From: Brion Vibber Date: Mon, 19 Nov 2007 15:32:06 +0000 (+0000) Subject: Revert r27581, 27598, 27626 X-Git-Tag: 1.31.0-rc.0~50805 X-Git-Url: http://git.cyclocoop.org/%22.%24h.%22?a=commitdiff_plain;h=b61adceeb9001a16fe1570579761edaa7db9c8ca;p=lhc%2Fweb%2Fwiklou.git Revert r27581, 27598, 27626 format=raw is an HTML injection machine like action=raw but without any safeguards; it's trivial to create JavaScript exploits which hit at least Internet Explorer. There's no reason to add a whole new danger point here when you've got machine-readable structure already... please do not add this raw formatter back. --- diff --git a/RELEASE-NOTES b/RELEASE-NOTES index f7bc968d37..fa2c3eccf3 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -194,8 +194,6 @@ Full API documentation is available at http://www.mediawiki.org/wiki/API * (bug 11562) Added a user_registration parameter/field to the list=allusers query. * (bug 11588) Preserve document structure for empty dataset in backlinks query. * Outputting list of all user preferences rather than having to request them by name -* Add raw formatting support. Now several actions like expandtemplates support raw output with format=raw -* (bug 11206) api.php should honor maxlag === Languages updated in 1.12 === diff --git a/includes/AutoLoader.php b/includes/AutoLoader.php index aa6d9091d5..828be04a9a 100644 --- a/includes/AutoLoader.php +++ b/includes/AutoLoader.php @@ -301,7 +301,6 @@ function __autoload($className) { 'Services_JSON' => 'includes/api/ApiFormatJson_json.php', 'ApiFormatJson' => 'includes/api/ApiFormatJson.php', 'ApiFormatPhp' => 'includes/api/ApiFormatPhp.php', - 'ApiFormatRaw' => 'includes/api/ApiFormatBase.php', 'ApiFormatWddx' => 'includes/api/ApiFormatWddx.php', 'ApiFormatXml' => 'includes/api/ApiFormatXml.php', 'Spyc' => 'includes/api/ApiFormatYaml_spyc.php', diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index fa3eb03502..008a6d2b4f 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -2335,24 +2335,4 @@ function wfGetNull() { return wfIsWindows() ? 'NUL' : '/dev/null'; -} - -/** - * Displays a maxlag error - * - * @param string $host Server that lags the most - * @param int $lag Maxlag (actual) - * @param int $maxLag Maxlag (requested) - */ -function wfMaxlagError( $host, $lag, $maxLag ) { - global $wgShowHostnames; - header( 'HTTP/1.1 503 Service Unavailable' ); - header( 'Retry-After: ' . max( intval( $maxLag ), 5 ) ); - header( 'X-Database-Lag: ' . intval( $lag ) ); - header( 'Content-Type: text/plain' ); - if( $wgShowHostnames ) { - echo "Waiting for $host: $lag seconds lagged\n"; - } else { - echo "Waiting for a database server: $lag seconds lagged\n"; - } } \ No newline at end of file diff --git a/includes/Wiki.php b/includes/Wiki.php index 4920ff2b21..02f9430543 100644 --- a/includes/Wiki.php +++ b/includes/Wiki.php @@ -57,10 +57,18 @@ class MediaWiki { } function checkMaxLag( $maxLag ) { - global $wgLoadBalancer; + global $wgLoadBalancer, $wgShowHostnames; list( $host, $lag ) = $wgLoadBalancer->getMaxLag(); if ( $lag > $maxLag ) { - wfMaxlagError( $host, $lag, $maxLag ); + header( 'HTTP/1.1 503 Service Unavailable' ); + header( 'Retry-After: ' . max( intval( $maxLag ), 5 ) ); + header( 'X-Database-Lag: ' . intval( $lag ) ); + header( 'Content-Type: text/plain' ); + if( $wgShowHostnames ) { + echo "Waiting for $host: $lag seconds lagged\n"; + } else { + echo "Waiting for a database server: $lag seconds lagged\n"; + } return false; } else { return true; diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php index 684ba0cd73..37bd4e767a 100644 --- a/includes/api/ApiBase.php +++ b/includes/api/ApiBase.php @@ -509,37 +509,6 @@ abstract class ApiBase { wfDebugDieBacktrace("Internal error in $method: $message"); } - private $mRawFormat = false; - - /** - * Returns if module supports raw mode - */ - public function supportRaw() { - return false; - } - - /** - * Enables raw mode - */ - public function setRaw() { - $this->mRawFormat = true; - } - - /** - * Checks if raw mode is enabled - */ - public function isRaw() { - return $this->mRawFormat; - } - - /** - * Indicates if API needs to check maxlag - */ - public function shouldCheckMaxlag() { - return true; - } - - /** * Profiling: total module execution time */ @@ -648,4 +617,3 @@ abstract class ApiBase { } } - diff --git a/includes/api/ApiExpandTemplates.php b/includes/api/ApiExpandTemplates.php index d043bcbcd2..df99ba1099 100644 --- a/includes/api/ApiExpandTemplates.php +++ b/includes/api/ApiExpandTemplates.php @@ -55,18 +55,11 @@ class ApiExpandTemplates extends ApiBase { // Return result $result = $this->getResult(); - if( $this->isRaw() ) { - ApiFormatRaw :: setRawData( $result, $retval ); - } $retval_array = array(); $result->setContent( $retval_array, $retval ); $result->addValue( null, $this->getModuleName(), $retval_array ); } - public function supportRaw() { - return true; - } - protected function getAllowedParams() { return array ( 'title' => array( @@ -98,4 +91,3 @@ class ApiExpandTemplates extends ApiBase { } } - diff --git a/includes/api/ApiFormatBase.php b/includes/api/ApiFormatBase.php index 0693040556..5bfbd9e12a 100644 --- a/includes/api/ApiFormatBase.php +++ b/includes/api/ApiFormatBase.php @@ -276,64 +276,3 @@ class ApiFormatFeedWrapper extends ApiFormatBase { return __CLASS__ . ': $Id$'; } } - -/** - * This printer is used to wrap raw printer - * @addtogroup API - */ -class ApiFormatRaw extends ApiFormatBase { - - public function __construct($main, $format) { - parent :: __construct($main, $format); - } - - public static function setRawData( $result, $raw_data, $raw_type = 'text/plain' ) { - $data = & $result->getData(); - $data['_raw'] = $raw_data; - $data['_raw_mimetype'] = $raw_type; - } - - public function getMimeType() { - $data = $this->getResultData(); - if( !isset( $data['_raw_mimetype'] ) && !isset( $data['error'] ) ) { - ApiBase :: dieDebug( 'ApiFormatRaw', 'No raw data is set for this module' ); - return; - } - elseif( isset( $data['error'] ) ) { - $this->executeError( $data ); - return; - } - return $data['_raw_mimetype']; - } - - public function execute() { - $data = $this->getResultData(); - if( !isset( $data['_raw'] ) && !isset( $data['error'] ) ) { - ApiBase :: dieDebug( 'ApiFormatRaw', 'No raw data is set for this module' ); - return; - } - elseif( isset( $data['error'] ) ) { - $this->executeError( $data ); - return; - } - $this->printText( $data['_raw'] ); - } - - private function executeError( $data ) { - wfHttpError(500, 'Internal Server Error', ''); - echo "{$data['error']['code']}\n"; - echo "{$data['error']['info']}\n"; - } - - public function getNeedsRawData() { - return true; - } - - protected function getDescription() { - return 'Output data in raw format. NOTE: not all actions support it' . parent :: getDescription(); - } - - public function getVersion() { - return __CLASS__ . ': $Id$'; - } -} diff --git a/includes/api/ApiHelp.php b/includes/api/ApiHelp.php index 