an ApiMessage. Unless they're currently broken like Wikibase. Bug: T37074 Bug: T47843 Depends-On: Ia2b66b57cd4eaddc30b3ffdd7b97d6ca3e02d898 Depends-On: I2e1bb975bb0045476c03ebe6cdec00259bae22ec Depends-On: I53987bf87c48f6c00deec17a8e957d24fcc3eaa6 Depends-On: Ibf93a459eb62d30f7c70d20e91ec9faeb80d10ed Depends-On: I3cf889811f44a15935e454dd42f081164d4a098c Depends-On: Ieae527de86735ddcba34724730e8730fb277b99b Depends-On: I535344c29d51521147c2a26c341dae38cec3e931 Change-Id: Iae0e2ce3bd42dd4776a9779664086119ac188412
2016-10-19 16:54:25 +00:00
$this->addWarning( [ 'apiwarn-validationfailed', wfEscapeWikitext( $key ), $validation ] );
(bug 42202) Validate preference values in action=options Previously, there was no validation whatsoever and the module would happily write any preference you asked it to. This, combined with the fact that the code using the 'editfont' preference didn't perform any validation or escaping, led to a CSS injection vulnerability. Using Preferences::getPreferences breaks some existing test cases because a MockUser doesn't have groups for preferences. Change-Id: I98df55f2b16ac1b6fce578798b6f58b5dad96775
2012-11-16 18:19:15 +00:00
}
(bug 18195) Allow changing preferences via API I have created an API module for changing the preferences. It allows resetting preferences (reset argument) and bulk changes of preferences (change argument) in a format: name1=value1|name2=value2 The change argument has a limitation imposed by the current API implementation as it cannot accept | in values. There is available a pair of arguments optionname and optionvalue, the latter accepts values with |. I have created optionstoken parameter in meta=userinfo to provide a token. There is already preferencestoken there, but I would like to have a consistent naming. Change-Id: I0d6c654a7354ba77e65e338423952a6a78c1150f
2012-04-16 20:02:34 +00:00
}
(bug 42202) Validate preference values in action=options Previously, there was no validation whatsoever and the module would happily write any preference you asked it to. This, combined with the fact that the code using the 'editfont' preference didn't perform any validation or escaping, led to a CSS injection vulnerability. Using Preferences::getPreferences breaks some existing test cases because a MockUser doesn't have groups for preferences. Change-Id: I98df55f2b16ac1b6fce578798b6f58b5dad96775
2012-11-16 18:19:15 +00:00
if ( $changed ) {
(bug 18195) Allow changing preferences via API I have created an API module for changing the preferences. It allows resetting preferences (reset argument) and bulk changes of preferences (change argument) in a format: name1=value1|name2=value2 The change argument has a limitation imposed by the current API implementation as it cannot accept | in values. There is available a pair of arguments optionname and optionvalue, the latter accepts values with |. I have created optionstoken parameter in meta=userinfo to provide a token. There is already preferencestoken there, but I would like to have a consistent naming. Change-Id: I0d6c654a7354ba77e65e338423952a6a78c1150f
2012-04-16 20:02:34 +00:00
// Commit changes
$user->saveSettings();
}
$this->getResult()->addValue( null, $this->getModuleName(), 'success' );
}
public function mustBePosted() {
return true;
}
public function isWriteMode() {
return true;
}
public function getAllowedParams() {
(bug 43959) Add ability to reset certain option kinds in API. Added the "resetkinds" option to action=options, so that when the "reset" option is set, the user can control which kinds of options are reset, rather than having to do all or none. Also added documentation to the "change" parameter, since passing it option keys without any "=value" after it will result in resetting that specific option to its default value. Change-Id: Id5bc1fffa0d487c0f152b79115205d2722f380d3
2013-01-15 01:45:01 +00:00
$optionKinds = User::listOptionKinds();
$optionKinds[] = 'all';
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
return [
(bug 18195) Allow changing preferences via API I have created an API module for changing the preferences. It allows resetting preferences (reset argument) and bulk changes of preferences (change argument) in a format: name1=value1|name2=value2 The change argument has a limitation imposed by the current API implementation as it cannot accept | in values. There is available a pair of arguments optionname and optionvalue, the latter accepts values with |. I have created optionstoken parameter in meta=userinfo to provide a token. There is already preferencestoken there, but I would like to have a consistent naming. Change-Id: I0d6c654a7354ba77e65e338423952a6a78c1150f
