3 * Copyright © 2006, 2010 Yuri Astrakhan "<Firstname><Lastname>@gmail.com"
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
23 use Wikimedia\Rdbms\IDatabase
;
26 * This abstract class implements many basic API functions, and is the base of
28 * The class functions are divided into several areas of functionality:
30 * Module parameters: Derived classes can define getAllowedParams() to specify
31 * which parameters to expect, how to parse and validate them.
33 * Self-documentation: code to allow the API to document its own state
37 abstract class ApiBase
extends ContextSource
{
40 * @name Constants for ::getAllowedParams() arrays
41 * These constants are keys in the arrays returned by ::getAllowedParams()
42 * and accepted by ::getParameterFromSettings() that define how the
43 * parameters coming in from the request are to be interpreted.
47 /** (null|boolean|integer|string) Default value of the parameter. */
50 /** (boolean) Accept multiple pipe-separated values for this parameter (e.g. titles)? */
51 const PARAM_ISMULTI
= 1;
54 * (string|string[]) Either an array of allowed value strings, or a string
55 * type as described below. If not specified, will be determined from the
58 * Supported string types are:
59 * - boolean: A boolean parameter, returned as false if the parameter is
60 * omitted and true if present (even with a falsey value, i.e. it works
61 * like HTML checkboxes). PARAM_DFLT must be boolean false, if specified.
62 * Cannot be used with PARAM_ISMULTI.
63 * - integer: An integer value. See also PARAM_MIN, PARAM_MAX, and
64 * PARAM_RANGE_ENFORCE.
65 * - limit: An integer or the string 'max'. Default lower limit is 0 (but
66 * see PARAM_MIN), and requires that PARAM_MAX and PARAM_MAX2 be
67 * specified. Cannot be used with PARAM_ISMULTI.
68 * - namespace: An integer representing a MediaWiki namespace. Forces PARAM_ALL = true to
69 * support easily specifying all namespaces.
71 * - password: Any non-empty string. Input value is private or sensitive.
72 * <input type="password"> would be an appropriate HTML form field.
73 * - string: Any non-empty string, not expected to be very long or contain newlines.
74 * <input type="text"> would be an appropriate HTML form field.
75 * - submodule: The name of a submodule of this module, see PARAM_SUBMODULE_MAP.
76 * - tags: A string naming an existing, explicitly-defined tag. Should usually be
77 * used with PARAM_ISMULTI.
78 * - text: Any non-empty string, expected to be very long or contain newlines.
79 * <textarea> would be an appropriate HTML form field.
80 * - timestamp: A timestamp in any format recognized by MWTimestamp, or the
81 * string 'now' representing the current timestamp. Will be returned in
83 * - user: A MediaWiki username or IP. Will be returned normalized but not canonicalized.
84 * - upload: An uploaded file. Will be returned as a WebRequestUpload object.
85 * Cannot be used with PARAM_ISMULTI.
89 /** (integer) Max value allowed for the parameter, for PARAM_TYPE 'integer' and 'limit'. */
93 * (integer) Max value allowed for the parameter for users with the
94 * apihighlimits right, for PARAM_TYPE 'limit'.
98 /** (integer) Lowest value allowed for the parameter, for PARAM_TYPE 'integer' and 'limit'. */
101 /** (boolean) Allow the same value to be set more than once when PARAM_ISMULTI is true? */
102 const PARAM_ALLOW_DUPLICATES
= 6;
104 /** (boolean) Is the parameter deprecated (will show a warning)? */
105 const PARAM_DEPRECATED
= 7;
108 * (boolean) Is the parameter required?
111 const PARAM_REQUIRED
= 8;
114 * (boolean) For PARAM_TYPE 'integer', enforce PARAM_MIN and PARAM_MAX?
117 const PARAM_RANGE_ENFORCE
= 9;
120 * (string|array|Message) Specify an alternative i18n documentation message
121 * for this parameter. Default is apihelp-{$path}-param-{$param}.
124 const PARAM_HELP_MSG
= 10;
127 * ((string|array|Message)[]) Specify additional i18n messages to append to
128 * the normal message for this parameter.
131 const PARAM_HELP_MSG_APPEND
= 11;
134 * (array) Specify additional information tags for the parameter. Value is
135 * an array of arrays, with the first member being the 'tag' for the info
136 * and the remaining members being the values. In the help, this is
137 * formatted using apihelp-{$path}-paraminfo-{$tag}, which is passed
138 * $1 = count, $2 = comma-joined list of values, $3 = module prefix.
141 const PARAM_HELP_MSG_INFO
= 12;
144 * (string[]) When PARAM_TYPE is an array, this may be an array mapping
145 * those values to page titles which will be linked in the help.
148 const PARAM_VALUE_LINKS
= 13;
151 * ((string|array|Message)[]) When PARAM_TYPE is an array, this is an array
152 * mapping those values to $msg for ApiBase::makeMessage(). Any value not
153 * having a mapping will use apihelp-{$path}-paramvalue-{$param}-{$value}.
154 * Specify an empty array to use the default message key for all values.
157 const PARAM_HELP_MSG_PER_VALUE
= 14;
160 * (string[]) When PARAM_TYPE is 'submodule', map parameter values to
161 * submodule paths. Default is to use all modules in
162 * $this->getModuleManager() in the group matching the parameter name.
165 const PARAM_SUBMODULE_MAP
= 15;
168 * (string) When PARAM_TYPE is 'submodule', used to indicate the 'g' prefix
169 * added by ApiQueryGeneratorBase (and similar if anything else ever does that).
172 const PARAM_SUBMODULE_PARAM_PREFIX
= 16;
175 * (boolean|string) When PARAM_TYPE has a defined set of values and PARAM_ISMULTI is true,
176 * this allows for an asterisk ('*') to be passed in place of a pipe-separated list of
177 * every possible value. If a string is set, it will be used in place of the asterisk.
180 const PARAM_ALL
= 17;
183 * (int[]) When PARAM_TYPE is 'namespace', include these as additional possible values.
186 const PARAM_EXTRA_NAMESPACES
= 18;
189 * (boolean) Is the parameter sensitive? Note 'password'-type fields are
190 * always sensitive regardless of the value of this field.
193 const PARAM_SENSITIVE
= 19;
196 * (array) When PARAM_TYPE is an array, this indicates which of the values are deprecated.
197 * Keys are the deprecated parameter values, values define the warning
198 * message to emit: either boolean true (to use a default message) or a
199 * $msg for ApiBase::makeMessage().
202 const PARAM_DEPRECATED_VALUES
= 20;
205 * (integer) Maximum number of values, for normal users. Must be used with PARAM_ISMULTI.
208 const PARAM_ISMULTI_LIMIT1
= 21;
211 * (integer) Maximum number of values, for users with the apihighimits right.
212 * Must be used with PARAM_ISMULTI.
215 const PARAM_ISMULTI_LIMIT2
= 22;
218 * (integer) Maximum length of a string in bytes (in UTF-8 encoding).
221 const PARAM_MAX_BYTES
= 23;
224 * (integer) Maximum length of a string in characters (unicode codepoints).
227 const PARAM_MAX_CHARS
= 24;
230 * (array) Indicate that this is a templated parameter, and specify replacements. Keys are the
231 * placeholders in the parameter name and values are the names of (unprefixed) parameters from
232 * which the replacement values are taken.
234 * For example, a parameter "foo-{ns}-{title}" could be defined with
235 * PARAM_TEMPLATE_VARS => [ 'ns' => 'namespaces', 'title' => 'titles' ]. Then a query for
236 * namespaces=0|1&titles=X|Y would support parameters foo-0-X, foo-0-Y, foo-1-X, and foo-1-Y.
238 * All placeholders must be present in the parameter's name. Each target parameter must have
239 * PARAM_ISMULTI true. If a target is itself a templated parameter, its PARAM_TEMPLATE_VARS must
240 * be a subset of the referring parameter's, mapping the same placeholders to the same targets.
241 * A parameter cannot target itself.
245 const PARAM_TEMPLATE_VARS
= 25;
249 const ALL_DEFAULT_STRING
= '*';
251 /** Fast query, standard limit. */
252 const LIMIT_BIG1
= 500;
253 /** Fast query, apihighlimits limit. */
254 const LIMIT_BIG2
= 5000;
255 /** Slow query, standard limit. */
256 const LIMIT_SML1
= 50;
257 /** Slow query, apihighlimits limit. */
258 const LIMIT_SML2
= 500;
261 * getAllowedParams() flag: When set, the result could take longer to generate,
262 * but should be more thorough. E.g. get the list of generators for ApiSandBox extension
265 const GET_VALUES_FOR_HELP
= 1;
267 /** @var array Maps extension paths to info arrays */
268 private static $extensionInfo = null;
271 private $mMainModule;
273 private $mModuleName, $mModulePrefix;
274 private $mSlaveDB = null;
275 private $mParamCache = [];
276 /** @var array|null|bool */
277 private $mModuleSource = false;
280 * @param ApiMain $mainModule
281 * @param string $moduleName Name of this module
282 * @param string $modulePrefix Prefix to use for parameter names
284 public function __construct( ApiMain
$mainModule, $moduleName, $modulePrefix = '' ) {
285 $this->mMainModule
= $mainModule;
286 $this->mModuleName
= $moduleName;
287 $this->mModulePrefix
= $modulePrefix;
289 if ( !$this->isMain() ) {
290 $this->setContext( $mainModule->getContext() );
294 /************************************************************************//**
295 * @name Methods to implement
300 * Evaluates the parameters, performs the requested query, and sets up
301 * the result. Concrete implementations of ApiBase must override this
302 * method to provide whatever functionality their module offers.
303 * Implementations must not produce any output on their own and are not
304 * expected to handle any errors.
306 * The execute() method will be invoked directly by ApiMain immediately
307 * before the result of the module is output. Aside from the
308 * constructor, implementations should assume that no other methods
309 * will be called externally on the module before the result is
312 * The result data should be stored in the ApiResult object available
313 * through getResult().
315 abstract public function execute();
318 * Get the module manager, or null if this module has no sub-modules
320 * @return ApiModuleManager
322 public function getModuleManager() {
327 * If the module may only be used with a certain format module,
328 * it should override this method to return an instance of that formatter.
329 * A value of null means the default format will be used.
330 * @note Do not use this just because you don't want to support non-json
331 * formats. This should be used only when there is a fundamental
332 * requirement for a specific format.
333 * @return mixed Instance of a derived class of ApiFormatBase, or null
335 public function getCustomPrinter() {
340 * Returns usage examples for this module.
342 * Return value has query strings as keys, with values being either strings
343 * (message key), arrays (message key + parameter), or Message objects.
345 * Do not call this base class implementation when overriding this method.
350 protected function getExamplesMessages() {
351 // Fall back to old non-localised method
354 $examples = $this->getExamples();
356 if ( !is_array( $examples ) ) {
357 $examples = [ $examples ];
358 } elseif ( $examples && ( count( $examples ) & 1 ) == 0 &&
359 array_keys( $examples ) === range( 0, count( $examples ) - 1 ) &&
360 !preg_match( '/^\s*api\.php\?/', $examples[0] )
362 // Fix up the ugly "even numbered elements are description, odd
363 // numbered elemts are the link" format (see doc for self::getExamples)
365 $examplesCount = count( $examples );
366 for ( $i = 0; $i < $examplesCount; $i +
= 2 ) {
367 $tmp[$examples[$i +
1]] = $examples[$i];
372 foreach ( $examples as $k => $v ) {
373 if ( is_numeric( $k ) ) {
378 $msg = self
::escapeWikiText( $v );
379 if ( is_array( $msg ) ) {
380 $msg = implode( ' ', $msg );
384 $qs = preg_replace( '/^\s*api\.php\?/', '', $qs );
385 $ret[$qs] = $this->msg( 'api-help-fallback-example', [ $msg ] );
393 * Return links to more detailed help pages about the module.
394 * @since 1.25, returning boolean false is deprecated
395 * @return string|array
397 public function getHelpUrls() {
402 * Returns an array of allowed parameters (parameter name) => (default
403 * value) or (parameter name) => (array with PARAM_* constants as keys)
404 * Don't call this function directly: use getFinalParams() to allow
405 * hooks to modify parameters as needed.
