r24678 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r24677‎ | r24678 | r24679 >
Date:17:32, 8 August 2007
Author:robchurch
Status:old
Tags:
Comment:
Revert r24673; *this is not needed*. If "API exposure" is so dangerous, then it should be *off by default*, since otherwise, everybody who upgraded from 1.7 to 1.8 will have an apparently hideous vulnerability.

Do not over-complicate the installer.
Modified paths:
  • /trunk/phase3/config/index.php (modified) (history)

Diff [purge]

Index: trunk/phase3/config/index.php
@@ -702,7 +702,6 @@
703703 $conf->Emailuser = importRequest("Emailuser", "emailuser_enabled");
704704 $conf->Enotif = importRequest("Enotif", "enotif_allpages");
705705 $conf->Eauthent = importRequest("Eauthent", "eauthent_enabled");
706 -$conf->Api = importRequest("Api", "api_enabled_readonly" );
707706
708707 if( $conf->posted && ( 0 == count( $errs ) ) ) {
709708 do { /* So we can 'continue' to end prematurely */
@@ -1239,20 +1238,6 @@
12401239 MediaWiki can also detect and support eAccelerator, Turck MMCache, APC, and XCache, but
12411240 these should not be used if the wiki will be running on multiple application servers.
12421241 </p>
1243 - <div class="config-input">
1244 - <label class='column'>External API:</label>
1245 -
1246 - <ul class="plain">
1247 - <li><?php aField( $conf, "Api", "Enabled for Reading and Writing", "radio", "api_enabled_readwrite" ); ?></li>
1248 - <li><?php aField( $conf, "Api", "Enabled for Reading only", "radio", "api_enabled_readonly" ); ?></li>
1249 - <li><?php aField( $conf, "Api", "Disabled", "radio", "api_disabled" ); ?></li>
1250 - </ul>
1251 - </div>
1252 - <p class="config-desc">
1253 - API allows programs and scripts to directly access MediaWiki data in computer-readable formats.
1254 - Once enabled, it will be accessible through
1255 - <?php echo htmlspecialchars( $conf->ScriptPath ); ?>/api.php
1256 - </p>
12571242 </div>
12581243
12591244 <h2>E-mail, e-mail notification and authentication setup</h2>
@@ -1542,22 +1527,6 @@
15431528 $enotifwatchlist = 'false';
15441529 }
15451530
1546 - switch ( $conf->Api ) {
1547 - case "api_enabled_readwrite":
1548 - $apiEnabled = 'true';
1549 - $apiWriteEnabled = 'true';
1550 - break;
1551 - case "api_enabled_readonly":
1552 - $apiEnabled = 'true';
1553 - $apiWriteEnabled = 'false';
1554 - break;
1555 - case "api_disabled":
1556 - default:
1557 - $apiEnabled = 'false';
1558 - $apiWriteEnabled = 'false';
1559 - break;
1560 - }
1561 -
15621531 $file = @fopen( "/dev/urandom", "r" );
15631532 if ( $file ) {
15641533 $secretKey = bin2hex( fread( $file, 32 ) );
@@ -1702,11 +1671,6 @@
17031672 # sure that cached pages are cleared.
17041673 \$configdate = gmdate( 'YmdHis', @filemtime( __FILE__ ) );
17051674 \$wgCacheEpoch = max( \$wgCacheEpoch, \$configdate );
1706 -
1707 -# Enable direct access to the data API through api.php
1708 -\$wgEnableAPI = $apiEnabled;
1709 -\$wgEnableWriteAPI = $apiWriteEnabled;
1710 -
17111675 "; ## End of setting the $localsettings string
17121676
17131677 // Keep things in Unix line endings internally;

Follow-up revisions

RevisionCommit summaryAuthorDate
r24705Merged revisions 24632-24693 via svnmerge from...david19:15, 9 August 2007

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r24673Revert r24668; needed to prevent accidental API exposure by novice administra...yurik15:12, 8 August 2007

Status & tagging log