Move token requringness check to the ApiMain
Adding an exception if we're using "gettoken" (block/unblock)
Remove array( 'missingparam', 'token' ), from the getPossibleErrors of modules that set requireToken method to true
Base has empty array() returning method, ApiBlock has implementation of possibleErrors from code above (possibly not complete)
Can be finished incrementally, so serves as a review point for Roan
"I wouldn't object to stylizing the API code to bring it in line with
the rest of MW on principle, but I'm not gonna bother myself." --Roan
<http://www.mediawiki.org/wiki/Special:Code/MediaWiki/60657#c5108>
If you're seeing this commit in blames, tell your blame tool to ignore
whitespace, e.g., git blame -w or svn blame -x -w.
* hide some user settings if user is not allowed to send e-mail, but can receive e-mail
* update API 'cannot send e-mail' message
* FIXME: gives 'mailnologin'/'mailnologintext' as error. Error handling should be made more fine grained
Here is a short overview of changes and associated default configuration variables (most everything is off by default) also see ~soon to be updated~: http://www.mediawiki.org/wiki/Media_Projects_Overview
= Upload Improvements =
==Upload API ==
* Based on the early work of Bryan Tong and others it adds the upload option to the api.
* We rewrite Special:Upload page to include use the new refactoring
* Added in token checks in both the SpecialUpload.php page so avoids DOS / xss copy-by-url JavaScript based cross site POST file submissions
== Copy by URL==
$wgAllowCopyUploads = false;
* http class rewrite includes a new http background download see: includes/HttpFunctions.php
* spins off a php process that calls: maintenance/http_session_download.php
* pushes updates to the session and gives the user a progress bar on http copy uploads from other server progress (using js2 upload interface) (if not using the js2 upload interface it does the request in-place but the download is limited to the php ini timeout time)
== Firefogg ==
* Firefogg enables resumable upload by chunks
* progress indicators and conditional invokation (js2 system)
* and of-course client side transcoding.
= Script Server =
$wgEnableScriptLoader = false;
* off by default if $wgEnableScriptLoader is turned on script files are grouped, gziped, cached etc.
for more info see: http://www.mediawiki.org/wiki/Extension:ScriptLoader
* Includes some early skin js include fixes (skin/script system still lots of love)
* Includes a "javascript class autoloader" this is packaged into mwEmbed so that the mwEmbed library can work in stand alone mode (while retaining localization and script serving) (one such application is the make page for firefogg.org : http://www.firefogg.org/make/index.html )
* The file that contains the autojavascript loading classes is: js2/php/jsAutoloadLocalClasses.php
* One can use this auto class loading dependency system with extensions and add-ons but I need to better document that.
= js2 system / mwEmbed=
$wgEnableJS2system = false
* includes initial rewrite towards more jquery based javascript code
* especially for the Special:Upload page.
* Also the edit page include support for the "add-media-wizard"
* includes dependency loader for javascript that optionally takes advantage of the script-loader
* remote embedding of javascript interfaces (like embedding video, or commons media searching)
* $wgDebugJavaScript = false; .. .this variable lets you always get "always fresh javascript". When used with the script-loader it does not minify the script-loader output.
= mwEmbed =
* Will commit a separate patch to oggHandler that conditionally outputs <video tag> to use the new javascript video player.
** mv_embed player includes: play-head, volume control, remote embedding, oggz-chop support across plugins.
* add-media-wizard adds easy inserts of media to pages (with import)
== jQuery==
* we include a base install of jQuery, jQuery ui and some plugins.
* all the javascript classes are in the scriptloader so its easy to load any set of jquery ui components that you may need using the script-server. You get a callback so you can then execute js with dependencies loaded.
== other stuff ==
there is a bit more code in js2 that pertains to sequence editing, timed text display and basic image editing. We include a base import of pixastic-lib & pixastic-editor... will work with the pixastic developer to try and ensure upstream compatibility on our usage of the library for in-browser photo and sequence manipulation.
