format=raw is an HTML injection machine like action=raw but without any safeguards; it's trivial to create JavaScript exploits which hit at least Internet Explorer.
There's no reason to add a whole new danger point here when you've got machine-readable structure already... please do not add this raw formatter back.
* (bug 11562) Added a user_registration parameter/field to the list=allusers query.
* (bug 11588) Preserve document structure for empty dataset in backlinks query.
* Outputting list of all user preferences rather than having to request them by name
-* Add raw formatting support. Now several actions like expandtemplates support raw output with format=raw
-* (bug 11206) api.php should honor maxlag
=== Languages updated in 1.12 ===
'Services_JSON' => 'includes/api/ApiFormatJson_json.php',
'ApiFormatJson' => 'includes/api/ApiFormatJson.php',
'ApiFormatPhp' => 'includes/api/ApiFormatPhp.php',
- 'ApiFormatRaw' => 'includes/api/ApiFormatBase.php',
'ApiFormatWddx' => 'includes/api/ApiFormatWddx.php',
'ApiFormatXml' => 'includes/api/ApiFormatXml.php',
'Spyc' => 'includes/api/ApiFormatYaml_spyc.php',
return wfIsWindows()
? 'NUL'
: '/dev/null';
-}
-
-/**
- * Displays a maxlag error
- *
- * @param string $host Server that lags the most
- * @param int $lag Maxlag (actual)
- * @param int $maxLag Maxlag (requested)
- */
-function wfMaxlagError( $host, $lag, $maxLag ) {
- global $wgShowHostnames;
- header( 'HTTP/1.1 503 Service Unavailable' );
- header( 'Retry-After: ' . max( intval( $maxLag ), 5 ) );
- header( 'X-Database-Lag: ' . intval( $lag ) );
- header( 'Content-Type: text/plain' );
- if( $wgShowHostnames ) {
- echo "Waiting for $host: $lag seconds lagged\n";
- } else {
- echo "Waiting for a database server: $lag seconds lagged\n";
- }
}
\ No newline at end of file
}
function checkMaxLag( $maxLag ) {
- global $wgLoadBalancer;
+ global $wgLoadBalancer, $wgShowHostnames;
list( $host, $lag ) = $wgLoadBalancer->getMaxLag();
if ( $lag > $maxLag ) {
- wfMaxlagError( $host, $lag, $maxLag );
+ header( 'HTTP/1.1 503 Service Unavailable' );
+ header( 'Retry-After: ' . max( intval( $maxLag ), 5 ) );
+ header( 'X-Database-Lag: ' . intval( $lag ) );
+ header( 'Content-Type: text/plain' );
+ if( $wgShowHostnames ) {
+ echo "Waiting for $host: $lag seconds lagged\n";
+ } else {
+ echo "Waiting for a database server: $lag seconds lagged\n";
+ }
return false;
} else {
return true;
wfDebugDieBacktrace("Internal error in $method: $message");
}
- private $mRawFormat = false;
-
- /**
- * Returns if module supports raw mode
- */
- public function supportRaw() {
- return false;
- }
-
- /**
- * Enables raw mode
- */
- public function setRaw() {
- $this->mRawFormat = true;
- }
-
- /**
- * Checks if raw mode is enabled
- */
- public function isRaw() {
- return $this->mRawFormat;
- }
-
- /**
- * Indicates if API needs to check maxlag
- */
- public function shouldCheckMaxlag() {
- return true;
- }
-
-
/**
* Profiling: total module execution time
*/
}
}
-
// Return result
$result = $this->getResult();
- if( $this->isRaw() ) {
- ApiFormatRaw :: setRawData( $result, $retval );
- }
$retval_array = array();
$result->setContent( $retval_array, $retval );
$result->addValue( null, $this->getModuleName(), $retval_array );
}
- public function supportRaw() {
- return true;
- }
-
protected function getAllowedParams() {
return array (
'title' => array(
}
}
-
return __CLASS__ . ': $Id$';
}
}
-
-/**
- * This printer is used to wrap raw printer
- * @addtogroup API
- */
-class ApiFormatRaw extends ApiFormatBase {
-
- public function __construct($main, $format) {
- parent :: __construct($main, $format);
- }
-
- public static function setRawData( $result, $raw_data, $raw_type = 'text/plain' ) {
