From: Brad Jorsch Date: Wed, 1 Feb 2017 15:07:02 +0000 (-0500) Subject: ApiPurge: Require POST X-Git-Tag: 1.31.0-rc.0~4168^2 X-Git-Url: http://git.cyclocoop.org/%22.%24image2.%22?a=commitdiff_plain;h=eada94090990f9d06a3b512efc1ca7e6eb4bb2f1;p=lhc%2Fweb%2Fwiklou.git ApiPurge: Require POST This change was announced to mediawiki-api-announce on September 14, 2016,[1] and the remaining users were notified on December 28, 2016, and a reminder was sent on the same day.[2] Time to do this. [1]: https://lists.wikimedia.org/pipermail/mediawiki-api-announce/2016-September/000118.html [2]: https://lists.wikimedia.org/pipermail/mediawiki-api-announce/2016-December/000124.html Bug: T145649 Change-Id: I5ec8acfbd2cd705a7b4c81f36786149c3d9cba45 --- diff --git a/includes/api/ApiPurge.php b/includes/api/ApiPurge.php index 324d030fdb..312463835c 100644 --- a/includes/api/ApiPurge.php +++ b/includes/api/ApiPurge.php @@ -37,11 +37,6 @@ class ApiPurge extends ApiBase { * Purges the cache of a page */ public function execute() { - $main = $this->getMain(); - if ( !$main->isInternalMode() && !$main->getRequest()->wasPosted() ) { - $this->addDeprecation( 'apiwarn-deprecation-purge-get', 'purge-via-GET' ); - } - $params = $this->extractRequestParams(); $continuationManager = new ApiContinuationManager( $this, [], [] ); @@ -60,12 +55,8 @@ class ApiPurge extends ApiBase { ApiQueryBase::addTitleInfo( $r, $title ); $page = WikiPage::factory( $title ); if ( !$user->pingLimiter( 'purge' ) ) { - $flags = WikiPage::PURGE_ALL; - if ( !$this->getRequest()->wasPosted() ) { - $flags ^= WikiPage::PURGE_GLOBAL_PCACHE; // skip DB_MASTER write - } // Directly purge and skip the UI part of purge() - $page->doPurge( $flags ); + $page->doPurge( WikiPage::PURGE_ALL ); $r['purged'] = true; } else { $this->addWarning( 'apierror-ratelimited' ); @@ -157,20 +148,7 @@ class ApiPurge extends ApiBase { } public function mustBePosted() { - // Anonymous users are not allowed a non-POST request - return !$this->getUser()->isAllowed( 'purge' ); - } - - protected function getHelpFlags() { - $flags = parent::getHelpFlags(); - - // Claim that we must be posted for the purposes of help and paraminfo. - // @todo Remove this when self::mustBePosted() is updated for T145649 - if ( !in_array( 'mustbeposted', $flags, true ) ) { - $flags[] = 'mustbeposted'; - } - - return $flags; + return true; } public function getAllowedParams( $flags = 0 ) {