21150a6d11..aeebb50477 100644 --- a/includes/api/ApiHelp.php +++ b/includes/api/ApiHelp.php @@ -46,10 +46,6 @@ class ApiHelp extends ApiBase { $this->dieUsage('', 'help'); } - public function shouldCheckMaxlag() { - return false; - } - protected function getDescription() { return array ( 'Display this help screen.' diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php index d80928e3b4..406d23a018 100644 --- a/includes/api/ApiMain.php +++ b/includes/api/ApiMain.php @@ -75,7 +75,6 @@ class ApiMain extends ApiBase { 'xmlfm' => 'ApiFormatXml', 'yaml' => 'ApiFormatYaml', 'yamlfm' => 'ApiFormatYaml', - 'raw' => 'ApiFormatRaw', 'rawfm' => 'ApiFormatJson' ); @@ -290,33 +289,9 @@ class ApiMain extends ApiBase { // Instantiate the module requested by the user $module = new $this->mModules[$this->mAction] ($this, $this->mAction); - - if( $module->shouldCheckMaxlag() && isset( $params['maxlag'] ) ) { - // Check for maxlag - global $wgLoadBalancer, $wgShowHostnames; - $maxLag = $params['maxlag']; - list( $host, $lag ) = $wgLoadBalancer->getMaxLag(); - if ( $lag > $maxLag ) { - if( $wgShowHostnames ) { - ApiBase :: dieUsage( "Waiting for $host: $lag seconds lagged", 'maxlag' ); - } else { - ApiBase :: dieUsage( "Waiting for a database server: $lag seconds lagged", 'maxlag' ); - } - return; - } - } if (!$this->mInternalMode) { - //Check usage of raw printer - if( $params['format'] == 'raw' ) { - if( !$module->supportRaw() ) { - ApiBase :: dieUsage( 'This module doesn\'t support format=raw', 'rawnotsupported' ); - return; - } - $module->setRaw(); - } - // See if custom printer is used $this->mPrinter = $module->getCustomPrinter(); if (is_null($this->mPrinter)) { @@ -373,10 +348,7 @@ class ApiMain extends ApiBase { ApiBase :: PARAM_DFLT => 'help', ApiBase :: PARAM_TYPE => $this->mModuleNames ), - 'version' => false, - 'maxlag' => array ( - ApiBase :: PARAM_TYPE => 'integer' - ), + 'version' => false ); } @@ -387,8 +359,7 @@ class ApiMain extends ApiBase { return array ( 'format' => 'The format of the output', 'action' => 'What action you would like to perform', - 'version' => 'When showing help, include version for each module', - 'maxlag' => 'Maximum lag' + 'version' => 'When showing help, include version for each module' ); } @@ -572,4 +543,3 @@ class UsageException extends Exception { } - diff --git a/includes/api/ApiQuery.php b/includes/api/ApiQuery.php index 1b1c3b3fb6..0223f6fb79 100644 --- a/includes/api/ApiQuery.php +++ b/includes/api/ApiQuery.php @@ -456,11 +456,6 @@ class ApiQuery extends ApiBase { $psModule = new ApiPageSet($this); return $psModule->makeHelpMsgParameters() . parent :: makeHelpMsgParameters(); } - - // @todo should work correctly - public function shouldCheckMaxlag() { - return true; - } protected function getParamDescription() { return array ( diff --git a/includes/api/ApiRender.php b/includes/api/ApiRender.php index 3540756018..9302da392a 100644 --- a/includes/api/ApiRender.php +++ b/includes/api/ApiRender.php @@ -56,18 +56,11 @@ class ApiRender extends ApiBase { // Return result $result = $this->getResult(); - if( $this->isRaw() ) { - ApiFormatRaw :: setRawData( $result, $retval, 'text/html' ); - } $retval_array = array(); $result->setContent( $retval_array, $retval ); $result->addValue( null, $this->getModuleName(), $retval_array ); } - public function supportRaw() { - return true; - } - protected function getAllowedParams() { return array ( 'title' => array( @@ -99,4 +92,3 @@ class ApiRender extends ApiBase { } } -