From cf5484e56f664d53b7fccb844bc4a72c13ec3acd Mon Sep 17 00:00:00 2001 From: Roan Kattouw Date: Wed, 28 May 2008 09:22:40 +0000 Subject: [PATCH] API: Added optional md5 parameter to action=edit. If set, the edit will only be committed if the MD5 hash of the text parameter equals the md5 parameter. --- RELEASE-NOTES | 1 + includes/api/ApiBase.php | 1 + includes/api/ApiEditPage.php | 7 +++++++ 3 files changed, 9 insertions(+) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index b45b14601c..5f0ee3cbaa 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -374,6 +374,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * (bug 14140) URL-encoded page titles are now decoded in edit summaries * (bug 14243) Only accept post requests in action=edit; patch by HardDisk * action=block now returns an ISO8601 timestamp, like all other modules do +* Added md5 parameter to action=edit === Languages updated in 1.13 === diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php index cd4fa1aafc..e6af87e4db 100644 --- a/includes/api/ApiBase.php +++ b/includes/api/ApiBase.php @@ -662,6 +662,7 @@ abstract class ApiBase { 'wasdeleted' => array('code' => 'pagedeleted', 'info' => "The page has been deleted since you fetched its timestamp"), 'blankpage' => array('code' => 'emptypage', 'info' => "Creating new, empty pages is not allowed"), 'editconflict' => array('code' => 'editconflict', 'info' => "Edit conflict detected"), + 'hashcheckfailed' => array('code' => 'badmd5', 'info' => "The supplied MD5 hash was incorrect"), ); /** diff --git a/includes/api/ApiEditPage.php b/includes/api/ApiEditPage.php index 63626abff1..6140265506 100644 --- a/includes/api/ApiEditPage.php +++ b/includes/api/ApiEditPage.php @@ -67,6 +67,11 @@ class ApiEditPage extends ApiBase { if(!empty($errors)) $this->dieUsageMsg($errors[0]); + # See if the MD5 hash checks out + if(isset($params['md5'])) + if(md5($params['text']) !== $params['md5']) + $this->dieUsageMsg(array('hashcheckfailed')); + $articleObj = new Article($titleObj); $ep = new EditPage($articleObj); @@ -240,6 +245,7 @@ class ApiEditPage extends ApiBase { 'captchaid' => null, 'watch' => false, 'unwatch' => false, + 'md5' => null, ); } @@ -262,6 +268,7 @@ class ApiEditPage extends ApiBase { 'unwatch' => 'Remove the page from your watchlist', 'captchaid' => 'CAPTCHA ID from previous request', 'captchaword' => 'Answer to the CAPTCHA', + 'md5' => 'The MD5 hash of the new article text. If set, the edit won\'t be done unless the hash is correct', ); } -- 2.20.1