* API meta=siteinfo can now return the list of known variable IDs.
* (bug 30836) siteinfo prop=specialpagealiases will no longer return nonexistent special pages.
* (bug 35980) list=deletedrevs now honors drdir correctly in "all" mode (mode #3).
+* (bug 29290) API avoids mangling fields in continuation parameters
+* (bug 36987) API avoids mangling fields in continuation parameters
=== Languages updated in 1.20 ===
$this->addFields( 'cat_title' );
$this->addWhere( 'cat_pages > 0' );
+ if ( !is_null( $params['continue'] ) ) {
+ $cont = explode( '|', $params['continue'] );
+ if ( count( $cont ) != 1 ) {
+ $this->dieUsage( "Invalid continue param. You should pass the " .
+ "original value returned by the previous query", "_badcontinue" );
+ }
+ $op = $params['dir'] == 'descending' ? '<' : '>';
+ $cont_from = $db->addQuotes( $cont[0] );
+ $this->addWhere( "cat_title $op= $cont_from" );
+ }
+
$dir = ( $params['dir'] == 'descending' ? 'older' : 'newer' );
$from = ( is_null( $params['from'] ) ? null : $this->titlePartToKey( $params['from'] ) );
$to = ( is_null( $params['to'] ) ? null : $this->titlePartToKey( $params['to'] ) );
foreach ( $res as $row ) {
if ( ++ $count > $params['limit'] ) {
// We've reached the one extra which shows that there are additional cats to be had. Stop here...
- // TODO: Security issue - if the user has no right to view next title, it will still be shown
- $this->setContinueEnumParameter( 'from', $this->keyToTitle( $row->cat_title ) );
+ $this->setContinueEnumParameter( 'continue', $row->cat_title );
break;
}
}
$fit = $result->addValue( array( 'query', $this->getModuleName() ), null, $item );
if ( !$fit ) {
- $this->setContinueEnumParameter( 'from', $this->keyToTitle( $row->cat_title ) );
+ $this->setContinueEnumParameter( 'continue', $row->cat_title );
break;
}
}
public function getAllowedParams() {
return array(
'from' => null,
+ 'continue' => null,
'to' => null,
'prefix' => null,
'dir' => array(
public function getParamDescription() {
return array(
'from' => 'The category to start enumerating from',
+ 'continue' => 'When more results are available, use this to continue',
'to' => 'The category to stop enumerating at',
'prefix' => 'Search for all category titles that begin with this value',
'dir' => 'Direction to sort in',
return 'Enumerate all categories';
}
+ public function getPossibleErrors() {
+ return array_merge( parent::getPossibleErrors(), array(
+ array( 'code' => '_badcontinue', 'info' => 'Invalid continue param. You should pass the original value returned by the previous query' ),
+ ) );
+ }
+
public function getExamples() {
return array(
'api.php?action=query&list=allcategories&acprop=size',
$params = $this->extractRequestParams();
+ if ( !is_null( $params['continue'] ) ) {
+ $cont = explode( '|', $params['continue'] );
+ if ( count( $cont ) != 1 ) {
+ $this->dieUsage( "Invalid continue param. You should pass the " .
+ "original value returned by the previous query", "_badcontinue" );
+ }
+ $op = $params['dir'] == 'descending' ? '<' : '>';
+ $cont_from = $db->addQuotes( $cont[0] );
+ $this->addWhere( "img_name $op= $cont_from" );
+ }
+
// Image filters
$dir = ( $params['dir'] == 'descending' ? 'older' : 'newer' );
$from = ( is_null( $params['from'] ) ? null : $this->titlePartToKey( $params['from'] ) );
foreach ( $res as $row ) {
if ( ++ $count > $limit ) {
// We've reached the one extra which shows that there are additional pages to be had. Stop here...