407 * Some derived classes may choose to handle an integer $flags parameter
408 * in the overriding methods. Callers of this method can pass zero or
409 * more OR-ed flags like GET_VALUES_FOR_HELP.
413 protected function getAllowedParams( /* $flags = 0 */ ) {
414 // int $flags is not declared because it causes "Strict standards"
415 // warning. Most derived classes do not implement it.
420 * Indicates if this module needs maxlag to be checked
423 public function shouldCheckMaxlag() {
428 * Indicates whether this module requires read rights
431 public function isReadMode() {
436 * Indicates whether this module requires write mode
438 * This should return true for modules that may require synchronous database writes.
439 * Modules that do not need such writes should also not rely on master database access,
440 * since only read queries are needed and each master DB is a single point of failure.
441 * Additionally, requests that only need replica DBs can be efficiently routed to any
442 * datacenter via the Promise-Non-Write-API-Action header.
446 public function isWriteMode() {
451 * Indicates whether this module must be called with a POST request
454 public function mustBePosted() {
455 return $this->needsToken() !== false;
459 * Indicates whether this module is deprecated
463 public function isDeprecated() {
468 * Indicates whether this module is "internal"
469 * Internal API modules are not (yet) intended for 3rd party use and may be unstable.
473 public function isInternal() {
478 * Returns the token type this module requires in order to execute.
480 * Modules are strongly encouraged to use the core 'csrf' type unless they
481 * have specialized security needs. If the token type is not one of the
482 * core types, you must use the ApiQueryTokensRegisterTypes hook to
485 * Returning a non-falsey value here will force the addition of an
486 * appropriate 'token' parameter in self::getFinalParams(). Also,
487 * self::mustBePosted() must return true when tokens are used.
489 * In previous versions of MediaWiki, true was a valid return value.
490 * Returning true will generate errors indicating that the API module needs
493 * @return string|false
495 public function needsToken() {
500 * Fetch the salt used in the Web UI corresponding to this module.
502 * Only override this if the Web UI uses a token with a non-constant salt.
505 * @param array $params All supplied parameters for the module
506 * @return string|array|null
508 protected function getWebUITokenSalt( array $params ) {
513 * Returns data for HTTP conditional request mechanisms.
516 * @param string $condition Condition being queried:
517 * - last-modified: Return a timestamp representing the maximum of the
518 * last-modified dates for all resources involved in the request. See
519 * RFC 7232 § 2.2 for semantics.
520 * - etag: Return an entity-tag representing the state of all resources involved
521 * in the request. Quotes must be included. See RFC 7232 § 2.3 for semantics.
522 * @return string|bool|null As described above, or null if no value is available.
524 public function getConditionalRequestData( $condition ) {
530 /************************************************************************//**
531 * @name Data access methods
536 * Get the name of the module being executed by this instance
539 public function getModuleName() {
540 return $this->mModuleName
;
544 * Get parameter prefix (usually two letters or an empty string).
547 public function getModulePrefix() {
548 return $this->mModulePrefix
;
552 * Get the main module
555 public function getMain() {
556 return $this->mMainModule
;
560 * Returns true if this module is the main module ($this === $this->mMainModule),
564 public function isMain() {
565 return $this === $this->mMainModule
;
569 * Get the parent of this module
571 * @return ApiBase|null
573 public function getParent() {
574 return $this->isMain() ?
null : $this->getMain();
578 * Returns true if the current request breaks the same-origin policy.
580 * For example, json with callbacks.
582 * https://en.wikipedia.org/wiki/Same-origin_policy
587 public function lacksSameOriginSecurity() {
588 // Main module has this method overridden
589 // Safety - avoid infinite loop:
590 if ( $this->isMain() ) {
591 self
::dieDebug( __METHOD__
, 'base method was called on main module.' );
594 return $this->getMain()->lacksSameOriginSecurity();
598 * Get the path to this module
603 public function getModulePath() {
604 if ( $this->isMain() ) {
606 } elseif ( $this->getParent()->isMain() ) {
607 return $this->getModuleName();
609 return $this->getParent()->getModulePath() . '+' . $this->getModuleName();
614 * Get a module from its module path
617 * @param string $path
618 * @return ApiBase|null
619 * @throws ApiUsageException
621 public function getModuleFromPath( $path ) {
622 $module = $this->getMain();
623 if ( $path === 'main' ) {
627 $parts = explode( '+', $path );
628 if ( count( $parts ) === 1 ) {
629 // In case the '+' was typed into URL, it resolves as a space
630 $parts = explode( ' ', $path );
633 $count = count( $parts );
634 for ( $i = 0; $i < $count; $i++
) {
636 $manager = $parent->getModuleManager();
637 if ( $manager === null ) {
638 $errorPath = implode( '+', array_slice( $parts, 0, $i ) );
639 $this->dieWithError( [ 'apierror-badmodule-nosubmodules', $errorPath ], 'badmodule' );
641 $module = $manager->getModule( $parts[$i] );
643 if ( $module === null ) {
644 $errorPath = $i ?
implode( '+', array_slice( $parts, 0, $i ) ) : $parent->getModuleName();
646 [ 'apierror-badmodule-badsubmodule', $errorPath, wfEscapeWikiText( $parts[$i] ) ],
656 * Get the result object
659 public function getResult() {
660 // Main module has getResult() method overridden
661 // Safety - avoid infinite loop:
662 if ( $this->isMain() ) {
663 self
::dieDebug( __METHOD__
, 'base method was called on main module. ' );
666 return $this->getMain()->getResult();
670 * Get the error formatter
671 * @return ApiErrorFormatter
673 public function getErrorFormatter() {
674 // Main module has getErrorFormatter() method overridden
675 // Safety - avoid infinite loop:
676 if ( $this->isMain() ) {
677 self
::dieDebug( __METHOD__
, 'base method was called on main module. ' );
680 return $this->getMain()->getErrorFormatter();
684 * Gets a default replica DB connection object
687 protected function getDB() {
688 if ( !isset( $this->mSlaveDB
) ) {
689 $this->mSlaveDB
= wfGetDB( DB_REPLICA
, 'api' );
692 return $this->mSlaveDB
;
696 * Get the continuation manager
697 * @return ApiContinuationManager|null
699 public function getContinuationManager() {
700 // Main module has getContinuationManager() method overridden
701 // Safety - avoid infinite loop:
702 if ( $this->isMain() ) {
703 self
::dieDebug( __METHOD__
, 'base method was called on main module. ' );
706 return $this->getMain()->getContinuationManager();
710 * Set the continuation manager
711 * @param ApiContinuationManager|null $manager
713 public function setContinuationManager( ApiContinuationManager
$manager = null ) {
714 // Main module has setContinuationManager() method overridden
715 // Safety - avoid infinite loop:
716 if ( $this->isMain() ) {
717 self
::dieDebug( __METHOD__
, 'base method was called on main module. ' );
720 $this->getMain()->setContinuationManager( $manager );
725 /************************************************************************//**
726 * @name Parameter handling
731 * Indicate if the module supports dynamically-determined parameters that
732 * cannot be included in self::getAllowedParams().
733 * @return string|array|Message|null Return null if the module does not
734 * support additional dynamic parameters, otherwise return a message
737 public function dynamicParameterDocumentation() {
742 * This method mangles parameter name based on the prefix supplied to the constructor.
743 * Override this method to change parameter name during runtime
744 * @param string|string[] $paramName Parameter name
745 * @return string|string[] Prefixed parameter name
746 * @since 1.29 accepts an array of strings
748 public function encodeParamName( $paramName ) {
749 if ( is_array( $paramName ) ) {
750 return array_map( function ( $name ) {
751 return $this->mModulePrefix
. $name;
754 return $this->mModulePrefix
. $paramName;
759 * Using getAllowedParams(), this function makes an array of the values
760 * provided by the user, with key being the name of the variable, and
761 * value - validated value from user or default. limits will not be
762 * parsed if $parseLimit is set to false; use this when the max
763 * limit is not definitive yet, e.g. when getting revisions.
764 * @param bool|array $options If a boolean, uses that as the value for 'parseLimit'
765 * - parseLimit: (bool, default true) Whether to parse the 'max' value for limit types
766 * - safeMode: (bool, default false) If true, avoid throwing for parameter validation errors.
767 * Returned parameter values might be ApiUsageException instances.
770 public function extractRequestParams( $options = [] ) {
771 if ( is_bool( $options ) ) {
772 $options = [ 'parseLimit' => $options ];
775 'parseLimit' => true,
779 $parseLimit = (bool)$options['parseLimit'];
781 // Cache parameters, for performance and to avoid T26564.
782 if ( !isset( $this->mParamCache
[$parseLimit] ) ) {
783 $params = $this->getFinalParams() ?
: [];
787 // Process all non-templates and save templates for secondary
790 foreach ( $params as $paramName => $paramSettings ) {
791 if ( isset( $paramSettings[self
::PARAM_TEMPLATE_VARS
] ) ) {
792 $toProcess[] = [ $paramName, $paramSettings[self
::PARAM_TEMPLATE_VARS
], $paramSettings ];
795 $results[$paramName] = $this->getParameterFromSettings(
796 $paramName, $paramSettings, $parseLimit
798 } catch ( ApiUsageException
$ex ) {
799 $results[$paramName] = $ex;
804 // Now process all the templates by successively replacing the
805 // placeholders with all client-supplied values.
806 // This bit duplicates JavaScript logic in
807 // ApiSandbox.PageLayout.prototype.updateTemplatedParams().
808 // If you update this, see if that needs updating too.
809 while ( $toProcess ) {
810 list( $name, $targets, $settings ) = array_shift( $toProcess );
812 foreach ( $targets as $placeholder => $target ) {
813 if ( !array_key_exists( $target, $results ) ) {
814 // The target wasn't processed yet, try the next one.
815 // If all hit this case, the parameter has no expansions.
818 if ( !is_array( $results[$target] ) ||
!$results[$target] ) {
819 // The target was processed but has no (valid) values.
820 // That means it has no expansions.
824 // Expand this target in the name and all other targets,
825 // then requeue if there are more targets left or put in
826 // $results if all are done.
827 unset( $targets[$placeholder] );
828 $placeholder = '{' . $placeholder . '}';
829 foreach ( $results[$target] as $value ) {
830 if ( !preg_match( '/^[^{}]*$/', $value ) ) {
831 // Skip values that make invalid parameter names.
832 $encTargetName = $this->encodeParamName( $target );
833 if ( !isset( $warned[$encTargetName][$value] ) ) {
834 $warned[$encTargetName][$value] = true;
836 'apiwarn-ignoring-invalid-templated-value',
837 wfEscapeWikiText( $encTargetName ),
838 wfEscapeWikiText( $value ),
844 $newName = str_replace( $placeholder, $value, $name );
847 $results[$newName] = $this->getParameterFromSettings( $newName, $settings, $parseLimit );
848 } catch ( ApiUsageException
$ex ) {
849 $results[$newName] = $ex;
853 foreach ( $targets as $k => $v ) {
854 $newTargets[$k] = str_replace( $placeholder, $value, $v );
856 $toProcess[] = [ $newName, $newTargets, $settings ];
863 $this->mParamCache
[$parseLimit] = $results;
866 $ret = $this->mParamCache
[$parseLimit];
867 if ( !$options['safeMode'] ) {
868 foreach ( $ret as $v ) {
869 if ( $v instanceof ApiUsageException
) {
875 return $this->mParamCache
[$parseLimit];
879 * Get a value for the given parameter
880 * @param string $paramName Parameter name
881 * @param bool $parseLimit See extractRequestParams()
882 * @return mixed Parameter value
884 protected function getParameter( $paramName, $parseLimit = true ) {
885 $ret = $this->extractRequestParams( [
886 'parseLimit' => $parseLimit,
889 if ( $ret instanceof ApiUsageException
) {
896 * Die if none or more than one of a certain set of parameters is set and not false.
