2006-10-01 04:38:31 +00:00
|
|
|
<?php
|
|
|
|
|
|
2009-03-21 16:48:09 +00:00
|
|
|
/**
|
|
|
|
|
* API for MediaWiki 1.8+
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 2006 Yuri Astrakhan <Firstname><Lastname>@gmail.com
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License along
|
|
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
2010-06-21 13:13:32 +00:00
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
2009-03-21 16:48:09 +00:00
|
|
|
* http://www.gnu.org/copyleft/gpl.html
|
|
|
|
|
*
|
|
|
|
|
* @file
|
|
|
|
|
*/
|
2006-10-01 04:38:31 +00:00
|
|
|
|
2010-02-12 06:44:16 +00:00
|
|
|
/**
|
|
|
|
|
* This file is the entry point for all API queries. It begins by checking
|
2007-05-22 04:39:49 +00:00
|
|
|
* whether the API is enabled on this wiki; if not, it informs the user that
|
|
|
|
|
* s/he should set $wgEnableAPI to true and exits. Otherwise, it constructs
|
|
|
|
|
* a new ApiMain using the parameter passed to it as an argument in the URL
|
|
|
|
|
* ('?action=') and with write-enabled set to the value of $wgEnableWriteAPI
|
|
|
|
|
* as specified in LocalSettings.php. It then invokes "execute()" on the
|
|
|
|
|
* ApiMain object instance, which produces output in the format sepecified
|
|
|
|
|
* in the URL.
|
|
|
|
|
*/
|
|
|
|
|
|
2010-12-10 22:39:17 +00:00
|
|
|
// So extensions (and other code) can check whether they're running in API mode
|
|
|
|
|
define( 'MW_API', true );
|
|
|
|
|
|
2006-10-11 03:44:49 +00:00
|
|
|
// Initialise common code
|
2010-01-11 15:55:52 +00:00
|
|
|
require ( dirname( __FILE__ ) . '/includes/WebStart.php' );
|
2006-10-01 04:38:31 +00:00
|
|
|
|
2010-01-11 15:55:52 +00:00
|
|
|
wfProfileIn( 'api.php' );
|
2009-08-27 17:07:23 +00:00
|
|
|
$starttime = microtime( true );
|
2006-10-01 04:38:31 +00:00
|
|
|
|
2008-01-23 23:45:46 +00:00
|
|
|
// URL safety checks
|
|
|
|
|
//
|
|
|
|
|
// See RawPage.php for details; summary is that MSIE can override the
|
|
|
|
|
// Content-Type if it sees a recognized extension on the URL, such as
|
|
|
|
|
// might be appended via PATH_INFO after 'api.php'.
|
|
|
|
|
//
|
|
|
|
|
// Some data formats can end up containing unfiltered user-provided data
|
|
|
|
|
// which will end up triggering HTML detection and execution, hence
|
|
|
|
|
// XSS injection and all that entails.
|
|
|
|
|
//
|
2010-01-11 15:55:52 +00:00
|
|
|
if ( $wgRequest->isPathInfoBad() ) {
|
2008-01-23 23:45:46 +00:00
|
|
|
wfHttpError( 403, 'Forbidden',
|
2011-04-12 00:55:10 +00:00
|
|
|
'Invalid file extension found in PATH_INFO or QUERY_STRING.' );
|
2008-01-23 23:45:46 +00:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2006-10-01 04:38:31 +00:00
|
|
|
// Verify that the API has not been disabled
|
2010-01-11 15:55:52 +00:00
|
|
|
if ( !$wgEnableAPI ) {
|
2006-10-01 04:38:31 +00:00
|
|
|
echo 'MediaWiki API is not enabled for this site. Add the following line to your LocalSettings.php';
|
|
|
|
|
echo '<pre><b>$wgEnableAPI=true;</b></pre>';
|
2010-01-11 15:55:52 +00:00
|
|
|
die( 1 );
|
2006-10-01 04:38:31 +00:00
|
|
|
}
|
|
|
|
|
|
2009-07-31 21:56:34 +00:00
|
|
|
// Selectively allow cross-site AJAX
|
2009-08-21 00:22:08 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Helper function to convert wildcard string into a regex
|
|
|
|
|
* '*' => '.*?'
|
|
|
|
|
* '?' => '.'
