From 9c0b26028ff1093258d910f86661242cd6f33b3b Mon Sep 17 00:00:00 2001 From: Roan Kattouw Date: Mon, 18 Oct 2010 09:19:20 +0000 Subject: [PATCH] Revert r74810 (vary API help cache on $wgUser->isAnon()) and move the POST check into the purge module. Also fix the permissions check in action=purge, which was totally broken and based on a misunderstanding of what the 'purge' right means. --- RELEASE-NOTES | 3 ++- includes/api/ApiBase.php | 1 - includes/api/ApiMain.php | 4 ++-- includes/api/ApiPurge.php | 14 ++++++-------- 4 files changed, 10 insertions(+), 12 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 6ada169d34..cd30cd91ac 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -433,7 +433,8 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * (bug 25303) Fix API parameter integer validation to actually enforce validation on the input values in addition to giving a warning. Also add flag to enforce (die) if integer out of range (breaking change!) -* (bug 24792) API help caching doesn't vary on $wgUser->isAnon(), causes staleness +* (bug 24792) API help for action=purge sometimes wrongly stated whether a + POST request was needed due to cache pollution === Languages updated in 1.17 === diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php index 7d4c16b542..18dfb98f29 100644 --- a/includes/api/ApiBase.php +++ b/includes/api/ApiBase.php @@ -998,7 +998,6 @@ abstract class ApiBase { 'createonly-exists' => array( 'code' => 'articleexists', 'info' => "The article you tried to create has been created already" ), 'nocreate-missing' => array( 'code' => 'missingtitle', 'info' => "The article you tried to edit doesn't exist" ), 'nosuchrcid' => array( 'code' => 'nosuchrcid', 'info' => "There is no change with rcid ``\$1''" ), - 'cantpurge' => array( 'code' => 'cantpurge', 'info' => "Only users with the 'purge' right can purge pages via the API" ), 'protect-invalidaction' => array( 'code' => 'protect-invalidaction', 'info' => "Invalid protection type ``\$1''" ), 'protect-invalidlevel' => array( 'code' => 'protect-invalidlevel', 'info' => "Invalid protection level ``\$1''" ), 'toofewexpiries' => array( 'code' => 'toofewexpiries', 'info' => "\$1 expiry timestamps were provided where \$2 were needed" ), diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php index d88a5f21a7..19ad59a688 100644 --- a/includes/api/ApiMain.php +++ b/includes/api/ApiMain.php @@ -805,10 +805,10 @@ class ApiMain extends ApiBase { * Override the parent to generate help messages for all available modules. */ public function makeHelpMsg() { - global $wgMemc, $wgAPICacheHelp, $wgAPICacheHelpTimeout, $wgUser; + global $wgMemc, $wgAPICacheHelp, $wgAPICacheHelpTimeout; $this->setHelp(); // Get help text from cache if present - $key = wfMemcKey( 'apihelp', $this->getModuleName(), $wgUser->isAnon(), + $key = wfMemcKey( 'apihelp', $this->getModuleName(), SpecialVersion::getVersion( 'nodb' ) . $this->getMain()->getShowVersions() ); if ( $wgAPICacheHelp ) { diff --git a/includes/api/ApiPurge.php b/includes/api/ApiPurge.php index 8c287e3e62..2f4648be2c 100644 --- a/includes/api/ApiPurge.php +++ b/includes/api/ApiPurge.php @@ -45,8 +45,9 @@ class ApiPurge extends ApiBase { public function execute() { global $wgUser; $params = $this->extractRequestParams(); - if ( !$wgUser->isAllowed( 'purge' ) ) { - $this->dieUsageMsg( array( 'cantpurge' ) ); + if ( !$wgUser->isAllowed( 'purge' ) && !$this->getMain()->isInternalMode() && + !$this->getMain()->getRequest()->wasPosted() ) { + $this->dieUsageMsg( array( 'mustbeposted', $this->getModuleName() ) ); } $result = array(); foreach ( $params['titles'] as $t ) { @@ -73,11 +74,6 @@ class ApiPurge extends ApiBase { $this->getResult()->addValue( null, $this->getModuleName(), $result ); } - public function mustBePosted() { - global $wgUser; - return $wgUser->isAnon(); - } - public function isWriteMode() { return true; } @@ -98,7 +94,9 @@ class ApiPurge extends ApiBase { } public function getDescription() { - return 'Purge the cache for the given titles'; + return array( 'Purge the cache for the given titles.', + 'This module requires a POST request if the user is not logged in.' + ); } public function getPossibleErrors() { -- 2.20.1