898 * @param array $params User provided set of parameters, as from $this->extractRequestParams()
899 * @param string $required,... Names of parameters of which exactly one must be set
901 public function requireOnlyOneParameter( $params, $required /*...*/ ) {
902 $required = func_get_args();
903 array_shift( $required );
905 $intersection = array_intersect( array_keys( array_filter( $params,
906 [ $this, 'parameterNotEmpty' ] ) ), $required );
908 if ( count( $intersection ) > 1 ) {
909 $this->dieWithError( [
910 'apierror-invalidparammix',
911 Message
::listParam( array_map(
913 return '<var>' . $this->encodeParamName( $p ) . '</var>';
915 array_values( $intersection )
917 count( $intersection ),
919 } elseif ( count( $intersection ) == 0 ) {
920 $this->dieWithError( [
921 'apierror-missingparam-one-of',
922 Message
::listParam( array_map(
924 return '<var>' . $this->encodeParamName( $p ) . '</var>';
926 array_values( $required )
934 * Die if more than one of a certain set of parameters is set and not false.
936 * @param array $params User provided set of parameters, as from $this->extractRequestParams()
937 * @param string $required,... Names of parameters of which at most one must be set
939 public function requireMaxOneParameter( $params, $required /*...*/ ) {
940 $required = func_get_args();
941 array_shift( $required );
943 $intersection = array_intersect( array_keys( array_filter( $params,
944 [ $this, 'parameterNotEmpty' ] ) ), $required );
946 if ( count( $intersection ) > 1 ) {
947 $this->dieWithError( [
948 'apierror-invalidparammix',
949 Message
::listParam( array_map(
951 return '<var>' . $this->encodeParamName( $p ) . '</var>';
953 array_values( $intersection )
955 count( $intersection ),
961 * Die if none of a certain set of parameters is set and not false.
964 * @param array $params User provided set of parameters, as from $this->extractRequestParams()
965 * @param string $required,... Names of parameters of which at least one must be set
967 public function requireAtLeastOneParameter( $params, $required /*...*/ ) {
968 $required = func_get_args();
969 array_shift( $required );
971 $intersection = array_intersect(
972 array_keys( array_filter( $params, [ $this, 'parameterNotEmpty' ] ) ),
976 if ( count( $intersection ) == 0 ) {
977 $this->dieWithError( [
978 'apierror-missingparam-at-least-one-of',
979 Message
::listParam( array_map(
981 return '<var>' . $this->encodeParamName( $p ) . '</var>';
983 array_values( $required )
991 * Die if any of the specified parameters were found in the query part of
992 * the URL rather than the post body.
994 * @param string[] $params Parameters to check
995 * @param string $prefix Set to 'noprefix' to skip calling $this->encodeParamName()
997 public function requirePostedParameters( $params, $prefix = 'prefix' ) {
998 // Skip if $wgDebugAPI is set or we're in internal mode
999 if ( $this->getConfig()->get( 'DebugAPI' ) ||
$this->getMain()->isInternalMode() ) {
1003 $queryValues = $this->getRequest()->getQueryValues();
1005 foreach ( $params as $param ) {
1006 if ( $prefix !== 'noprefix' ) {
1007 $param = $this->encodeParamName( $param );
1009 if ( array_key_exists( $param, $queryValues ) ) {
1010 $badParams[] = $param;
1015 $this->dieWithError(
1016 [ 'apierror-mustpostparams', implode( ', ', $badParams ), count( $badParams ) ]
1022 * Callback function used in requireOnlyOneParameter to check whether required parameters are set
1024 * @param object $x Parameter to check is not null/false
1027 private function parameterNotEmpty( $x ) {
1028 return !is_null( $x ) && $x !== false;
1032 * Get a WikiPage object from a title or pageid param, if possible.
1033 * Can die, if no param is set or if the title or page id is not valid.
1035 * @param array $params User provided set of parameters, as from $this->extractRequestParams()
1036 * @param bool|string $load Whether load the object's state from the database:
1037 * - false: don't load (if the pageid is given, it will still be loaded)
1038 * - 'fromdb': load from a replica DB
1039 * - 'fromdbmaster': load from the master database
1042 public function getTitleOrPageId( $params, $load = false ) {
1043 $this->requireOnlyOneParameter( $params, 'title', 'pageid' );
1046 if ( isset( $params['title'] ) ) {
1047 $titleObj = Title
::newFromText( $params['title'] );
1048 if ( !$titleObj ||
$titleObj->isExternal() ) {
1049 $this->dieWithError( [ 'apierror-invalidtitle', wfEscapeWikiText( $params['title'] ) ] );
1051 if ( !$titleObj->canExist() ) {
1052 $this->dieWithError( 'apierror-pagecannotexist' );
1054 $pageObj = WikiPage
::factory( $titleObj );
1055 if ( $load !== false ) {
1056 $pageObj->loadPageData( $load );
1058 } elseif ( isset( $params['pageid'] ) ) {
1059 if ( $load === false ) {
1062 $pageObj = WikiPage
::newFromID( $params['pageid'], $load );
1064 $this->dieWithError( [ 'apierror-nosuchpageid', $params['pageid'] ] );
1072 * Get a Title object from a title or pageid param, if possible.
1073 * Can die, if no param is set or if the title or page id is not valid.
1076 * @param array $params User provided set of parameters, as from $this->extractRequestParams()
1079 public function getTitleFromTitleOrPageId( $params ) {
1080 $this->requireOnlyOneParameter( $params, 'title', 'pageid' );
1083 if ( isset( $params['title'] ) ) {
1084 $titleObj = Title
::newFromText( $params['title'] );
1085 if ( !$titleObj ||
$titleObj->isExternal() ) {
1086 $this->dieWithError( [ 'apierror-invalidtitle', wfEscapeWikiText( $params['title'] ) ] );
1089 } elseif ( isset( $params['pageid'] ) ) {
1090 $titleObj = Title
::newFromID( $params['pageid'] );
1092 $this->dieWithError( [ 'apierror-nosuchpageid', $params['pageid'] ] );
1100 * Return true if we're to watch the page, false if not, null if no change.
1101 * @param string $watchlist Valid values: 'watch', 'unwatch', 'preferences', 'nochange'
1102 * @param Title $titleObj The page under consideration
1103 * @param string $userOption The user option to consider when $watchlist=preferences.
1104 * If not set will use watchdefault always and watchcreations if $titleObj doesn't exist.
1107 protected function getWatchlistValue( $watchlist, $titleObj, $userOption = null ) {
1108 $userWatching = $this->getUser()->isWatched( $titleObj, User
::IGNORE_USER_RIGHTS
);
1110 switch ( $watchlist ) {
1118 # If the user is already watching, don't bother checking
1119 if ( $userWatching ) {
1122 # If no user option was passed, use watchdefault and watchcreations
1123 if ( is_null( $userOption ) ) {
1124 return $this->getUser()->getBoolOption( 'watchdefault' ) ||
1125 $this->getUser()->getBoolOption( 'watchcreations' ) && !$titleObj->exists();
1128 # Watch the article based on the user preference
1129 return $this->getUser()->getBoolOption( $userOption );
1132 return $userWatching;
1135 return $userWatching;
1140 * Using the settings determine the value for the given parameter
1142 * @param string $paramName Parameter name
1143 * @param array|mixed $paramSettings Default value or an array of settings
1144 * using PARAM_* constants.
1145 * @param bool $parseLimit Whether to parse and validate 'limit' parameters
1146 * @return mixed Parameter value
1148 protected function getParameterFromSettings( $paramName, $paramSettings, $parseLimit ) {
1149 // Some classes may decide to change parameter names
1150 $encParamName = $this->encodeParamName( $paramName );
1153 if ( !is_array( $paramSettings ) ) {
1155 self
::PARAM_DFLT
=> $paramSettings,
1159 $default = $paramSettings[self
::PARAM_DFLT
] ??
null;
1160 $multi = $paramSettings[self
::PARAM_ISMULTI
] ??
false;
1161 $multiLimit1 = $paramSettings[self
::PARAM_ISMULTI_LIMIT1
] ??
null;
1162 $multiLimit2 = $paramSettings[self
::PARAM_ISMULTI_LIMIT2
] ??
null;
1163 $type = $paramSettings[self
::PARAM_TYPE
] ??
null;
1164 $dupes = $paramSettings[self
::PARAM_ALLOW_DUPLICATES
] ??
false;
1165 $deprecated = $paramSettings[self
::PARAM_DEPRECATED
] ??
false;
1166 $deprecatedValues = $paramSettings[self
::PARAM_DEPRECATED_VALUES
] ??
[];
1167 $required = $paramSettings[self
::PARAM_REQUIRED
] ??
false;
1168 $allowAll = $paramSettings[self
::PARAM_ALL
] ??
false;
1170 // When type is not given, and no choices, the type is the same as $default
1171 if ( !isset( $type ) ) {
1172 if ( isset( $default ) ) {
1173 $type = gettype( $default );
1175 $type = 'NULL'; // allow everything
1179 if ( $type == 'password' ||
!empty( $paramSettings[self
::PARAM_SENSITIVE
] ) ) {
1180 $this->getMain()->markParamsSensitive( $encParamName );
1183 if ( $type == 'boolean' ) {
1184 if ( isset( $default ) && $default !== false ) {
1185 // Having a default value of anything other than 'false' is not allowed
1188 "Boolean param $encParamName's default is set to '$default'. " .
1189 'Boolean parameters must default to false.'
1193 $value = $this->getMain()->getCheck( $encParamName );
1194 } elseif ( $type == 'upload' ) {
1195 if ( isset( $default ) ) {
1196 // Having a default value is not allowed
1199 "File upload param $encParamName's default is set to " .
1200 "'$default'. File upload parameters may not have a default." );
1203 self
::dieDebug( __METHOD__
, "Multi-values not supported for $encParamName" );
1205 $value = $this->getMain()->getUpload( $encParamName );
1206 if ( !$value->exists() ) {
1207 // This will get the value without trying to normalize it
1208 // (because trying to normalize a large binary file
1209 // accidentally uploaded as a field fails spectacularly)
1210 $value = $this->getMain()->getRequest()->unsetVal( $encParamName );
1211 if ( $value !== null ) {
1212 $this->dieWithError(
1213 [ 'apierror-badupload', $encParamName ],
1214 "badupload_{$encParamName}"
1219 $value = $this->getMain()->getVal( $encParamName, $default );
1221 if ( isset( $value ) && $type == 'namespace' ) {
1222 $type = MWNamespace
::getValidNamespaces();
1223 if ( isset( $paramSettings[self
::PARAM_EXTRA_NAMESPACES
] ) &&
1224 is_array( $paramSettings[self
::PARAM_EXTRA_NAMESPACES
] )
1226 $type = array_merge( $type, $paramSettings[self
::PARAM_EXTRA_NAMESPACES
] );
1228 // Namespace parameters allow ALL_DEFAULT_STRING to be used to
1229 // specify all namespaces irrespective of PARAM_ALL.
1232 if ( isset( $value ) && $type == 'submodule' ) {
1233 if ( isset( $paramSettings[self
::PARAM_SUBMODULE_MAP
] ) ) {
1234 $type = array_keys( $paramSettings[self
::PARAM_SUBMODULE_MAP
] );
1236 $type = $this->getModuleManager()->getNames( $paramName );
1240 $request = $this->getMain()->getRequest();
1241 $rawValue = $request->getRawVal( $encParamName );
1242 if ( $rawValue === null ) {
1243 $rawValue = $default;
1246 // Preserve U+001F for self::parseMultiValue(), or error out if that won't be called
1247 if ( isset( $value ) && substr( $rawValue, 0, 1 ) === "\x1f" ) {
1249 // This loses the potential $wgContLang->checkTitleEncoding() transformation
1250 // done by WebRequest for $_GET. Let's call that a feature.
1251 $value = implode( "\x1f", $request->normalizeUnicode( explode( "\x1f", $rawValue ) ) );
1253 $this->dieWithError( 'apierror-badvalue-notmultivalue', 'badvalue_notmultivalue' );
1257 // Check for NFC normalization, and warn
1258 if ( $rawValue !== $value ) {
1259 $this->handleParamNormalization( $paramName, $value, $rawValue );
1263 $allSpecifier = ( is_string( $allowAll ) ?
