Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
34882 commits 1 branch 0 tags 744 MiB
Commit graph

36 commits

Author SHA1 Message Date
Ilmari Karonen
75086e9f35 (bug 16019) Make WebRequest::interpolateTitle() do nothing when run from api.php 2010-12-10 22:39:17 +00:00
Derk-Jan Hartman
921619b119 Correct the address of the FSF in some of the GPL headers 
59 Temple Place -> 51 Franklin Street
 2010-06-21 13:13:32 +00:00
Roan Kattouw
3a953c8e30 API performance fixes: avoid unstubbing $wgContLang and $wgUser 2010-02-15 20:50:21 +00:00
Mark A. Hershberger
8b36a2b969 various eol whitespace now instead of when someone needs to do CR 2010-02-12 06:44:16 +00:00
Aryeh Gregor
3758769f0d stylize.php on API code 
"I wouldn't object to stylizing the API code to bring it in line with
the rest of MW on principle, but I'm not gonna bother myself." --Roan
<http://www.mediawiki.org/wiki/Special:Code/MediaWiki/60657#c5108>

If you're seeing this commit in blames, tell your blame tool to ignore
whitespace, e.g., git blame -w or svn blame -x -w.
 2010-01-11 15:55:52 +00:00
Roan Kattouw
d7f593a312 API: Add user-agent and method (GET/POST) to request logging, and only log the action= parameter for mustBePosted modules 2009-08-27 22:09:28 +00:00
Roan Kattouw
1378ce62d3 API: Add optional API request logging to a file or UDP; intending to use this on the cluster to get some data about API usage and things like which queries are expensive 2009-08-27 17:07:23 +00:00
Alex Z
b97ce20115 Tweak Access-Control-Allow-Origin stuff per comments on r54127. 
Use a wildcard syntax rather than string/regex options
 2009-08-21 00:22:08 +00:00
Tim Starling
07efbeb8ae * Fixed XSS vulnerability introduced by r49833. Only pre-release versions of MediaWiki were affected. 
* Refactored the IE script entry point security check into WebRequest::isPathInfoBad(). Use the standard CGI variable PATH_INFO to do this check instead of the various potential non-standard solutions. Made the check fairly permissive to avoid a repeat of bug 13049 due to broken CGI setups especially with cgi.fix_pathinfo=0. This should theoretically be very portable and secure, but I have not tested it widely.
* Removed Chris Wrinn from the credits since his patch was wrong and has been removed.
* Made the error message more informative.
 2009-08-17 13:23:45 +00:00
Alex Z
b54addda93 (bug 19907) Adds support for cross-domain AJAX requests to the API. 
Uses the Access-Control-Allow-Origin header for browsers that support it.
<http://dev.w3.org/2006/waf/access-control/>
$wgCrossSiteAJAXdomains can be set to '*' to allow requests from any domain,
an array of domains to allow, or, if $wgCrossSiteAJAXdomainsRegex is true,
an array of regexes to match against the request origin
 2009-07-31 21:56:34 +00:00
Roan Kattouw
798795e825 Followup to r50132: rename API define constant to MW_API, per comment on CR 2009-05-05 13:22:50 +00:00
Roan Kattouw
ea5b014e38 Followup to r50132: I guess I was smoking some pretty good stuff there 2009-05-02 15:03:02 +00:00
Roan Kattouw
5924eb85f0 API: Set $wgTitle to a dummy title in api.php, and introduce defined('API') as a check for API mode. This should fix errors about $wgTitle being null 2009-05-02 14:47:26 +00:00
Roan Kattouw
13d180553d API: (bug 13049) This'll hopefully fix the 403 Forbidden error in api.php for the setups that were getting them (most notably FastCGI and IIS). Patch by Chris Wrinn 2009-04-24 19:50:50 +00:00
Alexandre Emsenhuber
ce9c8bf686 Same as r48631; added "@file" when needed, also added doc in redirect.php and install-utils.inc 2009-03-21 16:48:09 +00:00
