Start of "Bug 21991 - Move common query parameter (uc, rc) validation, token requiri...

author Sam Reed <reedy@users.mediawiki.org>

Sun, 14 Feb 2010 22:20:27 +0000 (22:20 +0000)

committer Sam Reed <reedy@users.mediawiki.org>

Sun, 14 Feb 2010 22:20:27 +0000 (22:20 +0000)
author Sam Reed <reedy@users.mediawiki.org>
Sun, 14 Feb 2010 22:20:27 +0000 (22:20 +0000)
committer Sam Reed <reedy@users.mediawiki.org>
Sun, 14 Feb 2010 22:20:27 +0000 (22:20 +0000)
diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php

index 3b6fee1..a6a7a0a 100644 (file)
--- a/includes/api/ApiBase.php
+++ b/includes/api/ApiBase.php
@@ -965,6 +965,14 @@ abstract class ApiBase {
         public function mustBePosted() {
                 return false;
         }
+       
+       /**
+       * Indicates whether this module needs a token to preform the request
+       * @returns bool
+       */
+       public function requiresToken() {
+               return false;
+       }
  
         /**
         * Returns a list of all possible errors returned by the module
@@ -985,6 +993,10 @@ abstract class ApiBase {
                         $ret[] = array ( 'writerequired' );
                         $ret[] = array ( 'writedisabled' );
                 }
+               
+               if ( $this->requiresToken() ) {
+                       $ret[] = array( 'missingparam', 'token' );
+               }
  
                 return $ret;
         }
diff --git a/includes/api/ApiBlock.php b/includes/api/ApiBlock.php

index 8f9300d..f2b41fe 100644 (file)
--- a/includes/api/ApiBlock.php
+++ b/includes/api/ApiBlock.php
@@ -61,8 +61,6 @@ class ApiBlock extends ApiBase {
  
                 if ( is_null( $params['user'] ) )
                         $this->dieUsageMsg( array( 'missingparam', 'user' ) );
-               if ( is_null( $params['token'] ) )
-                       $this->dieUsageMsg( array( 'missingparam', 'token' ) );
                 if ( !$wgUser->matchEditToken( $params['token'] ) )
                         $this->dieUsageMsg( array( 'sessionfailure' ) );
                 if ( !$wgUser->isAllowed( 'block' ) )
@@ -163,13 +161,16 @@ class ApiBlock extends ApiBase {
         public function getPossibleErrors() {
                 return array_merge( parent::getPossibleErrors(), array(
                         array( 'missingparam', 'user' ),
-                       array( 'missingparam', 'token' ),
                         array( 'sessionfailure' ),
                         array( 'cantblock' ),
                         array( 'canthide' ),
                         array( 'cantblock-email' ),
          ) );
         }
+       
+       public function requiresToken() {
+               return true;
+       }
  
         protected function getExamples() {
                 return array (
diff --git a/includes/api/ApiDelete.php b/includes/api/ApiDelete.php

index 44be2e7..e4686cf 100644 (file)
--- a/includes/api/ApiDelete.php
+++ b/includes/api/ApiDelete.php
@@ -51,8 +51,6 @@ class ApiDelete extends ApiBase {
                 $params = $this->extractRequestParams();
  
                 $this->requireOnlyOneParameter( $params, 'title', 'pageid' );
-               if ( !isset( $params['token'] ) )
-                       $this->dieUsageMsg( array( 'missingparam', 'token' ) );
  
                 if ( isset( $params['title'] ) )
                 {
@@ -214,13 +212,16 @@ class ApiDelete extends ApiBase {
         
         public function getPossibleErrors() {
                 return array_merge( parent::getPossibleErrors(), array(
-                       array( 'missingparam', 'token' ),
                         array( 'invalidtitle', 'title' ),
                         array( 'nosuchpageid', 'pageid' ),
                         array( 'notanarticle' ),
                         array( 'hookaborted', 'error' ),
                 ) );
         }
+       
+       public function requiresToken() {
+               return true;
+       }
  
         protected function getExamples() {
                 return array (
diff --git a/includes/api/ApiEditPage.php b/includes/api/ApiEditPage.php

index d09feac..3eb4141 100644 (file)
--- a/includes/api/ApiEditPage.php
+++ b/includes/api/ApiEditPage.php
@@ -53,9 +53,6 @@ class ApiEditPage extends ApiBase {
                                 $params['undo'] == 0 )
                         $this->dieUsageMsg( array( 'missingtext' ) );
  
