From 80f9448690b189e21f961ba8a4a55e6cac5b0712 Mon Sep 17 00:00:00 2001 From: Sam Reed Date: Sun, 14 Feb 2010 22:20:27 +0000 Subject: [PATCH] Start of "Bug 21991 - Move common query parameter (uc, rc) validation, token requiringness/checking to ApiBase/Similar" Move token requringness check to the ApiMain Adding an exception if we're using "gettoken" (block/unblock) Remove array( 'missingparam', 'token' ), from the getPossibleErrors of modules that set requireToken method to true --- includes/api/ApiBase.php | 12 ++++++++++++ includes/api/ApiBlock.php | 7 ++++--- includes/api/ApiDelete.php | 7 ++++--- includes/api/ApiEditPage.php | 8 ++++---- includes/api/ApiEmailUser.php | 7 ++++--- includes/api/ApiImport.php | 7 ++++--- includes/api/ApiMain.php | 6 +++++- includes/api/ApiMove.php | 7 ++++--- includes/api/ApiParse.php | 2 +- includes/api/ApiPatrol.php | 7 ++++--- includes/api/ApiProtect.php | 7 ++++--- includes/api/ApiRollback.php | 7 ++++--- includes/api/ApiUnblock.php | 7 ++++--- includes/api/ApiUndelete.php | 7 ++++--- includes/api/ApiUpload.php | 7 ++++--- includes/api/ApiUserrights.php | 7 ++++--- 16 files changed, 70 insertions(+), 42 deletions(-) diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php index 3b6fee1c28..a6a7a0a43b 100644 --- a/includes/api/ApiBase.php +++ b/includes/api/ApiBase.php @@ -965,6 +965,14 @@ abstract class ApiBase { public function mustBePosted() { return false; } + + /** + * Indicates whether this module needs a token to preform the request + * @returns bool + */ + public function requiresToken() { + return false; + } /** * Returns a list of all possible errors returned by the module @@ -985,6 +993,10 @@ abstract class ApiBase { $ret[] = array ( 'writerequired' ); $ret[] = array ( 'writedisabled' ); } + + if ( $this->requiresToken() ) { + $ret[] = array( 'missingparam', 'token' ); + } return $ret; } diff --git a/includes/api/ApiBlock.php b/includes/api/ApiBlock.php index 8f9300d335..f2b41feb0f 100644 --- a/includes/api/ApiBlock.php +++ b/includes/api/ApiBlock.php @@ -61,8 +61,6 @@ class ApiBlock extends ApiBase { if ( is_null( $params['user'] ) ) $this->dieUsageMsg( array( 'missingparam', 'user' ) ); - if ( is_null( $params['token'] ) ) - $this->dieUsageMsg( array( 'missingparam', 'token' ) ); if ( !$wgUser->matchEditToken( $params['token'] ) ) $this->dieUsageMsg( array( 'sessionfailure' ) ); if ( !$wgUser->isAllowed( 'block' ) ) @@ -163,13 +161,16 @@ class ApiBlock extends ApiBase { public function getPossibleErrors() { return array_merge( parent::getPossibleErrors(), array( array( 'missingparam', 'user' ), - array( 'missingparam', 'token' ), array( 'sessionfailure' ), array( 'cantblock' ), array( 'canthide' ), array( 'cantblock-email' ), ) ); } + + public function requiresToken() { + return true; + } protected function getExamples() { return array ( diff --git a/includes/api/ApiDelete.php b/includes/api/ApiDelete.php index 44be2e7966..e4686cf3eb 100644 --- a/includes/api/ApiDelete.php +++ b/includes/api/ApiDelete.php @@ -51,8 +51,6 @@ class ApiDelete extends ApiBase { $params = $this->extractRequestParams(); $this->requireOnlyOneParameter( $params, 'title', 'pageid' ); - if ( !isset( $params['token'] ) ) - $this->dieUsageMsg( array( 'missingparam', 'token' ) ); if ( isset( $params['title'] ) ) { @@ -214,13 +212,16 @@ class ApiDelete extends ApiBase { public function getPossibleErrors() { return array_merge( parent::getPossibleErrors(), array( - array( 'missingparam', 'token' ), array( 'invalidtitle', 'title' ), array( 'nosuchpageid', 'pageid' ), array( 'notanarticle' ), array( 'hookaborted', 'error' ), ) ); } + + public function requiresToken() { + return true; + } protected function getExamples() { return array ( diff --git a/includes/api/ApiEditPage.php b/includes/api/ApiEditPage.php index d09feace64..3eb414123f 100644 --- a/includes/api/ApiEditPage.php +++ b/includes/api/ApiEditPage.php @@ -53,9 +53,6 @@ class ApiEditPage extends ApiBase { $params['undo'] == 0 ) $this->dieUsageMsg( array( 'missingtext' ) ); - if ( is_null( $params['token'] ) ) - $this->dieUsageMsg( array( 'missingparam', 'token' ) ); - if ( !