action=block/action=unblock can not have the token required because when
using the gettoken param, the token param can not set.
Change-Id: I15317f16c06f150d29c1b17de76f41a6cfa84820
Some special pages are conditionally registered (e.g.
Special:Popularpages only exists when $wgDisableCounters is false), or
sometimes an alias exists for a special page that does not. The API
should probably not return entries for these from
meta=siteinfo&siprop=specialpagealiases.
This also fixes bug 38464 correctly, rather than blindly reverting.
Change-Id: Ic021a47754ea7a1574e818dad47151ab6698e06f
This reverts commit 4b9bd6a4db.
This change made allcategories less useful,
because it means it's impossible to list empty categories
(previously, acmax=0 did that).
To exclude empty categories, acmin=1 can be used.
Change-Id: I7943507c4cb7d752f82caa69ce3edb0b31ca9463
API continuation parameters encode sufficient state for a subsequent
query to continue where the previous one left off; this may sometimes
include page titles, with or without the namespace. Given that these
page titles are already in the exact format required for the next
request's SQL query, it is not necessary to "normalize" them in any way.
And if normalization does more than just change spaces to underscores or
vice versa (e.g. it canonicalizes namespace aliases or capitalizes the
first letter of the title), it can be actively harmful: see bug 36987
and bug 29290.
Note this patch involves a breaking API change: the values for the
"continue" parameter of various modules have been changed, and some
modules will now return "continue" as the continuation parameter instead
of reusing "from".
Note this patch also corrects a minor logic bug in ApiQueryAllLinks,
changing ">" to ">=". The line is being changed anyway, so I didn't
bother doing a separate changeset.
Change-Id: I459232e919d20f89f6de9d20640fd48c8fd5781c
Doxygen choke on text enclosed by '<' and '>' since it tries to
interpret them as HTML or XML elements. This patch adds double quotes
in includes/api/*.php files around the two following strings:
<Firstname>.<Lastname>@gmail.com
<Firstname><Lastname>@gmail.com
Which becomes:
"<Firstname>.<Lastname>@gmail.com"
"<Firstname><Lastname>@gmail.com"
Tested locally, it prevents doxygen 1.8.0 related warnings.
Change-Id: I36d82eb3fd4989ee3ffc65b0b527b83711d1ba69
* Added MediaTransformOutput::getExtension() function and use it instead.
* Also fixed getScriptedTransform() to not pass the page as the path parameter.
Change-Id: I6c530aa155d62a6bfd5727c6f3d104fe91453745
Fatal error: Call to undefined method ApiDelete::getErrorsArray() in /usr/local/apache/common-local/php-1.20wmf7/includes/api/ApiDelete.php on line 65
Caused by https://gerrit.wikimedia.org/r/#/c/7572/
Change-Id: Ib86fab94667ed50d172eb7ea3e82c99ecb3e52b0
A thumb is only generated when prop=url and a urlwidth is given. Adding
a hint to param description.
list=allpages does not have a urlwidth param and therefor cannot get the
thumbmime, adding thumbmime to the filter list to remove it from output
Change-Id: Ic1dbdb9b07f6325756058d6a0aa6ea148499fdfb
When inserting XML elements inline <such as this one>, doxygen chokes
about it not being known. Simply enclosing the tag in double quotes
prevents doxygen from emitting a warning.
Also enclosed a few invalid functions calls such as \. and double quoted
the HTML entities such as &foobar;
Change-Id: I4019637145e683c2bec3d17b2fd98b0c50a932f1
* Moving setting of empty string to param description.
* Removing word "(optional)" from comment/reason param, because all not
required params are optional.
* Correct description of action=rollback for default comment.
Change-Id: Ifa5b60a7b55b216c43049cd81cb584b2e0518eed
\includes\api\ApiPageSet.php on line 111
This came when using action=query&redirects, because ApiQueryInfo was
requesting page_is_redirect unconditionally, but that field is sorted
out, when using resolve redirects
Change-Id: Ifde9c5d8cbbb8775151829ae8c07e3ed5d76868a
Recent changes I6e388e75 and Ia6415b39 introduced
new result properties, but didn't update getResultProperties().
This patch corrects that.
Change-Id: I18d088d76a48ec0d70408a8ac27a9af716839b61
The sizediff parameter introduced in I6e388e75 requires
the rev_len field, but it wasn't added to the condition
for that field.
