X-Git-Url: http://git.cyclocoop.org//%22javascript:ModifierStyle%28%27%22.%24id.%22%27%29/%22?a=blobdiff_plain;f=includes%2Fapi%2FApiMain.php;h=38299b471163e5e7590ad43dd29799db39cc9c7b;hb=dcdb8e463e3b2be121c61c91df13ea36d270a602;hp=8d5af594c1832090e309395f9b90e74d7440ba57;hpb=eb2f439768d34254964e798d9523211ba8ea2f5f;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php index 8d5af594c1..38299b4711 100644 --- a/includes/api/ApiMain.php +++ b/includes/api/ApiMain.php @@ -572,11 +572,7 @@ class ApiMain extends ApiBase { $response = $this->getRequest()->response(); $headerStr = 'MediaWiki-API-Error: ' . $errCode; - if ( $e->getCode() === 0 ) { - $response->header( $headerStr ); - } else { - $response->header( $headerStr, true, $e->getCode() ); - } + $response->header( $headerStr ); // Reset and print just the error message ob_clean(); @@ -585,7 +581,7 @@ class ApiMain extends ApiBase { $this->createErrorPrinter(); try { - $this->printResult( true ); + $this->printResult( $e->getCode() ); } catch ( UsageException $ex ) { // The error printer itself is failing. Try suppressing its request // parameters and redo. @@ -595,7 +591,10 @@ class ApiMain extends ApiBase { $this->mPrinter = null; $this->createErrorPrinter(); $this->mPrinter->forceDefaultParams(); - $this->printResult( true ); + if ( $e->getCode() ) { + $response->statusHeader( 200 ); // Reset in case the fallback doesn't want a non-200 + } + $this->printResult( $e->getCode() ); } } @@ -636,8 +635,8 @@ class ApiMain extends ApiBase { * If the parameter and the header do match, the header is checked against $wgCrossSiteAJAXdomains * and $wgCrossSiteAJAXdomainExceptions, and if the origin qualifies, the appropriate CORS * headers are set. - * http://www.w3.org/TR/cors/#resource-requests - * http://www.w3.org/TR/cors/#resource-preflight-requests + * https://www.w3.org/TR/cors/#resource-requests + * https://www.w3.org/TR/cors/#resource-preflight-requests * * @return bool False if the caller should abort (403 case), true otherwise (all other cases) */ @@ -719,7 +718,7 @@ class ApiMain extends ApiBase { $response->header( "Access-Control-Allow-Origin: $allowOrigin" ); $response->header( "Access-Control-Allow-Credentials: $allowCredentials" ); - // http://www.w3.org/TR/resource-timing/#timing-allow-origin + // https://www.w3.org/TR/resource-timing/#timing-allow-origin if ( $allowTiming !== false ) { $response->header( "Timing-Allow-Origin: $allowTiming" ); } @@ -1361,6 +1360,15 @@ class ApiMain extends ApiBase { break; } } + if ( isset( $params['assertuser'] ) ) { + $assertUser = User::newFromName( $params['assertuser'], false ); + if ( !$assertUser || !$this->getUser()->equals( $assertUser ) ) { + $this->dieUsage( + 'Assertion that the user is "' . $params['assertuser'] . '" failed', + 'assertnameduserfailed' + ); + } + } } /** @@ -1432,7 +1440,7 @@ class ApiMain extends ApiBase { MWDebug::appendDebugInfoToApiResult( $this->getContext(), $this->getResult() ); // Print result data - $this->printResult( false ); + $this->printResult(); } } @@ -1466,7 +1474,7 @@ class ApiMain extends ApiBase { 'ip' => $request->getIP(), 'userAgent' => $this->getUserAgent(), 'wiki' => wfWikiID(), - 'timeSpentBackend' => (int) round( $time * 1000 ), + 'timeSpentBackend' => (int)round( $time * 1000 ), 'hadError' => $e !== null, 'errorCodes' => [], 'params' => [], @@ -1612,15 +1620,18 @@ class ApiMain extends ApiBase { /** * Print results using the current printer * - * @param bool $isError + * @param int $httpCode HTTP status code, or 0 to not change */ - protected function printResult( $isError ) { + protected function printResult( $httpCode = 0 ) { if ( $this->getConfig()->get( 'DebugAPI' ) !== false ) { $this->setWarning( 'SECURITY WARNING: $wgDebugAPI is enabled' ); } $printer = $this->mPrinter; $printer->initPrinter( false ); + if ( $httpCode ) { + $printer->setHttpStatus( $httpCode ); + } $printer->execute(); $printer->closePrinter(); } @@ -1661,6 +1672,9 @@ class ApiMain extends ApiBase { 'assert' => [ ApiBase::PARAM_TYPE => [ 'user', 'bot' ] ], + 'assertuser' => [ + ApiBase::PARAM_TYPE => 'user', + ], 'requestid' => null, 'servedby' => false, 'curtimestamp' => false,