The API 'user' type accepts both user names and IP addresses, and
applies normalization but not canonicalization. We should be using this
on basically every user parameter to ensure that e.g. IPv6 usernames get
uppercased.
Bug: T122803
Change-Id: Ic67fb54061ac311e54f325b2a1a4658f43b8fef4
Nothing in this patch should result in changed output for format=json or
format=php except as noted in RELEASE-NOTES-1.25, and changed output for
format=xml should be similar or cosmetic. However, other code accessing
the result data directly may need to be updated.
Bug: T87053
Bug: T12887
Change-Id: I3500708965cb8869b5aed1543381aad208dadd13
There's a bunch of stuff that probably only works because the database
representation of infinity is actually 'infinity' on all databases
besides Oracle, and Oracle in general isn't maintained.
Generally, we should probably use 'infinity' everywhere except where
directly dealing with the database.
* Many extension callers of Language::formatExpiry() with $format !==
true are assuming it'll return 'infinity', none are checking for
$db->getInfinity().
* And Language::formatExpiry() would choke if passed 'infinity', despite
callers doing this.
* And Language::formatExpiry() could be more useful for the API if we
can override the string returned for infinity.
* As for core, Title is using Language::formatExpiry() with TS_MW which
is going to be changing anyway. Extension callers mostly don't exist.
* Block already normalizes its mExpiry field (and ->getExpiry()),
but some stuff is comparing it with $db->getInfinity() anyway. A few
external users set mExpiry to $db->getInfinity(), but this is mostly
because SpecialBlock::parseExpiryInput() returns $db->getInfinity()
while most callers (including all extensions) are assuming 'infinity'.
* And for that matter, Block should use $db->decodeExpiry() instead of
manually doing it, once we make that safe to call with 'infinity' for
all the extensions passing $db->getInfinity() to Block's contructor.
* WikiPage::doUpdateRestrictions() and some of its callers are using
$db->getInfinity(), when all the inserts using that value are using
$db->encodeExpiry() which will convert 'infinity'.
This also cleans up a slave-lag issue I noticed in ApiBlock while
testing.
Bug: T92550
Change-Id: I5eb68c1fb6029da8289276ecf7c81330575029ef
Refactor out 'infinity' vartiant values which used in blocking and
protecting actions. This patchset adds GlobalFunction wfIsInfinity.
Bug: T68646
Change-Id: I60cc55a5bbd43c72916a1c2ea3807457d4e33765
This also adds some new ApiBase::PARAM_* constants to generate more
helpful help, and a method to override the default description message
for the use of ApiDisabled and ApiQueryDisabled.
Bug: 71638
Change-Id: Ic0c3d232e0498d58a043037e2e0c6f0b1c3edad3
The current token handling is a mess. This simplifies things greatly:
* *All* tokens are obtained from action=query&meta=tokens, rather than
being spread over action=tokens, action=query&prop=info,
action=query&prop=revisions, action=query&prop=recentchanges, and
action=query&prop=users. All these old methods are deprecated.
* Similarly, there is only one hook to register new token types. All old
hooks are deprecated.
* All tokens are cacheable.
* Most token types are dropped in favor of a 'csrf' token. They already
were returning the same token anyway.
* All token-using modules will document the required token type in a
standard manner in action=help and are documented in machine-readable
fashion in action=paraminfo.
Note this will require updates to all extensions using tokens.
Change-Id: I2793a3f2dd64a4bebb0b4d065e09af1e9f63fb89
The format for 'props' was never specified and the list for 'errors' is
impossible to keep updated when considering that many errors come from
MediaWiki backend code and extension hook functions. And since there
doesn't seem to be any real use case for either of these, let's just
kill both of them instead of wasting effort on trying to fix them.
Note that neither getResultProperties nor getPossibleErrors are called
from any extensions in gerrit, and none of the other deprecated methods
are called outside of the implementations of those two methods. Removing
the obsolete methods is left to the maintainers of the extensions, as
keeping them hurts nothing and is needed to maintain compatibility with
earlier versions of MediaWiki.
Change-Id: Ie11a401d60c834059fbf1b5625ca8ea093b3337c
Add checks to token-returning functions to prevent returning tokens in
jsonp mode. This affects action=tokens, action=login,
action=createaccount, and action=query&list=deletedrevs.
Also, remove the "gettoken" parameter to action=block and
action=unblock, which has been deprecated since 1.20.
Bug: 49090
Change-Id: Ibeaa5c72d8084585092b15935a3f5709104bf7f7
For historical reasons, all our API class had a dummy __construct which
simply calls their parent constructor. This patch removes all such
occurences to save out some bytes.
Change-Id: I667955d7821f780fc5ce23823d74dedb1729b9fa
API was using SVN's version keyword which GIT does not support.
All related methods were either removed, or for those that
could have been used from extensions, emptied out.
api.php?version now shows unrecognized param warning.
Change-Id: I910ca1448ed2ed697ac19b17c486d130aa1d7e03
This change adds special case in processing of the block form.
An unused parameter 'AlreadyBlocked' was replaced by 'Reblock'.
Parameter 'PreviousTarget' was added so API user can block him/herself.
Change-Id: I29275eb4b5f425b7382ba8b7dec050209878f81b
Doxygen choke on text enclosed by '<' and '>' since it tries to
interpret them as HTML or XML elements. This patch adds double quotes
in includes/api/*.php files around the two following strings:
<Firstname>.<Lastname>@gmail.com
<Firstname><Lastname>@gmail.com
Which becomes:
"<Firstname>.<Lastname>@gmail.com"
"<Firstname><Lastname>@gmail.com"
Tested locally, it prevents doxygen 1.8.0 related warnings.
