X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/banques/ajouter.php?a=blobdiff_plain;f=includes%2Fapi%2FApiMain.php;h=ce2f930a81a15a0af360449fdd4afd6f89e9ee38;hb=69ae945e8d39972a07bea89ddb64bc0189b43ac2;hp=8d5af594c1832090e309395f9b90e74d7440ba57;hpb=892c31ebaf961c34f9ee448ed72912a6e2b3a12a;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 8d5af594c1..ce2f930a81 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -636,8 +636,8 @@ class ApiMain extends ApiBase {
 	 * If the parameter and the header do match, the header is checked against $wgCrossSiteAJAXdomains
 	 * and $wgCrossSiteAJAXdomainExceptions, and if the origin qualifies, the appropriate CORS
 	 * headers are set.
-	 * http://www.w3.org/TR/cors/#resource-requests
-	 * http://www.w3.org/TR/cors/#resource-preflight-requests
+	 * https://www.w3.org/TR/cors/#resource-requests
+	 * https://www.w3.org/TR/cors/#resource-preflight-requests
 	 *
 	 * @return bool False if the caller should abort (403 case), true otherwise (all other cases)
 	 */
@@ -719,7 +719,7 @@ class ApiMain extends ApiBase {
 
 			$response->header( "Access-Control-Allow-Origin: $allowOrigin" );
 			$response->header( "Access-Control-Allow-Credentials: $allowCredentials" );
-			// http://www.w3.org/TR/resource-timing/#timing-allow-origin
+			// https://www.w3.org/TR/resource-timing/#timing-allow-origin
 			if ( $allowTiming !== false ) {
 				$response->header( "Timing-Allow-Origin: $allowTiming" );
 			}
@@ -1361,6 +1361,15 @@ class ApiMain extends ApiBase {
 					break;
 			}
 		}
+		if ( isset( $params['assertuser'] ) ) {
+			$assertUser = User::newFromName( $params['assertuser'], false );
+			if ( !$assertUser || !$this->getUser()->equals( $assertUser ) ) {
+				$this->dieUsage(
+					'Assertion that the user is "' . $params['assertuser'] . '" failed',
+					'assertnameduserfailed'
+				);
+			}
+		}
 	}
 
 	/**
@@ -1466,7 +1475,7 @@ class ApiMain extends ApiBase {
 			'ip' => $request->getIP(),
 			'userAgent' => $this->getUserAgent(),
 			'wiki' => wfWikiID(),
-			'timeSpentBackend' => (int) round( $time * 1000 ),
+			'timeSpentBackend' => (int)round( $time * 1000 ),
 			'hadError' => $e !== null,
 			'errorCodes' => [],
 			'params' => [],
@@ -1661,6 +1670,9 @@ class ApiMain extends ApiBase {
 			'assert' => [
 				ApiBase::PARAM_TYPE => [ 'user', 'bot' ]
 			],
+			'assertuser' => [
+				ApiBase::PARAM_TYPE => 'user',
+			],
 			'requestid' => null,
 			'servedby' => false,
 			'curtimestamp' => false,