Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes/api/ApiWatch.php
Krinkle 2d03eedf8a WatchAction requires token (BREAKING CHANGE) 
* (bug 27655) Require token for watching/unwatching pages
* Previously done for API (bug 29070) in r88522
* As with markpatrolled, the tokens are not compatible and made that way on purpose. The API requires the POST method and uses a universal token per-session. Since the front-end is all GET based (also per convention like in markpatrolled and rollback) they are stronger salted (title / action specific)
* ajax.watch used the API already and was switched in r88554.
* The actual watching/unwatching code was moved from WatchAction->onView to WatchAction::doWatch. This was done to allow the API to do the action without needing to generate a token like the front-end needs (or having to duplicate code). It is now similar to RecentChange::markPatrolled (in that it  also a "central" function that does not care about tokens, it's called after the token-handling)
* JavaScript / Gadgets that utilize action=watch in their scripts:
** Effects should be minimal as they should be using the API (see r88522 and wikitech-l)
** If they use index.php and scrap the link from the page, they can continue to do so.

* There are links to the watch action all over the place. I've tried to catch most of them, but there may be some I miss. Migration in most cases is just a matter of adding an array item to the $query for:
 'token' => WatchAction::getWatchToken( $title, $user [, $action] )
or changing:
 Action::factory( 'watch', $article )->execute();
to:
 WatchAction::doWatch( $title, $user );

While replacing the usages in some cases an instance of Article() no longer had to be created, in others $wgUser had to be retrieved from global (which was implied before but needs to be given directly now)

Other notes:
* Article->unwatch() and Article->watch(), which were deprecated as of 1.18 and are no longer used in core, may be broken in scenarios where the Request does not have a 'token' but is making a call to $article->watch()
* Some extensions need to be fixed, I'm currently running a grep search and will fix them a.s.a.p 


[1] http://www.mediawiki.org/wiki/ResourceLoader/Default_modules?mw.user#tokens
2011-06-06 00:09:03 +00:00

131 lines
3.4 KiB
PHP
Raw Blame History

<?php
/**
*
*
* Created on Jan 4, 2008
*
* Copyright © 2008 Yuri Astrakhan <Firstname><Lastname>@gmail.com,
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
*/
if ( !defined( 'MEDIAWIKI' ) ) {
// Eclipse helper - will be ignored in production
require_once( 'ApiBase.php' );
}
/**
* API module to allow users to watch a page
*
* @ingroup API
*/
class ApiWatch extends ApiBase {
public function __construct( $main, $action ) {
parent::__construct( $main, $action );
}
public function execute() {
global $wgUser;
if ( !$wgUser->isLoggedIn() ) {
$this->dieUsage( 'You must be logged-in to have a watchlist', 'notloggedin' );
}
$params = $this->extractRequestParams();
$title = Title::newFromText( $params['title'] );
if ( !$title ) {
$this->dieUsageMsg( array( 'invalidtitle', $params['title'] ) );
}
$article = new Article( $title );
$res = array( 'title' => $title->getPrefixedText() );
if ( $params['unwatch'] ) {
$res['unwatched'] = '';
$res['message'] = wfMsgExt( 'removedwatchtext', array( 'parse' ), $title->getPrefixedText() );
$success = WatchAction::doWatch( $title, $wgUser );
} else {
$res['watched'] = '';
$res['message'] = wfMsgExt( 'addedwatchtext', array( 'parse' ), $title->getPrefixedText() );
$success = UnwatchAction::doUnwatch( $title, $wgUser );
}
if ( !$success ) {
$this->dieUsageMsg( 'hookaborted' );
}
$this->getResult()->addValue( null, $this->getModuleName(), $res );
}
public function mustBePosted() {
return true;
}
public function isWriteMode() {
return true;
}
public function needsToken() {
return true;
}
public function getTokenSalt() {
return 'watch';
}
public function getAllowedParams() {
return array(
'title' => array(
ApiBase::PARAM_TYPE => 'string',
ApiBase::PARAM_REQUIRED => true
),
'unwatch' => false,
'token' => null,
);
}
public function getParamDescription() {
return array(
'title' => 'The page to (un)watch',
'unwatch' => 'If set the page will be unwatched rather than watched',
'token' => 'A token previously acquired via prop=info',
);
}
public function getDescription() {
return 'Add or remove a page from/to the current user\'s watchlist';
}
public function getPossibleErrors() {
return array_merge( parent::getPossibleErrors(), array(
array( 'code' => 'notloggedin', 'info' => 'You must be logged-in to have a watchlist' ),
array( 'invalidtitle', 'title' ),
array( 'hookaborted' ),
) );
}
protected function getExamples() {
return array(
'api.php?action=watch&title=Main_Page',
'api.php?action=watch&title=Main_Page&unwatch=',
);
}
public function getVersion() {
return __CLASS__ . ': $Id$';
}
}
Reference in a new issue View git blame Copy permalink