- // TODO: Security issue - if the user has no right to view next title, it will still be shown
- $this->setContinueEnumParameter( 'from', $this->keyToTitle( $row->img_name ) );
+ $this->setContinueEnumParameter( 'continue', $row->img_name );
break;
}
$fit = $result->addValue( array( 'query', $this->getModuleName() ), null, $info );
if ( !$fit ) {
- $this->setContinueEnumParameter( 'from', $this->keyToTitle( $row->img_name ) );
+ $this->setContinueEnumParameter( 'continue', $row->img_name );
break;
}
} else {
public function getAllowedParams() {
return array (
'from' => null,
+ 'continue' => null,
'to' => null,
'prefix' => null,
'minsize' => array(
public function getParamDescription() {
return array(
'from' => 'The image title to start enumerating from',
+ 'continue' => 'When more results are available, use this to continue',
'to' => 'The image title to stop enumerating at',
'prefix' => 'Search for all image titles that begin with this value',
'dir' => 'The direction in which to list',
array( 'code' => 'mimesearchdisabled', 'info' => 'MIME search disabled in Miser Mode' ),
array( 'code' => 'invalidsha1hash', 'info' => 'The SHA1 hash provided is not valid' ),
array( 'code' => 'invalidsha1base36hash', 'info' => 'The SHA1Base36 hash provided is not valid' ),
+ array( 'code' => '_badcontinue', 'info' => 'Invalid continue param. You should pass the original value returned by the previous query' ),
) );
}
}
if ( !is_null( $params['continue'] ) ) {
$continueArr = explode( '|', $params['continue'] );
- if ( count( $continueArr ) != 2 ) {
- $this->dieUsage( 'Invalid continue parameter', 'badcontinue' );
- }
$op = $params['dir'] == 'descending' ? '<' : '>';
- $continueTitle = $db->addQuotes( $this->titleToKey( $continueArr[0] ) );
- $continueFrom = intval( $continueArr[1] );
- $this->addWhere(
- "pl_title $op $continueTitle OR " .
- "(pl_title = $continueTitle AND " .
- "pl_from $op= $continueFrom)"
- );
+ if ( $params['unique'] ) {
+ if ( count( $continueArr ) != 1 ) {
+ $this->dieUsage( 'Invalid continue parameter', 'badcontinue' );
+ }
+ $continueTitle = $db->addQuotes( $continueArr[0] );
+ $this->addWhere( "pl_title $op= $continueTitle" );
+ } else {
+ if ( count( $continueArr ) != 2 ) {
+ $this->dieUsage( 'Invalid continue parameter', 'badcontinue' );
+ }
+ $continueTitle = $db->addQuotes( $continueArr[0] );
+ $continueFrom = intval( $continueArr[1] );
+ $this->addWhere(
+ "pl_title $op $continueTitle OR " .
+ "(pl_title = $continueTitle AND " .
+ "pl_from $op= $continueFrom)"
+ );
+ }
}
$from = ( is_null( $params['from'] ) ? null : $this->titlePartToKey( $params['from'] ) );
foreach ( $res as $row ) {
if ( ++ $count > $limit ) {
// We've reached the one extra which shows that there are additional pages to be had. Stop here...
- // TODO: Security issue - if the user has no right to view next title, it will still be shown
if ( $params['unique'] ) {
- $this->setContinueEnumParameter( 'from', $this->keyToTitle( $row->pl_title ) );
+ $this->setContinueEnumParameter( 'continue', $row->pl_title );
} else {
- $this->setContinueEnumParameter( 'continue', $this->keyToTitle( $row->pl_title ) . "|" . $row->pl_from );
+ $this->setContinueEnumParameter( 'continue', $row->pl_title . "|" . $row->pl_from );
}
break;
}
$fit = $result->addValue( array( 'query', $this->getModuleName() ), null, $vals );
if ( !$fit ) {
if ( $params['unique'] ) {
- $this->setContinueEnumParameter( 'from', $this->keyToTitle( $row->pl_title ) );
+ $this->setContinueEnumParameter( 'continue', $row->pl_title );
} else {
- $this->setContinueEnumParameter( 'continue', $this->keyToTitle( $row->pl_title ) . "|" . $row->pl_from );
+ $this->setContinueEnumParameter( 'continue', $row->pl_title . "|" . $row->pl_from );
}
break;
}
// Page filters
$this->addTables( 'page' );
+ if ( !is_null( $params['continue'] ) ) {
+ $cont = explode( '|', $params['continue'] );
+ if ( count( $cont ) != 1 ) {
+ $this->dieUsage( "Invalid continue param. You should pass the " .
