Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
39948 commits 1 branch 0 tags 744 MiB
Commit graph

90 commits

Author SHA1 Message Date
Daniel Cannon
bfcd95c8e5 (bug 11721) API: Use a different title for results than for the help page. 2007-10-24 19:34:29 +00:00
Brion Vibber
a7c34c4c51 Tweak it up a little more -- also unescape the double-escaped quotes and angle brackets to keep the help message legible, but move unescaping down below the XML metaformatting, so the mail samples don't get misformatted as if they were XML elements. 2007-09-19 14:51:02 +00:00
Brion Vibber
fef3b7b3c3 Tweaks to r25923 for my own peace of mind: 
* De-escape & to & rather than & to & -- guarantees that we won't leave stray &s around producing invalid or freaky output
* Use == instead of = when comparing... :)
 2007-09-19 14:44:50 +00:00
Daniel Cannon
697afaae0f (bug 11296) Introduced special case pretty-printer rendering of the help document, whereby ampersands will not be escaped, which seems to be the only cause ATM of broken links in the help. This is a *temporary* fix while we work on getting a fully-html version of the help complete, but one that should not reintroduce any security vulnerabilities (as the only text that is unescaped is hardcoded into the API). 2007-09-18 22:10:09 +00:00
Brion Vibber
8cde3600cf Reverting r25082: 
Do not restore security vulnerabilities to the codebase after a security release.
Especially don't MAKE THEM WORSE IN THE PROCESS.
 2007-09-13 19:06:54 +00:00
Daniel Cannon
70710a6bb8 (API) Partial revert of r25742. Escaping all html special characters in the output breaks links that have these special characters in them. 2007-09-11 22:47:27 +00:00
Brion Vibber
1346097566 * (bug 11158) Fix escaping in API HTML-formatted JSON 2007-09-10 21:01:40 +00:00
Rob Church
dcd57754d9 * Introduce wfScript() wrapper around script path generation 
* Honour script extension in ApiFormatBase
* Fix up some uses of short open tags, which are discouraged, in ApiFormatBase
 2007-07-06 03:41:04 +00:00
Yuri Astrakhan
4247af6c2d API: Documentation cleanup 2007-07-06 02:19:56 +00:00
Yuri Astrakhan
a31d9c9067 API: Minor cleanup 2007-06-29 22:05:30 +00:00
Aryeh Gregor
3293d6aaf2 Oops, one bogus one slipped through. 2007-06-29 01:25:07 +00:00
Aryeh Gregor
a15c419b3d Remove ?>'s from files. They're pointless, and just asking for people to mess with the files and add trailing whitespace. (Yes, I looked over every one and reverted those that were bogus. Slash-enter a million times in less worked well enough, although it was a bit mind-numbing.) 2007-06-29 01:19:14 +00:00
Yuri Astrakhan
cb38c11c84 API: documentation and cleanup. 2007-05-20 23:31:44 +00:00
Yuri Astrakhan
ef219bae7b API: 
breaking change: Query watchlist shows flags only when explicitly requested with wlparam=flags, and rc_this_oldid (textid) is no longer accessible
query watchlist cleanup
bug in the integer parameter min/max validation
bug in feed formatting in error handling
some documentation
 2007-05-20 10:08:40 +00:00
Yuri Astrakhan
aab4c9d205 API: 
* breaking change: Converted a map of revisions into a list of revisions to allow easier json processing (no need to know map keys)
* html formatting now properly links urls ending with a '\n' string (jsonfm)
* regression: fixed allpages to return int instead of string for pageid and ns
* Added: info now returns page length, counter, and a new flag
 2007-05-19 20:26:08 +00:00
Nick Jenkins
f9619da3f0 Yet more doc tweaks: 
* Add @addtogroup tags to various classes, to try and group conceptually-related classes together.
* Add brief descriptions to various Special pages, thanks to Phil Boswell.
* Moving some docs to be right above the classes they represent, so that they are picked up.
 2007-04-20 08:55:14 +00:00
Brion Vibber
2ccfa04784 * (bug 8673) Minor fix for web service API content-type header 2007-01-18 00:01:20 +00:00
Yuri Astrakhan
ed43f714f4 API * better self-description for various modules 
* namespace type for parameters
* fixed bug with incorrect ordering in paging
* fixed bug with revisions and watchlist paging
 2006-11-03 06:53:47 +00:00
Nick Jenkins
c79b4e9e75 "si" param should be "siprop" in example (si param is ignored). 2006-11-02 02:33:14 +00:00
Yuri Astrakhan
3ec1b5b646 API * simple backlinks module (no redirect resolution yet) 
* Cleaned up references
 2006-10-25 03:54:56 +00:00
Yuri Astrakhan
eb02c1a87b API * cache expiration control 
* Added PHP-serialized & WDDX formats
 2006-10-22 23:45:20 +00:00
Yuri Astrakhan
88e42b579b API * Common field output function to simplify result generation 
* Recent changes parameters
 2006-10-21 08:26:32 +00:00
Nick Jenkins
33b7c11ded * Don't give attackers an opening by echoing back known bad parameter inputs. 
* Create magic links only using a whitelist of protocols.

