API: Allow fetching login token from action=query&meta=tokens on private wikis

The problem is that ApiQuery requires the 'read' right even though
ApiQueryTokens doesn't.

So, we introduce an exception: if action=query gets only meta=tokens
(and optionally rawcontinue and indexpageids, since they don't affect
anything), no other modules and nothing in the ApiPageSet,
ApiQuery::isReadMode() will return false.

Bug: T130112
Change-Id: I83dafb0305ff0cb1fc3bac668b88b5d2022e5880

diff --git a/includes/api/ApiQuery.php b/includes/api/ApiQuery.php
index 4336907..733ea2c 100644 (file)
--- a/includes/api/ApiQuery.php
+++ b/includes/api/ApiQuery.php
@@ -552,6 +552,26 @@ class ApiQuery extends ApiBase {
                return implode( "\n", $moduleDescriptions );
        }
 
+       public function isReadMode() {
+               // We need to make an exception for ApiQueryTokens so login tokens can
+               // be fetched on private wikis. Restrict that exception as much as
+               // possible: no other modules allowed, and no pageset parameters
+               // either. We do allow the 'rawcontinue' and 'indexpageids' parameters
+               // since frameworks might add these unconditionally and they can't
+               // expose anything here.
+               $params = array_filter(
+                       array_diff_key(
+                               $this->extractRequestParams() + $this->getPageSet()->extractRequestParams(),
+                               [ 'rawcontinue' => 1, 'indexpageids' => 1 ]
+                       )
+               );
+               if ( $params === [ 'meta' => [ 'tokens' ] ] ) {
+                       return false;
+               }
+
+               return true;
+       }
+
        protected function getExamplesMessages() {
                return [
                        'action=query&prop=revisions&meta=siteinfo&' .