$allowAll : self
::ALL_DEFAULT_STRING
);
1264 if ( $allowAll && $multi && is_array( $type ) && in_array( $allSpecifier, $type, true ) ) {
1267 "For param $encParamName, PARAM_ALL collides with a possible value" );
1269 if ( isset( $value ) && ( $multi ||
is_array( $type ) ) ) {
1270 $value = $this->parseMultiValue(
1274 is_array( $type ) ?
$type : null,
1275 $allowAll ?
$allSpecifier : null,
1281 if ( isset( $value ) ) {
1282 // More validation only when choices were not given
1283 // choices were validated in parseMultiValue()
1284 if ( !is_array( $type ) ) {
1286 case 'NULL': // nothing to do
1291 if ( $required && $value === '' ) {
1292 $this->dieWithError( [ 'apierror-missingparam', $paramName ] );
1295 case 'integer': // Force everything using intval() and optionally validate limits
1296 $min = $paramSettings[self
::PARAM_MIN
] ??
null;
1297 $max = $paramSettings[self
::PARAM_MAX
] ??
null;
1298 $enforceLimits = $paramSettings[self
::PARAM_RANGE_ENFORCE
] ??
false;
1300 if ( is_array( $value ) ) {
1301 $value = array_map( 'intval', $value );
1302 if ( !is_null( $min ) ||
!is_null( $max ) ) {
1303 foreach ( $value as &$v ) {
1304 $this->validateLimit( $paramName, $v, $min, $max, null, $enforceLimits );
1308 $value = intval( $value );
1309 if ( !is_null( $min ) ||
!is_null( $max ) ) {
1310 $this->validateLimit( $paramName, $value, $min, $max, null, $enforceLimits );
1315 if ( !$parseLimit ) {
1316 // Don't do any validation whatsoever
1319 if ( !isset( $paramSettings[self
::PARAM_MAX
] )
1320 ||
!isset( $paramSettings[self
::PARAM_MAX2
] )
1324 "MAX1 or MAX2 are not defined for the limit $encParamName"
1328 self
::dieDebug( __METHOD__
, "Multi-values not supported for $encParamName" );
1330 $min = $paramSettings[self
::PARAM_MIN
] ??
0;
1331 if ( $value == 'max' ) {
1332 $value = $this->getMain()->canApiHighLimits()
1333 ?
$paramSettings[self
::PARAM_MAX2
]
1334 : $paramSettings[self
::PARAM_MAX
];
1335 $this->getResult()->addParsedLimit( $this->getModuleName(), $value );
1337 $value = intval( $value );
1338 $this->validateLimit(
1342 $paramSettings[self
::PARAM_MAX
],
1343 $paramSettings[self
::PARAM_MAX2
]
1349 self
::dieDebug( __METHOD__
, "Multi-values not supported for $encParamName" );
1353 if ( is_array( $value ) ) {
1354 foreach ( $value as $key => $val ) {
1355 $value[$key] = $this->validateTimestamp( $val, $encParamName );
1358 $value = $this->validateTimestamp( $value, $encParamName );
1362 if ( is_array( $value ) ) {
1363 foreach ( $value as $key => $val ) {
1364 $value[$key] = $this->validateUser( $val, $encParamName );
1367 $value = $this->validateUser( $value, $encParamName );
1370 case 'upload': // nothing to do
1373 // If change tagging was requested, check that the tags are valid.
1374 if ( !is_array( $value ) && !$multi ) {
1375 $value = [ $value ];
1377 $tagsStatus = ChangeTags
::canAddTagsAccompanyingChange( $value );
1378 if ( !$tagsStatus->isGood() ) {
1379 $this->dieStatus( $tagsStatus );
1383 self
::dieDebug( __METHOD__
, "Param $encParamName's type is unknown - $type" );
1387 // Throw out duplicates if requested
1388 if ( !$dupes && is_array( $value ) ) {
1389 $value = array_unique( $value );
1392 if ( in_array( $type, [ 'NULL', 'string', 'text', 'password' ], true ) ) {
1393 foreach ( (array)$value as $val ) {
1394 if ( isset( $paramSettings[self
::PARAM_MAX_BYTES
] )
1395 && strlen( $val ) > $paramSettings[self
::PARAM_MAX_BYTES
]
1397 $this->dieWithError( [ 'apierror-maxbytes', $encParamName,
1398 $paramSettings[self
::PARAM_MAX_BYTES
] ] );
1400 if ( isset( $paramSettings[self
::PARAM_MAX_CHARS
] )
1401 && mb_strlen( $val, 'UTF-8' ) > $paramSettings[self
::PARAM_MAX_CHARS
]
1403 $this->dieWithError( [ 'apierror-maxchars', $encParamName,
1404 $paramSettings[self
::PARAM_MAX_CHARS
] ] );
1409 // Set a warning if a deprecated parameter has been passed
1410 if ( $deprecated && $value !== false ) {
1411 $feature = $encParamName;
1413 while ( !$m->isMain() ) {
1414 $p = $m->getParent();
1415 $name = $m->getModuleName();
1416 $param = $p->encodeParamName( $p->getModuleManager()->getModuleGroup( $name ) );
1417 $feature = "{$param}={$name}&{$feature}";
1420 $this->addDeprecation( [ 'apiwarn-deprecation-parameter', $encParamName ], $feature );
1423 // Set a warning if a deprecated parameter value has been passed
1424 $usedDeprecatedValues = $deprecatedValues && $value !== false
1425 ?
array_intersect( array_keys( $deprecatedValues ), (array)$value )
1427 if ( $usedDeprecatedValues ) {
1428 $feature = "$encParamName=";
1430 while ( !$m->isMain() ) {
1431 $p = $m->getParent();
1432 $name = $m->getModuleName();
1433 $param = $p->encodeParamName( $p->getModuleManager()->getModuleGroup( $name ) );
1434 $feature = "{$param}={$name}&{$feature}";
1437 foreach ( $usedDeprecatedValues as $v ) {
1438 $msg = $deprecatedValues[$v];
1439 if ( $msg === true ) {
1440 $msg = [ 'apiwarn-deprecation-parameter', "$encParamName=$v" ];
1442 $this->addDeprecation( $msg, "$feature$v" );
1445 } elseif ( $required ) {
1446 $this->dieWithError( [ 'apierror-missingparam', $paramName ] );
1453 * Handle when a parameter was Unicode-normalized
1455 * @param string $paramName Unprefixed parameter name
1456 * @param string $value Input that will be used.
1457 * @param string $rawValue Input before normalization.
1459 protected function handleParamNormalization( $paramName, $value, $rawValue ) {
1460 $encParamName = $this->encodeParamName( $paramName );
1461 $this->addWarning( [ 'apiwarn-badutf8', $encParamName ] );
1465 * Split a multi-valued parameter string, like explode()
1467 * @param string $value
1471 protected function explodeMultiValue( $value, $limit ) {
1472 if ( substr( $value, 0, 1 ) === "\x1f" ) {
1474 $value = substr( $value, 1 );
1479 return explode( $sep, $value, $limit );
1483 * Return an array of values that were given in a 'a|b|c' notation,
1484 * after it optionally validates them against the list allowed values.
1486 * @param string $valueName The name of the parameter (for error
1488 * @param mixed $value The value being parsed
1489 * @param bool $allowMultiple Can $value contain more than one value
1491 * @param string[]|null $allowedValues An array of values to check against. If
1492 * null, all values are accepted.
1493 * @param string|null $allSpecifier String to use to specify all allowed values, or null
1494 * if this behavior should not be allowed
1495 * @param int|null $limit1 Maximum number of values, for normal users.
1496 * @param int|null $limit2 Maximum number of values, for users with the apihighlimits right.
1497 * @return string|string[] (allowMultiple ? an_array_of_values : a_single_value)
1499 protected function parseMultiValue( $valueName, $value, $allowMultiple, $allowedValues,
1500 $allSpecifier = null, $limit1 = null, $limit2 = null
1502 if ( ( $value === '' ||
$value === "\x1f" ) && $allowMultiple ) {
1505 $limit1 = $limit1 ?
: self
::LIMIT_SML1
;
1506 $limit2 = $limit2 ?
: self
::LIMIT_SML2
;
1508 // This is a bit awkward, but we want to avoid calling canApiHighLimits()
1509 // because it unstubs $wgUser
1510 $valuesList = $this->explodeMultiValue( $value, $limit2 +
1 );
1511 $sizeLimit = count( $valuesList ) > $limit1 && $this->mMainModule
->canApiHighLimits()
1515 if ( $allowMultiple && is_array( $allowedValues ) && $allSpecifier &&
1516 count( $valuesList ) === 1 && $valuesList[0] === $allSpecifier
1518 return $allowedValues;
1521 if ( count( $valuesList ) > $sizeLimit ) {
1522 $this->dieWithError(
1523 [ 'apierror-toomanyvalues', $valueName, $sizeLimit ],
1524 "too-many-$valueName"
1528 if ( !$allowMultiple && count( $valuesList ) != 1 ) {
1529 // T35482 - Allow entries with | in them for non-multiple values
1530 if ( in_array( $value, $allowedValues, true ) ) {
1534 $values = array_map( function ( $v ) {
1535 return '<kbd>' . wfEscapeWikiText( $v ) . '</kbd>';
1536 }, $allowedValues );
1537 $this->dieWithError( [
1538 'apierror-multival-only-one-of',
1540 Message
::listParam( $values ),
1542 ], "multival_$valueName" );
1545 if ( is_array( $allowedValues ) ) {
1546 // Check for unknown values
1547 $unknown = array_map( 'wfEscapeWikiText', array_diff( $valuesList, $allowedValues ) );
1548 if ( count( $unknown ) ) {
1549 if ( $allowMultiple ) {
1550 $this->addWarning( [
1551 'apiwarn-unrecognizedvalues',
1553 Message
::listParam( $unknown, 'comma' ),
1557 $this->dieWithError(
1558 [ 'apierror-unrecognizedvalue', $valueName, wfEscapeWikiText( $valuesList[0] ) ],
1559 "unknown_$valueName"
1563 // Now throw them out
1564 $valuesList = array_intersect( $valuesList, $allowedValues );
1567 return $allowMultiple ?
$valuesList : $valuesList[0];
1571 * Validate the value against the minimum and user/bot maximum limits.
1572 * Prints usage info on failure.
1573 * @param string $paramName Parameter name
1574 * @param int &$value Parameter value
1575 * @param int|null $min Minimum value
1576 * @param int|null $max Maximum value for users
1577 * @param int $botMax Maximum value for sysops/bots
1578 * @param bool $enforceLimits Whether to enforce (die) if value is outside limits
1580 protected function validateLimit( $paramName, &$value, $min, $max, $botMax = null,
1581 $enforceLimits = false
1583 if ( !is_null( $min ) && $value < $min ) {
1584 $msg = ApiMessage
::create(
1585 [ 'apierror-integeroutofrange-belowminimum',
1586 $this->encodeParamName( $paramName ), $min, $value ],
1587 'integeroutofrange',
1588 [ 'min' => $min, 'max' => $max, 'botMax' => $botMax ?
: $max ]
1590 $this->warnOrDie( $msg, $enforceLimits );
1594 // Minimum is always validated, whereas maximum is checked only if not
1595 // running in internal call mode
1596 if ( $this->getMain()->isInternalMode() ) {
1600 // Optimization: do not check user's bot status unless really needed -- skips db query
1601 // assumes $botMax >= $max
1602 if ( !is_null( $max ) && $value > $max ) {
1603 if ( !is_null( $botMax ) && $this->getMain()->canApiHighLimits() ) {
1604 if ( $value > $botMax ) {
1605 $msg = ApiMessage
::create(
1606 [ 'apierror-integeroutofrange-abovebotmax',
1607 $this->encodeParamName( $paramName ), $botMax, $value ],
1608 'integeroutofrange',
1609 [ 'min' => $min, 'max' => $max, 'botMax' => $botMax ?
: $max ]
1611 $this->warnOrDie( $msg, $enforceLimits );
1615 $msg = ApiMessage
::create(
1616 [ 'apierror-integeroutofrange-abovemax',
1617 $this->encodeParamName( $paramName ), $max, $value ],
1618 'integeroutofrange',
1619 [ 'min' => $min, 'max' => $max, 'botMax' => $botMax ?
