Fix regression from r37046: tokens should not be supplied when in JSON callback mode. Also remove ApiQueryBase::getTokenFlag() which is now obsolete.

includes/api/ApiQueryBase.php

@@ -343,31 +343,6 @@ abstract class ApiQueryBase extends ApiBase {
 		return $t->getPrefixedText();
 	}
 
-	/**
-	 * Check whether the current user requested a certain token and 
-	 * is actually allowed to request it.
-	 * @param array $tokenArr Array of tokens the user requested
-	 * @param string $action Action to check for
-	 * @return bool true if the user requested the token and is allowed to, false otherwise
-	 */
-	public function getTokenFlag($tokenArr, $action) {
-		if ($this->getMain()->getRequest()->getVal('callback') !== null) {
-			// Don't do any session-specific data.
-			return false;
-		}
-		if (in_array($action, $tokenArr)) {
-			global $wgUser;
-			if ($wgUser->isAllowed($action))
-				return true;
-			else
-			{
-				$this->setWarning("Action '$action' is not allowed for the current user");
-				return false;
-			}
-		}
-		return false;
-	}
-
 	/**
 	 * Get version string for use in the API help output
 	 * @return string

includes/api/ApiQueryInfo.php

@@ -58,6 +58,10 @@ class ApiQueryInfo extends ApiQueryBase {
 		if(isset($this->tokenFunctions))
 			return $this->tokenFunctions;
 
+		// If we're in JSON callback mode, no tokens can be obtained
+		if(!is_null($this->getMain()->getRequest()->getVal('callback')))
+			return array();
+
 		$this->tokenFunctions = array(
 			'edit' => 'ApiQueryInfo::getEditToken',
 			'delete' => 'ApiQueryInfo::getDeleteToken',

includes/api/ApiQueryRevisions.php

@@ -52,6 +52,11 @@ class ApiQueryRevisions extends ApiQueryBase {
 		// Don't call the hooks twice
 		if(isset($this->tokenFunctions))
 			return $this->tokenFunctions;
+
+		// If we're in JSON callback mode, no tokens can be obtained
+		if(!is_null($this->getMain()->getRequest()->getVal('callback')))
+			return array();
+
 		$this->tokenFunctions = array(
 			'rollback' => 'ApiQueryRevisions::getRollbackToken'
 		);