|
|
|
|
|
* @ return string
|
|
|
|
|
*/
|
|
|
|
|
function convertWildcard( $search ) {
|
|
|
|
|
$search = preg_quote( $search, '/' );
|
|
|
|
|
$search = str_replace(
|
|
|
|
|
array( '\*', '\?' ),
|
|
|
|
|
array( '.*?', '.' ),
|
|
|
|
|
$search
|
|
|
|
|
);
|
|
|
|
|
return "/$search/";
|
|
|
|
|
}
|
|
|
|
|
|
2010-01-11 15:55:52 +00:00
|
|
|
if ( $wgCrossSiteAJAXdomains && isset( $_SERVER['HTTP_ORIGIN'] ) ) {
|
2009-08-21 00:22:08 +00:00
|
|
|
$exceptions = array_map( 'convertWildcard', $wgCrossSiteAJAXdomainExceptions );
|
|
|
|
|
$regexes = array_map( 'convertWildcard', $wgCrossSiteAJAXdomains );
|
|
|
|
|
foreach ( $regexes as $regex ) {
|
|
|
|
|
if ( preg_match( $regex, $_SERVER['HTTP_ORIGIN'] ) ) {
|
|
|
|
|
foreach ( $exceptions as $exc ) { // Check against exceptions
|
|
|
|
|
if ( preg_match( $exc, $_SERVER['HTTP_ORIGIN'] ) ) {
|
|
|
|
|
break 2;
|
|
|
|
|
}
|
2009-07-31 21:56:34 +00:00
|
|
|
}
|
2009-08-21 00:22:08 +00:00
|
|
|
header( "Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}" );
|
|
|
|
|
header( 'Access-Control-Allow-Credentials: true' );
|
|
|
|
|
break;
|
2009-07-31 21:56:34 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2009-05-02 14:47:26 +00:00
|
|
|
// Set a dummy $wgTitle, because $wgTitle == null breaks various things
|
|
|
|
|
// In a perfect world this wouldn't be necessary
|
2010-02-15 20:50:21 +00:00
|
|
|
$wgTitle = Title::makeTitle( NS_MAIN, 'API' );
|
2009-05-02 14:47:26 +00:00
|
|
|
|
2007-05-22 04:39:49 +00:00
|
|
|
/* Construct an ApiMain with the arguments passed via the URL. What we get back
|
|
|
|
|
* is some form of an ApiMain, possibly even one that produces an error message,
|
|
|
|
|
* but we don't care here, as that is handled by the ctor.
|
|
|
|
|
*/
|
2010-01-11 15:55:52 +00:00
|
|
|
$processor = new ApiMain( $wgRequest, $wgEnableWriteAPI );
|
2007-05-22 04:39:49 +00:00
|
|
|
|
2007-07-30 08:09:15 +00:00
|
|
|
// Process data & print results
|
2006-10-01 04:38:31 +00:00
|
|
|
$processor->execute();
|
|
|
|
|
|
2008-04-02 18:04:54 +00:00
|
|
|
// Execute any deferred updates
|
2008-04-02 20:19:35 +00:00
|
|
|
wfDoUpdates();
|
2008-04-02 18:04:54 +00:00
|
|
|
|
2007-05-22 04:39:49 +00:00
|
|
|
// Log what the user did, for book-keeping purposes.
|
2009-08-27 17:07:23 +00:00
|
|
|
$endtime = microtime( true );
|
2010-01-11 15:55:52 +00:00
|
|
|
wfProfileOut( 'api.php' );
|
2006-10-01 04:38:31 +00:00
|
|
|
wfLogProfilingData();
|
2007-06-29 01:19:14 +00:00
|
|
|
|
2009-08-27 17:07:23 +00:00
|
|
|
// Log the request
|
|
|
|
|
if ( $wgAPIRequestLog ) {
|
2009-08-27 22:09:28 +00:00
|
|
|
$items = array(
|
2009-08-27 17:07:23 +00:00
|
|
|
wfTimestamp( TS_MW ),
|
|
|
|
|
$endtime - $starttime,
|
|
|
|
|
wfGetIP(),
|
2009-08-27 22:09:28 +00:00
|
|
|
$_SERVER['HTTP_USER_AGENT']
|
|
|
|
|
);
|
|
|
|
|
$items[] = $wgRequest->wasPosted() ? 'POST' : 'GET';
|
|
|
|
|
if ( $processor->getModule()->mustBePosted() ) {
|
|
|
|
|
$items[] = "action=" . $wgRequest->getVal( 'action' );
|
|
|
|
|
} else {
|
|
|
|
|
$items[] = wfArrayToCGI( $wgRequest->getValues() );
|
|
|
|
|
}
|
|
|
|
|
wfErrorLog( implode( ',', $items ) . "\n", $wgAPIRequestLog );
|
2009-08-27 17:07:23 +00:00
|
|
|
wfDebug( "Logged API request to $wgAPIRequestLog\n" );
|
|
|
|
|
}
|
|
|
|
|
|
2008-05-17 04:26:26 +00:00
|
|
|
// Shut down the database
|
|
|
|
|
wfGetLBFactory()->shutdown();
|
|
|
|
|
|