: $max ]
1621 $this->warnOrDie( $msg, $enforceLimits );
1628 * Validate and normalize parameters of type 'timestamp'
1629 * @param string $value Parameter value
1630 * @param string $encParamName Parameter name
1631 * @return string Validated and normalized parameter
1633 protected function validateTimestamp( $value, $encParamName ) {
1634 // Confusing synonyms for the current time accepted by wfTimestamp()
1635 // (wfTimestamp() also accepts various non-strings and the string of 14
1636 // ASCII NUL bytes, but those can't get here)
1638 $this->addDeprecation(
1639 [ 'apiwarn-unclearnowtimestamp', $encParamName, wfEscapeWikiText( $value ) ],
1640 'unclear-"now"-timestamp'
1642 return wfTimestamp( TS_MW
);
1645 // Explicit synonym for the current time
1646 if ( $value === 'now' ) {
1647 return wfTimestamp( TS_MW
);
1650 $timestamp = wfTimestamp( TS_MW
, $value );
1651 if ( $timestamp === false ) {
1652 $this->dieWithError(
1653 [ 'apierror-badtimestamp', $encParamName, wfEscapeWikiText( $value ) ],
1654 "badtimestamp_{$encParamName}"
1662 * Validate the supplied token.
1665 * @param string $token Supplied token
1666 * @param array $params All supplied parameters for the module
1668 * @throws MWException
1670 final public function validateToken( $token, array $params ) {
1671 $tokenType = $this->needsToken();
1672 $salts = ApiQueryTokens
::getTokenTypeSalts();
1673 if ( !isset( $salts[$tokenType] ) ) {
1674 throw new MWException(
1675 "Module '{$this->getModuleName()}' tried to use token type '$tokenType' " .
1676 'without registering it'
1680 $tokenObj = ApiQueryTokens
::getToken(
1681 $this->getUser(), $this->getRequest()->getSession(), $salts[$tokenType]
1683 if ( $tokenObj->match( $token ) ) {
1687 $webUiSalt = $this->getWebUITokenSalt( $params );
1688 if ( $webUiSalt !== null && $this->getUser()->matchEditToken(
1700 * Validate and normalize parameters of type 'user'
1701 * @param string $value Parameter value
1702 * @param string $encParamName Parameter name
1703 * @return string Validated and normalized parameter
1705 private function validateUser( $value, $encParamName ) {
1706 if ( ExternalUserNames
::isExternal( $value ) && User
::newFromName( $value, false ) ) {
1710 $name = User
::getCanonicalName( $value, 'valid' );
1711 if ( $name !== false ) {
1716 // We allow ranges as well, for blocks.
1717 IP
::isIPAddress( $value ) ||
1718 // See comment for User::isIP. We don't just call that function
1719 // here because it also returns true for things like
1720 // 300.300.300.300 that are neither valid usernames nor valid IP
1723 '/^' . RE_IP_BYTE
. '\.' . RE_IP_BYTE
. '\.' . RE_IP_BYTE
. '\.xxx$/',
1727 return IP
::sanitizeIP( $value );
1730 $this->dieWithError(
1731 [ 'apierror-baduser', $encParamName, wfEscapeWikiText( $value ) ],
1732 "baduser_{$encParamName}"
1738 /************************************************************************//**
1739 * @name Utility methods
1744 * Set a watch (or unwatch) based the based on a watchlist parameter.
1745 * @param string $watch Valid values: 'watch', 'unwatch', 'preferences', 'nochange'
1746 * @param Title $titleObj The article's title to change
1747 * @param string $userOption The user option to consider when $watch=preferences
1749 protected function setWatch( $watch, $titleObj, $userOption = null ) {
1750 $value = $this->getWatchlistValue( $watch, $titleObj, $userOption );
1751 if ( $value === null ) {
1755 WatchAction
::doWatchOrUnwatch( $value, $titleObj, $this->getUser() );
1759 * Gets the user for whom to get the watchlist
1761 * @param array $params
1764 public function getWatchlistUser( $params ) {
1765 if ( !is_null( $params['owner'] ) && !is_null( $params['token'] ) ) {
1766 $user = User
::newFromName( $params['owner'], false );
1767 if ( !( $user && $user->getId() ) ) {
1768 $this->dieWithError(
1769 [ 'nosuchusershort', wfEscapeWikiText( $params['owner'] ) ], 'bad_wlowner'
1772 $token = $user->getOption( 'watchlisttoken' );
1773 if ( $token == '' ||
!hash_equals( $token, $params['token'] ) ) {
1774 $this->dieWithError( 'apierror-bad-watchlist-token', 'bad_wltoken' );
1777 if ( !$this->getUser()->isLoggedIn() ) {
1778 $this->dieWithError( 'watchlistanontext', 'notloggedin' );
1780 $this->checkUserRightsAny( 'viewmywatchlist' );
1781 $user = $this->getUser();
1788 * A subset of wfEscapeWikiText for BC texts
1791 * @param string|array $v
1792 * @return string|array
1794 private static function escapeWikiText( $v ) {
1795 if ( is_array( $v ) ) {
1796 return array_map( 'self::escapeWikiText', $v );
1799 '__' => '__', '{' => '{', '}' => '}',
1800 '[[Category:' => '[[:Category:',
1801 '[[File:' => '[[:File:', '[[Image:' => '[[:Image:',
1807 * Create a Message from a string or array
1809 * A string is used as a message key. An array has the message key as the
1810 * first value and message parameters as subsequent values.
1813 * @param string|array|Message $msg
1814 * @param IContextSource $context
1815 * @param array $params
1816 * @return Message|null
1818 public static function makeMessage( $msg, IContextSource
$context, array $params = null ) {
1819 if ( is_string( $msg ) ) {
1820 $msg = wfMessage( $msg );
1821 } elseif ( is_array( $msg ) ) {
1822 $msg = wfMessage( ...$msg );
1824 if ( !$msg instanceof Message
) {
1828 $msg->setContext( $context );
1830 $msg->params( $params );
1837 * Turn an array of message keys or key+param arrays into a Status
1839 * @param array $errors
1840 * @param User|null $user
1843 public function errorArrayToStatus( array $errors, User
$user = null ) {
1844 if ( $user === null ) {
1845 $user = $this->getUser();
1848 $status = Status
::newGood();
1849 foreach ( $errors as $error ) {
1850 if ( is_array( $error ) && $error[0] === 'blockedtext' && $user->getBlock() ) {
1851 $status->fatal( ApiMessage
::create(
1854 [ 'blockinfo' => ApiQueryUserInfo
::getBlockInfo( $user->getBlock() ) ]
1856 } elseif ( is_array( $error ) && $error[0] === 'autoblockedtext' && $user->getBlock() ) {
1857 $status->fatal( ApiMessage
::create(
1858 'apierror-autoblocked',
1860 [ 'blockinfo' => ApiQueryUserInfo
::getBlockInfo( $user->getBlock() ) ]
1862 } elseif ( is_array( $error ) && $error[0] === 'systemblockedtext' && $user->getBlock() ) {
1863 $status->fatal( ApiMessage
::create(
1864 'apierror-systemblocked',
1866 [ 'blockinfo' => ApiQueryUserInfo
::getBlockInfo( $user->getBlock() ) ]
1869 $status->fatal( ...(array)$error );
1877 /************************************************************************//**
1878 * @name Warning and error reporting
1883 * Add a warning for this module.
1885 * Users should monitor this section to notice any changes in API. Multiple
1886 * calls to this function will result in multiple warning messages.
1888 * If $msg is not an ApiMessage, the message code will be derived from the
1889 * message key by stripping any "apiwarn-" or "apierror-" prefix.
1892 * @param string|array|Message $msg See ApiErrorFormatter::addWarning()
1893 * @param string|null $code See ApiErrorFormatter::addWarning()
1894 * @param array|null $data See ApiErrorFormatter::addWarning()
1896 public function addWarning( $msg, $code = null, $data = null ) {
1897 $this->getErrorFormatter()->addWarning( $this->getModulePath(), $msg, $code, $data );
1901 * Add a deprecation warning for this module.
1903 * A combination of $this->addWarning() and $this->logFeatureUsage()
1906 * @param string|array|Message $msg See ApiErrorFormatter::addWarning()
1907 * @param string|null $feature See ApiBase::logFeatureUsage()
1908 * @param array|null $data See ApiErrorFormatter::addWarning()
1910 public function addDeprecation( $msg, $feature, $data = [] ) {
1911 $data = (array)$data;
1912 if ( $feature !== null ) {
1913 $data['feature'] = $feature;
1914 $this->logFeatureUsage( $feature );
1916 $this->addWarning( $msg, 'deprecation', $data );
1918 // No real need to deduplicate here, ApiErrorFormatter does that for
1919 // us (assuming the hook is deterministic).
1920 $msgs = [ $this->msg( 'api-usage-mailinglist-ref' ) ];
1921 Hooks
::run( 'ApiDeprecationHelp', [ &$msgs ] );
1922 if ( count( $msgs ) > 1 ) {
1923 $key = '$' . implode( ' $', range( 1, count( $msgs ) ) );
1924 $msg = ( new RawMessage( $key ) )->params( $msgs );
1926 $msg = reset( $msgs );
1928 $this->getMain()->addWarning( $msg, 'deprecation-help' );
1932 * Add an error for this module without aborting
1934 * If $msg is not an ApiMessage, the message code will be derived from the
1935 * message key by stripping any "apiwarn-" or "apierror-" prefix.
1937 * @note If you want to abort processing, use self::dieWithError() instead.
1939 * @param string|array|Message $msg See ApiErrorFormatter::addError()
1940 * @param string|null $code See ApiErrorFormatter::addError()
1941 * @param array|null $data See ApiErrorFormatter::addError()
1943 public function addError( $msg, $code = null, $data = null ) {
1944 $this->getErrorFormatter()->addError( $this->getModulePath(), $msg, $code, $data );
1948 * Add warnings and/or errors from a Status
1950 * @note If you want to abort processing, use self::dieStatus() instead.
1952 * @param StatusValue $status
1953 * @param string[] $types 'warning' and/or 'error'
1955 public function addMessagesFromStatus( StatusValue
$status, $types = [ 'warning', 'error' ] ) {
1956 $this->getErrorFormatter()->addMessagesFromStatus( $this->getModulePath(), $status, $types );
1960 * Abort execution with an error
1962 * If $msg is not an ApiMessage, the message code will be derived from the
1963 * message key by stripping any "apiwarn-" or "apierror-" prefix.
1966 * @param string|array|Message $msg See ApiErrorFormatter::addError()
1967 * @param string|null $code See ApiErrorFormatter::addError()
1968 * @param array|null $data See ApiErrorFormatter::addError()
1969 * @param int|null $httpCode HTTP error code to use
1970 * @throws ApiUsageException always
1972 public function dieWithError( $msg, $code = null, $data = null, $httpCode = null ) {
1973 throw ApiUsageException
::newWithMessage( $this, $msg, $code, $data, $httpCode );
1977 * Abort execution with an error derived from an exception
1980 * @param Exception|Throwable $exception See ApiErrorFormatter::getMessageFromException()
1981 * @param array $options See ApiErrorFormatter::getMessageFromException()
1982 * @throws ApiUsageException always
1984 public function dieWithException( $exception, array $options = [] ) {
1985 $this->dieWithError(
1986 $this->getErrorFormatter()->getMessageFromException( $exception, $options )
1991 * Adds a warning to the output, else dies
1993 * @param ApiMessage $msg Message to show as a warning, or error message if dying
1994 * @param bool $enforceLimits Whether this is an enforce (die)
1996 private function warnOrDie( ApiMessage
$msg, $enforceLimits = false ) {
1997 if ( $enforceLimits ) {
1998 $this->dieWithError( $msg );
2000 $this->addWarning( $msg );
2005 * Throw an ApiUsageException, which will (if uncaught) call the main module's
2006 * error handler and die with an error message including block info.
