Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
17892 commits 1 branch 0 tags 744 MiB
Commit graph

106 commits

Author SHA1 Message Date
Siebrand Mazeland
79d5225c0e * remove end of line whitespace 
* remove empty lines at end of file
* remove "?>" where still present
 2008-04-14 07:45:50 +00:00
Roan Kattouw
68bbfc12c0 Committing patch for bug 10931, which also fixes bug 13651. For a detailed explanation of what this commit does, see bug 10931 comment #24 2008-04-11 15:20:45 +00:00
Bryan Tong Minh
06d1b8087d (bug 11673) Return error 'unknown_action' in specified format 2008-04-05 19:32:21 +00:00
Tim Starling
fbfb509df5 * Introduced LBFactory -- an abstract class for configuring database load balancers and connecting to foreign DBs. 
* Wrote two concrete implementations. LBFactory_Simple is for general installations. LBFactory_Multi will replace the runtime configuration used on Wikimedia and allow load-balanced connections to any DB. 
* Ported Special:Userrights, CentralAuth and OAI audit to the LBFactory system. 
* Added ForeignDBViaLBRepo, a file repository which uses LBFactory.
* Removed $wgLoadBalancer and $wgAlternateMaster
* Improved the query group concept to allow failover and lag control
* Improved getReaderIndex(), it will now try all servers before waiting, instead of waiting after each.
* Removed the $fail parameter to getConnection(), obsolete. 
* Removed the useless force() function. 
* Abstracted the replication position interface to allow for future non-MySQL support.
* Rearranged Database.php. Added a few debugging features. 
* Removed ancient benet-specific hack from waitForSlave.php
 2008-03-30 09:48:15 +00:00
Roan Kattouw
a1e4f7a51c Removing ApiChangeRights module 2008-03-27 21:13:03 +00:00
Yuri Astrakhan
ae188d8682 Updated credits per discussion with Brion 2008-03-20 06:54:24 +00:00
Roan Kattouw
550aa15685 API: Adding more detail in credits 2008-03-17 20:13:22 +00:00
Roan Kattouw
b558d012f2 API: Updating action=help credits to give Yuri and Vasiliev due credit 2008-03-17 18:16:51 +00:00
Roan Kattouw
e0aae6a658 API: Adding action=edit module 2008-03-03 18:08:40 +00:00
Brion Vibber
46619295eb Safety fixes for API: 
* drop user credentials for JSON callback output
* anticipating future changes, don't report anon edit tokens in JSON callback output
 2008-03-03 05:45:37 +00:00
Roan Kattouw
7de8bc26be API: Updating credits to reflect my having replaced Yuri as de facto API lead developer, and referring to mediawiki-api and Bugzilla for questions/suggestions 2008-02-07 15:58:53 +00:00
Roan Kattouw
19358606a1 API: Changing all modules' getParamDescription(), getAllowedParams() and getDescription() methods to public. ApiParamInfo needs them, and some versions of PHP threw fatal errors because they were protected. Oddly, other versions didn't (maybe because the caller and the callee have a common ancestor?) 2008-01-28 19:05:26 +00:00
Roan Kattouw
9c55586e57 Tweaking r30119: changing txt and dbg's MIME type to text and adding txtfm and dbgfm with HTML-escaped stuff. 2008-01-24 13:16:34 +00:00
Roan Kattouw
d2cb8c025e No need to revert r30078: HTML-formatting the data is enough. Attacks like api.php?action=paraminfo&modules=%3Cscript%3Ealert('Owned');%3C/script%3E&format=txt don't work anymore now. 2008-01-24 13:12:03 +00:00
Brion Vibber
c0801b22f0 Revert r30078 -- formats "txt" and "dbg" dump raw unfiltered text contents into HTML output. XSS vector. 2008-01-23 23:06:10 +00:00
Roan Kattouw
262afb4b62 API: Adding txt and dbg formats, imported from query.php 2008-01-23 19:51:21 +00:00
Roan Kattouw
8a0e46d97c API: 
* Fixing buggy class instantiation in ApiParamInfo
* Adding getModules() method to ApiMain and ApiQuery
 2008-01-23 18:40:40 +00:00
Roan Kattouw
abaf9995ba (bug 12718) Added action=paraminfo module that provides information about API modules and their parameters 2008-01-22 21:22:04 +00:00
Roan Kattouw
491cc4a320 API: Making a bunch of state-changing modules require POST requests. 2008-01-18 20:43:59 +00:00
Roan Kattouw
bb7f8624d1 API: 
* Removing action=render module (which was deprecated) in favor of action=parse
* Added prop parameter to action=parse so certain parts of the output can be left out
* action=parse&prop=text behaves pretty much exactly like action=render used to
 2008-01-15 21:33:08 +00:00
Victor Vasiliev
4cc099d5d1 API: add action=logout 2008-01-08 18:10:58 +00:00
Roan Kattouw
ed0a58e527 Re-adding ApiChangeRights, but commenting out its entries in ApiMain and AutoLoader. This way the module will be inaccessible for clients, but still present in SVN to be viewed and modified. 2008-01-04 22:33:22 +00:00
Brion Vibber
c04db5771d Revert r29261, r29271 for now -- some weird mixing up of functions and seemingly random array structures, and it puts back a restricted API module I'd rather not see there for now. 2008-01-04 17:35:09 +00:00
Roan Kattouw
5395945052 * Unbroke Special:Userrights for wikis without pretty URLs 
** This probably shouldn't be hard-coded the way I did it
* UserrightsPage::saveUserGroups() now takes $removegroup and $addgroup parameters by reference. Parameters are changed to reflect what was actually added and removed.
* Re-adding ApiChangeRights module, which now handles permission denied errors more gracefully
 2008-01-04 11:50:22 +00:00
Brion Vibber
49e10ba5eb Remove ApiChangeRights. Duplicates code, doesn't handle current permissions model properly. 2008-01-03 23:39:21 +00:00
Roan Kattouw
fd5a884b77 API: A cleaner implementation of r28057: this one also hides disabled modules from the list of possible actions on top of the help screen. 2007-12-03 15:52:27 +00:00
Victor Vasiliev
3a24c169ea API: 
* Hide edit modules from help if $wgEnableWriteAPI is disabled
* Fix help formatting on UsageException
 2007-12-02 15:04:53 +00:00
Roan Kattouw
6e61566e3e Changing error code to prevent confusion with wfReadOnly() == true 2007-12-02 14:44:35 +00:00
Roan Kattouw
730bad3fb1 APIEDIT BRANCH MERGE: Adding apiedit modules: action={block,changerights,delete,move,protect,rollback,unblock,undelete} and list={blocks,deletedrevs}. $wgEnableWriteAPI must be explicitly set to enable these modules. 2007-12-02 14:24:07 +00:00
Victor Vasiliev
32ccdc3d5a * Use *bold* and $italics$ highlighting only in API help. It completely breaks formatting on meta=allmessages and no one needs it 2007-12-01 17:37:08 +00:00
Victor Vasiliev
17cf492e6b * Introduce action=parse to API. It deprecates action=render which will be removed once (perhaps before 1.12 release). New action returns full parser output instead of returning just rendering text 2007-12-01 13:37:02 +00:00
Tim Starling
65b4736e66 Trivial bug in new apihighlimit feature 2007-11-30 14:41:30 +00:00
Roan Kattouw
073bc45c2b Adding apihighlimits permission. Users with this permission can request 10 times as many rows in API requests. Enabled by default for sysops and bots. 2007-11-29 14:51:58 +00:00
Roan Kattouw
4895ce631f Revert part of Brion's 27627: please don't throw away the child (maxlag) with the bathwater (format=raw) 2007-11-19 15:57:58 +00:00
Brion Vibber
b61adceeb9 Revert r27581, 27598, 27626 
format=raw is an HTML injection machine like action=raw but without any safeguards; it's trivial to create JavaScript exploits which hit at least Internet Explorer.
There's no reason to add a whole new danger point here when you've got machine-readable structure already... please do not add this raw formatter back.
 2007-11-19 15:32:06 +00:00
Victor Vasiliev
d7908b82e0 * Use ApiBase::dieDebug() to render maxlag error properly 
* Allow modules to ignore maxlag attribute
 2007-11-19 15:08:18 +00:00
Victor Vasiliev
96940993bd * (bug 11206) api.php should honor maxlag 
* Add wfMaxlagError function
* Add MIME type override option for format=raw
 2007-11-18 09:37:52 +00:00
Victor Vasiliev
60fc9cb245 API: 
* Add format=raw
* Added raw output support to ApiExpandTemplates and ApiRender
 2007-11-17 16:45:59 +00:00
Brion Vibber
3ca6cf7890 Revert r27151 -- allows session fixation attacks. 
Just get a user to visit a URL with the user ID and token you like in the query string (say, in an <img> referenced in a page you convince them to go to or post for their review) and their login session will be replaced with the one you provided.
 2007-11-15 04:24:49 +00:00
Roan Kattouw
7d757dff14 API: 
* Allow staying logged in through lg* parameters instead of cookies (modified patch by Eddie Roger)
* Removed ApiLogin's sessionID return value, as it doesn't always work and is redundant anyway
 2007-11-03 09:57:42 +00:00
Roan Kattouw
54c4fc42d9 API: Also prevent double escaping when outputting an error message in xmlfm 2007-10-30 21:55:34 +00:00
Daniel Cannon
bfcd95c8e5 (bug 11721) API: Use a different title for results than for the help page. 2007-10-24 19:34:29 +00:00
Roan Kattouw
a6e563da20 * (bug 11173) Allow limited wikicode rendering via api.php 
* (bug 11572) API should provide interface for expanding templates