Have no proof of vuln, but allowing the user to make JavaScript links and have a lot of control over what goes into them probably isn't desirable.
Example attack input:
  http://en.wikipedia.org/w/api.php?action=query&meta=javascript://**/alert(1);

Example pre-patch HTML output contains this string:
  <a href="javascript://**/alert">javascript://**/alert</a>(1);
Which doesn't work, due to:
 1) the double slash - one slash someone can work around by faking a C-style comment (by appending "**/" as shown above), but two is a problem
 2) the parentheses being excluded, so we can't pass parameters
... but best to put a stop to it anyway.
 2006-10-19 08:18:19 +00:00
Yuri Astrakhan
c43de1d424 API * HTML is now valid HTML Transitional (thansk nickj) 
* Fixed watchlist ordering bug
 2006-10-18 06:32:40 +00:00
Yuri Astrakhan
550c083a18 API 
* Removed slow result SanitizeData
* Fixed watchlist feed bug (reported by nickj)
* Fixed HTML formatting bug (reported & fixed by nickj)
* clarified HTML intro message
 2006-10-18 05:27:43 +00:00
Yuri Astrakhan
e5752b2372 * API: added prop parameter to watchlist, added partrolled flag 2006-10-16 05:53:07 +00:00
Yuri Astrakhan
262435b9f8 * API: help screen now shows default and allowed parameter values 
* API: added experimental watchlist rss/atom feed
* API: if available, json_encode() will be used
* API: opensearch parameter changed to "search=" (more descriptive)
* API: minor parameter cleanup, a wrapper for Feed class
 2006-10-16 00:08:03 +00:00
Yuri Astrakhan
7a710254db * API query optimizations 
* API allow modules to have custom printers
 2006-10-15 07:43:52 +00:00
Yuri Astrakhan
b56d23ed46 * API: Restructured to allow internal usage. Error handling cleanup. 
* API: Added opensearch module, added apprefix param for list=allpages
 2006-10-14 07:18:08 +00:00
Yuri Astrakhan
49c5bb6cdc * API: fixed caching header per jeluf's fix in query.php 2006-10-13 05:28:28 +00:00
Yuri Astrakhan
31775400d8 *API: rewired generator (more work needed) 
*API: structure cleanup: module names & parameters
 2006-10-03 05:41:55 +00:00
Yuri Astrakhan
c01eb06e5e *API: better version gen, added check for read-only api, added allpages params description 2006-10-02 18:27:06 +00:00
Yuri Astrakhan
04399b2063 * API: added version information to each module (available via api.php?version command) 2006-10-01 21:20:55 +00:00
Yuri Astrakhan
f97b323e00 * API: result data generation cleanup, minor cleaning 2006-10-01 02:02:13 +00:00
Yuri Astrakhan
5c1ca0fc83 * API: Refactored per brion's suggestions 
* API: began query revisions implementation (incomplete)
 2006-09-27 05:13:48 +00:00
Yuri Astrakhan
8a7397e8ad * API: Overall query-related cleanup. 2006-09-26 06:37:26 +00:00
Yuri Astrakhan
fd68ee851a * API: General query modules order of execution 
* API: Moved title parsing logic to ApiPageSet
 2006-09-25 06:10:16 +00:00
Yuri Astrakhan
fc6ec50f94 * API: A new ApiPageSet class to retrieve page data and resolve redirects. 2006-09-25 04:12:07 +00:00
Yuri Astrakhan
fcfcf6fdf9 * API-query: normalization 
* API: help screen improvements
 2006-09-23 23:30:25 +00:00
Yuri Astrakhan
1fc6e9cc86 * API: major refactoring 
* API: added login functionality
* API: added several output formats (needs optimization)
 2006-09-23 15:57:16 +00:00