diff options
author | Luke Shumaker <lukeshu@sbcglobal.net> | 2015-02-25 23:38:25 -0500 |
---|---|---|
committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2015-02-25 23:38:25 -0500 |
commit | b0e5922cdadff2b394100dc8977bc2d526c04595 (patch) | |
tree | f1c19b1aaf0988cdef72f978b9f16c5d631d3727 /includes/api | |
parent | ad2b9dc3e492af9d550532817f34f865a97a8f63 (diff) | |
parent | b88ab0086858470dd1f644e64cb4e4f62bb2be9b (diff) |
Merge commit 'b88ab'
Diffstat (limited to 'includes/api')
-rw-r--r-- | includes/api/ApiBase.php | 1 | ||||
-rw-r--r-- | includes/api/ApiEditPage.php | 3 | ||||
-rw-r--r-- | includes/api/ApiFormatJson.php | 14 | ||||
-rw-r--r-- | includes/api/ApiFormatPhp.php | 19 | ||||
-rw-r--r-- | includes/api/ApiMain.php | 2 | ||||
-rw-r--r-- | includes/api/ApiQueryLogEvents.php | 8 |
6 files changed, 41 insertions, 6 deletions
diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php index ce6ecda6..c1454e76 100644 --- a/includes/api/ApiBase.php +++ b/includes/api/ApiBase.php @@ -1351,6 +1351,7 @@ abstract class ApiBase extends ContextSource { 'permdenied-undelete' => array( 'code' => 'permissiondenied', 'info' => "You don't have permission to restore deleted revisions" ), 'createonly-exists' => array( 'code' => 'articleexists', 'info' => "The article you tried to create has been created already" ), 'nocreate-missing' => array( 'code' => 'missingtitle', 'info' => "The article you tried to edit doesn't exist" ), + 'cantchangecontentmodel' => array( 'code' => 'cantchangecontentmodel', 'info' => "You don't have permission to change the content model of a page" ), 'nosuchrcid' => array( 'code' => 'nosuchrcid', 'info' => "There is no change with rcid \"\$1\"" ), 'protect-invalidaction' => array( 'code' => 'protect-invalidaction', 'info' => "Invalid protection type \"\$1\"" ), 'protect-invalidlevel' => array( 'code' => 'protect-invalidlevel', 'info' => "Invalid protection level \"\$1\"" ), diff --git a/includes/api/ApiEditPage.php b/includes/api/ApiEditPage.php index bd61895b..51c9efc6 100644 --- a/includes/api/ApiEditPage.php +++ b/includes/api/ApiEditPage.php @@ -423,6 +423,9 @@ class ApiEditPage extends ApiBase { case EditPage::AS_NO_CREATE_PERMISSION: $this->dieUsageMsg( 'nocreate-loggedin' ); + case EditPage::AS_NO_CHANGE_CONTENT_MODEL: + $this->dieUsageMsg( 'cantchangecontentmodel' ); + case EditPage::AS_BLANK_ARTICLE: $this->dieUsageMsg( 'blankpage' ); diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php index 342a580f..47d82124 100644 --- a/includes/api/ApiFormatJson.php +++ b/includes/api/ApiFormatJson.php @@ -62,10 +62,22 @@ class ApiFormatJson extends ApiFormatBase { $this->getIsHtml(), $params['utf8'] ? FormatJson::ALL_OK : FormatJson::XMLMETA_OK ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API, so we need to + // work around it. + if ( preg_match( '/\<\s*cross-domain-policy\s*\>/i', $json ) ) { + $json = preg_replace( + '/\<(\s*cross-domain-policy\s*)\>/i', '\\u003C$1\\u003E', $json + ); + } + $callback = $params['callback']; if ( $callback !== null ) { $callback = preg_replace( "/[^][.\\'\\\"_A-Za-z0-9]/", '', $callback ); - $this->printText( "$callback($json)" ); + # Prepend a comment to try to avoid attacks against content + # sniffers, such as bug 68187. + $this->printText( "/**/$callback($json)" ); } else { $this->printText( $json ); } diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php index b2d1f044..bda1c180 100644 --- a/includes/api/ApiFormatPhp.php +++ b/includes/api/ApiFormatPhp.php @@ -35,7 +35,24 @@ class ApiFormatPhp extends ApiFormatBase { } public function execute() { - $this->printText( serialize( $this->getResultData() ) ); + global $wgMangleFlashPolicy; + $text = serialize( $this->getResultData() ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API. There's nothing + // we can do here that isn't actively broken in some manner, so let's + // just be broken in a useful manner. + if ( $wgMangleFlashPolicy && + in_array( 'wfOutputHandler', ob_list_handlers(), true ) && + preg_match( '/\<\s*cross-domain-policy\s*\>/i', $text ) + ) { + $this->dieUsage( + 'This response cannot be represented using format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776', + 'internalerror' + ); + } + + $this->printText( $text ); } public function getDescription() { diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php index c11f16cb..ea2fcc78 100644 --- a/includes/api/ApiMain.php +++ b/includes/api/ApiMain.php @@ -510,7 +510,7 @@ class ApiMain extends ApiBase { array( '.*?', '.' ), $wildcard ); - return "/https?:\/\/$wildcard/"; + return "/^https?:\/\/$wildcard$/"; } protected function sendCacheHeaders() { diff --git a/includes/api/ApiQueryLogEvents.php b/includes/api/ApiQueryLogEvents.php index 26774ef4..ecd117e4 100644 --- a/includes/api/ApiQueryLogEvents.php +++ b/includes/api/ApiQueryLogEvents.php @@ -36,7 +36,7 @@ class ApiQueryLogEvents extends ApiQueryBase { } private $fld_ids = false, $fld_title = false, $fld_type = false, - $fld_action = false, $fld_user = false, $fld_userid = false, + $fld_user = false, $fld_userid = false, $fld_timestamp = false, $fld_comment = false, $fld_parsedcomment = false, $fld_details = false, $fld_tags = false; @@ -49,7 +49,6 @@ class ApiQueryLogEvents extends ApiQueryBase { $this->fld_ids = isset( $prop['ids'] ); $this->fld_title = isset( $prop['title'] ); $this->fld_type = isset( $prop['type'] ); - $this->fld_action = isset( $prop['action'] ); $this->fld_user = isset( $prop['user'] ); $this->fld_userid = isset( $prop['userid'] ); $this->fld_timestamp = isset( $prop['timestamp'] ); @@ -304,6 +303,9 @@ class ApiQueryLogEvents extends ApiQueryBase { if ( LogEventsList::isDeleted( $row, LogPage::DELETED_ACTION ) ) { $vals['actionhidden'] = ''; } else { + if ( $this->fld_type ) { + $vals['action'] = $row->log_action; + } if ( $this->fld_title ) { ApiQueryBase::addTitleInfo( $vals, $title ); } @@ -313,7 +315,7 @@ class ApiQueryLogEvents extends ApiQueryBase { } } - if ( $this->fld_type || $this->fld_action ) { + if ( $this->fld_type ) { $vals['type'] = $row->log_type; $vals['action'] = $row->log_action; } |