* Instead of hiding read-restricted modules, throw an error when a user without read rights tries to use them
* Do the same for write modules when $wgEnableWriteAPI is false
* Indicate whether a module needs read or write rights in action=help and action=paraminfo
* BREAKING CHANGE: action=purge now requires write rights and, for anonymous users, a POST request
* Add $wgAPIMaxUncachedDiffs (default 1) which controls how many non-cached diffs will be served per request
* Tweak DifferenceEngine.php a bit to make cache status accessible, and remove a useless 'parseinline' which broke diff generation in the API
* Added Title::moveSubpages() as a backend function
** Didn't update SpecialMovepage to use this; left to braver souls
* Fix handling of errors on talk page move (will backport)
* This means queries could possibly return fewer results than the limit and still set a query-continue
* Add iicontinue, rvcontinue, cicontinue, incontinue, amfrom to faciliate query-continue for these modules
* Implemented by blocking additions to the ApiResult object if they would make it too large
** Important things like query-continue values and warnings are exempt from this check
** RSS feeds and exported XML are also exempted (size-checking them would be too messy)
** Result size is checked against $wgAPIMaxResultSize, which defaults to 8 MB
For those who really care, per-file details follow:
ApiResult.php:
* Introduced ApiResult::$mSize which keeps track of the result size.
* Introduced ApiResult::size() which calculates an array's size
(which is the sum of the strlen()s of its elements).
* ApiResult::addValue() now checks that the result size stays below
$wgAPIMaxResultSize. If the item won't fit, it won't be added and addValue()
will return false. Callers should check the return value and set a
query-continue if it's false.
* Closed the back door that is ApiResult::getData(): callers can't manipulate
the data array directly anymore so they can't bypass the result size limit.
* Added ApiResult::setIndexedTagName_internal() which will call
setIndexedTagName() on an array already in the result. This is needed for the
'new' order of adding results, which means addValue()ing one result at a time
until you hit the limit or run out, then calling this function to set the tag
name.
* Added ApiResult::disableSizeCheck() and enableSizeCheck() which disable and
enable size checking in addValue(). This is used for stuff like query-continue
elements and warnings which shouldn't count towards the result size.
* Added ApiResult::unsetValue() which removes an element from the result and
decreases $mSize.
ApiBase.php:
* Like ApiResult::getData(), ApiBase::getResultData() no longer returns a
reference.
* Use ApiResult::disableSizeCheck() in ApiBase::setWarning()
ApiQueryBase.php:
* Added ApiQueryBase::addPageSubItem(), which adds page subitems one item
at a time.
* addPageSubItem() and addPageSubItems() now return whether the subitem
fit in the result.
* Use ApiResult::disableSizeCheck() in setContinueEnumParameter()
ApiMain.php:
* Use ApiResult::disableSizeCheck() in ApiMain::substituteResultWithError()
* Use getParameter() rather than $mRequest to obtain requestid
DefaultSettings.php:
* Added $wgAPIMaxResultSize, with a default value of 8 MB
ApiQuery*.php:
* Added results one at a time, and set a query-continue if the result is full.
ApiQueryLangLinks.php and friends:
* Migrated from addPageSubItems() to addPageSubItem(). This eliminates the
need for $lastId.
ApiQueryAllLinks.php, ApiQueryWatchlist.php, ApiQueryAllimages.php, ApiQuerySearch.php:
* Renamed $data to something more appropriate ($pageids, $ids or $titles)
ApiQuerySiteinfo.php:
* Abuse siprop as a query-continue parameter and set it to all props that
couldn't be processed.
ApiQueryRandom.php:
* Doesn't do continuations, because the result is supposed to be random.
* Be smart enough to not run the second query if the results of the first
didn't fit.
