Added/removed spaces around logical/arithmetic operator
Reduced multiple empty lines to one empty line
Removed wrong tabs before comments at end of line
Removed too many spaces in assigments
Change-Id: I2bba4e72f9b5f88c53324d7b70e6042f1aad8f6b
If a file upload is not formatted correctly for PHP to recognize it as a
file upload rather than a regular field, the API will wind up trying to
load the file contents as a text field. Since these file contents are
often a large binary file, this will tend to run out of memory trying to
apply Unicode normalization.
To prevent this and to allow for a helpful error message, mark
parameters that are supposed to be file uploads.
Bug: 44909
Change-Id: Ia4586953e2ad2d72d08852689e060e39e7920d50
Greatly simplifies query result iteration by the clients
by providing a mechanism to track sub-iterations (props in generated set)
Assuming the client has the param=>value dictionary with the original request
parameters, client will only need to perform this operation in their language
to get all results from the server regardless of what query they make.
$request = array_merge( $request, $result['continue'] );
Related changes:
* Moved dieContinueUsageIf() from ApiQueryBase to ApiBase
* Internal calls will also return unused param warnings
* Reworked query unit tests for easier testing
Change-Id: Ieb45241fc6db2109f1d92fa3381165ec30701b63
See bug 44341 for action=parse, but the problem with interwiki
processing can also be happen in other modules.
This gives clearer error message on some modules
For example action=move:
Bad title "*title*"
instead of:
Unknown error: "immobile-target-namespace-iw"
Change-Id: I86524533dfd778a169b39968999918a1f531efeb
* Both the warnings and query-continue elements will now be shown
at the top of the result, making it easier for debugging and learning.
* Added int $flags parameter instead of bool $overwrite for addValue()
and setElement(). Supported flags are OVERRIDE - overrides existing value,
same meaning as true (which will continue to work), and ADD_ON_TOP which
ensures that if the value being added does not exist, it will be placed
as the first element in the parent array.
* Optimized ApiBase::setWarning to no longer use regex (faster)
* Optimized ApiResult::addValue() for a bit more efficiency
* Added ApiResult::addAsFirstElement() that inserts a named value into
the array at the top
Change-Id: I0fa2697e1eaa4947d01527bb3ad555e1051f6be4
* PageSet can now be used in any action to process titles/pageids/revids
or any generator, redirects resolution, and converttitle functionality.
* action=purge proper usage of MustBePosted()
* Add supports for all pageset capabilities - generators, redirects, converttitles to
action=purge and action=setnotificationtimestamp
* BREAKING CHANGE: ApiPageSet constructor now has two params instead of three, with only the
first one keeping its meaning. ApiPageSet is now derived from ApiBase.
* BREAKING CHANGE: ApiQuery::newGenerator() and executeGeneratorModule() were deleted.
Change-Id: I7a3d7b6eb015d21ec1a9b9d9c6af9d97663f3f9a
This is a non-versioned part of the larger patch #41014https://gerrit.wikimedia.org/r/#/c/41014
It will allow help subsystem optimization (merging paraminfo and help),
path towards per-module or per-system versioning, removal of the
manually maintained generator lists.
Changes:
* ApiModuleManager now handles all submodules (actions,props,lists) and instantiation
* ApiModuleManager maintains a cache of all instantiated modules
* Query stores prop/list/meta as submodules
* action=help suports generalized submodules (modules=query+value), querymodules obsolete
Change-Id: Ie2dee41e44a29cd5d5935eeaa5240b708d95a8f0
Intentionally introduce a big security hole for debugging only.
Just like $wgShowDebug, $wgShowExceptionDetails, and $wgShowSQLErrors,
that introduce security vulnarabilities for debugging purposes,
this flag allows developers to remove some security checks in their
LocalSettings.php. This is a much safer approach than temporarily
changing production code to ignore certain conditions and later
forgetting to remove those changes before commiting the code.
Whenever enabled, a warning will allways be added to all output.
Change-Id: Ideb271dc1c9087f0843da03d024d70cc2cd776ae
API was using SVN's version keyword which GIT does not support.