This means prop=size|sizediff worked, but prop=sizediff
alone didn't. This patch fixes that.
Change-Id: Ib15814d809398ca3d4633149af0ce62489d8adaa
In "all" mode (mode #3 in the module's documentation), the drdir
parameter is treated by the result ordering as if it were always
drdir=newer; drcontinue, on the other hand, always tries to honor drdir
correctly, leading to the drcontinue not actually working unless drdir
is specifically given.
This fixes that.
Change-Id: Icf6982d0ba55490b7a7ae3a1ee6c94c40f1c3c64
Some special pages are conditionally registered (e.g.
Special:Popularpages only exists when $wgDisableCounters is false), or
sometimes an alias exists for a special page that does not. The API
should probably not return entries for these from
meta=siteinfo&siprop=specialpagealiases.
Change-Id: I59eb82eae45fb47c6a769195cc1bd28711b4fcac
Tim's concerns (listed at
https://bugzilla.wikimedia.org/show_bug.cgi?id=20814#c6) were:
* Lack of Vary: Origin breaks Squid caching
* Vary: Origin on everything would be disastrous, so add an origin param
* Origin header is space-separated list, wasn't treated as such
This commit:
* Remove CORS code from api.php and reimplement it in ApiMain.php
* Add 'origin' parameter to ApiMain
* If 'origin' parameter doesn't match Origin header, send a 403
* If origin is whitelisted, set CORS headers and set Vary: Origin
* Add https?:// to wildcard matching logic, wasn't there but is needed
CORS now works :) you can test it locally as follows:
Set $wgCrossSiteAJAXdomains[] = '*.wikipedia.org';
Log into MediaWiki on localhost
Go to Wikipedia, open a JS console, and run:
$.ajax( {
'url': 'http://localhost/w/api.php',
'data': {
'action': 'query',
'meta': 'userinfo',
'format': 'json',
'origin': 'https://en.wikipedia.org'
// or whichever domain you're on; must be correct!
},
'xhrFields': {
'withCredentials': true
},
'success': function( data ) {
alert( 'Foreign user ' + data.query.userinfo.name +
' (ID ' + data.query.userinfo.id + ')' );
}
} );
Change-Id: I725ce176866d7c81dd9ad6d7bc4a86b7160f2458
Using OutputPage for this rather than something like WebResponse
probably isn't optimal, but it's a lot nicer than the mess we had
before.
Change-Id: I9dce06d3eb69dd7952eafc6c94ead2ad5ad88792
To know whether something like {{foo}} is a template, variable, or
function, you have to first check if it's a magic word, and then look up
the magic word ID in the list of variables and the list of function
hooks. The API already can return the list of known magic word mappings
(siprop=magicwords) and function hooks (siprop=functionhooks), this
completes the set by allowing siprop=variables.
Change-Id: If13df9c3796ea6815393d847a3c6f70380bba58a
and list=imageusage
Also avoid some filesorts when using redirect param of that modules
due to fields in order by, which are constant in where
Change-Id: I4b1c4282ab3be9cb93601c57d660520456cf8617
* The problem is that Title::userIsWatching() relies on $wgUser,
which is not suitable on every case. Instead User::isWatched()
requires both an User and a Title object.
* Replaced all core calls from the former to the latter
* Added a cache in User for the WatchedItem instances so we do not
need to do a database request every time something want to know
whether a page is watched or not, which can happen several times
per request.
Change-Id: Ifa9c55b7ffb487ce6893c74df233eedc7654dc5e
This patch makes sure, that the links table updated against the
content language. This also enabled the limit report, which than
is also stored in the parser cache along with the html.
Change-Id: I2a0b09d7250813809f1b2a8cba3e4f53a6686002
Previously, logging in several times during a phpunit run would change the
session token, but keep the edit token, leasing to "bad token" failures for
all but the first login.
Change-Id: Iad49c990c5661d55cd907b8441addb74eb0ef694
* Use the API module's own context to check edit tokens.
* Use the global session if none is provided to doApiRequest.
* Fix ApiFlockTest to not pass an empty session, so the tokens from
the global request can be used.
Change-Id: I2bff2390f43beb984b1b451bcf4e41271b2f054f
