From 903732fd15bfbabf758abec8b15fd3d29df44241 Mon Sep 17 00:00:00 2001
From: Roan Kattouw <catrope@users.mediawiki.org>
Date: Wed, 21 May 2008 14:33:27 +0000
Subject: [PATCH] API: Requesting a token you aren't allowed to request no
 longer dies with an error but just throws a warning and doesn't give you the
 token.

---
 RELEASE-NOTES                 | 1 +
 includes/api/ApiQueryBase.php | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index e91c4ad49c..aa2310b107 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -353,6 +353,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * (bug 13606) Allow deletion of images
 * Added iiprop=mime and aiprop=metadata
 * Handled unrecognized values for parameters more gracefully
+* Handled requesting disallowed tokens more gracefully
 
 === Languages updated in 1.13 ===
 
diff --git a/includes/api/ApiQueryBase.php b/includes/api/ApiQueryBase.php
index 7cb5bb07ef..e1d9fc3cdf 100644
--- a/includes/api/ApiQueryBase.php
+++ b/includes/api/ApiQueryBase.php
@@ -355,7 +355,10 @@ abstract class ApiQueryBase extends ApiBase {
 			if ($wgUser->isAllowed($action))
 				return true;
 			else
-				$this->dieUsage("Action '$action' is not allowed for the current user", 'permissiondenied');
+			{
+				$this->setWarning("Action '$action' is not allowed for the current user");
+				return false;
+			}
 		}
 		return false;
 	}
-- 
2.20.1