All related methods were either removed, or for those that
could have been used from extensions, emptied out.
api.php?version now shows unrecognized param warning.
Change-Id: I910ca1448ed2ed697ac19b17c486d130aa1d7e03
wfTimestamp returns false on failure.
Renamed variable to output original input on failure and not the false
Change-Id: I39d31f35dae88b8a6e50ebee76a3be8722603ef3
During incident response, it was not possible to tell what API modules
were being requested and by whom, since the action parameter is often
posted. This change logs the API parameters whether they are posted or
sent in the query string.
I did try to get the API parameters from the module, but that turns out
to be difficult. Modules create submodules (generators, page sets) as
local variables, which are created in a procedural style and destroyed
before logging is done, so there is no easy way to query them for
parameter lists after execution completes.
In ApiOptionsTest, use a real ApiMain object like all the other API test
cases, rather than a mock object. Otherwise the test fails.
Change-Id: Idc786007fe61811d1874f29b5ce4762dd97b1847
Adding a "root page" input to Special:Import, which is used as prefix
before each imported page. With this option, it is possible to import
pages as subpage of a user or a project page.
On de.wp the import is often done into a low used namespace (100 or 101)
and than moved to the user space. Doing this in one step, makes things
easier.
Change-Id: Id5dbf742295a1bbddd8cb6eaa09fb28051f26613
Doxygen choke on text enclosed by '<' and '>' since it tries to
interpret them as HTML or XML elements. This patch adds double quotes
in includes/api/*.php files around the two following strings:
<Firstname>.<Lastname>@gmail.com
<Firstname><Lastname>@gmail.com
Which becomes:
"<Firstname>.<Lastname>@gmail.com"
"<Firstname><Lastname>@gmail.com"
Tested locally, it prevents doxygen 1.8.0 related warnings.
Change-Id: I36d82eb3fd4989ee3ffc65b0b527b83711d1ba69
When inserting XML elements inline <such as this one>, doxygen chokes
about it not being known. Simply enclosing the tag in double quotes
prevents doxygen from emitting a warning.
Also enclosed a few invalid functions calls such as \. and double quoted
the HTML entities such as &foobar;
Change-Id: I4019637145e683c2bec3d17b2fd98b0c50a932f1
* The problem is that Title::userIsWatching() relies on $wgUser,
which is not suitable on every case. Instead User::isWatched()
requires both an User and a Title object.
* Replaced all core calls from the former to the latter
* Added a cache in User for the WatchedItem instances so we do not
need to do a database request every time something want to know
whether a page is watched or not, which can happen several times
per request.
Change-Id: Ifa9c55b7ffb487ce6893c74df233eedc7654dc5e
Added information about the properties of the results of API calls
to action=paraminfo, including information about "property groups":
what should the prop parameter be set to to get that property.
Uses the same format for types as parameters already do.
The output format of some modules doesn't fit this, so the result
properties for them weren't added, or only partially.
Partially implemented modules:
* expandtemplates:
parsetree is in its own tag
* protect, allusers, backlinks, deletedrevs, info, imageinfo,
logevents, querypage, recentchanges, revisions, searchinfo,
usercontribs, userinfo, users, watchlist, upload:
response with partially complex structure
Not implemented modules:
* feedcontributions, feedwatchlist, opensearch, rds:
non-standard reponse
* help:
error is normal response; not very useful for automated tools anyway
* paraminfo, parse, pageprops, siteinfo, userrights:
response with complex structure
Change-Id: Iff2a9bef79f994e73eef3062b4dd5461bff968ab
I know there's no second parameter to WikiPage::newFromID(), but this will change soon.
This follows-up I098dd36619fff3610be6894037220d3472b809d5.
Change-Id: Ic28b7e05db51e55a5f49fed70c042ba11e4d97fe
per pageid
Move the possibles errors set by ApiBase::getTitleOrPageId to
ApiBase::getTitleOrPageIdErrorMessages and remove it from used modules
Change-Id: If037e04665d2524c1f2476bc7996d9573753a4b8
Original bug description: Limit of bkusers of list=blocks and titles of
action=query is not documented in API help
For that params no PARAM_TYPE was set, determine the type with the same
code as in r85758 (action=paraminfo) and its modification in r86917
Move the adding of that text out of the else, than the doc is also
added to params with more than 50 default values
(which looks to be intend of that piece of code).