+ "original value returned by the previous query", "_badcontinue" );
+ }
+ $op = $params['dir'] == 'descending' ? '<' : '>';
+ $cont_from = $db->addQuotes( $cont[0] );
+ $this->addWhere( "page_title $op= $cont_from" );
+ }
+
if ( $params['filterredir'] == 'redirects' ) {
$this->addWhereFld( 'page_is_redirect', 1 );
} elseif ( $params['filterredir'] == 'nonredirects' ) {
foreach ( $res as $row ) {
if ( ++ $count > $limit ) {
// We've reached the one extra which shows that there are additional pages to be had. Stop here...
- // TODO: Security issue - if the user has no right to view next title, it will still be shown
- $this->setContinueEnumParameter( 'from', $this->keyToTitle( $row->page_title ) );
+ $this->setContinueEnumParameter( 'continue', $row->page_title );
break;
}
);
$fit = $result->addValue( array( 'query', $this->getModuleName() ), null, $vals );
if ( !$fit ) {
- $this->setContinueEnumParameter( 'from', $this->keyToTitle( $row->page_title ) );
+ $this->setContinueEnumParameter( 'continue', $row->page_title );
break;
}
} else {
return array(
'from' => null,
+ 'continue' => null,
'to' => null,
'prefix' => null,
'namespace' => array(
$p = $this->getModulePrefix();
return array(
'from' => 'The page title to start enumerating from',
+ 'continue' => 'When more results are available, use this to continue',
'to' => 'The page title to stop enumerating at',
'prefix' => 'Search for all page titles that begin with this value',
'namespace' => 'The namespace to enumerate',
return array_merge( parent::getPossibleErrors(), array(
array( 'code' => 'params', 'info' => 'Use "gapfilterredir=nonredirects" option instead of "redirects" when using allpages as a generator' ),
array( 'code' => 'params', 'info' => 'prlevel may not be used without prtype' ),
+ array( 'code' => '_badcontinue', 'info' => 'Invalid continue param. You should pass the original value returned by the previous query' ),
) );
}
}
$op = $params['dir'] == 'descending' ? '<' : '>';
$clfrom = intval( $cont[0] );
- $clto = $this->getDB()->addQuotes( $this->titleToKey( $cont[1] ) );
+ $clto = $this->getDB()->addQuotes( $cont[1] );
$this->addWhere(
"cl_from $op $clfrom OR " .
"(cl_from = $clfrom AND " .
if ( ++$count > $params['limit'] ) {
// We've reached the one extra which shows that
// there are additional pages to be had. Stop here...
- $this->setContinueEnumParameter( 'continue', $row->cl_from .
- '|' . $this->keyToTitle( $row->cl_to ) );
+ $this->setContinueEnumParameter( 'continue', $row->cl_from . '|' . $row->cl_to );
break;
}
$fit = $this->addPageSubItem( $row->cl_from, $vals );
if ( !$fit ) {
- $this->setContinueEnumParameter( 'continue', $row->cl_from .
- '|' . $this->keyToTitle( $row->cl_to ) );
+ $this->setContinueEnumParameter( 'continue', $row->cl_from . '|' . $row->cl_to );
break;
}
}
if ( ++$count > $params['limit'] ) {
// We've reached the one extra which shows that
// there are additional pages to be had. Stop here...