ApiQueryImageInfo.php, ApiQueryRevisions.php, ApiQueryCategoryInfo.php, ApiQueryInfo.php:
* Added continue parameter which basically skips the first so many items
ApiQueryBacklinks.php:
* Throw the result in a big array first and addValue() that one element at a time if necessary
** This is necessary because the results aren't retrieved in order
* Introduced $this->pageMap to map namespace and title to page ID
* Rewritten extractRowInfo() and extractRedirRowInfo() a little
* Declared all private member variables explicitly
ApiQueryDeletedrevs.php:
* Use a pagemap just like in Backlinks
* Introduce fake page IDs and keep track of them so we know where to add what
** This doesn't change the output format, because the fake page IDs start at 0 and are consecutive
ApiQueryAllmessages.php:
* Add amfrom to facilitate query-continue
ApiQueryUsers.php:
* Rewrite: put the getOtherUsersInfo() code in execute()
* Move undo text generation from EditPage::getContent() to Article::getUndoText()
* Add some more examples for action=edit
* ApiEditPage.php: don't mix !is_null() and isset(), be consistent
* BREAKING CHANGE: Alter action=protect output to display multiple expiry times
* BREAKING CHANGE: Error messages invalidexpiry and pastexpiry now state the expiry they're about
* Add ApiBase::PARAM_ALLOW_DUPLICATES and honor it in ApiBase::getParameterFromSettings()
** Backend code moved to RecentChange::reallyMarkPatrolled() and doMarkPatrolled()
** Adapted Article::markpatrolled()
* (bug 15466) Added action=patrol to the API. Modified patch by Soxred93
* Added rctoken=patrol to list=recentchanges
* Detect duplicate warnings in ApiBase::setWarning()
* (bug 15048) Added limit field for multivalue parameters to action=paraminfo output.
* When the limit on multivalue parameters is exceeded, a warning is issued
* Handle these return values in MovePageForm::doSubmit() and ApiMove::execute()
* Remove separate AbortMove hook calls from MovePageForm and ApiMove; these were used to capture the hook error, but the new return type handles that. Also, it resulted in two calls to that hook for each move
* Remove comment about SpecialMovepageAfterMove hook from ApiMove::execute(): we don't need it, there's the TitleMoveComplete hook for that. SpecialMovepageAfterMove is a UI hook that doesn't belong in the API
* Add imagenocrossnamespace and imagetypemismatch errors to ApiBase::$messageMap
Doxygen documentation update:
* Changed alls @addtogroup to @ingroup. @addtogroup adds the comment to the group description, but doesn't add the file, class, function, ... to the group like @ingroup does. See for example http://svn.wikimedia.org/doc/group__SpecialPage.html where it's impossible to see related files, classes, ... that should belong to that group.
* Added @file to file description, it seems that it should be explicitely decalred for file descriptions, otherwise doxygen will think that the comment document the first class, variabled, function, ... that is in that file.
* Removed some empty comments
* Removed some ?>
Added following groups:
* ExternalStorage
* JobQueue
* MaintenanceLanguage
One more thing: there are still a lot of warnings when generating the doc.
* Refactoring ApiBlock accordingly
* Adding check for blockemail right to ApiBlock
* Adding more messages to ApiBase::$messageMap
* Fixing E_NOTICE in SpecialIpblocklist.php
* Refactored ApiProtect. No need for core modifications this time :)
* Added permissions check to ApiMove to protect against messages with arguments getting none. moveTo()'s return value should really be modified, see also comment
* Using getUserPermissionsErrors() rather than userCan() in Title::isValidMoveOperation()
* Removing blocked check from Article::doRollback(): Title::getUserPermissionsErrors() checks for that already
API:
* Refactoring ApiMove to use new messages system
* Adding more messages to ApiBase::$messageMap
* Removing unused parameter to 'notanarticle' in ApiDelete::execute()
* Refactored ApiDelete to use the new dieUsageMsg() system
* Adding some more messages to ApiBase::$messageMap
* Also using dieUsageMsg() for API-related errors in ApiRollback
* Removing 'lo' prefix for ApiLogout as it doesn't have any parameters anyway
* Introducing ApiBase::dieUsageMsg() function which outputs the error associated with a certain message key
* Updating rollback module to use dieUsageMsg(). Other modules will follow.
format=raw is an HTML injection machine like action=raw but without any safeguards; it's trivial to create JavaScript exploits which hit at least Internet Explorer.