Change-Id: I3fa59d2a7ae688da79dab57dc0576a69f786cca5
Now formatted in the autogenerated documentation
Format for paraminfo adds a description attribute to output
query allimages descriptions are tranformed, need to do/add to other ones
* Create the WikiPage object directly in execute() and pass it to both delete() and deleteFile()
* Reordered parameters of delete() and deleteFile() to be consistent and take both on the WikiPage and User objects (instead of relying on $wgUser); no callers outside of this class
* Fixed deleteFile() to match the behaviour of FileDeleteForm with oldimage parameter
* Pass the User object to getPermissionsError()
* Factorised duplicated code
* Added missing error code to ApiBase (and also a new one)
* Added missing possible error codes (with a new one too)
* Make tests work again
* Added ApiTestCase::doApiRequest() and related to pass it to the context and removed override of $wgUser where possible
* Fix ApiLogin to get the correct User object (i.e. the logged in one)
* Fix ApiBase to feed a RequestContext to setContext() so that ApiLogin can call setUser()
Start of this bug, fleshed out base code implemented, plus a few key modules (will finish rest up soon)
Tweaked/improved/updated some documentation as I went through also
* (bug 27655) Require token for watching/unwatching pages
* Previously done for API (bug 29070) in r88522
* As with markpatrolled, the tokens are not compatible and made that way on purpose. The API requires the POST method and uses a universal token per-session. Since the front-end is all GET based (also per convention like in markpatrolled and rollback) they are stronger salted (title / action specific)
* ajax.watch used the API already and was switched in r88554.
* The actual watching/unwatching code was moved from WatchAction->onView to WatchAction::doWatch. This was done to allow the API to do the action without needing to generate a token like the front-end needs (or having to duplicate code). It is now similar to RecentChange::markPatrolled (in that it also a "central" function that does not care about tokens, it's called after the token-handling)
* JavaScript / Gadgets that utilize action=watch in their scripts:
** Effects should be minimal as they should be using the API (see r88522 and wikitech-l)
** If they use index.php and scrap the link from the page, they can continue to do so.
* There are links to the watch action all over the place. I've tried to catch most of them, but there may be some I miss. Migration in most cases is just a matter of adding an array item to the $query for:
'token' => WatchAction::getWatchToken( $title, $user [, $action] )
or changing:
Action::factory( 'watch', $article )->execute();
to:
WatchAction::doWatch( $title, $user );
While replacing the usages in some cases an instance of Article() no longer had to be created, in others $wgUser had to be retrieved from global (which was implied before but needs to be given directly now)
Other notes:
* Article->unwatch() and Article->watch(), which were deprecated as of 1.18 and are no longer used in core, may be broken in scenarios where the Request does not have a 'token' but is making a call to $article->watch()
* Some extensions need to be fixed, I'm currently running a grep search and will fix them a.s.a.p
[1] http://www.mediawiki.org/wiki/ResourceLoader/Default_modules?mw.user#tokens
* Replaced wfProfileClose() and wfGetProfilingOutput() by direct calls to the Profiler instance and removed them, no uses in extensions
* Also removed useless params from Profiler::getOutput() call in wfLogProfilingData()
* Only generate profiling output if it'll be used; introduced Profiler::logData() that saves profiling data (database, udp, ...) to separate it from output generation
* Removed unused Profiler::getCaller(), not used at all, and we have wfGetCaller() that does the same thing
* Actions come in two flavours: the show-a-form-then-do-something-with-the-result (delete, protect, edit, etc) and the just-do-something (watch, rollback, patrol, etc). Create abstract base classes Action and FormlessAction to support these two cases. HTMLForm is an integral part of the form-based structure.
* Look mum, no globals! :D Fully context-based.
* Implement watch/unwatch, credits and delete actions in the new system as proof-of-concept. This also gives the delete frontend a much-needed overhaul.
