Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Send a 405 on unsupported HTTP methods in API

Browse source 
Bug: T209228
Change-Id: I24af3bfea1ff4b37a72ef5e83b12a8f1c59ca497
This commit is contained in:
Shreyas Minocha 2018-11-17 13:17:16 +05:30
parent b20e9ed0b9
commit 2ff7b66e73
No known key found for this signature in database
GPG key ID: 4241DA70163780BD
3 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
includes/api/ApiMain.php
View file

@ -1512,7 +1512,13 @@ class ApiMain extends ApiBase {
* @param array $params An array with the request parameters
*/
protected function setupExternalResponse( $module, $params ) {
$validMethods = [ 'GET', 'HEAD', 'POST', 'OPTIONS' ];
$request = $this->getRequest();
if ( !in_array( $request->getMethod(), $validMethods ) ) {
$this->dieWithError( 'apierror-invalidmethod', null, null, 405 );
}
if ( !$request->wasPosted() && $module->mustBePosted() ) {
// Module requires POST. GET request might still be allowed
// if $wgDebugApi is true, otherwise fail.

1
includes/api/i18n/en.json
View file

@ -1758,6 +1758,7 @@
"apierror-invalidexpiry": "Invalid expiry time \"$1\".",
"apierror-invalid-file-key": "Not a valid file key.",
"apierror-invalidlang": "Invalid language code for parameter <var>$1</var>.",
"apierror-invalidmethod": "Invalid HTTP method. Consider using GET or POST.",
"apierror-invalidoldimage": "The <var>oldimage</var> parameter has an invalid format.",
"apierror-invalidparammix-cannotusewith": "The <kbd>$1</kbd> parameter cannot be used with <kbd>$2</kbd>.",
"apierror-invalidparammix-mustusewith": "The <kbd>$1</kbd> parameter may only be used with <kbd>$2</kbd>.",

1
includes/api/i18n/qqq.json
View file

@ -1646,6 +1646,7 @@
"apierror-invalidexpiry": "{{doc-apierror}}\n\nParameters:\n* $1 - Value provided.",
"apierror-invalid-file-key": "{{doc-apierror}}",
"apierror-invalidlang": "{{doc-apierror}}\n\nParameters:\n* $1 - Parameter name.",
"apierror-invalidmethod": "{{doc-apierror}}\n\nShown when a user tries to access the API using an HTTP method that is not supported",
"apierror-invalidoldimage": "{{doc-apierror}}",
"apierror-invalidparammix-cannotusewith": "{{doc-apierror}}\n\nParameters:\n* $1 - Parameter name or \"parameter=value\" text.\n* $2 - Parameter name or \"parameter=value\" text.",
"apierror-invalidparammix-mustusewith": "{{doc-apierror}}\n\nParameters:\n* $1 - Parameter name or \"parameter=value\" text.\n* $2 - Parameter name or \"parameter=value\" text.",