2009 * @param Block $block The block used to generate the ApiUsageException
2010 * @throws ApiUsageException always
2012 public function dieBlocked( Block
$block ) {
2013 // Die using the appropriate message depending on block type
2014 if ( $block->getType() == Block
::TYPE_AUTO
) {
2015 $this->dieWithError(
2016 'apierror-autoblocked',
2018 [ 'blockinfo' => ApiQueryUserInfo
::getBlockInfo( $block ) ]
2021 $this->dieWithError(
2024 [ 'blockinfo' => ApiQueryUserInfo
::getBlockInfo( $block ) ]
2030 * Throw an ApiUsageException based on the Status object.
2033 * @since 1.29 Accepts a StatusValue
2034 * @param StatusValue $status
2035 * @throws ApiUsageException always
2037 public function dieStatus( StatusValue
$status ) {
2038 if ( $status->isGood() ) {
2039 throw new MWException( 'Successful status passed to ApiBase::dieStatus' );
2042 // ApiUsageException needs a fatal status, but this method has
2043 // historically accepted any non-good status. Convert it if necessary.
2044 $status->setOK( false );
2045 if ( !$status->getErrorsByType( 'error' ) ) {
2046 $newStatus = Status
::newGood();
2047 foreach ( $status->getErrorsByType( 'warning' ) as $err ) {
2048 $newStatus->fatal( $err['message'], ...$err['params'] );
2050 if ( !$newStatus->getErrorsByType( 'error' ) ) {
2051 $newStatus->fatal( 'unknownerror-nocode' );
2053 $status = $newStatus;
2056 throw new ApiUsageException( $this, $status );
2060 * Helper function for readonly errors
2062 * @throws ApiUsageException always
2064 public function dieReadOnly() {
2065 $this->dieWithError(
2066 'apierror-readonly',
2068 [ 'readonlyreason' => wfReadOnlyReason() ]
2073 * Helper function for permission-denied errors
2075 * @param string|string[] $rights
2076 * @param User|null $user
2077 * @throws ApiUsageException if the user doesn't have any of the rights.
2078 * The error message is based on $rights[0].
2080 public function checkUserRightsAny( $rights, $user = null ) {
2082 $user = $this->getUser();
2084 $rights = (array)$rights;
2085 if ( !$user->isAllowedAny( ...$rights ) ) {
2086 $this->dieWithError( [ 'apierror-permissiondenied', $this->msg( "action-{$rights[0]}" ) ] );
2091 * Helper function for permission-denied errors
2093 * @param Title $title
2094 * @param string|string[] $actions
2095 * @param User|null $user
2096 * @throws ApiUsageException if the user doesn't have all of the rights.
2098 public function checkTitleUserPermissions( Title
$title, $actions, $user = null ) {
2100 $user = $this->getUser();
2104 foreach ( (array)$actions as $action ) {
2105 $errors = array_merge( $errors, $title->getUserPermissionsErrors( $action, $user ) );
2108 $this->dieStatus( $this->errorArrayToStatus( $errors, $user ) );
2113 * Will only set a warning instead of failing if the global $wgDebugAPI
2114 * is set to true. Otherwise behaves exactly as self::dieWithError().
2117 * @param string|array|Message $msg
2118 * @param string|null $code
2119 * @param array|null $data
2120 * @param int|null $httpCode
2121 * @throws ApiUsageException
2123 public function dieWithErrorOrDebug( $msg, $code = null, $data = null, $httpCode = null ) {
2124 if ( $this->getConfig()->get( 'DebugAPI' ) !== true ) {
2125 $this->dieWithError( $msg, $code, $data, $httpCode );
2127 $this->addWarning( $msg, $code, $data );
2132 * Die with the 'badcontinue' error.
2134 * This call is common enough to make it into the base method.
2136 * @param bool $condition Will only die if this value is true
2137 * @throws ApiUsageException
2140 protected function dieContinueUsageIf( $condition ) {
2142 $this->dieWithError( 'apierror-badcontinue' );
2147 * Internal code errors should be reported with this method
2148 * @param string $method Method or function name
2149 * @param string $message Error message
2150 * @throws MWException always
2152 protected static function dieDebug( $method, $message ) {
2153 throw new MWException( "Internal error in $method: $message" );
2157 * Write logging information for API features to a debug log, for usage
2159 * @note Consider using $this->addDeprecation() instead to both warn and log.
2160 * @param string $feature Feature being used.
2162 public function logFeatureUsage( $feature ) {
2163 $request = $this->getRequest();
2164 $s = '"' . addslashes( $feature ) . '"' .
2165 ' "' . wfUrlencode( str_replace( ' ', '_', $this->getUser()->getName() ) ) . '"' .
2166 ' "' . $request->getIP() . '"' .
2167 ' "' . addslashes( $request->getHeader( 'Referer' ) ) . '"' .
2168 ' "' . addslashes( $this->getMain()->getUserAgent() ) . '"';
2169 wfDebugLog( 'api-feature-usage', $s, 'private' );
2174 /************************************************************************//**
2175 * @name Help message generation
2180 * Return the summary message.
2182 * This is a one-line description of the module, suitable for display in a
2186 * @return string|array|Message
2188 protected function getSummaryMessage() {
2189 return "apihelp-{$this->getModulePath()}-summary";
2193 * Return the extended help text message.
2195 * This is additional text to display at the top of the help section, below
2199 * @return string|array|Message
2201 protected function getExtendedDescription() {
2203 "apihelp-{$this->getModulePath()}-extended-description",
2204 'api-help-no-extended-description',
2209 * Get final module summary
2211 * Ideally this will just be the getSummaryMessage(). However, for
2212 * backwards compatibility, if that message does not exist then the first
2213 * line of wikitext from the description message will be used instead.
2218 public function getFinalSummary() {
2219 $msg = self
::makeMessage( $this->getSummaryMessage(), $this->getContext(), [
2220 $this->getModulePrefix(),
2221 $this->getModuleName(),
2222 $this->getModulePath(),
2224 if ( !$msg->exists() ) {
2225 wfDeprecated( 'API help "description" messages', '1.30' );
2226 $msg = self
::makeMessage( $this->getDescriptionMessage(), $this->getContext(), [
2227 $this->getModulePrefix(),
2228 $this->getModuleName(),
2229 $this->getModulePath(),
2231 $msg = self
::makeMessage( 'rawmessage', $this->getContext(), [
2232 preg_replace( '/\n.*/s', '', $msg->text() )
2239 * Get final module description, after hooks have had a chance to tweak it as
2242 * @since 1.25, returns Message[] rather than string[]
2245 public function getFinalDescription() {
2246 $desc = $this->getDescription();
2248 // Avoid PHP 7.1 warning of passing $this by reference
2250 Hooks
::run( 'APIGetDescription', [ &$apiModule, &$desc ] );
2251 $desc = self
::escapeWikiText( $desc );
2252 if ( is_array( $desc ) ) {
2253 $desc = implode( "\n", $desc );
2255 $desc = (string)$desc;
2258 $summary = self
::makeMessage( $this->getSummaryMessage(), $this->getContext(), [
2259 $this->getModulePrefix(),
2260 $this->getModuleName(),
2261 $this->getModulePath(),
2263 $extendedDescription = self
::makeMessage(
2264 $this->getExtendedDescription(), $this->getContext(), [
2265 $this->getModulePrefix(),
2266 $this->getModuleName(),
2267 $this->getModulePath(),
2271 if ( $summary->exists() ) {
2272 $msgs = [ $summary, $extendedDescription ];
2274 wfDeprecated( 'API help "description" messages', '1.30' );
2275 $description = self
::makeMessage( $this->getDescriptionMessage(), $this->getContext(), [
2276 $this->getModulePrefix(),
2277 $this->getModuleName(),
2278 $this->getModulePath(),
2280 if ( !$description->exists() ) {
2281 $description = $this->msg( 'api-help-fallback-description', $desc );
2283 $msgs = [ $description ];
2286 Hooks
::run( 'APIGetDescriptionMessages', [ $this, &$msgs ] );
2292 * Get final list of parameters, after hooks have had a chance to
2293 * tweak it as needed.
2295 * @param int $flags Zero or more flags like GET_VALUES_FOR_HELP
2296 * @return array|bool False on no parameters
2297 * @since 1.21 $flags param added
2299 public function getFinalParams( $flags = 0 ) {
2300 $params = $this->getAllowedParams( $flags );
2305 if ( $this->needsToken() ) {
2306 $params['token'] = [
2307 self
::PARAM_TYPE
=> 'string',
2308 self
::PARAM_REQUIRED
=> true,
2309 self
::PARAM_SENSITIVE
=> true,
2310 self
::PARAM_HELP_MSG
=> [
2311 'api-help-param-token',
2312 $this->needsToken(),
2314 ] +
( $params['token'] ??
[] );
2317 // Avoid PHP 7.1 warning of passing $this by reference
2319 Hooks
::run( 'APIGetAllowedParams', [ &$apiModule, &$params, $flags ] );
2325 * Get final parameter descriptions, after hooks have had a chance to tweak it as
2328 * @since 1.25, returns array of Message[] rather than array of string[]
2329 * @return array Keys are parameter names, values are arrays of Message objects
2331 public function getFinalParamDescription() {
2332 $prefix = $this->getModulePrefix();
2333 $name = $this->getModuleName();
2334 $path = $this->getModulePath();
2336 $desc = $this->getParamDescription();
2338 // Avoid PHP 7.1 warning of passing $this by reference
2340 Hooks
::run( 'APIGetParamDescription', [ &$apiModule, &$desc ] );
2345 $desc = self
::escapeWikiText( $desc );
2347 $params = $this->getFinalParams( self
::GET_VALUES_FOR_HELP
);
2349 foreach ( $params as $param => $settings ) {
2350 if ( !is_array( $settings ) ) {
2354 $d = $desc[$param] ??
'';
2355 if ( is_array( $d ) ) {
2356 // Special handling for prop parameters
2357 $d = array_map( function ( $line ) {
2358 if ( preg_match( '/^\s+(\S+)\s+-\s+(.+)$/', $line, $m ) ) {
2359 $line = "\n;{$m[1]}:{$m[2]}";
2363 $d = implode( ' ', $d );
2366 if ( isset( $settings[self
::PARAM_HELP_MSG
] ) ) {
2367 $msg = $settings[self
::PARAM_HELP_MSG
];
2369 $msg = $this->msg( "apihelp-{$path}-param-{$param}" );
2370 if ( !$msg->exists() ) {
2371 $msg = $this->msg( 'api-help-fallback-parameter', $d );
2374 $msg = self
::makeMessage( $msg, $this->getContext(),
2375 [ $prefix, $param, $name, $path ] );
2377 self
::dieDebug( __METHOD__
,
2378 'Value in ApiBase::PARAM_HELP_MSG is not valid' );
2380 $msgs[$param] = [ $msg ];
2382 if ( isset( $settings[self
::PARAM_TYPE
] ) &&
2383 $settings[self
::PARAM_TYPE
] === 'submodule'
2385 if ( isset( $settings[self
::PARAM_SUBMODULE_MAP
] ) ) {
2386 $map = $settings[self
::PARAM_SUBMODULE_MAP
];
2388 $prefix = $this->isMain() ?
'' : ( $this->getModulePath() . '+' );
2390 foreach ( $this->getModuleManager()->getNames( $param ) as $submoduleName ) {
2391 $map[$submoduleName] = $prefix . $submoduleName;
2396 $deprecatedSubmodules = [];
2397 foreach ( $map as $v => $m ) {
2398 $arr = &$submodules;
2399 $isDeprecated = false;
2402 $submod = $this->getModuleFromPath( $m );
2404 $summary = $submod->getFinalSummary();
2405 $isDeprecated = $submod->isDeprecated();
2406 if ( $isDeprecated ) {
2407 $arr = &$deprecatedSubmodules;
2410 } catch ( ApiUsageException
$ex ) {
2414 $key = $summary->getKey();
2415 $params = $summary->getParams();
2417 $key = 'api-help-undocumented-module';
2420 $m = new ApiHelpParamValueMessage( "[[Special:ApiHelp/$m|$v]]", $key, $params, $isDeprecated );
2421 $arr[] = $m->setContext( $this->getContext() );
2423 $msgs[$param] = array_merge( $msgs[$param], $submodules, $deprecatedSubmodules );
2424 } elseif ( isset( $settings[self
::PARAM_HELP_MSG_PER_VALUE
] ) ) {
2425 if ( !is_array( $settings[self
::PARAM_HELP_MSG_PER_VALUE
] ) ) {
2426 self
::dieDebug( __METHOD__
,
2427 'ApiBase::PARAM_HELP_MSG_PER_VALUE is not valid' );
2429 if ( !is_array( $settings[self
::PARAM_TYPE
] ) ) {
2430 self
::dieDebug( __METHOD__
,
2431 'ApiBase::PARAM_HELP_MSG_PER_VALUE may only be used when ' .
