During incident response, it was not possible to tell what API modules
were being requested and by whom, since the action parameter is often
posted. This change logs the API parameters whether they are posted or
sent in the query string.
I did try to get the API parameters from the module, but that turns out
to be difficult. Modules create submodules (generators, page sets) as
local variables, which are created in a procedural style and destroyed
before logging is done, so there is no easy way to query them for
parameter lists after execution completes.
In ApiOptionsTest, use a real ApiMain object like all the other API test
cases, rather than a mock object. Otherwise the test fails.
Change-Id: Idc786007fe61811d1874f29b5ce4762dd97b1847
There was a recentchanges row on enwiki whose rc_params looked like
array('4::tags'=>array('db-g11')), and the tag name wasn't set
recursively so the inner array didn't get a tag name.
This still generates invalid XML of course, because <4::tags> isn't a
valid tag, but at least it doesn't fatal any more. RAWR XML GRUMBLE
Change-Id: Ibb775df4bd010bdce5632914f789230d8626c9e7
Added new hook in ApiMain::checkCanExecute
so that extensions can authenticate and
authorize API clients before the module is
execute. (Necessary for extensions like
OAuth that externally authnz clients.)
Change-Id: I1b059fd9a4aa717928af8b09f5edebe899ab3ce1
Signed-off-by: Tyler Romeo <tylerromeo@gmail.com>
This patch marks the regex matching url protocol as being case
insensitive. We will from now render links like [HTTP://ww].
Tests added.
Change-Id: I706acb7a0ae194b50d2318763beae4e5e83671f3
- This is needed to for I90965346 ((bug 37453) Move
$wgDisable(Lang|Title)Conversion to ParserOptions)
because that change sets an option based on the Title,
and I don't want to duplicate that to all ParserOptions
that need it.
- Refactored ApiParse to have a WikiPage object available
and changed some part to take advantage of having this
object available. Also used ApiBase::getTitleOrPageId()
to reduce code duplication.
Change-Id: Iec98e472af9c43d940f77261367a796b0d7b4b54
Doing this in steps of roughly 100 changes per commit, so that it remains
reviewable. This should be the one but last change set with the "easy"
ones for core.
Change-Id: If894a92dd65b2f5f4f096b9133685eb3b067a1d8
When under the same name on the repo a file exist, with the same hash,
prop=duplicatefiles does not list this file.
Checking also isLocal, when looking for the file itself helps.
Adding also a shared='' to indicate, that the duplicate with same name
is not the file itself.
Follow up I745cae7a
Change-Id: I4e613cb6d592521befe8bc876e251a89b3fa3047
By default, set the x-frame-options header for api result pages
to 'DENY'. This is to prevent an attacker from iframing an api
page that includes tokens and stealing them from a user, for example
with a fake captcha prompt.
The global $wgApiFrameOptions is used for the value, or can be set
to false to disable setting the header.
Change-Id: I498f874d7f6c180ec4f3abfc81f773c0fa0f421d
This introduce the syntax from aliased table names for aliased field
names into the abstract database layer:
array( 'alias' => 'field' ) gives 'field AS alias'
This patch also includes changes to query pages, api and some more
places to show, how the new syntax looks in "production".
This allow us to remove the "AS" for Non-PostgreSQL databases, if we
want that.
Change-Id: I5f0de1c2f29092c173aec3de93ffdef436799e8d
Adding a "root page" input to Special:Import, which is used as prefix
before each imported page. With this option, it is possible to import
pages as subpage of a user or a project page.
On de.wp the import is often done into a low used namespace (100 or 101)
and than moved to the user space. Doing this in one step, makes things
easier.
Change-Id: Id5dbf742295a1bbddd8cb6eaa09fb28051f26613
Full message:
Notice: Undefined property: stdClass::$hitcount in
..\includes\api\ApiQueryTags.php on line 76
Change-Id: I773e0a5f70ee025033899d6950336dff0829e09b
makeHelpMsgHelper made a list of "allowed generators" at the same
time as generating stuff that was used to build the api help docs.
Change-Id: Idcc0b19ff62ab8da95c09c75a5222d3116ed0dc5
The API action=upload returns a generic error message when one or more
of the file extensions are blacklisted. It should return a more
informative message, and also return the list of blacklisted extensions
in a machine-readable format.
This changeset introduces a new message,
"api-error-filetype-banned-type", which is to
"api-error-filetype-banned" what "filetype-banned-type" is to
"filetype-banned". As a starting point, I've copied (with minor changes)
the existing filetype-banned-type message to
api-error-filetype-banned-type for all languages for which both
api-error-filetype-banned and filetype-banned-type are currently given.
This changeset also incidentally fixes an internal server error with
format=xml when the filetype-banned error is returned by the API.
Change-Id: I6b0c58fbc5b19aa55286c56fa7da2195ea683ae0
Functions called unnecesserily, as their return values aren't used
or even cached.
Removing them to reduce the pointless overhead of calling them
Change-Id: I0d8ddab9492ea79d5de4118944e77ac774275506