Tim Starling
7f42dcde82 -1 is not a valid exit code 2008-11-14 05:51:39 +00:00
Tim Starling
a4eaa89625 * Fix unlogged automatic user creation: run wfLBFactory()->shutdown() unconditionally in api.php. If you want to optimise it, do it in the database backend, since there's no way for the MW core to indicate to the web API that a write query has been performed. The previous code was also wrong in that it didn't commit transactions on foreign connections. 
* Fixed debugging code left in (mustBePosted disabled).
 2008-05-17 04:26:26 +00:00
Roan Kattouw
5162afcfb9 This is cleaner, thanks to ialex 2008-04-02 20:19:35 +00:00
Roan Kattouw
1fee715cea (bug 13587) Execute deferred updates in api.php 2008-04-02 18:04:54 +00:00
Brion Vibber
c8c176f7de * Security fix for API on MSIE 2008-01-23 23:45:46 +00:00
Yuri Astrakhan
ce91d949f7 API: 
* Added full text search in titles and content (list=search)
* (bug 10684) Expanded list=allusers functionality
* Possible breaking change: prop=revisions no longer includes pageid for rvprop=ids
* Bug fix: proper search escaping for SQL LIKE queries.
 2007-07-30 08:09:15 +00:00
Aryeh Gregor
a15c419b3d Remove ?>'s from files. They're pointless, and just asking for people to mess with the files and add trailing whitespace. (Yes, I looked over every one and reverted those that were bogus. Slash-enter a million times in less worked well enough, although it was a bit mind-numbing.) 2007-06-29 01:19:14 +00:00
Yuri Astrakhan
d656615e9f API: applied the patch by amidaniel to allow the same limits for sysops as for bots. 2007-05-22 04:39:49 +00:00
Yuri Astrakhan
cb38c11c84 API: documentation and cleanup. 2007-05-20 23:31:44 +00:00
Yuri Astrakhan
b56d23ed46 * API: Restructured to allow internal usage. Error handling cleanup. 
* API: Added opensearch module, added apprefix param for list=allpages
 2006-10-14 07:18:08 +00:00
Yuri Astrakhan
f229bdc8be * API: added watchlist module (incomplete) 
* API: minor param cleanup
 2006-10-13 06:13:13 +00:00
Tim Starling
558487ceac Active protection against register_globals vulnerabilities. Unset all globals which have been set by $_REQUEST, in WebStart.php. All entry points must assume that a user can unset any arbitrary global set before WebStart.php is invoked. This is not usually a problem since most entry points do not set globals before WebStart.php, Yuri's APIs apparently being the only exceptions. 2006-10-11 03:44:49 +00:00
Yuri Astrakhan
c01eb06e5e *API: better version gen, added check for read-only api, added allpages params description 2006-10-02 18:27:06 +00:00
Yuri Astrakhan
85de1cb74b * Code cleanup per TimStarling's suggestions 2006-10-01 04:38:31 +00:00
Yuri Astrakhan
f97b323e00 * API: result data generation cleanup, minor cleaning 2006-10-01 02:02:13 +00:00
Yuri Astrakhan
5c1ca0fc83 * API: Refactored per brion's suggestions 
* API: began query revisions implementation (incomplete)
 2006-09-27 05:13:48 +00:00
Yuri Astrakhan
8a7397e8ad * API: Overall query-related cleanup. 2006-09-26 06:37:26 +00:00
Yuri Astrakhan
972b72f879 * API: All pages list 
* API: Reworked parameter processing
 2006-09-26 05:43:02 +00:00
Yuri Astrakhan
e57335a633 * API: Query Meta SiteInfo module 
* API: Improved query help screen
 2006-09-26 01:44:13 +00:00
Yuri Astrakhan
fc6ec50f94 * API: A new ApiPageSet class to retrieve page data and resolve redirects. 2006-09-25 04:12:07 +00:00
Yuri Astrakhan
e7ad7f3d41 * Non-working API to facilitate dev collaboration. Do not enable this yet in localsettings.php. 2006-09-08 14:27:58 +00:00