* Stub out the newly-deprecated functions from Article.php. This already reduces its linecount by about 15%, and there are plenty more actions still to do.
* Centralising actions like this is going to render a lot of hooks type-incompatible. There's simply nowhere you can put the ArticleConfirmDelete hook, for instance, where it can be passed an OutputPage as the second parameter. On the other hand, we can implement new hooks like ActionModifyFormFields and ActionBeforeFormDisplay, which can do much prettier stuff to the forms, like adding extra fields the 'right' way. Update LiquidThreads to use these new hooks where appropriate.
Well, the more sane way, is just treat them seperately, than having to do $value = $value[0];, based on whether it was an array already
Cheers to Siebrand (was already poking it myself :))
Move code into getParameterFromSettings, most of the flesh is there anyway (it checks isset( $value ) ), so we can use the else to check if it's required
A followup could be to whinge if '' is returned for a string
use self consistently
Fold in duplicate loop
missingparam can be done during attempt to set ParamCache, we might aswell give up and not finish populating the param cache if we're gonna die from a missing param
* Introduced a "cache mode" concept to simplify the header generation code, and to avoid odd results when conflicting cache header requests are received from submodules, or at least to formalise the handling of such cases.
* Made the cache mode private by default, so that code written in ignorance of caching tends to be safe. If different query modules are used in a single request, private caching is preferred over public caching.
* Removed the "must-revalidate" option from all CC headers, this is really specific to page views with a hacked squid in front, I don't think it's applicable here.
* Made the watchlist module private. This is really the definition of private data. There's nothing in the HTTP spec that says the URL for a CC:public request is private and can't be leaked. CC:private provides protection against unknown proxy behaviour.
* In ApiQueryAllmessages: avoid calling $wgLang->getCode() to check if it's necessary to make a new $wgLang when lang= is specified, since this is the only thing that unstubs $wgUser.
* Removed "FIXME: should this check $user instead of $wgUser?" Answer is no.
* Define variable for ApiUserrights.php that wasn't defined before.
* Add convertVerifyErrorToStatus and getVerificationErrorCode to
UploadBase to translate error consts since UploadFromUrl will
need a message to display to end-users.
* refactor mime-checking out of UploadBase::verifyFile into
UploadBase::verifyMimeType
* Make UploadBase::verifyFile always return arrays for errors
* Use HttpFunctions instead of custom curl handler for async downloading
* TODO: Need a way to feed errors back to the requestor
* TODO: Need to add watchlist param handling and warnings checks.
Again partial fix to bug 23167
Bugfix watch on creation (edit and upload), in current form, setting unwatch, or nochange would follow watchcreation, which wasn't requested
* Refactoring ApiUpload & UploadBase to make it easier to extend & read.
* Use a class constant for the upload session key instead of a hard-coded-across-several-files value.
* Add UploadBase::appendToUploadFile() method to enable protocols that do incremental upload.
Deprecate old watch/unwatch parameters
Move generic watchlist stuff to ApiBase/getWatchlistValue (maybe needs renaming better?)
Tweak some braces in ApiEditPage
* Fix up messages
* For new FileRepo::append(), use flags to determine whether to delete or not
* Add more error checking for appending
* Fix a couple of places in Revision.php and LogPage.php where DB errors were produced when comment was null
* Remove bogus checking for !$comment, etc on the DONE phase of chunked uploading
* Don't pretend to return a value when raising an exception
* Add more tests for chunked uploads
* Verify that Status::getErrorsArray() (at least where it is used in ApiUpload::execute()) returns an array that we can pass to dieUsageMessage()
* Ensure that checkWarnings(), etc work only on the complete file
Move token requringness check to the ApiMain
Adding an exception if we're using "gettoken" (block/unblock)
Remove array( 'missingparam', 'token' ), from the getPossibleErrors of modules that set requireToken method to true
Base has empty array() returning method, ApiBlock has implementation of possibleErrors from code above (possibly not complete)
Can be finished incrementally, so serves as a review point for Roan
"I wouldn't object to stylizing the API code to bring it in line with
the rest of MW on principle, but I'm not gonna bother myself." --Roan
<http://www.mediawiki.org/wiki/Special:Code/MediaWiki/60657#c5108>
If you're seeing this commit in blames, tell your blame tool to ignore
whitespace, e.g., git blame -w or svn blame -x -w.