2012-04-16 20:02:34 +00:00
'reset' => false,
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
'resetkinds' => [
(bug 43959) Add ability to reset certain option kinds in API. Added the "resetkinds" option to action=options, so that when the "reset" option is set, the user can control which kinds of options are reset, rather than having to do all or none. Also added documentation to the "change" parameter, since passing it option keys without any "=value" after it will result in resetting that specific option to its default value. Change-Id: Id5bc1fffa0d487c0f152b79115205d2722f380d3
2013-01-15 01:45:01 +00:00
ApiBase::PARAM_TYPE => $optionKinds,
ApiBase::PARAM_DFLT => 'all',
ApiBase::PARAM_ISMULTI => true
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
'change' => [
(bug 18195) Allow changing preferences via API I have created an API module for changing the preferences. It allows resetting preferences (reset argument) and bulk changes of preferences (change argument) in a format: name1=value1|name2=value2 The change argument has a limitation imposed by the current API implementation as it cannot accept | in values. There is available a pair of arguments optionname and optionvalue, the latter accepts values with |. I have created optionstoken parameter in meta=userinfo to provide a token. There is already preferencestoken there, but I would like to have a consistent naming. Change-Id: I0d6c654a7354ba77e65e338423952a6a78c1150f
2012-04-16 20:02:34 +00:00
ApiBase::PARAM_ISMULTI => true,
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
'optionname' => [
(bug 18195) Allow changing preferences via API I have created an API module for changing the preferences. It allows resetting preferences (reset argument) and bulk changes of preferences (change argument) in a format: name1=value1|name2=value2 The change argument has a limitation imposed by the current API implementation as it cannot accept | in values. There is available a pair of arguments optionname and optionvalue, the latter accepts values with |. I have created optionstoken parameter in meta=userinfo to provide a token. There is already preferencestoken there, but I would like to have a consistent naming. Change-Id: I0d6c654a7354ba77e65e338423952a6a78c1150f
2012-04-16 20:02:34 +00:00
ApiBase::PARAM_TYPE => 'string',
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
'optionvalue' => [
(bug 18195) Allow changing preferences via API I have created an API module for changing the preferences. It allows resetting preferences (reset argument) and bulk changes of preferences (change argument) in a format: name1=value1|name2=value2 The change argument has a limitation imposed by the current API implementation as it cannot accept | in values. There is available a pair of arguments optionname and optionvalue, the latter accepts values with |. I have created optionstoken parameter in meta=userinfo to provide a token. There is already preferencestoken there, but I would like to have a consistent naming. Change-Id: I0d6c654a7354ba77e65e338423952a6a78c1150f
2012-04-16 20:02:34 +00:00
ApiBase::PARAM_TYPE => 'string',
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
];
(bug 18195) Allow changing preferences via API I have created an API module for changing the preferences. It allows resetting preferences (reset argument) and bulk changes of preferences (change argument) in a format: name1=value1|name2=value2 The change argument has a limitation imposed by the current API implementation as it cannot accept | in values. There is available a pair of arguments optionname and optionvalue, the latter accepts values with |. I have created optionstoken parameter in meta=userinfo to provide a token. There is already preferencestoken there, but I would like to have a consistent naming. Change-Id: I0d6c654a7354ba77e65e338423952a6a78c1150f
2012-04-16 20:02:34 +00:00
}
public function needsToken() {
