X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=api.php;h=1cd549747c42109fb9a609676d268086766ccde3;hb=852221d663f43c4bcc9e34545571e1a5abbf3283;hp=f55f85361af856bd118e6680339debcb5fdbe031;hpb=938a8eb347d1f14a726729390adbaa3e65ba1bfa;p=lhc%2Fweb%2Fwiklou.git diff --git a/api.php b/api.php index f55f85361a..1cd549747c 100644 --- a/api.php +++ b/api.php @@ -1,9 +1,16 @@ @gmail.com + * Copyright © 2006 Yuri Astrakhan @gmail.com * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -23,69 +30,47 @@ * @file */ -/** - * This file is the entry point for all API queries. It begins by checking - * whether the API is enabled on this wiki; if not, it informs the user that - * s/he should set $wgEnableAPI to true and exits. Otherwise, it constructs - * a new ApiMain using the parameter passed to it as an argument in the URL - * ('?action=') and with write-enabled set to the value of $wgEnableWriteAPI - * as specified in LocalSettings.php. It then invokes "execute()" on the - * ApiMain object instance, which produces output in the format sepecified - * in the URL. - */ - // So extensions (and other code) can check whether they're running in API mode define( 'MW_API', true ); -// We want a plain message on catastrophic errors that machines can identify -function wfDie( $msg = '' ) { - header( $_SERVER['SERVER_PROTOCOL'] . ' 500 MediaWiki configuration Error', true, 500 ); - echo $msg; - die( 1 ); -} - -// Die on unsupported PHP versions -if( !function_exists( 'version_compare' ) || version_compare( phpversion(), '5.2.3' ) < 0 ){ - $version = htmlspecialchars( $wgVersion ); - wfDie( "MediaWiki $version requires at least PHP version 5.2.3." ); +// Bail if PHP is too low +if ( !function_exists( 'version_compare' ) || version_compare( phpversion(), '5.3.2' ) < 0 ) { + require( dirname( __FILE__ ) . '/includes/PHPVersionError.php' ); + wfPHPVersionError( 'api.php' ); } // Initialise common code. -require ( dirname( __FILE__ ) . '/includes/WebStart.php' ); +if ( isset( $_SERVER['MW_COMPILED'] ) ) { + require ( 'core/includes/WebStart.php' ); +} else { + require ( dirname( __FILE__ ) . '/includes/WebStart.php' ); +} wfProfileIn( 'api.php' ); $starttime = microtime( true ); // URL safety checks -// -// See RawPage.php for details; summary is that MSIE can override the -// Content-Type if it sees a recognized extension on the URL, such as -// might be appended via PATH_INFO after 'api.php'. -// -// Some data formats can end up containing unfiltered user-provided data -// which will end up triggering HTML detection and execution, hence -// XSS injection and all that entails. -// -if ( $wgRequest->isPathInfoBad() ) { - wfHttpError( 403, 'Forbidden', - 'Invalid file extension found in PATH_INFO or QUERY_STRING.' ); +if ( !$wgRequest->checkUrlExtension() ) { return; } // Verify that the API has not been disabled if ( !$wgEnableAPI ) { - wfDie( 'MediaWiki API is not enabled for this site. Add the following line to your LocalSettings.php' - . '
$wgEnableAPI=true;
' - ); + header( $_SERVER['SERVER_PROTOCOL'] . ' 500 MediaWiki configuration Error', true, 500 ); + echo( 'MediaWiki API is not enabled for this site. Add the following line to your LocalSettings.php' + . '
$wgEnableAPI=true;
' ); + die(1); } // Selectively allow cross-site AJAX -/* +/** * Helper function to convert wildcard string into a regex * '*' => '.*?' * '?' => '.' - * @ return string + * + * @param $search string + * @return string */ function convertWildcard( $search ) { $search = preg_quote( $search, '/' ); @@ -128,7 +113,7 @@ $processor = new ApiMain( $wgRequest, $wgEnableWriteAPI ); $processor->execute(); // Execute any deferred updates -wfDoUpdates(); +DeferredUpdates::doUpdates(); // Log what the user did, for book-keeping purposes. $endtime = microtime( true ); @@ -140,7 +125,7 @@ if ( $wgAPIRequestLog ) { $items = array( wfTimestamp( TS_MW ), $endtime - $starttime, - wfGetIP(), + $wgRequest->getIP(), $_SERVER['HTTP_USER_AGENT'] ); $items[] = $wgRequest->wasPosted() ? 'POST' : 'GET';