Patches by VasilevVV
 2007-10-08 14:24:54 +00:00
Daniel Cannon
391b000b8a (bug 11404) API: Provide name of exception caught in error code field of internal api error messages. 2007-09-26 04:28:48 +00:00
Brion Vibber
fef3b7b3c3 Tweaks to r25923 for my own peace of mind: 
* De-escape &amp;amp; to &amp; rather than &amp; to & -- guarantees that we won't leave stray &s around producing invalid or freaky output
* Use == instead of = when comparing... :)
 2007-09-19 14:44:50 +00:00
Daniel Cannon
697afaae0f (bug 11296) Introduced special case pretty-printer rendering of the help document, whereby ampersands will not be escaped, which seems to be the only cause ATM of broken links in the help. This is a *temporary* fix while we work on getting a fully-html version of the help complete, but one that should not reintroduce any security vulnerabilities (as the only text that is unescaped is hardcoded into the API). 2007-09-18 22:10:09 +00:00
Tim Starling
efe384a900 Allow API modules to be defined in extensions 2007-08-31 15:23:48 +00:00
Brion Vibber
3a7e2083e8 Revert r25297, r25298 for now. 
Adds what seems to be a very purpose-specific extension into the core API:
a) shortly before release
b) while apparently not implementing much of its interface
c) with an interface that looks kind of strange to me
 2007-08-30 13:47:06 +00:00
Paa Kwesi Imbeah
ecca233f20 Adding InstantCommons includes into ApiMain and AutoLoader's API section 2007-08-29 22:57:41 +00:00
Yuri Astrakhan
c4aad95b10 API: Added meta=userinfo module to get data about the currently logged-in user. 2007-07-31 17:53:37 +00:00