-               if ( is_null( $params['token'] ) )
-                       $this->dieUsageMsg( array( 'missingparam', 'token' ) );
-
                 if ( !$wgUser->matchEditToken( $params['token'] ) )
                         $this->dieUsageMsg( array( 'sessionfailure' ) );
  
@@ -350,7 +347,6 @@ class ApiEditPage extends ApiBase {
                 return array_merge( parent::getPossibleErrors(), array(
                         array( 'missingparam', 'title' ),
                         array( 'missingtext' ),
-                       array( 'missingparam', 'token' ),
                         array( 'sessionfailure' ),
                         array( 'invalidtitle', 'title' ),
                         array( 'createonly-exists' ),
@@ -466,6 +462,10 @@ class ApiEditPage extends ApiBase {
                         'undoafter' => 'Undo all revisions from undo to this one. If not set, just undo one revision',
                 );
         }
+       
+       public function requiresToken() {
+               return true;
+       }
  
         protected function getExamples() {
                 return array (
diff --git a/includes/api/ApiEmailUser.php b/includes/api/ApiEmailUser.php

index 53a38f8..b93b77f 100644 (file)
--- a/includes/api/ApiEmailUser.php
+++ b/includes/api/ApiEmailUser.php
@@ -48,8 +48,6 @@ class ApiEmailUser extends ApiBase {
                         $this->dieUsageMsg( array( 'missingparam', 'target' ) );
                 if ( !isset( $params['text'] ) )
                         $this->dieUsageMsg( array( 'missingparam', 'text' ) );
-               if ( !isset( $params['token'] ) )
-                       $this->dieUsageMsg( array( 'missingparam', 'token' ) );
                 
                 // Validate target 
                 $targetUser = EmailUserForm::validateEmailTarget( $params['target'] );
@@ -111,9 +109,12 @@ class ApiEmailUser extends ApiBase {
                         array( 'usermaildisabled' ),
                         array( 'missingparam', 'target' ),
                         array( 'missingparam', 'text' ),
-                       array( 'missingparam', 'token' ),
          ) );
         }
+       
+       public function requiresToken() {
+               return true;
+       }
  
         protected function getExamples() {
                 return array (
diff --git a/includes/api/ApiImport.php b/includes/api/ApiImport.php

index b0c0cc0..a68a103 100644 (file)
--- a/includes/api/ApiImport.php
+++ b/includes/api/ApiImport.php
@@ -44,8 +44,6 @@ class ApiImport extends ApiBase {
                 if ( !$wgUser->isAllowed( 'import' ) )
                         $this->dieUsageMsg( array( 'cantimport' ) );
                 $params = $this->extractRequestParams();
-               if ( !isset( $params['token'] ) )
-                       $this->dieUsageMsg( array( 'missingparam', 'token' ) );
                 if ( !$wgUser->matchEditToken( $params['token'] ) )
                         $this->dieUsageMsg( array( 'sessionfailure' ) );
  
@@ -146,7 +144,6 @@ class ApiImport extends ApiBase {
         public function getPossibleErrors() {
                 return array_merge( parent::getPossibleErrors(), array(
                         array( 'cantimport' ),
-                       array( 'missingparam', 'token' ),
                         array( 'sessionfailure' ),
                         array( 'missingparam', 'interwikipage' ),
                         array( 'cantimport-upload' ),
@@ -154,6 +151,10 @@ class ApiImport extends ApiBase {
                         array( 'import-unknownerror', 'result' ),
                 ) );
         }
+       
+       public function requiresToken() {
+               return true;
+       }
  
         protected function getExamples() {
                 return array(
diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php

index 8ccb8a6..8d083ce 100644 (file)
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -378,11 +378,15 @@ class ApiMain extends ApiBase {
                 if ( !is_string( $this->mAction ) ) {
                         $this->dieUsage( "The API requires a valid action parameter", 'unknown_action' );
                 }
-
+               
                 // Instantiate the module requested by the user
                 $module = new $this->mModules[$this->mAction] ( $this, $this->mAction );
                 $this->mModule = $module;
  
