From ab12f57b27082ca8c33bc50624222f6380847f20 Mon Sep 17 00:00:00 2001
From: Yuri Astrakhan <yurik@users.mediawiki.org>
Date: Wed, 8 Aug 2007 15:12:08 +0000
Subject: [PATCH] Revert r24668; needed to prevent accidental API exposure by
 novice administrators.

---
 config/index.php | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/config/index.php b/config/index.php
index eeb0b46db5..3e42b0499d 100644
--- a/config/index.php
+++ b/config/index.php
@@ -702,6 +702,7 @@ $conf->Email     = importRequest("Email", "email_enabled");
 $conf->Emailuser = importRequest("Emailuser", "emailuser_enabled");
 $conf->Enotif    = importRequest("Enotif", "enotif_allpages");
 $conf->Eauthent  = importRequest("Eauthent", "eauthent_enabled");
+$conf->Api       = importRequest("Api", "api_enabled_readonly" );
 
 if( $conf->posted && ( 0 == count( $errs ) ) ) {
 	do { /* So we can 'continue' to end prematurely */
@@ -1238,6 +1239,20 @@ if( count( $errs ) ) {
 		MediaWiki can also detect and support eAccelerator, Turck MMCache, APC, and XCache, but
 		these should not be used if the wiki will be running on multiple application servers.
 	</p>
+	<div class="config-input">
+		<label class='column'>External API:</label>
+
+		<ul class="plain">
+		<li><?php aField( $conf, "Api", "Enabled for Reading and Writing", "radio", "api_enabled_readwrite" ); ?></li>
+		<li><?php aField( $conf, "Api", "Enabled for Reading only", "radio", "api_enabled_readonly" ); ?></li>
+		<li><?php aField( $conf, "Api", "Disabled", "radio", "api_disabled" ); ?></li>
+		</ul>
+	</div>
+	<p class="config-desc">
+		API allows programs and scripts to directly access MediaWiki data in computer-readable formats.
+        Once enabled, it will be accessible through
+        <?php echo htmlspecialchars( $conf->ScriptPath ); ?>/api.php
+	</p>
 </div>
 
 <h2>E-mail, e-mail notification and authentication setup</h2>
@@ -1527,6 +1542,22 @@ function writeLocalSettings( $conf ) {
 		$enotifwatchlist = 'false';
 	}
 
+    switch ( $conf->Api ) {
+		case "api_enabled_readwrite":
+            $apiEnabled = 'true';
+            $apiWriteEnabled = 'true';
+            break;
+		case "api_enabled_readonly":
+            $apiEnabled = 'true';
+            $apiWriteEnabled = 'false';
+            break;
+        case "api_disabled":
+        default:
+            $apiEnabled = 'false';
+            $apiWriteEnabled = 'false';
+            break;
+    }
+
 	$file = @fopen( "/dev/urandom", "r" );
 	if ( $file ) {
 		$secretKey = bin2hex( fread( $file, 32 ) );
@@ -1671,6 +1702,11 @@ if ( \$wgCommandLineMode ) {
 # sure that cached pages are cleared.
 \$configdate = gmdate( 'YmdHis', @filemtime( __FILE__ ) );
 \$wgCacheEpoch = max( \$wgCacheEpoch, \$configdate );
+
+# Enable direct access to the data API through api.php
+\$wgEnableAPI = $apiEnabled;
+\$wgEnableWriteAPI = $apiWriteEnabled;
+
 	"; ## End of setting the $localsettings string
 
 	// Keep things in Unix line endings internally;
-- 
2.20.1