2432 'ApiBase::PARAM_TYPE is an array' );
2435 $valueMsgs = $settings[self
::PARAM_HELP_MSG_PER_VALUE
];
2436 $deprecatedValues = $settings[self
::PARAM_DEPRECATED_VALUES
] ??
[];
2438 foreach ( $settings[self
::PARAM_TYPE
] as $value ) {
2439 if ( isset( $valueMsgs[$value] ) ) {
2440 $msg = $valueMsgs[$value];
2442 $msg = "apihelp-{$path}-paramvalue-{$param}-{$value}";
2444 $m = self
::makeMessage( $msg, $this->getContext(),
2445 [ $prefix, $param, $name, $path, $value ] );
2447 $m = new ApiHelpParamValueMessage(
2449 [ $m->getKey(), 'api-help-param-no-description' ],
2451 isset( $deprecatedValues[$value] )
2453 $msgs[$param][] = $m->setContext( $this->getContext() );
2455 self
::dieDebug( __METHOD__
,
2456 "Value in ApiBase::PARAM_HELP_MSG_PER_VALUE for $value is not valid" );
2461 if ( isset( $settings[self
::PARAM_HELP_MSG_APPEND
] ) ) {
2462 if ( !is_array( $settings[self
::PARAM_HELP_MSG_APPEND
] ) ) {
2463 self
::dieDebug( __METHOD__
,
2464 'Value for ApiBase::PARAM_HELP_MSG_APPEND is not an array' );
2466 foreach ( $settings[self
::PARAM_HELP_MSG_APPEND
] as $m ) {
2467 $m = self
::makeMessage( $m, $this->getContext(),
2468 [ $prefix, $param, $name, $path ] );
2470 $msgs[$param][] = $m;
2472 self
::dieDebug( __METHOD__
,
2473 'Value in ApiBase::PARAM_HELP_MSG_APPEND is not valid' );
2479 Hooks
::run( 'APIGetParamDescriptionMessages', [ $this, &$msgs ] );
2485 * Generates the list of flags for the help screen and for action=paraminfo
2487 * Corresponding messages: api-help-flag-deprecated,
2488 * api-help-flag-internal, api-help-flag-readrights,
2489 * api-help-flag-writerights, api-help-flag-mustbeposted
2493 protected function getHelpFlags() {
2496 if ( $this->isDeprecated() ) {
2497 $flags[] = 'deprecated';
2499 if ( $this->isInternal() ) {
2500 $flags[] = 'internal';
2502 if ( $this->isReadMode() ) {
2503 $flags[] = 'readrights';
2505 if ( $this->isWriteMode() ) {
2506 $flags[] = 'writerights';
2508 if ( $this->mustBePosted() ) {
2509 $flags[] = 'mustbeposted';
2516 * Returns information about the source of this module, if known
2518 * Returned array is an array with the following keys:
2519 * - path: Install path
2520 * - name: Extension name, or "MediaWiki" for core
2521 * - namemsg: (optional) i18n message key for a display name
2522 * - license-name: (optional) Name of license
2524 * @return array|null
2526 protected function getModuleSourceInfo() {
2529 if ( $this->mModuleSource
!== false ) {
2530 return $this->mModuleSource
;
2533 // First, try to find where the module comes from...
2534 $rClass = new ReflectionClass( $this );
2535 $path = $rClass->getFileName();
2538 $this->mModuleSource
= null;
2541 $path = realpath( $path ) ?
: $path;
2543 // Build map of extension directories to extension info
2544 if ( self
::$extensionInfo === null ) {
2545 $extDir = $this->getConfig()->get( 'ExtensionDirectory' );
2546 self
::$extensionInfo = [
2547 realpath( __DIR__
) ?
: __DIR__
=> [
2549 'name' => 'MediaWiki',
2550 'license-name' => 'GPL-2.0-or-later',
2552 realpath( "$IP/extensions" ) ?
: "$IP/extensions" => null,
2553 realpath( $extDir ) ?
: $extDir => null,
2559 'license-name' => null,
2561 foreach ( $this->getConfig()->get( 'ExtensionCredits' ) as $group ) {
2562 foreach ( $group as $ext ) {
2563 if ( !isset( $ext['path'] ) ||
!isset( $ext['name'] ) ) {
2564 // This shouldn't happen, but does anyway.
2568 $extpath = $ext['path'];
2569 if ( !is_dir( $extpath ) ) {
2570 $extpath = dirname( $extpath );
2572 self
::$extensionInfo[realpath( $extpath ) ?
: $extpath] =
2573 array_intersect_key( $ext, $keep );
2576 foreach ( ExtensionRegistry
::getInstance()->getAllThings() as $ext ) {
2577 $extpath = $ext['path'];
2578 if ( !is_dir( $extpath ) ) {
2579 $extpath = dirname( $extpath );
2581 self
::$extensionInfo[realpath( $extpath ) ?
: $extpath] =
2582 array_intersect_key( $ext, $keep );
2586 // Now traverse parent directories until we find a match or run out of
2589 if ( array_key_exists( $path, self
::$extensionInfo ) ) {
2591 $this->mModuleSource
= self
::$extensionInfo[$path];
2592 return $this->mModuleSource
;
2596 $path = dirname( $path );
2597 } while ( $path !== $oldpath );
2599 // No idea what extension this might be.
2600 $this->mModuleSource
= null;
2605 * Called from ApiHelp before the pieces are joined together and returned.
2607 * This exists mainly for ApiMain to add the Permissions and Credits
2608 * sections. Other modules probably don't need it.
2610 * @param string[] &$help Array of help data
2611 * @param array $options Options passed to ApiHelp::getHelp
2612 * @param array &$tocData If a TOC is being generated, this array has keys
2613 * as anchors in the page and values as for Linker::generateTOC().
2615 public function modifyHelp( array &$help, array $options, array &$tocData ) {
2620 /************************************************************************//**
2626 * Returns the description string for this module
2628 * Ignored if an i18n message exists for
2629 * "apihelp-{$this->getModulePath()}-description".
2631 * @deprecated since 1.25
2632 * @return Message|string|array|false
2634 protected function getDescription() {
2639 * Returns an array of parameter descriptions.
2641 * For each parameter, ignored if an i18n message exists for the parameter.
2642 * By default that message is
2643 * "apihelp-{$this->getModulePath()}-param-{$param}", but it may be
2644 * overridden using ApiBase::PARAM_HELP_MSG in the data returned by
2645 * self::getFinalParams().
2647 * @deprecated since 1.25
2648 * @return array|bool False on no parameter descriptions
2650 protected function getParamDescription() {
2655 * Returns usage examples for this module.
2657 * Return value as an array is either:
2658 * - numeric keys with partial URLs ("api.php?" plus a query string) as
2660 * - sequential numeric keys with even-numbered keys being display-text
2661 * and odd-numbered keys being partial urls
2662 * - partial URLs as keys with display-text (string or array-to-be-joined)
2664 * Return value as a string is the same as an array with a numeric key and
2665 * that value, and boolean false means "no examples".
2667 * @deprecated since 1.25, use getExamplesMessages() instead
2668 * @return bool|string|array
2670 protected function getExamples() {
2675 * @deprecated since 1.25
2677 public function profileIn() {
2678 wfDeprecated( __METHOD__
, '1.25' );
2682 * @deprecated since 1.25
2684 public function profileOut() {
2685 wfDeprecated( __METHOD__
, '1.25' );
2689 * @deprecated since 1.25
2691 public function safeProfileOut() {
2692 wfDeprecated( __METHOD__
, '1.25' );
2696 * @deprecated since 1.25
2698 public function profileDBIn() {
2699 wfDeprecated( __METHOD__
, '1.25' );
2703 * @deprecated since 1.25
2705 public function profileDBOut() {
2706 wfDeprecated( __METHOD__
, '1.25' );
2710 * Call wfTransactionalTimeLimit() if this request was POSTed
2713 protected function useTransactionalTimeLimit() {
2714 if ( $this->getRequest()->wasPosted() ) {
2715 wfTransactionalTimeLimit();
2720 * @deprecated since 1.29, use ApiBase::addWarning() instead
2721 * @param string $warning Warning message
2723 public function setWarning( $warning ) {
2724 wfDeprecated( __METHOD__
, '1.29' );
2725 $msg = new ApiRawMessage( $warning, 'warning' );
2726 $this->getErrorFormatter()->addWarning( $this->getModulePath(), $msg );
2730 * Throw an ApiUsageException, which will (if uncaught) call the main module's
2731 * error handler and die with an error message.
2733 * @deprecated since 1.29, use self::dieWithError() instead
2734 * @param string $description One-line human-readable description of the
2735 * error condition, e.g., "The API requires a valid action parameter"
2736 * @param string $errorCode Brief, arbitrary, stable string to allow easy
2737 * automated identification of the error, e.g., 'unknown_action'
2738 * @param int $httpRespCode HTTP response code
2739 * @param array|null $extradata Data to add to the "<error>" element; array in ApiResult format
2740 * @throws ApiUsageException always
2742 public function dieUsage( $description, $errorCode, $httpRespCode = 0, $extradata = null ) {
2743 wfDeprecated( __METHOD__
, '1.29' );
2744 $this->dieWithError(
2745 new RawMessage( '$1', [ $description ] ),
2753 * Get error (as code, string) from a Status object.
2756 * @deprecated since 1.29, use ApiErrorFormatter::arrayFromStatus instead
2757 * @param Status $status
2758 * @param array|null &$extraData Set if extra data from IApiMessage is available (since 1.27)
2759 * @return array Array of code and error string
2760 * @throws MWException
2762 public function getErrorFromStatus( $status, &$extraData = null ) {
2763 wfDeprecated( __METHOD__
, '1.29' );
2764 if ( $status->isGood() ) {
2765 throw new MWException( 'Successful status passed to ApiBase::dieStatus' );
2768 $errors = $status->getErrorsByType( 'error' );
2770 // No errors? Assume the warnings should be treated as errors
2771 $errors = $status->getErrorsByType( 'warning' );
2774 // Still no errors? Punt
2775 $errors = [ [ 'message' => 'unknownerror-nocode', 'params' => [] ] ];
2778 if ( $errors[0]['message'] instanceof MessageSpecifier
) {
2779 $msg = $errors[0]['message'];
2781 $msg = new Message( $errors[0]['message'], $errors[0]['params'] );
2783 if ( !$msg instanceof IApiMessage
) {
2784 $key = $msg->getKey();
2785 $params = $msg->getParams();
2786 array_unshift( $params, self
::$messageMap[$key] ??
$key );
2787 $msg = ApiMessage
::create( $params );
2792 ApiErrorFormatter
::stripMarkup( $msg->inLanguage( 'en' )->useDatabase( false )->text() )
2797 * @deprecated since 1.29. Prior to 1.29, this was a public mapping from
2798 * arbitrary strings (often message keys used elsewhere in MediaWiki) to
2799 * API codes and message texts, and a few interfaces required poking
2800 * something in here. Now we're repurposing it to map those same strings
2801 * to i18n messages, and declaring that any interface that requires poking
2802 * at this is broken and needs replacing ASAP.
