From: Rob Church
Date: Wed, 8 Aug 2007 17:32:13 +0000 (+0000)
Subject: Revert r24673; *this is not needed*. If "API exposure" is so dangerous, then it shoul...
X-Git-Tag: 1.31.0-rc.0~51825
X-Git-Url: http://git.cyclocoop.org/%24action?a=commitdiff_plain;h=655a5454f82c23905ce28cb4649e2e49cd2d528e;p=lhc%2Fweb%2Fwiklou.git
Revert r24673; *this is not needed*. If "API exposure" is so dangerous, then it should be *off by default*, since otherwise, everybody who upgraded from 1.7 to 1.8 will have an apparently hideous vulnerability.
Do not over-complicate the installer.
---
diff --git a/config/index.php b/config/index.php
index 3e42b0499d..eeb0b46db5 100644
--- a/config/index.php
+++ b/config/index.php
@@ -702,7 +702,6 @@ $conf->Email = importRequest("Email", "email_enabled");
$conf->Emailuser = importRequest("Emailuser", "emailuser_enabled");
$conf->Enotif = importRequest("Enotif", "enotif_allpages");
$conf->Eauthent = importRequest("Eauthent", "eauthent_enabled");
-$conf->Api = importRequest("Api", "api_enabled_readonly" );
if( $conf->posted && ( 0 == count( $errs ) ) ) {
do { /* So we can 'continue' to end prematurely */
@@ -1239,20 +1238,6 @@ if( count( $errs ) ) {
MediaWiki can also detect and support eAccelerator, Turck MMCache, APC, and XCache, but
these should not be used if the wiki will be running on multiple application servers.
-
-
- API allows programs and scripts to directly access MediaWiki data in computer-readable formats.
- Once enabled, it will be accessible through
- ScriptPath ); ?>/api.php
-
E-mail, e-mail notification and authentication setup
@@ -1542,22 +1527,6 @@ function writeLocalSettings( $conf ) {
$enotifwatchlist = 'false';
}
- switch ( $conf->Api ) {
- case "api_enabled_readwrite":
- $apiEnabled = 'true';
- $apiWriteEnabled = 'true';
- break;
- case "api_enabled_readonly":
- $apiEnabled = 'true';
- $apiWriteEnabled = 'false';
- break;
- case "api_disabled":
- default:
- $apiEnabled = 'false';
- $apiWriteEnabled = 'false';
- break;
- }
-
$file = @fopen( "/dev/urandom", "r" );
if ( $file ) {
$secretKey = bin2hex( fread( $file, 32 ) );
@@ -1702,11 +1671,6 @@ if ( \$wgCommandLineMode ) {
# sure that cached pages are cleared.
\$configdate = gmdate( 'YmdHis', @filemtime( __FILE__ ) );
\$wgCacheEpoch = max( \$wgCacheEpoch, \$configdate );
-
-# Enable direct access to the data API through api.php
-\$wgEnableAPI = $apiEnabled;
-\$wgEnableWriteAPI = $apiWriteEnabled;
-
"; ## End of setting the $localsettings string
// Keep things in Unix line endings internally;