Change-Id: I36d82eb3fd4989ee3ffc65b0b527b83711d1ba69
* Moving setting of empty string to param description.
* Removing word "(optional)" from comment/reason param, because all not
required params are optional.
* Correct description of action=rollback for default comment.
Change-Id: Ifa5b60a7b55b216c43049cd81cb584b2e0518eed
Added information about the properties of the results of API calls
to action=paraminfo, including information about "property groups":
what should the prop parameter be set to to get that property.
Uses the same format for types as parameters already do.
The output format of some modules doesn't fit this, so the result
properties for them weren't added, or only partially.
Partially implemented modules:
* expandtemplates:
parsetree is in its own tag
* protect, allusers, backlinks, deletedrevs, info, imageinfo,
logevents, querypage, recentchanges, revisions, searchinfo,
usercontribs, userinfo, users, watchlist, upload:
response with partially complex structure
Not implemented modules:
* feedcontributions, feedwatchlist, opensearch, rds:
non-standard reponse
* help:
error is normal response; not very useful for automated tools anyway
* paraminfo, parse, pageprops, siteinfo, userrights:
response with complex structure
Change-Id: Iff2a9bef79f994e73eef3062b4dd5461bff968ab
Add some calls to Database::timestamp
Change some calls from Database::strencode to
Database::addQuotes to avoid ' in raw sql
Remove ' from ints in raw sql
Rename some vars to avoid duplicate names
Change-Id: I63f5602fa968f969a42932902a3ccc45fc54b432
Mark gettoken param as deprecated, so users can fix their tools.
The second part will remove the support for gettoken from ApiMain,
but that is in the future.
Change-Id: I369ddc740c38d80aa8389544087ac6671cabc618
It's a parctice that dates back to 2006 when the API was first written, and frankly isn't covered by the coding conventions. Same thing with the docblocks, they're all copypasted with some bits changed and don't even make sense if you look at them in the genereated code docs.
I don't feel that any of us depend on this anymore (get a better IDE), so in the inerest of consistancy it's time we said goodbye to it.
* Made HTMLFormField pass the HTMLForm object to the validation and filter callbacks (so that they can get a context)
* Added new parameter to SpecialBlock::checkUnblockSelf() to pass the user doing the request
* SpecialBlock::processForm() and SpecialUnblock::processUnblock() now require a context as second parameter; added SpecialBlock::processUIForm() and SpecialUnblock::processUIUnblock() as adaptators from HTMLForm as second parameter to context
* Block.php: Set mExpiry to the value we store in the database, so that Block::equals() returns true. Fixes BlockTest::testInitializerFunctionsReturnCorrectBlock.
* In Title::checkUserBlock(): Convert message parameters to plain strings to make strict comparisons work. Fixes TitlePermissionTest::testUserBlock().
* ApiBlock.php: Follow-Up r85166, add 'Confirm' parameter to data array. Fixes ApiBlockTest::testMakeNormalBlock().
* ApiQueryTest.php: Use $wgMetaNamespace instead of $wgSitename to account for customizations.
* RandomImageGenerator.php: Use default value for constructor param to prevent fatals.
* ApiTestCaseUpload.php:
** Fix undefined variable $fileName.
** Remove stray ini_set statements, they don't belong there. Especially ini_set( 'error_reporting', 1 ) will effectively disable all reporting, which makes errors hard to track.
* ArticleTablesTest.php: Put testbug14404() in group Broken, as the fix for the bug has been reverted in r83868.
Removed unused globals $wgHooks, $wgBlockAllowsUTEdit, $wgUser, $wgOut
$wgUser was already set global at function beginning.
Moved global out of switch
* Internalise $mAddress/$mUser, $mBy/$mByName, $mEnableAutoblock, $mId as getTarget(), getBlockers(), isAutoblocking(), getId().
* This required editing AbuseFilter and CheckUser backwards-incompatibly, so push the rest of the changes out to those extensions.
* Attack the evil 14-parameter constructor and gratuitously-confusing newFromDB( $notVeryImportantParameter, $moreImportantParameter)
* Reimplement the hack for bug 13611 in a slightly less fragile fashion; could still do with further cleanup, but then again the login frontend is its own can of worms... :S
* Remove transitionary getTargetAndType() and newFromTargetAndType() methods
* Some optimisation in parseTarget()
* Fix the broken phpunit test mentioned in r84251
* Move to SpecialBlock.php, and rename class appropriately
* Complete refactor
* Use HTMLForm in block form. This changes most of the ids and field names on the form, but allows proper validation, nicer formatting, clears up several fixmes, and is generally Better(TM).
* Spin various parts out into static functions, several of which properly belong in the backend (but Block.php is a worse mess still)
* Invert some of the block options so that every checkbox makes the block more severe (so "check to disable email" is fine, but "check to allow usertalk edit" (default true) is inverted to "check to disable usertalk edit" (default false).
* revert r40359 (move doMassUserBlock() to core). No one seems to be using this function, which has nothing to do with the frontend UI in SpecialBlock (it might perhaps belong in Block.php); it is pretty bespoke for CheckUser, doesn't seem to have very much utility elsewhere.
Added option request parameter to User::editToken() and User::matchEditToken() and use them where possible from the api.
Also removed $_SESSION usage since it's no longer needed