- $this->setContinueEnumParameter( 'continue', $row->cl_from .
- '|' . $this->keyToTitle( $row->cl_to ) );
+ $this->setContinueEnumParameter( 'continue', $row->cl_from . '|' . $row->cl_to );
break;
}
$this->dieUsage( 'Invalid continue param. You should pass the original value returned by the previous query', 'badcontinue' );
}
$ns = intval( $cont[0] );
- $title = $db->addQuotes( $this->titleToKey( $cont[1] ) );
+ $title = $db->addQuotes( $cont[1] );
$ts = $db->addQuotes( $db->timestamp( $cont[2] ) );
$op = ( $dir == 'newer' ? '>' : '<' );
$this->addWhere( "ar_namespace $op $ns OR " .
// We've had enough
if ( $mode == 'all' || $mode == 'revs' ) {
$this->setContinueEnumParameter( 'continue', intval( $row->ar_namespace ) . '|' .
- $this->keyToTitle( $row->ar_title ) . '|' . $row->ar_timestamp );
+ $row->ar_title . '|' . $row->ar_timestamp );
} else {
$this->setContinueEnumParameter( 'start', wfTimestamp( TS_ISO_8601, $row->ar_timestamp ) );
}
if ( !$fit ) {
if ( $mode == 'all' || $mode == 'revs' ) {
$this->setContinueEnumParameter( 'continue', intval( $row->ar_namespace ) . '|' .
- $this->keyToTitle( $row->ar_title ) . '|' . $row->ar_timestamp );
+ $row->ar_title . '|' . $row->ar_timestamp );
} else {
$this->setContinueEnumParameter( 'start', wfTimestamp( TS_ISO_8601, $row->ar_timestamp ) );
}
}
$op = $params['dir'] == 'descending' ? '<' : '>';
$db = $this->getDB();
- $orig = $db->addQuotes( $this->titleTokey( $cont[0] ) );
- $dup = $db->addQuotes( $this->titleToKey( $cont[1] ) );
+ $orig = $db->addQuotes( $cont[0] );
+ $dup = $db->addQuotes( $cont[1] );
$this->addWhere(
"i1.img_name $op $orig OR " .
"(i1.img_name = $orig AND " .
if ( ++$count > $params['limit'] ) {
// We've reached the one extra which shows that
// there are additional pages to be had. Stop here...
- $this->setContinueEnumParameter( 'continue',
- $this->keyToTitle( $row->orig_name ) . '|' .
- $this->keyToTitle( $row->dup_name ) );
+ $this->setContinueEnumParameter( 'continue', $row->orig_name . '|' . $row->dup_name );
break;
}
if ( !is_null( $resultPageSet ) ) {
);
$fit = $this->addPageSubItem( $images[$row->orig_name], $r );
if ( !$fit ) {
- $this->setContinueEnumParameter( 'continue',
- $this->keyToTitle( $row->orig_name ) . '|' .
- $this->keyToTitle( $row->dup_name ) );
+ $this->setContinueEnumParameter( 'continue', $row->orig_name . '|' . $row->dup_name );
break;
}
}
$this->addFieldsIf( 'fa_metadata', $fld_metadata );
$this->addFieldsIf( 'fa_bits', $fld_bitdepth );
+ if ( !is_null( $params['continue'] ) ) {
+ $cont = explode( '|', $params['continue'] );
+ if ( count( $cont ) != 1 ) {
+ $this->dieUsage( "Invalid continue param. You should pass the " .