$wgUser->matchEditToken( $params['token'] ) ) $this->dieUsageMsg( array( 'sessionfailure' ) ); @@ -350,7 +347,6 @@ class ApiEditPage extends ApiBase { return array_merge( parent::getPossibleErrors(), array( array( 'missingparam', 'title' ), array( 'missingtext' ), - array( 'missingparam', 'token' ), array( 'sessionfailure' ), array( 'invalidtitle', 'title' ), array( 'createonly-exists' ), @@ -466,6 +462,10 @@ class ApiEditPage extends ApiBase { 'undoafter' => 'Undo all revisions from undo to this one. If not set, just undo one revision', ); } + + public function requiresToken() { + return true; + } protected function getExamples() { return array ( diff --git a/includes/api/ApiEmailUser.php b/includes/api/ApiEmailUser.php index 53a38f8b7a..b93b77fb7a 100644 --- a/includes/api/ApiEmailUser.php +++ b/includes/api/ApiEmailUser.php @@ -48,8 +48,6 @@ class ApiEmailUser extends ApiBase { $this->dieUsageMsg( array( 'missingparam', 'target' ) ); if ( !isset( $params['text'] ) ) $this->dieUsageMsg( array( 'missingparam', 'text' ) ); - if ( !isset( $params['token'] ) ) - $this->dieUsageMsg( array( 'missingparam', 'token' ) ); // Validate target $targetUser = EmailUserForm::validateEmailTarget( $params['target'] ); @@ -111,9 +109,12 @@ class ApiEmailUser extends ApiBase { array( 'usermaildisabled' ), array( 'missingparam', 'target' ), array( 'missingparam', 'text' ), - array( 'missingparam', 'token' ), ) ); } + + public function requiresToken() { + return true; + } protected function getExamples() { return array ( diff --git a/includes/api/ApiImport.php b/includes/api/ApiImport.php index b0c0cc0c50..a68a103168 100644 --- a/includes/api/ApiImport.php +++ b/includes/api/ApiImport.php @@ -44,8 +44,6 @@ class ApiImport extends ApiBase { if ( !$wgUser->isAllowed( 'import' ) ) $this->dieUsageMsg( array( 'cantimport' ) ); $params = $this->extractRequestParams(); - if ( !isset( $params['token'] ) ) - $this->dieUsageMsg( array( 'missingparam', 'token' ) ); if ( !$wgUser->matchEditToken( $params['token'] ) ) $this->dieUsageMsg( array( 'sessionfailure' ) ); @@ -146,7 +144,6 @@ class ApiImport extends ApiBase { public function getPossibleErrors() { return array_merge( parent::getPossibleErrors(), array( array( 'cantimport' ), - array( 'missingparam', 'token' ), array( 'sessionfailure' ), array( 'missingparam', 'interwikipage' ), array( 'cantimport-upload' ), @@ -154,6 +151,10 @@ class ApiImport extends ApiBase { array( 'import-unknownerror', 'result' ), ) ); } + + public function requiresToken() { + return true; + } protected function getExamples() { return array( diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php index 8ccb8a6e0a..8d083ce272 100644 --- a/includes/api/ApiMain.php +++ b/includes/api/ApiMain.php @@ -378,11 +378,15 @@ class ApiMain extends ApiBase { if ( !is_string( $this->mAction ) ) { $this->dieUsage( "The API requires a valid action parameter", 'unknown_action' ); } - + // Instantiate the module requested by the user $module = new $this->mModules[$this->mAction] ( $this, $this->mAction ); $this->mModule = $module; + //Die if token required, but not provided (unless there is a gettoken parameter) + if ( $module->requiresToken() && is_null( $params['token'] ) && !is_null( $params['gettoken'] ) ) + $this->dieUsageMsg( array( 'missingparam', 'token' ) ); + if ( $module->shouldCheckMaxlag() && isset( $params['maxlag'] ) ) { // Check for maxlag global $wgShowHostnames; diff --git a/includes/api/ApiMove.php b/includes/api/ApiMove.php index 0509cfee83..0f1e31cd35 100644 --- a/includes/api/ApiMove.php +++ b/includes/api/ApiMove.php @@ -46,8 +46,6 @@ class ApiMove extends ApiBase { $this->requireOnlyOneParameter( $params, 'from', 'fromid' ); if ( !isset( $params['to'] ) ) $this->dieUsageMsg( array( 'missingparam', 'to' ) ); - if ( !isset( $params['token'] ) ) - $this->dieUsageMsg( array( 'missingparam', 'token' ) ); if ( !