- $data = & $result->getData();
- $data['_raw'] = $raw_data;
- $data['_raw_mimetype'] = $raw_type;
- }
-
- public function getMimeType() {
- $data = $this->getResultData();
- if( !isset( $data['_raw_mimetype'] ) && !isset( $data['error'] ) ) {
- ApiBase :: dieDebug( 'ApiFormatRaw', 'No raw data is set for this module' );
- return;
- }
- elseif( isset( $data['error'] ) ) {
- $this->executeError( $data );
- return;
- }
- return $data['_raw_mimetype'];
- }
-
- public function execute() {
- $data = $this->getResultData();
- if( !isset( $data['_raw'] ) && !isset( $data['error'] ) ) {
- ApiBase :: dieDebug( 'ApiFormatRaw', 'No raw data is set for this module' );
- return;
- }
- elseif( isset( $data['error'] ) ) {
- $this->executeError( $data );
- return;
- }
- $this->printText( $data['_raw'] );
- }
-
- private function executeError( $data ) {
- wfHttpError(500, 'Internal Server Error', '');
- echo "{$data['error']['code']}\n";
- echo "{$data['error']['info']}\n";
- }
-
- public function getNeedsRawData() {
- return true;
- }
-
- protected function getDescription() {
- return 'Output data in raw format. NOTE: not all actions support it' . parent :: getDescription();
- }
-
- public function getVersion() {
- return __CLASS__ . ': $Id$';
- }
-}
$this->dieUsage('', 'help');
}
- public function shouldCheckMaxlag() {
- return false;
- }
-
protected function getDescription() {
return array (
'Display this help screen.'
'xmlfm' => 'ApiFormatXml',
'yaml' => 'ApiFormatYaml',
'yamlfm' => 'ApiFormatYaml',
- 'raw' => 'ApiFormatRaw',
'rawfm' => 'ApiFormatJson'
);
// Instantiate the module requested by the user
$module = new $this->mModules[$this->mAction] ($this, $this->mAction);
-
- if( $module->shouldCheckMaxlag() && isset( $params['maxlag'] ) ) {
- // Check for maxlag
- global $wgLoadBalancer, $wgShowHostnames;
- $maxLag = $params['maxlag'];
- list( $host, $lag ) = $wgLoadBalancer->getMaxLag();
- if ( $lag > $maxLag ) {
- if( $wgShowHostnames ) {
- ApiBase :: dieUsage( "Waiting for $host: $lag seconds lagged", 'maxlag' );
- } else {
- ApiBase :: dieUsage( "Waiting for a database server: $lag seconds lagged", 'maxlag' );
- }
- return;
- }
- }
if (!$this->mInternalMode) {
- //Check usage of raw printer
- if( $params['format'] == 'raw' ) {
- if( !$module->supportRaw() ) {
- ApiBase :: dieUsage( 'This module doesn\'t support format=raw', 'rawnotsupported' );
- return;
- }
- $module->setRaw();
- }
-
// See if custom printer is used
$this->mPrinter = $module->getCustomPrinter();
if (is_null($this->mPrinter)) {
ApiBase :: PARAM_DFLT => 'help',
ApiBase :: PARAM_TYPE => $this->mModuleNames
),
- 'version' => false,
- 'maxlag' => array (
- ApiBase :: PARAM_TYPE => 'integer'
- ),
+ 'version' => false
);
}
return array (
'format' => 'The format of the output',
'action' => 'What action you would like to perform',
- 'version' => 'When showing help, include version for each module',
- 'maxlag' => 'Maximum lag'
+ 'version' => 'When showing help, include version for each module'
);
}
}
-
$psModule = new ApiPageSet($this);
return $psModule->makeHelpMsgParameters() . parent :: makeHelpMsgParameters();
}
-
- // @todo should work correctly
- public function shouldCheckMaxlag() {
- return true;
- }
protected function getParamDescription() {
return array (
// Return result
$result = $this->getResult();
- if( $this->isRaw() ) {
- ApiFormatRaw :: setRawData( $result, $retval, 'text/html' );
- }
$retval_array = array();
$result->setContent( $retval_array, $retval );
$result->addValue( null, $this->getModuleName(), $retval_array );
}
- public function supportRaw() {
- return true;
- }
-
protected function getAllowedParams() {
return array (
'title' => array(
}
}
-