+ "original value returned by the previous query", "_badcontinue" );
+ }
+ $op = $params['dir'] == 'descending' ? '<' : '>';
+ $cont_from = $db->addQuotes( $cont[0] );
+ $this->addWhere( "fa_name $op= $cont_from" );
+ }
+
// Image filters
$dir = ( $params['dir'] == 'descending' ? 'older' : 'newer' );
$from = ( is_null( $params['from'] ) ? null : $this->titlePartToKey( $params['from'] ) );
+ if ( !is_null( $params['continue'] ) ) {
+ $from = $params['continue'];
+ }
$to = ( is_null( $params['to'] ) ? null : $this->titlePartToKey( $params['to'] ) );
$this->addWhereRange( 'fa_name', $dir, $from, $to );
if ( isset( $params['prefix'] ) ) {
foreach ( $res as $row ) {
if ( ++$count > $limit ) {
// We've reached the one extra which shows that there are additional pages to be had. Stop here...
- // TODO: Security issue - if the user has no right to view next title, it will still be shown
- $this->setContinueEnumParameter( 'from', $this->keyToTitle( $row->fa_name ) );
+ $this->setContinueEnumParameter( 'continue', $row->fa_name );
break;
}
$fit = $result->addValue( array( 'query', $this->getModuleName() ), null, $file );
if ( !$fit ) {
- $this->setContinueEnumParameter( 'from', $this->keyToTitle( $row->fa_name ) );
+ $this->setContinueEnumParameter( 'continue', $row->fa_name );
break;
}
}
public function getAllowedParams() {
return array (
'from' => null,
+ 'continue' => null,
'to' => null,
'prefix' => null,
'limit' => array(
public function getParamDescription() {
return array(
'from' => 'The image title to start enumerating from',
+ 'continue' => 'When more results are available, use this to continue',
'to' => 'The image title to stop enumerating at',
'prefix' => 'Search for all image titles that begin with this value',
'dir' => 'The direction in which to list',
array( 'code' => 'hashsearchdisabled', 'info' => 'Search by hash disabled in Miser Mode' ),
array( 'code' => 'invalidsha1hash', 'info' => 'The SHA1 hash provided is not valid' ),
array( 'code' => 'invalidsha1base36hash', 'info' => 'The SHA1Base36 hash provided is not valid' ),
+ array( 'code' => '_badcontinue', 'info' => 'Invalid continue param. You should pass the original value returned by the previous query' ),
) );
}
$db = $this->getDB();
$op = $params['dir'] == 'descending' ? '<' : '>';
$prefix = $db->addQuotes( $cont[0] );
- $title = $db->addQuotes( $this->titleToKey( $cont[1] ) );
+ $title = $db->addQuotes( $cont[1] );
$from = intval( $cont[2] );
$this->addWhere(
"iwl_prefix $op $prefix OR " .
$db = $this->getDB();
$iwlfrom = intval( $cont[0] );
$iwlprefix = $db->addQuotes( $cont[1] );
- $iwltitle = $db->addQuotes( $this->titleToKey( $cont[2] ) );
+ $iwltitle = $db->addQuotes( $cont[2] );
$this->addWhere(
"iwl_from $op $iwlfrom OR " .
"(iwl_from = $iwlfrom AND " .
}
$op = $params['dir'] == 'descending' ? '<' : '>';
$ilfrom = intval( $cont[0] );
- $ilto = $this->getDB()->addQuotes( $this->titleToKey( $cont[1] ) );
+ $ilto = $this->getDB()->addQuotes( $cont[1] );
$this->addWhere(
"il_from $op $ilfrom OR " .
"(il_from = $ilfrom AND " .
if ( ++$count > $params['limit'] ) {
// We've reached the one extra which shows that
// there are additional pages to be had. Stop here...
- $this->setContinueEnumParameter( 'continue', $row->il_from .
- '|' . $this->keyToTitle( $row->il_to ) );
+ $this->setContinueEnumParameter( 'continue', $row->il_from . '|' . $row->il_to );
break;
}
$vals = array();
ApiQueryBase::addTitleInfo( $vals, Title::makeTitle( NS_FILE, $row->il_to ) );
$fit = $this->addPageSubItem( $row->il_from, $vals );
if ( !$fit ) {
- $this->setContinueEnumParameter( 'continue', $row->il_from .
