7b4b0135b9
All the other ways of doing it were ridiculous and much harder to read, and usually required repeating the needle expression (to get its length). I found these occurrences by grepping for various expressions, but I undoubtedly missed some. I didn't try replacing the many instances of strpos(...) === 0 with str_starts_with(...), because I think they're readable enough as-is (although less efficient). Likewise I didn't try porting strpos(...) !== false to str_contains(...). For case-insensitive comparisons, Tim Starling requested that we stick with substr_compare() because it's more efficient than calling strtolower(). On PHP < 8 these functions will be included with a polyfill via vendor/autoload.php. This is included at the beginning of includes/AutoLoader.php, so if our autoloader has been included the polyfill will be available. This means it should be safe to call these functions from any code that would not be usable without our autoloader. Three uses that Tim Starling identified as being performance-sensitive have been split out to a separate commit for porting after the switch to PHP 8. Change-Id: I113a8d052b6845852c15969a2f0e6fbbe3e9f8d9
88 lines
2.4 KiB
PHP
88 lines
2.4 KiB
PHP
<?php
|
|
/**
|
|
* Copyright © 2015 Wikimedia Foundation and contributors
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License along
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
* http://www.gnu.org/copyleft/gpl.html
|
|
*
|
|
* @file
|
|
*/
|
|
|
|
use MediaWiki\Session\Token;
|
|
|
|
/**
|
|
* @since 1.25
|
|
* @ingroup API
|
|
*/
|
|
class ApiCheckToken extends ApiBase {
|
|
|
|
public function execute() {
|
|
$params = $this->extractRequestParams();
|
|
$token = $params['token'];
|
|
$maxage = $params['maxtokenage'];
|
|
$salts = ApiQueryTokens::getTokenTypeSalts();
|
|
|
|
$res = [];
|
|
|
|
$tokenObj = ApiQueryTokens::getToken(
|
|
$this->getUser(), $this->getRequest()->getSession(), $salts[$params['type']]
|
|
);
|
|
|
|
if ( str_ends_with( $token, urldecode( Token::SUFFIX ) ) ) {
|
|
$this->addWarning( 'apiwarn-checktoken-percentencoding' );
|
|
}
|
|
|
|
if ( $tokenObj->match( $token, $maxage ) ) {
|
|
$res['result'] = 'valid';
|
|
} elseif ( $maxage !== null && $tokenObj->match( $token ) ) {
|
|
$res['result'] = 'expired';
|
|
} else {
|
|
$res['result'] = 'invalid';
|
|
}
|
|
|
|
$ts = Token::getTimestamp( $token );
|
|
if ( $ts !== null ) {
|
|
$mwts = new MWTimestamp();
|
|
$mwts->timestamp->setTimestamp( $ts );
|
|
$res['generated'] = $mwts->getTimestamp( TS_ISO_8601 );
|
|
}
|
|
|
|
$this->getResult()->addValue( null, $this->getModuleName(), $res );
|
|
}
|
|
|
|
public function getAllowedParams() {
|
|
return [
|
|
'type' => [
|
|
ApiBase::PARAM_TYPE => array_keys( ApiQueryTokens::getTokenTypeSalts() ),
|
|
ApiBase::PARAM_REQUIRED => true,
|
|
],
|
|
'token' => [
|
|
ApiBase::PARAM_TYPE => 'string',
|
|
ApiBase::PARAM_REQUIRED => true,
|
|
ApiBase::PARAM_SENSITIVE => true,
|
|
],
|
|
'maxtokenage' => [
|
|
ApiBase::PARAM_TYPE => 'integer',
|
|
],
|
|
];
|
|
}
|
|
|
|
protected function getExamplesMessages() {
|
|
return [
|
|
'action=checktoken&type=csrf&token=123ABC'
|
|
=> 'apihelp-checktoken-example-simple',
|
|
];
|
|
}
|
|
}
|