API: Overhaul token handling The current token handling is a mess. This simplifies things greatly: * *All* tokens are obtained from action=query&meta=tokens, rather than being spread over action=tokens, action=query&prop=info, action=query&prop=revisions, action=query&prop=recentchanges, and action=query&prop=users. All these old methods are deprecated. * Similarly, there is only one hook to register new token types. All old hooks are deprecated. * All tokens are cacheable. * Most token types are dropped in favor of a 'csrf' token. They already were returning the same token anyway. * All token-using modules will document the required token type in a standard manner in action=help and are documented in machine-readable fashion in action=paraminfo. Note this will require updates to all extensions using tokens. Change-Id: I2793a3f2dd64a4bebb0b4d065e09af1e9f63fb89
2014-08-08 16:56:07 +00:00
return 'csrf';
(bug 18195) Allow changing preferences via API I have created an API module for changing the preferences. It allows resetting preferences (reset argument) and bulk changes of preferences (change argument) in a format: name1=value1|name2=value2 The change argument has a limitation imposed by the current API implementation as it cannot accept | in values. There is available a pair of arguments optionname and optionvalue, the latter accepts values with |. I have created optionstoken parameter in meta=userinfo to provide a token. There is already preferencestoken there, but I would like to have a consistent naming. Change-Id: I0d6c654a7354ba77e65e338423952a6a78c1150f
2012-04-16 20:02:34 +00:00
}
Move optionstoken from meta=userinfo to action=tokens. Follow up to I0d6c654a7354ba77e65e338423952a6a78c1150f. I have also added a URL to a help page on mw.org. Change-Id: Ie223930cfc313aff150e2dcfd70b74bf4360a8a8
2012-05-04 10:31:08 +00:00
public function getHelpUrls() {
Make API documentation links language aware Links generated by the API are now aware of the user's preferred language and will show documents in that language if available. To test, log in to mediawiki.org and set your language preference to 'es', then on an MediaWiki installation with this patch view the generated expanded API help at `api.php?action=help&recursivesubmodules=1&modules=main`. Each link to documentation on mediawiki.org should take you to its translated /es subpage, if one exists. Bug: T104518 Change-Id: I339a1f3ae1bce9d759cf251899d57c32b1def91e
2017-04-04 22:52:57 +00:00
return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Options';
Move optionstoken from meta=userinfo to action=tokens. Follow up to I0d6c654a7354ba77e65e338423952a6a78c1150f. I have also added a URL to a help page on mw.org. Change-Id: Ie223930cfc313aff150e2dcfd70b74bf4360a8a8
2012-05-04 10:31:08 +00:00
}
API: Fix access on getExamplesMessages ApiBase declares it protected, but for some reason I had made it public in all subclasses. Change-Id: I8a50d4f47e66c7f09137968d3941dc5cdc1d28e4
2014-10-28 17:17:02 +00:00
protected function getExamplesMessages() {
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
return [
API: Internationalize all remaining core API modules This also adds some new ApiBase::PARAM_* constants to generate more helpful help, and a method to override the default description message for the use of ApiDisabled and ApiQueryDisabled. Bug: 71638 Change-Id: Ic0c3d232e0498d58a043037e2e0c6f0b1c3edad3
2014-09-18 17:38:23 +00:00
'action=options&reset=&token=123ABC'
=> 'apihelp-options-example-reset',
'action=options&change=skin=vector|hideminor=1&token=123ABC'
=> 'apihelp-options-example-change',
'action=options&reset=&change=skin=monobook&optionname=nickname&' .
'optionvalue=[[User:Beau|Beau]]%20([[User_talk:Beau|talk]])&token=123ABC'
=> 'apihelp-options-example-complex',
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
];
(bug 18195) Allow changing preferences via API I have created an API module for changing the preferences. It allows resetting preferences (reset argument) and bulk changes of preferences (change argument) in a format: name1=value1|name2=value2 The change argument has a limitation imposed by the current API implementation as it cannot accept | in values. There is available a pair of arguments optionname and optionvalue, the latter accepts values with |. I have created optionstoken parameter in meta=userinfo to provide a token. There is already preferencestoken there, but I would like to have a consistent naming. Change-Id: I0d6c654a7354ba77e65e338423952a6a78c1150f
2012-04-16 20:02:34 +00:00
}
}
Reference in a new issue Copy permalink