+               //Die if token required, but not provided (unless there is a gettoken parameter)
+               if ( $module->requiresToken() && is_null( $params['token'] ) && !is_null( $params['gettoken'] ) )
+                       $this->dieUsageMsg( array( 'missingparam', 'token' ) );
+
                 if ( $module->shouldCheckMaxlag() && isset( $params['maxlag'] ) ) {
                         // Check for maxlag
                         global $wgShowHostnames;
diff --git a/includes/api/ApiMove.php b/includes/api/ApiMove.php

index 0509cfe..0f1e31c 100644 (file)
--- a/includes/api/ApiMove.php
+++ b/includes/api/ApiMove.php
@@ -46,8 +46,6 @@ class ApiMove extends ApiBase {
                 $this->requireOnlyOneParameter( $params, 'from', 'fromid' );
                 if ( !isset( $params['to'] ) )
                         $this->dieUsageMsg( array( 'missingparam', 'to' ) );
-               if ( !isset( $params['token'] ) )
-                       $this->dieUsageMsg( array( 'missingparam', 'token' ) );
                 if ( !$wgUser->matchEditToken( $params['token'] ) )
                         $this->dieUsageMsg( array( 'sessionfailure' ) );
  
@@ -215,7 +213,6 @@ class ApiMove extends ApiBase {
         public function getPossibleErrors() {
                 return array_merge( parent::getPossibleErrors(), array(
                         array( 'missingparam', 'to' ),
-                       array( 'missingparam', 'token' ),
                         array( 'sessionfailure' ),
                         array( 'invalidtitle', 'from' ),
                         array( 'nosuchpageid', 'fromid' ),
@@ -224,6 +221,10 @@ class ApiMove extends ApiBase {
                         array( 'sharedfile-exists' ),
                 ) );
         }
+       
+       public function requiresToken() {
+               return true;
+       }
  
         protected function getExamples() {
                 return array (
diff --git a/includes/api/ApiParse.php b/includes/api/ApiParse.php

index 3380b1a..7449537 100644 (file)
--- a/includes/api/ApiParse.php
+++ b/includes/api/ApiParse.php
@@ -325,4 +325,4 @@ class ApiParse extends ApiBase {
         public function getVersion() {
                 return __CLASS__ . ': $Id$';
         }
-}
+}
+\ No newline at end of file
diff --git a/includes/api/ApiPatrol.php b/includes/api/ApiPatrol.php

index bd97c0a..101bed1 100644 (file)
--- a/includes/api/ApiPatrol.php
+++ b/includes/api/ApiPatrol.php
@@ -44,8 +44,6 @@ class ApiPatrol extends ApiBase {
                 global $wgUser;
                 $params = $this->extractRequestParams();
                 
-               if ( !isset( $params['token'] ) )
-                       $this->dieUsageMsg( array( 'missingparam', 'token' ) );
                 if ( !isset( $params['rcid'] ) )
                         $this->dieUsageMsg( array( 'missingparam', 'rcid' ) );
                 if ( !$wgUser->matchEditToken( $params['token'] ) )
@@ -92,12 +90,15 @@ class ApiPatrol extends ApiBase {
         
      public function getPossibleErrors() {
                 return array_merge( parent::getPossibleErrors(), array(
-                       array( 'missingparam', 'token' ),
                         array( 'missingparam', 'rcid' ),
                         array( 'sessionfailure' ),
                         array( 'nosuchrcid', 'rcid' ),
          ) );
         }
+       
+       public function requiresToken() {
+               return true;
+       }
  
         protected function getExamples() {
                 return array(
diff --git a/includes/api/ApiProtect.php b/includes/api/ApiProtect.php

index 5dabc91..a417dac 100644 (file)
--- a/includes/api/ApiProtect.php
+++ b/includes/api/ApiProtect.php
@@ -43,8 +43,6 @@ class ApiProtect extends ApiBase {
                 $titleObj = null;
                 if ( !isset( $params['title'] ) )
                         $this->dieUsageMsg( array( 'missingparam', 'title' ) );
-               if ( !isset( $params['token'] ) )
-                       $this->dieUsageMsg( array( 'missingparam', 'token' ) );
                 if ( empty( $params['protections'] ) )
                         $this->dieUsageMsg( array( 'missingparam', 'protections' ) );
  