There's no reason to add a whole new danger point here when you've got machine-readable structure already... please do not add this raw formatter back.
revisions - removed oldid (not used except in content retrieval), added extra prop options to optimize bandwidth, continue value is now an integer in JSON
minor help screen improvement.
breaking change: Query watchlist shows flags only when explicitly requested with wlparam=flags, and rc_this_oldid (textid) is no longer accessible
query watchlist cleanup
bug in the integer parameter min/max validation
bug in feed formatting in error handling
some documentation
* Add @addtogroup tags to various classes, to try and group conceptually-related classes together.
* Add brief descriptions to various Special pages, thanks to Phil Boswell.
* Moving some docs to be right above the classes they represent, so that they are picked up.
pick up the appropriate tags, and documentation blobs for classes. This is
the same as per r20769, but with the grouping changes (e.g. removing "@{{") omitted.
Please be advised that more related documentation tweaks may follow later - e.g.
Doxygen generates a log file of warnings that is 574 Kb in size, when run over
the just the trunk/phase3 code ... eek! Thankfully, much of that is just
whining about functions without documentation ;-)
Minor doc tweaks to prevent some PHPDocumentor warnings or errors when run on the includes/ directory. PHPDocumentor uses a syntax very similar to javadoc - mostly we already use this, but there were a few scattered places that were adjusted to make them consistent with the rest of the code. In practical terms, these changes were made:
* @url becomes @link
* @fixme becomes @todo
* HTML tags in descriptions must be closed / balanced.
* @bug was removed (where the bug was long fixed), or changed into a @todo (in the few situations where the bug was still pending)
* @obsolete becomes @deprecated
* Things like "/**@{{" and "/**@}}*/" which cause "unknown tag" warnings were removed
* @access must be a valid access level.
* @desc tag not needed, removed.
* Doesn't seem to like @licence, will accept @license however.
* Use full comment block notation in a few places (i.e. open block with "/**", start each line with " *", and end block with " */")
Then additional to this, to get some class docs associated with their respective classes:
* Moved some docs to right above those classes (deleting blank lines, or moving descriptions from the file headers)
* Marked some classes without docs as "@todo document"
* (done up to "class MIMEsearchPage" on the "classtrees_MediaWiki.html" page for the includes/ directory)
* removing some unused global declarations.
* removing or commenting out or adding comments for unused local vars.
* Adding one or two local var declarations.
* Declaring $matches array passed to preg_match() / preg_match_all() as array() before using [not required, just have a slight preference for the explicitness].
* remove one or two pass-by-reference function declarations where the value is not modified.
* Adding some braces to if-else blocks.
* In Parser.php, stripstrate is now an object rather than an array as per r17820, so we no longer need ask for a reference to it (as in "$x =& $this->mStripState;"), and in fact it's probably just simpler to get rid of $x altogether.
* Moving some preg regexes from "" quoting to '' quoting to stop static analyzer whinging about bad escape sequences.
... up to "LinksUpdate.php" in the includes/ directory.
* Create magic links only using a whitelist of protocols.
Have no proof of vuln, but allowing the user to make JavaScript links and have a lot of control over what goes into them probably isn't desirable.
Example attack input:
http://en.wikipedia.org/w/api.php?action=query&meta=javascript://**/alert(1);
Example pre-patch HTML output contains this string:
<a href="javascript://**/alert">javascript://**/alert</a>(1);
Which doesn't work, due to:
1) the double slash - one slash someone can work around by faking a C-style comment (by appending "**/" as shown above), but two is a problem
2) the parentheses being excluded, so we can't pass parameters
... but best to put a stop to it anyway.
* rm unused global declaration.
* rm references usage in a foreach iteration ($info does not seem to be assigned to anything, so no benefit to using refs).
* Define local var in error printout.
* rm a few local vars that look unused.
* Make paranoia check do something.
* API: added experimental watchlist rss/atom feed
* API: if available, json_encode() will be used
* API: opensearch parameter changed to "search=" (more descriptive)
* API: minor parameter cleanup, a wrapper for Feed class