- '|' . $this->keyToTitle( $row->il_to ) );
+ $this->setContinueEnumParameter( 'continue', $row->il_from . '|' . $row->il_to );
break;
}
}
if ( ++$count > $params['limit'] ) {
// We've reached the one extra which shows that
// there are additional pages to be had. Stop here...
- $this->setContinueEnumParameter( 'continue', $row->il_from .
- '|' . $this->keyToTitle( $row->il_to ) );
+ $this->setContinueEnumParameter( 'continue', $row->il_from . '|' . $row->il_to );
break;
}
$titles[] = Title::makeTitle( NS_FILE, $row->il_to );
$db = $this->getDB();
$op = $params['dir'] == 'descending' ? '<' : '>';
$prefix = $db->addQuotes( $cont[0] );
- $title = $db->addQuotes( $this->titleToKey( $cont[1] ) );
+ $title = $db->addQuotes( $cont[1] );
$from = intval( $cont[2] );
$this->addWhere(
"ll_lang $op $prefix OR " .
$op = $params['dir'] == 'descending' ? '<' : '>';
$plfrom = intval( $cont[0] );
$plns = intval( $cont[1] );
- $pltitle = $this->getDB()->addQuotes( $this->titleToKey( $cont[2] ) );
+ $pltitle = $this->getDB()->addQuotes( $cont[2] );
$this->addWhere(
"{$this->prefix}_from $op $plfrom OR " .
"({$this->prefix}_from = $plfrom AND " .
// We've reached the one extra which shows that
// there are additional pages to be had. Stop here...
$this->setContinueEnumParameter( 'continue',
- "{$row->pl_from}|{$row->pl_namespace}|" .
- $this->keyToTitle( $row->pl_title ) );
+ "{$row->pl_from}|{$row->pl_namespace}|{$row->pl_title}" );
break;
}
$vals = array();
$fit = $this->addPageSubItem( $row->pl_from, $vals );
if ( !$fit ) {
$this->setContinueEnumParameter( 'continue',
- "{$row->pl_from}|{$row->pl_namespace}|" .
- $this->keyToTitle( $row->pl_title ) );
+ "{$row->pl_from}|{$row->pl_namespace}|{$row->pl_title}" );
break;
}
}
// We've reached the one extra which shows that
// there are additional pages to be had. Stop here...
$this->setContinueEnumParameter( 'continue',
- "{$row->pl_from}|{$row->pl_namespace}|" .
- $this->keyToTitle( $row->pl_title ) );
+ "{$row->pl_from}|{$row->pl_namespace}|{$row->pl_title}" );
break;
}
$titles[] = Title::makeTitle( $row->pl_namespace, $row->pl_title );
"original value returned by the previous query", "_badcontinue" );
}
$ns = intval( $cont[0] );
- $title = $this->getDB()->addQuotes( $this->titleToKey( $cont[1] ) );
+ $title = $this->getDB()->addQuotes( $cont[1] );
$op = $params['dir'] == 'ascending' ? '>' : '<';
$this->addWhere(
"wl_namespace $op $ns OR " .
foreach ( $res as $row ) {
if ( ++$count > $params['limit'] ) {
// We've reached the one extra which shows that there are additional pages to be had. Stop here...
- $this->setContinueEnumParameter( 'continue', $row->wl_namespace . '|' .
- $this->keyToTitle( $row->wl_title ) );
+ $this->setContinueEnumParameter( 'continue', $row->wl_namespace . '|' . $row->wl_title );
break;
}
$t = Title::makeTitle( $row->wl_namespace, $row->wl_title );
}
$fit = $this->getResult()->addValue( $this->getModuleName(), null, $vals );
if ( !$fit ) {
- $this->setContinueEnumParameter( 'continue', $row->wl_namespace . '|' .
- $this->keyToTitle( $row->wl_title ) );
+ $this->setContinueEnumParameter( 'continue', $row->wl_namespace . '|' . $row->wl_title );
break;
}
} else {