* hide some user settings if user is not allowed to send e-mail, but can receive e-mail
* update API 'cannot send e-mail' message
* FIXME: gives 'mailnologin'/'mailnologintext' as error. Error handling should be made more fine grained
Here is a short overview of changes and associated default configuration variables (most everything is off by default) also see ~soon to be updated~: http://www.mediawiki.org/wiki/Media_Projects_Overview
= Upload Improvements =
==Upload API ==
* Based on the early work of Bryan Tong and others it adds the upload option to the api.
* We rewrite Special:Upload page to include use the new refactoring
* Added in token checks in both the SpecialUpload.php page so avoids DOS / xss copy-by-url JavaScript based cross site POST file submissions
== Copy by URL==
$wgAllowCopyUploads = false;
* http class rewrite includes a new http background download see: includes/HttpFunctions.php
* spins off a php process that calls: maintenance/http_session_download.php
* pushes updates to the session and gives the user a progress bar on http copy uploads from other server progress (using js2 upload interface) (if not using the js2 upload interface it does the request in-place but the download is limited to the php ini timeout time)
== Firefogg ==
* Firefogg enables resumable upload by chunks
* progress indicators and conditional invokation (js2 system)
* and of-course client side transcoding.
= Script Server =
$wgEnableScriptLoader = false;
* off by default if $wgEnableScriptLoader is turned on script files are grouped, gziped, cached etc.
for more info see: http://www.mediawiki.org/wiki/Extension:ScriptLoader
* Includes some early skin js include fixes (skin/script system still lots of love)
* Includes a "javascript class autoloader" this is packaged into mwEmbed so that the mwEmbed library can work in stand alone mode (while retaining localization and script serving) (one such application is the make page for firefogg.org : http://www.firefogg.org/make/index.html )
* The file that contains the autojavascript loading classes is: js2/php/jsAutoloadLocalClasses.php
* One can use this auto class loading dependency system with extensions and add-ons but I need to better document that.
= js2 system / mwEmbed=
$wgEnableJS2system = false
* includes initial rewrite towards more jquery based javascript code
* especially for the Special:Upload page.
* Also the edit page include support for the "add-media-wizard"
* includes dependency loader for javascript that optionally takes advantage of the script-loader
* remote embedding of javascript interfaces (like embedding video, or commons media searching)
* $wgDebugJavaScript = false; .. .this variable lets you always get "always fresh javascript". When used with the script-loader it does not minify the script-loader output.
= mwEmbed =
* Will commit a separate patch to oggHandler that conditionally outputs <video tag> to use the new javascript video player.
** mv_embed player includes: play-head, volume control, remote embedding, oggz-chop support across plugins.
* add-media-wizard adds easy inserts of media to pages (with import)
== jQuery==
* we include a base install of jQuery, jQuery ui and some plugins.
* all the javascript classes are in the scriptloader so its easy to load any set of jquery ui components that you may need using the script-server. You get a callback so you can then execute js with dependencies loaded.
== other stuff ==
there is a bit more code in js2 that pertains to sequence editing, timed text display and basic image editing. We include a base import of pixastic-lib & pixastic-editor... will work with the pixastic developer to try and ensure upstream compatibility on our usage of the library for in-browser photo and sequence manipulation.
* Instead of hiding read-restricted modules, throw an error when a user without read rights tries to use them
* Do the same for write modules when $wgEnableWriteAPI is false
* Indicate whether a module needs read or write rights in action=help and action=paraminfo
* BREAKING CHANGE: action=purge now requires write rights and, for anonymous users, a POST request
* Add $wgAPIMaxUncachedDiffs (default 1) which controls how many non-cached diffs will be served per request
* Tweak DifferenceEngine.php a bit to make cache status accessible, and remove a useless 'parseinline' which broke diff generation in the API
* Added Title::moveSubpages() as a backend function
** Didn't update SpecialMovepage to use this; left to braver souls
* Fix handling of errors on talk page move (will backport)
* This means queries could possibly return fewer results than the limit and still set a query-continue
* Add iicontinue, rvcontinue, cicontinue, incontinue, amfrom to faciliate query-continue for these modules
* Implemented by blocking additions to the ApiResult object if they would make it too large
** Important things like query-continue values and warnings are exempt from this check
** RSS feeds and exported XML are also exempted (size-checking them would be too messy)
** Result size is checked against $wgAPIMaxResultSize, which defaults to 8 MB
For those who really care, per-file details follow:
ApiResult.php:
* Introduced ApiResult::$mSize which keeps track of the result size.
