$params['action'] cannot be an invalid action, because the $params array is filled by ApiBase::extractRequestParams() which checks whether the parameters are valid and throws an error message (ironically implemented with a UsageException) if they're not.
* Checking for 'writeapi' in ApiMain::requestWriteMode() and tweaking the noapiwrite error message a bit
* Granting this right to *, user and bot by default.
For extra clarity: to e.g. move pages through the API, a user needs to have the 'move' right AND the 'writeapi' right AND $wgEnableWriteAPI = true;
Doxygen documentation update:
* Changed alls @addtogroup to @ingroup. @addtogroup adds the comment to the group description, but doesn't add the file, class, function, ... to the group like @ingroup does. See for example http://svn.wikimedia.org/doc/group__SpecialPage.html where it's impossible to see related files, classes, ... that should belong to that group.
* Added @file to file description, it seems that it should be explicitely decalred for file descriptions, otherwise doxygen will think that the comment document the first class, variabled, function, ... that is in that file.
* Removed some empty comments
* Removed some ?>
Added following groups:
* ExternalStorage
* JobQueue
* MaintenanceLanguage
One more thing: there are still a lot of warnings when generating the doc.
* Wrote two concrete implementations. LBFactory_Simple is for general installations. LBFactory_Multi will replace the runtime configuration used on Wikimedia and allow load-balanced connections to any DB.
* Ported Special:Userrights, CentralAuth and OAI audit to the LBFactory system.
* Added ForeignDBViaLBRepo, a file repository which uses LBFactory.
* Removed $wgLoadBalancer and $wgAlternateMaster
* Improved the query group concept to allow failover and lag control
* Improved getReaderIndex(), it will now try all servers before waiting, instead of waiting after each.
* Removed the $fail parameter to getConnection(), obsolete.
* Removed the useless force() function.
* Abstracted the replication position interface to allow for future non-MySQL support.
* Rearranged Database.php. Added a few debugging features.
* Removed ancient benet-specific hack from waitForSlave.php
* Removing action=render module (which was deprecated) in favor of action=parse
* Added prop parameter to action=parse so certain parts of the output can be left out
* action=parse&prop=text behaves pretty much exactly like action=render used to
** This probably shouldn't be hard-coded the way I did it
* UserrightsPage::saveUserGroups() now takes $removegroup and $addgroup parameters by reference. Parameters are changed to reflect what was actually added and removed.
* Re-adding ApiChangeRights module, which now handles permission denied errors more gracefully
format=raw is an HTML injection machine like action=raw but without any safeguards; it's trivial to create JavaScript exploits which hit at least Internet Explorer.
There's no reason to add a whole new danger point here when you've got machine-readable structure already... please do not add this raw formatter back.