$wgUser->matchEditToken( $params['token'] ) ) $this->dieUsageMsg( array( 'sessionfailure' ) ); @@ -215,7 +213,6 @@ class ApiMove extends ApiBase { public function getPossibleErrors() { return array_merge( parent::getPossibleErrors(), array( array( 'missingparam', 'to' ), - array( 'missingparam', 'token' ), array( 'sessionfailure' ), array( 'invalidtitle', 'from' ), array( 'nosuchpageid', 'fromid' ), @@ -224,6 +221,10 @@ class ApiMove extends ApiBase { array( 'sharedfile-exists' ), ) ); } + + public function requiresToken() { + return true; + } protected function getExamples() { return array ( diff --git a/includes/api/ApiParse.php b/includes/api/ApiParse.php index 3380b1ae05..744953715b 100644 --- a/includes/api/ApiParse.php +++ b/includes/api/ApiParse.php @@ -325,4 +325,4 @@ class ApiParse extends ApiBase { public function getVersion() { return __CLASS__ . ': $Id$'; } -} +} \ No newline at end of file diff --git a/includes/api/ApiPatrol.php b/includes/api/ApiPatrol.php index bd97c0a811..101bed12b4 100644 --- a/includes/api/ApiPatrol.php +++ b/includes/api/ApiPatrol.php @@ -44,8 +44,6 @@ class ApiPatrol extends ApiBase { global $wgUser; $params = $this->extractRequestParams(); - if ( !isset( $params['token'] ) ) - $this->dieUsageMsg( array( 'missingparam', 'token' ) ); if ( !isset( $params['rcid'] ) ) $this->dieUsageMsg( array( 'missingparam', 'rcid' ) ); if ( !$wgUser->matchEditToken( $params['token'] ) ) @@ -92,12 +90,15 @@ class ApiPatrol extends ApiBase { public function getPossibleErrors() { return array_merge( parent::getPossibleErrors(), array( - array( 'missingparam', 'token' ), array( 'missingparam', 'rcid' ), array( 'sessionfailure' ), array( 'nosuchrcid', 'rcid' ), ) ); } + + public function requiresToken() { + return true; + } protected function getExamples() { return array( diff --git a/includes/api/ApiProtect.php b/includes/api/ApiProtect.php index 5dabc91416..a417dace1f 100644 --- a/includes/api/ApiProtect.php +++ b/includes/api/ApiProtect.php @@ -43,8 +43,6 @@ class ApiProtect extends ApiBase { $titleObj = null; if ( !isset( $params['title'] ) ) $this->dieUsageMsg( array( 'missingparam', 'title' ) ); - if ( !isset( $params['token'] ) ) - $this->dieUsageMsg( array( 'missingparam', 'token' ) ); if ( empty( $params['protections'] ) ) $this->dieUsageMsg( array( 'missingparam', 'protections' ) ); @@ -177,7 +175,6 @@ class ApiProtect extends ApiBase { public function getPossibleErrors() { return array_merge( parent::getPossibleErrors(), array( array( 'missingparam', 'title' ), - array( 'missingparam', 'token' ), array( 'missingparam', 'protections' ), array( 'sessionfailure' ), array( 'invalidtitle', 'title' ), @@ -190,6 +187,10 @@ class ApiProtect extends ApiBase { array( 'pastexpiry', 'expiry' ), ) ); } + + public function requiresToken() { + return true; + } protected function getExamples() { return array ( diff --git a/includes/api/ApiRollback.php b/includes/api/ApiRollback.php index fca9e5911b..4245289ba6 100644 --- a/includes/api/ApiRollback.php +++ b/includes/api/ApiRollback.php @@ -44,8 +44,6 @@ class ApiRollback extends ApiBase { $this->dieUsageMsg( array( 'missingparam', 'title' ) ); if ( !isset( $params['user'] ) ) $this->dieUsageMsg( array( 'missingparam', 'user' ) ); - if ( !isset( $params['token'] ) ) - $this->dieUsageMsg( array( 'missingparam', 'token' ) ); $titleObj = Title::newFromText( $params['title'] ); if ( !