* Introduced ApiResult::size() which calculates an array's size
(which is the sum of the strlen()s of its elements).
* ApiResult::addValue() now checks that the result size stays below
$wgAPIMaxResultSize. If the item won't fit, it won't be added and addValue()
will return false. Callers should check the return value and set a
query-continue if it's false.
* Closed the back door that is ApiResult::getData(): callers can't manipulate
the data array directly anymore so they can't bypass the result size limit.
* Added ApiResult::setIndexedTagName_internal() which will call
setIndexedTagName() on an array already in the result. This is needed for the
'new' order of adding results, which means addValue()ing one result at a time
until you hit the limit or run out, then calling this function to set the tag
name.
* Added ApiResult::disableSizeCheck() and enableSizeCheck() which disable and
enable size checking in addValue(). This is used for stuff like query-continue
elements and warnings which shouldn't count towards the result size.
* Added ApiResult::unsetValue() which removes an element from the result and
decreases $mSize.
ApiBase.php:
* Like ApiResult::getData(), ApiBase::getResultData() no longer returns a
reference.
* Use ApiResult::disableSizeCheck() in ApiBase::setWarning()
ApiQueryBase.php:
* Added ApiQueryBase::addPageSubItem(), which adds page subitems one item
at a time.
* addPageSubItem() and addPageSubItems() now return whether the subitem
fit in the result.
* Use ApiResult::disableSizeCheck() in setContinueEnumParameter()
ApiMain.php:
* Use ApiResult::disableSizeCheck() in ApiMain::substituteResultWithError()
* Use getParameter() rather than $mRequest to obtain requestid
DefaultSettings.php:
* Added $wgAPIMaxResultSize, with a default value of 8 MB
ApiQuery*.php:
* Added results one at a time, and set a query-continue if the result is full.
ApiQueryLangLinks.php and friends:
* Migrated from addPageSubItems() to addPageSubItem(). This eliminates the
need for $lastId.
ApiQueryAllLinks.php, ApiQueryWatchlist.php, ApiQueryAllimages.php, ApiQuerySearch.php:
* Renamed $data to something more appropriate ($pageids, $ids or $titles)
ApiQuerySiteinfo.php:
* Abuse siprop as a query-continue parameter and set it to all props that
couldn't be processed.
ApiQueryRandom.php:
* Doesn't do continuations, because the result is supposed to be random.
* Be smart enough to not run the second query if the results of the first
didn't fit.
ApiQueryImageInfo.php, ApiQueryRevisions.php, ApiQueryCategoryInfo.php, ApiQueryInfo.php:
* Added continue parameter which basically skips the first so many items
ApiQueryBacklinks.php:
* Throw the result in a big array first and addValue() that one element at a time if necessary
** This is necessary because the results aren't retrieved in order
* Introduced $this->pageMap to map namespace and title to page ID
* Rewritten extractRowInfo() and extractRedirRowInfo() a little
* Declared all private member variables explicitly
ApiQueryDeletedrevs.php:
* Use a pagemap just like in Backlinks
* Introduce fake page IDs and keep track of them so we know where to add what
** This doesn't change the output format, because the fake page IDs start at 0 and are consecutive
ApiQueryAllmessages.php:
* Add amfrom to facilitate query-continue
ApiQueryUsers.php:
* Rewrite: put the getOtherUsersInfo() code in execute()
* Move undo text generation from EditPage::getContent() to Article::getUndoText()
* Add some more examples for action=edit
* ApiEditPage.php: don't mix !is_null() and isset(), be consistent
