Thijs/wiki.techinc.nl

Author	SHA1	Message	Date
Roan Kattouw	d7f593a312	API: Add user-agent and method (GET/POST) to request logging, and only log the action= parameter for mustBePosted modules	2009-08-27 22:09:28 +00:00
Roan Kattouw	1378ce62d3	API: Add optional API request logging to a file or UDP; intending to use this on the cluster to get some data about API usage and things like which queries are expensive	2009-08-27 17:07:23 +00:00
Alex Z	b97ce20115	Tweak Access-Control-Allow-Origin stuff per comments on r54127. Use a wildcard syntax rather than string/regex options	2009-08-21 00:22:08 +00:00
Tim Starling	07efbeb8ae	* Fixed XSS vulnerability introduced by r49833. Only pre-release versions of MediaWiki were affected. * Refactored the IE script entry point security check into WebRequest::isPathInfoBad(). Use the standard CGI variable PATH_INFO to do this check instead of the various potential non-standard solutions. Made the check fairly permissive to avoid a repeat of bug 13049 due to broken CGI setups especially with cgi.fix_pathinfo=0. This should theoretically be very portable and secure, but I have not tested it widely. * Removed Chris Wrinn from the credits since his patch was wrong and has been removed. * Made the error message more informative.	2009-08-17 13:23:45 +00:00
Alex Z	b54addda93	(bug 19907) Adds support for cross-domain AJAX requests to the API. Uses the Access-Control-Allow-Origin header for browsers that support it. <http://dev.w3.org/2006/waf/access-control/> $wgCrossSiteAJAXdomains can be set to '*' to allow requests from any domain, an array of domains to allow, or, if $wgCrossSiteAJAXdomainsRegex is true, an array of regexes to match against the request origin	2009-07-31 21:56:34 +00:00
Roan Kattouw	798795e825	Followup to r50132: rename API define constant to MW_API, per comment on CR	2009-05-05 13:22:50 +00:00
Roan Kattouw	ea5b014e38	Followup to r50132: I guess I was smoking some pretty good stuff there	2009-05-02 15:03:02 +00:00
Roan Kattouw	5924eb85f0	API: Set $wgTitle to a dummy title in api.php, and introduce defined('API') as a check for API mode. This should fix errors about $wgTitle being null	2009-05-02 14:47:26 +00:00
Roan Kattouw	13d180553d	API: (bug 13049) This'll hopefully fix the 403 Forbidden error in api.php for the setups that were getting them (most notably FastCGI and IIS). Patch by Chris Wrinn	2009-04-24 19:50:50 +00:00
Alexandre Emsenhuber	ce9c8bf686	Same as r48631; added "@file" when needed, also added doc in redirect.php and install-utils.inc	2009-03-21 16:48:09 +00:00
Tim Starling	7f42dcde82	-1 is not a valid exit code	2008-11-14 05:51:39 +00:00
Tim Starling	a4eaa89625	* Fix unlogged automatic user creation: run wfLBFactory()->shutdown() unconditionally in api.php. If you want to optimise it, do it in the database backend, since there's no way for the MW core to indicate to the web API that a write query has been performed. The previous code was also wrong in that it didn't commit transactions on foreign connections. * Fixed debugging code left in (mustBePosted disabled).	2008-05-17 04:26:26 +00:00
Roan Kattouw	5162afcfb9	This is cleaner, thanks to ialex	2008-04-02 20:19:35 +00:00
Roan Kattouw	1fee715cea	(bug 13587) Execute deferred updates in api.php	2008-04-02 18:04:54 +00:00
Brion Vibber	c8c176f7de	* Security fix for API on MSIE	2008-01-23 23:45:46 +00:00
Yuri Astrakhan	ce91d949f7	API: * Added full text search in titles and content (list=search) * (bug 10684) Expanded list=allusers functionality * Possible breaking change: prop=revisions no longer includes pageid for rvprop=ids * Bug fix: proper search escaping for SQL LIKE queries.	2007-07-30 08:09:15 +00:00
Aryeh Gregor	a15c419b3d	Remove ?>'s from files. They're pointless, and just asking for people to mess with the files and add trailing whitespace. (Yes, I looked over every one and reverted those that were bogus. Slash-enter a million times in less worked well enough, although it was a bit mind-numbing.)	2007-06-29 01:19:14 +00:00
Yuri Astrakhan	d656615e9f	API: applied the patch by amidaniel to allow the same limits for sysops as for bots.	2007-05-22 04:39:49 +00:00
Yuri Astrakhan	cb38c11c84	API: documentation and cleanup.	2007-05-20 23:31:44 +00:00
Yuri Astrakhan	b56d23ed46	* API: Restructured to allow internal usage. Error handling cleanup. * API: Added opensearch module, added apprefix param for list=allpages	2006-10-14 07:18:08 +00:00
Yuri Astrakhan	f229bdc8be	* API: added watchlist module (incomplete) * API: minor param cleanup	2006-10-13 06:13:13 +00:00
Tim Starling	558487ceac	Active protection against register_globals vulnerabilities. Unset all globals which have been set by $_REQUEST, in WebStart.php. All entry points must assume that a user can unset any arbitrary global set before WebStart.php is invoked. This is not usually a problem since most entry points do not set globals before WebStart.php, Yuri's APIs apparently being the only exceptions.	2006-10-11 03:44:49 +00:00
Yuri Astrakhan	c01eb06e5e	*API: better version gen, added check for read-only api, added allpages params description	2006-10-02 18:27:06 +00:00
Yuri Astrakhan	85de1cb74b	* Code cleanup per TimStarling's suggestions	2006-10-01 04:38:31 +00:00
Yuri Astrakhan	f97b323e00	* API: result data generation cleanup, minor cleaning	2006-10-01 02:02:13 +00:00
Yuri Astrakhan	5c1ca0fc83	* API: Refactored per brion's suggestions * API: began query revisions implementation (incomplete)	2006-09-27 05:13:48 +00:00
Yuri Astrakhan	8a7397e8ad	* API: Overall query-related cleanup.	2006-09-26 06:37:26 +00:00
Yuri Astrakhan	972b72f879	* API: All pages list * API: Reworked parameter processing	2006-09-26 05:43:02 +00:00
Yuri Astrakhan	e57335a633	* API: Query Meta SiteInfo module * API: Improved query help screen	2006-09-26 01:44:13 +00:00
Yuri Astrakhan	fc6ec50f94	* API: A new ApiPageSet class to retrieve page data and resolve redirects.	2006-09-25 04:12:07 +00:00
Yuri Astrakhan	e7ad7f3d41	* Non-working API to facilitate dev collaboration. Do not enable this yet in localsettings.php.	2006-09-08 14:27:58 +00:00

31 commits