* Use the API module's own context to check edit tokens.
* Use the global session if none is provided to doApiRequest.
* Fix ApiFlockTest to not pass an empty session, so the tokens from
the global request can be used.
Change-Id: I2bff2390f43beb984b1b451bcf4e41271b2f054f
if ( !isset( $moduleParams['token'] ) ) {
$this->dieUsageMsg( array( 'missingparam', 'token' ) );
} else {
- if ( !$this->getUser()->matchEditToken( $moduleParams['token'], $salt ) ) {
+ if ( !$this->getUser()->matchEditToken( $moduleParams['token'], $salt, $this->getContext()->getRequest() ) ) {
$this->dieUsageMsg( 'sessionfailure' );
}
}
'action' => 'block',
'user' => 'UTApiBlockee',
'reason' => 'Some reason',
- 'token' => $pageinfo['blocktoken'] ), $data, false, self::$users['sysop']->user );
+ 'token' => $pageinfo['blocktoken'] ), null, false, self::$users['sysop']->user );
$block = Block::newFromTarget('UTApiBlockee');
protected function doApiRequest( $params, $session = null, $appendModule = false, $user = null ) {
if ( is_null( $session ) ) {
- $session = array();
+ # use global session by default
+
+ global $wgRequest;
+ $session = $wgRequest->getSessionArray();
}
$context = $this->apiContext->newTestContext( $params, $session, $user );