@@ -177,7 +175,6 @@ class ApiProtect extends ApiBase {
         public function getPossibleErrors() {
                 return array_merge( parent::getPossibleErrors(), array(
                         array( 'missingparam', 'title' ),
-                       array( 'missingparam', 'token' ),
                         array( 'missingparam', 'protections' ),
                         array( 'sessionfailure' ),
                         array( 'invalidtitle', 'title' ),
@@ -190,6 +187,10 @@ class ApiProtect extends ApiBase {
                         array( 'pastexpiry', 'expiry' ),
                 ) );
         }
+       
+       public function requiresToken() {
+               return true;
+       }
  
         protected function getExamples() {
                 return array (
diff --git a/includes/api/ApiRollback.php b/includes/api/ApiRollback.php

index fca9e59..4245289 100644 (file)
--- a/includes/api/ApiRollback.php
+++ b/includes/api/ApiRollback.php
@@ -44,8 +44,6 @@ class ApiRollback extends ApiBase {
                         $this->dieUsageMsg( array( 'missingparam', 'title' ) );
                 if ( !isset( $params['user'] ) )
                         $this->dieUsageMsg( array( 'missingparam', 'user' ) );
-               if ( !isset( $params['token'] ) )
-                       $this->dieUsageMsg( array( 'missingparam', 'token' ) );
  
                 $titleObj = Title::newFromText( $params['title'] );
                 if ( !$titleObj )
@@ -118,12 +116,15 @@ class ApiRollback extends ApiBase {
                 return array_merge( parent::getPossibleErrors(), array(
                         array( 'missingparam', 'title' ),
                         array( 'missingparam', 'user' ),
-                       array( 'missingparam', 'token' ),
                         array( 'invalidtitle', 'title' ),
                         array( 'notanarticle' ),
                         array( 'invaliduser', 'user' ),
                 ) );
         }
+       
+       public function requiresToken() {
+               return true;
+       }
  
         protected function getExamples() {
                 return array (
diff --git a/includes/api/ApiUnblock.php b/includes/api/ApiUnblock.php

index 0299309..595dcc7 100644 (file)
--- a/includes/api/ApiUnblock.php
+++ b/includes/api/ApiUnblock.php
@@ -57,8 +57,6 @@ class ApiUnblock extends ApiBase {
                         $this->dieUsageMsg( array( 'unblock-notarget' ) );
                 if ( !is_null( $params['id'] ) && !is_null( $params['user'] ) )
                         $this->dieUsageMsg( array( 'unblock-idanduser' ) );
-               if ( is_null( $params['token'] ) )
-                       $this->dieUsageMsg( array( 'missingparam', 'token' ) );
                 if ( !$wgUser->matchEditToken( $params['token'] ) )
                         $this->dieUsageMsg( array( 'sessionfailure' ) );
                 if ( !$wgUser->isAllowed( 'block' ) )
@@ -115,11 +113,14 @@ class ApiUnblock extends ApiBase {
                 return array_merge( parent::getPossibleErrors(), array(
                         array( 'unblock-notarget' ),
                         array( 'unblock-idanduser' ),
-                       array( 'missingparam', 'token' ),
                         array( 'sessionfailure' ),
                         array( 'cantunblock' ),
          ) );
         }
+       
+       public function requiresToken() {
+               return true;
+       }
  
         protected function getExamples() {
                 return array (
diff --git a/includes/api/ApiUndelete.php b/includes/api/ApiUndelete.php

index a88440e..828d60b 100644 (file)
--- a/includes/api/ApiUndelete.php
+++ b/includes/api/ApiUndelete.php
@@ -43,8 +43,6 @@ class ApiUndelete extends ApiBase {
                 $titleObj = null;
                 if ( !isset( $params['title'] ) )
                         $this->dieUsageMsg( array( 'missingparam', 'title' ) );
-               if ( !isset( $params['token'] ) )
-                       $this->dieUsageMsg( array( 'missingparam', 'token' ) );
  