$titleObj ) @@ -118,12 +116,15 @@ class ApiRollback extends ApiBase { return array_merge( parent::getPossibleErrors(), array( array( 'missingparam', 'title' ), array( 'missingparam', 'user' ), - array( 'missingparam', 'token' ), array( 'invalidtitle', 'title' ), array( 'notanarticle' ), array( 'invaliduser', 'user' ), ) ); } + + public function requiresToken() { + return true; + } protected function getExamples() { return array ( diff --git a/includes/api/ApiUnblock.php b/includes/api/ApiUnblock.php index 02993092c5..595dcc7b2d 100644 --- a/includes/api/ApiUnblock.php +++ b/includes/api/ApiUnblock.php @@ -57,8 +57,6 @@ class ApiUnblock extends ApiBase { $this->dieUsageMsg( array( 'unblock-notarget' ) ); if ( !is_null( $params['id'] ) && !is_null( $params['user'] ) ) $this->dieUsageMsg( array( 'unblock-idanduser' ) ); - if ( is_null( $params['token'] ) ) - $this->dieUsageMsg( array( 'missingparam', 'token' ) ); if ( !$wgUser->matchEditToken( $params['token'] ) ) $this->dieUsageMsg( array( 'sessionfailure' ) ); if ( !$wgUser->isAllowed( 'block' ) ) @@ -115,11 +113,14 @@ class ApiUnblock extends ApiBase { return array_merge( parent::getPossibleErrors(), array( array( 'unblock-notarget' ), array( 'unblock-idanduser' ), - array( 'missingparam', 'token' ), array( 'sessionfailure' ), array( 'cantunblock' ), ) ); } + + public function requiresToken() { + return true; + } protected function getExamples() { return array ( diff --git a/includes/api/ApiUndelete.php b/includes/api/ApiUndelete.php index a88440ea8f..828d60b009 100644 --- a/includes/api/ApiUndelete.php +++ b/includes/api/ApiUndelete.php @@ -43,8 +43,6 @@ class ApiUndelete extends ApiBase { $titleObj = null; if ( !isset( $params['title'] ) ) $this->dieUsageMsg( array( 'missingparam', 'title' ) ); - if ( !isset( $params['token'] ) ) - $this->dieUsageMsg( array( 'missingparam', 'token' ) ); if ( !$wgUser->isAllowed( 'undelete' ) ) $this->dieUsageMsg( array( 'permdenied-undelete' ) ); @@ -123,7 +121,6 @@ class ApiUndelete extends ApiBase { public function getPossibleErrors() { return array_merge( parent::getPossibleErrors(), array( array( 'missingparam', 'title' ), - array( 'missingparam', 'token' ), array( 'permdenied-undelete' ), array( 'blockedtext' ), array( 'sessionfailure' ), @@ -131,6 +128,10 @@ class ApiUndelete extends ApiBase { array( 'cannotundelete' ), ) ); } + + public function requiresToken() { + return true; + } protected function getExamples() { return array ( diff --git a/includes/api/ApiUpload.php b/includes/api/ApiUpload.php index 12c16233ea..f3458484e8 100644 --- a/includes/api/ApiUpload.php +++ b/includes/api/ApiUpload.php @@ -48,8 +48,6 @@ class ApiUpload extends ApiBase { $request = $this->getMain()->getRequest(); // Do token checks: - if ( is_null( $this->mParams['token'] ) ) - $this->dieUsageMsg( array( 'missingparam', 'token' ) ); if ( !$wgUser->matchEditToken( $this->mParams['token'] ) ) $this->dieUsageMsg( array( 'sessionfailure' ) ); @@ -330,7 +328,6 @@ class ApiUpload extends ApiBase { public function getPossibleErrors() { return array_merge( parent::getPossibleErrors(), array( array( 'uploaddisabled' ), - array( 'missingparam', 'token' ), array( 'sessionfailure' ), array( 'invalid-session-key' ), array( 'uploaddisabled' ), @@ -349,6 +346,10 @@ class ApiUpload extends ApiBase { array( 'code' => 'internal-error', 'info' => 'An internal error occurred' ), ) ); } + + public function requiresToken() { + return true; + } protected function getExamples() { return array( diff --git a/includes/api/ApiUserrights.php b/includes/api/ApiUserrights.php index e5ffe4ec07..6117c8cc4f 100644 --- a/includes/api/ApiUserrights.php +++ b/includes/api/ApiUserrights.php @@ -41,8 +41,6 @@ class ApiUserrights extends ApiBase { $params = $this->extractRequestParams(); if ( is_null( $params['user'] ) ) $this->dieUsageMsg( array( 'missingparam', 'user' ) ); - if ( is_null( $params['token'] ) ) - $this->dieUsageMsg( array( 'missingparam', 'token' ) ); $form = new UserrightsPage; $user = $form->fetchUser( $params['user'] ); @@ -109,10 +107,13 @@ class ApiUserrights extends ApiBase { public function getPossibleErrors() { return array_merge( parent::getPossibleErrors(), array( array( 'missingparam', 'user' ), - array( 'missingparam', 'token' ), array( 'sessionfailure' ), ) ); } + + public function requiresToken() { + return true; + } protected function getExamples() { return array ( -- 2.20.1