2804 private static $messageMap = [
2805 'unknownerror' => 'apierror-unknownerror',
2806 'unknownerror-nocode' => 'apierror-unknownerror-nocode',
2807 'ns-specialprotected' => 'ns-specialprotected',
2808 'protectedinterface' => 'protectedinterface',
2809 'namespaceprotected' => 'namespaceprotected',
2810 'customcssprotected' => 'customcssprotected',
2811 'customjsprotected' => 'customjsprotected',
2812 'cascadeprotected' => 'cascadeprotected',
2813 'protectedpagetext' => 'protectedpagetext',
2814 'protect-cantedit' => 'protect-cantedit',
2815 'deleteprotected' => 'deleteprotected',
2816 'badaccess-group0' => 'badaccess-group0',
2817 'badaccess-groups' => 'badaccess-groups',
2818 'titleprotected' => 'titleprotected',
2819 'nocreate-loggedin' => 'nocreate-loggedin',
2820 'nocreatetext' => 'nocreatetext',
2821 'movenologintext' => 'movenologintext',
2822 'movenotallowed' => 'movenotallowed',
2823 'confirmedittext' => 'confirmedittext',
2824 'blockedtext' => 'apierror-blocked',
2825 'autoblockedtext' => 'apierror-autoblocked',
2826 'systemblockedtext' => 'apierror-systemblocked',
2827 'actionthrottledtext' => 'apierror-ratelimited',
2828 'alreadyrolled' => 'alreadyrolled',
2829 'cantrollback' => 'cantrollback',
2830 'readonlytext' => 'readonlytext',
2831 'sessionfailure' => 'sessionfailure',
2832 'cannotdelete' => 'cannotdelete',
2833 'notanarticle' => 'apierror-missingtitle',
2834 'selfmove' => 'selfmove',
2835 'immobile_namespace' => 'apierror-immobilenamespace',
2836 'articleexists' => 'articleexists',
2837 'hookaborted' => 'hookaborted',
2838 'cantmove-titleprotected' => 'cantmove-titleprotected',
2839 'imagenocrossnamespace' => 'imagenocrossnamespace',
2840 'imagetypemismatch' => 'imagetypemismatch',
2841 'ip_range_invalid' => 'ip_range_invalid',
2842 'range_block_disabled' => 'range_block_disabled',
2843 'nosuchusershort' => 'nosuchusershort',
2844 'badipaddress' => 'badipaddress',
2845 'ipb_expiry_invalid' => 'ipb_expiry_invalid',
2846 'ipb_already_blocked' => 'ipb_already_blocked',
2847 'ipb_blocked_as_range' => 'ipb_blocked_as_range',
2848 'ipb_cant_unblock' => 'ipb_cant_unblock',
2849 'mailnologin' => 'apierror-cantsend',
2850 'ipbblocked' => 'ipbblocked',
2851 'ipbnounblockself' => 'ipbnounblockself',
2852 'usermaildisabled' => 'usermaildisabled',
2853 'blockedemailuser' => 'apierror-blockedfrommail',
2854 'notarget' => 'apierror-notarget',
2855 'noemail' => 'noemail',
2856 'rcpatroldisabled' => 'rcpatroldisabled',
2857 'markedaspatrollederror-noautopatrol' => 'markedaspatrollederror-noautopatrol',
2858 'delete-toobig' => 'delete-toobig',
2859 'movenotallowedfile' => 'movenotallowedfile',
2860 'userrights-no-interwiki' => 'userrights-no-interwiki',
2861 'userrights-nodatabase' => 'userrights-nodatabase',
2862 'nouserspecified' => 'nouserspecified',
2863 'noname' => 'noname',
2864 'summaryrequired' => 'apierror-summaryrequired',
2865 'import-rootpage-invalid' => 'import-rootpage-invalid',
2866 'import-rootpage-nosubpage' => 'import-rootpage-nosubpage',
2867 'readrequired' => 'apierror-readapidenied',
2868 'writedisabled' => 'apierror-noapiwrite',
2869 'writerequired' => 'apierror-writeapidenied',
2870 'missingparam' => 'apierror-missingparam',
2871 'invalidtitle' => 'apierror-invalidtitle',
2872 'nosuchpageid' => 'apierror-nosuchpageid',
2873 'nosuchrevid' => 'apierror-nosuchrevid',
2874 'nosuchuser' => 'nosuchusershort',
2875 'invaliduser' => 'apierror-invaliduser',
2876 'invalidexpiry' => 'apierror-invalidexpiry',
2877 'pastexpiry' => 'apierror-pastexpiry',
2878 'create-titleexists' => 'apierror-create-titleexists',
2879 'missingtitle-createonly' => 'apierror-missingtitle-createonly',
2880 'cantblock' => 'apierror-cantblock',
2881 'canthide' => 'apierror-canthide',
2882 'cantblock-email' => 'apierror-cantblock-email',
2883 'cantunblock' => 'apierror-permissiondenied-generic',
2884 'cannotundelete' => 'cannotundelete',
2885 'permdenied-undelete' => 'apierror-permissiondenied-generic',
2886 'createonly-exists' => 'apierror-articleexists',
2887 'nocreate-missing' => 'apierror-missingtitle',
2888 'cantchangecontentmodel' => 'apierror-cantchangecontentmodel',
2889 'nosuchrcid' => 'apierror-nosuchrcid',
2890 'nosuchlogid' => 'apierror-nosuchlogid',
2891 'protect-invalidaction' => 'apierror-protect-invalidaction',
2892 'protect-invalidlevel' => 'apierror-protect-invalidlevel',
2893 'toofewexpiries' => 'apierror-toofewexpiries',
2894 'cantimport' => 'apierror-cantimport',
2895 'cantimport-upload' => 'apierror-cantimport-upload',
2896 'importnofile' => 'importnofile',
2897 'importuploaderrorsize' => 'importuploaderrorsize',
2898 'importuploaderrorpartial' => 'importuploaderrorpartial',
2899 'importuploaderrortemp' => 'importuploaderrortemp',
2900 'importcantopen' => 'importcantopen',
2901 'import-noarticle' => 'import-noarticle',
2902 'importbadinterwiki' => 'importbadinterwiki',
2903 'import-unknownerror' => 'apierror-import-unknownerror',
2904 'cantoverwrite-sharedfile' => 'apierror-cantoverwrite-sharedfile',
2905 'sharedfile-exists' => 'apierror-fileexists-sharedrepo-perm',
2906 'mustbeposted' => 'apierror-mustbeposted',
2907 'show' => 'apierror-show',
2908 'specialpage-cantexecute' => 'apierror-specialpage-cantexecute',
2909 'invalidoldimage' => 'apierror-invalidoldimage',
2910 'nodeleteablefile' => 'apierror-nodeleteablefile',
2911 'fileexists-forbidden' => 'fileexists-forbidden',
2912 'fileexists-shared-forbidden' => 'fileexists-shared-forbidden',
2913 'filerevert-badversion' => 'filerevert-badversion',
2914 'noimageredirect-anon' => 'apierror-noimageredirect-anon',
2915 'noimageredirect-logged' => 'apierror-noimageredirect',
2916 'spamdetected' => 'apierror-spamdetected',
2917 'contenttoobig' => 'apierror-contenttoobig',
2918 'noedit-anon' => 'apierror-noedit-anon',
2919 'noedit' => 'apierror-noedit',
2920 'wasdeleted' => 'apierror-pagedeleted',
2921 'blankpage' => 'apierror-emptypage',
2922 'editconflict' => 'editconflict',
2923 'hashcheckfailed' => 'apierror-badmd5',
2924 'missingtext' => 'apierror-notext',
2925 'emptynewsection' => 'apierror-emptynewsection',
2926 'revwrongpage' => 'apierror-revwrongpage',
2927 'undo-failure' => 'undo-failure',
2928 'content-not-allowed-here' => 'content-not-allowed-here',
2929 'edit-hook-aborted' => 'edit-hook-aborted',
2930 'edit-gone-missing' => 'edit-gone-missing',
2931 'edit-conflict' => 'edit-conflict',
2932 'edit-already-exists' => 'edit-already-exists',
2933 'invalid-file-key' => 'apierror-invalid-file-key',
2934 'nouploadmodule' => 'apierror-nouploadmodule',
2935 'uploaddisabled' => 'uploaddisabled',
2936 'copyuploaddisabled' => 'copyuploaddisabled',
2937 'copyuploadbaddomain' => 'apierror-copyuploadbaddomain',
2938 'copyuploadbadurl' => 'apierror-copyuploadbadurl',
2939 'filename-tooshort' => 'filename-tooshort',
2940 'filename-toolong' => 'filename-toolong',
2941 'illegal-filename' => 'illegal-filename',
2942 'filetype-missing' => 'filetype-missing',
2943 'mustbeloggedin' => 'apierror-mustbeloggedin',
2947 * @deprecated do not use
2948 * @param array|string|MessageSpecifier $error Element of a getUserPermissionsErrors()-style array
2949 * @return ApiMessage
2951 private function parseMsgInternal( $error ) {
2952 $msg = Message
::newFromSpecifier( $error );
2953 if ( !$msg instanceof IApiMessage
) {
2954 $key = $msg->getKey();
2955 if ( isset( self
::$messageMap[$key] ) ) {
2956 $params = $msg->getParams();
2957 array_unshift( $params, self
::$messageMap[$key] );
2959 $params = [ 'apierror-unknownerror', wfEscapeWikiText( $key ) ];
2961 $msg = ApiMessage
::create( $params );
2967 * Return the error message related to a certain array
2968 * @deprecated since 1.29
2969 * @param array|string|MessageSpecifier $error Element of a getUserPermissionsErrors()-style array
2970 * @return array [ 'code' => code, 'info' => info ]
2972 public function parseMsg( $error ) {
2973 wfDeprecated( __METHOD__
, '1.29' );
2974 // Check whether someone passed the whole array, instead of one element as
2975 // documented. This breaks if it's actually an array of fallback keys, but
2976 // that's long-standing misbehavior introduced in r87627 to incorrectly
2978 if ( is_array( $error ) ) {
2979 $first = reset( $error );
2980 if ( is_array( $first ) ) {
2981 wfDebug( __METHOD__
. ' was passed an array of arrays. ' . wfGetAllCallers( 5 ) );
2986 $msg = $this->parseMsgInternal( $error );
2988 'code' => $msg->getApiCode(),
2989 'info' => ApiErrorFormatter
::stripMarkup(
2990 $msg->inLanguage( 'en' )->useDatabase( false )->text()
2992 'data' => $msg->getApiData()
2997 * Output the error message related to a certain array
2998 * @deprecated since 1.29, use ApiBase::dieWithError() instead
2999 * @param array|string|MessageSpecifier $error Element of a getUserPermissionsErrors()-style array
3000 * @throws ApiUsageException always
3002 public function dieUsageMsg( $error ) {
3003 wfDeprecated( __METHOD__
, '1.29' );
3004 $this->dieWithError( $this->parseMsgInternal( $error ) );
3008 * Will only set a warning instead of failing if the global $wgDebugAPI
3009 * is set to true. Otherwise behaves exactly as dieUsageMsg().
3010 * @deprecated since 1.29, use ApiBase::dieWithErrorOrDebug() instead
3011 * @param array|string|MessageSpecifier $error Element of a getUserPermissionsErrors()-style array
3012 * @throws ApiUsageException
3015 public function dieUsageMsgOrDebug( $error ) {
3016 wfDeprecated( __METHOD__
, '1.29' );
3017 $this->dieWithErrorOrDebug( $this->parseMsgInternal( $error ) );
3021 * Return the description message.
3023 * This is additional text to display on the help page after the summary.
3025 * @deprecated since 1.30
3026 * @return string|array|Message
3028 protected function getDescriptionMessage() {
3030 "apihelp-{$this->getModulePath()}-description",
3031 "apihelp-{$this->getModulePath()}-summary",
3036 * Truncate an array to a certain length.
3037 * @deprecated since 1.32, no replacement
3038 * @param array &$arr Array to truncate
3039 * @param int $limit Maximum length
3040 * @return bool True if the array was truncated, false otherwise
3042 public static function truncateArray( &$arr, $limit ) {
3043 wfDeprecated( __METHOD__
, '1.32' );
3045 while ( count( $arr ) > $limit ) {
3057 * For really cool vim folding this needs to be at the end:
3058 * vim: foldmarker=@{,@} foldmethod=marker