                 if ( !$wgUser->isAllowed( 'undelete' ) )
                         $this->dieUsageMsg( array( 'permdenied-undelete' ) );
@@ -123,7 +121,6 @@ class ApiUndelete extends ApiBase {
         public function getPossibleErrors() {
                 return array_merge( parent::getPossibleErrors(), array(
                         array( 'missingparam', 'title' ),
-                       array( 'missingparam', 'token' ),
                         array( 'permdenied-undelete' ),
                         array( 'blockedtext' ),
                         array( 'sessionfailure' ),
@@ -131,6 +128,10 @@ class ApiUndelete extends ApiBase {
                         array( 'cannotundelete' ),
                 ) );
         }
+       
+       public function requiresToken() {
+               return true;
+       }
  
         protected function getExamples() {
                 return array (
diff --git a/includes/api/ApiUpload.php b/includes/api/ApiUpload.php

index 12c1623..f345848 100644 (file)
--- a/includes/api/ApiUpload.php
+++ b/includes/api/ApiUpload.php
@@ -48,8 +48,6 @@ class ApiUpload extends ApiBase {
                 $request = $this->getMain()->getRequest();
  
                 // Do token checks:
-               if ( is_null( $this->mParams['token'] ) )
-                       $this->dieUsageMsg( array( 'missingparam', 'token' ) );
                 if ( !$wgUser->matchEditToken( $this->mParams['token'] ) )
                         $this->dieUsageMsg( array( 'sessionfailure' ) );
  
@@ -330,7 +328,6 @@ class ApiUpload extends ApiBase {
      public function getPossibleErrors() {
                 return array_merge( parent::getPossibleErrors(), array(
                         array( 'uploaddisabled' ),
-                       array( 'missingparam', 'token' ),
                         array( 'sessionfailure' ),
                         array( 'invalid-session-key' ),
                         array( 'uploaddisabled' ),
@@ -349,6 +346,10 @@ class ApiUpload extends ApiBase {
                         array( 'code' => 'internal-error', 'info' => 'An internal error occurred' ),
          ) );
         }
+       
+       public function requiresToken() {
+               return true;
+       }
  
         protected function getExamples() {
                 return array(
diff --git a/includes/api/ApiUserrights.php b/includes/api/ApiUserrights.php

index e5ffe4e..6117c8c 100644 (file)
--- a/includes/api/ApiUserrights.php
+++ b/includes/api/ApiUserrights.php
@@ -41,8 +41,6 @@ class ApiUserrights extends ApiBase {
                 $params = $this->extractRequestParams();
                 if ( is_null( $params['user'] ) )
                         $this->dieUsageMsg( array( 'missingparam', 'user' ) );
-               if ( is_null( $params['token'] ) )
-                       $this->dieUsageMsg( array( 'missingparam', 'token' ) );
  
                 $form = new UserrightsPage;
                 $user = $form->fetchUser( $params['user'] );
@@ -109,10 +107,13 @@ class ApiUserrights extends ApiBase {
      public function getPossibleErrors() {
                 return array_merge( parent::getPossibleErrors(), array(
                         array( 'missingparam', 'user' ),
-                       array( 'missingparam', 'token' ),
                         array( 'sessionfailure' ),
          ) );
         }
+       
+       public function requiresToken() {
+               return true;
+       }
  
         protected function getExamples() {
                 return array (
author	Sam Reed <reedy@users.mediawiki.org>
	Sun, 14 Feb 2010 22:20:27 +0000 (22:20 +0000)
committer	Sam Reed <reedy@users.mediawiki.org>
	Sun, 14 Feb 2010 22:20:27 +0000 (22:20 +0000)
includes/api/ApiBase.php		patch \| blob \| history
includes/api/ApiBlock.php		patch \| blob \| history
includes/api/ApiDelete.php		patch \| blob \| history
includes/api/ApiEditPage.php		patch \| blob \| history
includes/api/ApiEmailUser.php		patch \| blob \| history
includes/api/ApiImport.php		patch \| blob \| history
includes/api/ApiMain.php		patch \| blob \| history
includes/api/ApiMove.php		patch \| blob \| history
includes/api/ApiParse.php		patch \| blob \| history
includes/api/ApiPatrol.php		patch \| blob \| history
includes/api/ApiProtect.php		patch \| blob \| history
includes/api/ApiRollback.php		patch \| blob \| history
includes/api/ApiUnblock.php		patch \| blob \| history
includes/api/ApiUndelete.php		patch \| blob \| history
includes/api/ApiUpload.php		patch \| blob \| history
includes/api/ApiUserrights.php		patch \| blob \| history