r29934 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r29933‎ \| r29934 \| r29935 >
Date:	20:43, 18 January 2008
Author:	catrope
Status:	old
Tags:
Comment:	API: Making a bunch of state-changing modules require POST requests.
Modified paths:	/trunk/phase3/RELEASE-NOTES (modified) (history) /trunk/phase3/includes/api/ApiBase.php (modified) (history) /trunk/phase3/includes/api/ApiBlock.php (modified) (history) /trunk/phase3/includes/api/ApiDelete.php (modified) (history) /trunk/phase3/includes/api/ApiLogin.php (modified) (history) /trunk/phase3/includes/api/ApiMain.php (modified) (history) /trunk/phase3/includes/api/ApiMove.php (modified) (history) /trunk/phase3/includes/api/ApiProtect.php (modified) (history) /trunk/phase3/includes/api/ApiRollback.php (modified) (history) /trunk/phase3/includes/api/ApiUnblock.php (modified) (history) /trunk/phase3/includes/api/ApiUndelete.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/api/ApiMove.php
—	—	@@ -110,6 +110,8 @@
111	111	$this->getResult()->addValue(null, $this->getModuleName(), $r);
112	112	}
113	113
	114	+ public function mustBePosted() { return true; }
	115	+
114	116	protected function getAllowedParams() {
115	117	return array (
116	118	'from' => null,
Index: trunk/phase3/includes/api/ApiLogin.php
—	—	@@ -217,6 +217,8 @@
218	218	private function getMemCacheKey() {
219	219	return wfMemcKey( 'apilogin', 'badlogin', 'ip', wfGetIP() );
220	220	}
	221	+
	222	+ public function mustBePosted() { return true; }
221	223
222	224	protected function getAllowedParams() {
223	225	return array (
Index: trunk/phase3/includes/api/ApiProtect.php
—	—	@@ -109,6 +109,8 @@
110	110	$this->getResult()->addValue(null, $this->getModuleName(), $res);
111	111	}
112	112
	113	+ public function mustBePosted() { return true; }
	114	+
113	115	protected function getAllowedParams() {
114	116	return array (
115	117	'title' => null,
Index: trunk/phase3/includes/api/ApiMain.php
—	—	@@ -320,8 +320,11 @@
321	321	return;
322	322	}
323	323	}
324		-
	324	+
325	325	if (!$this->mInternalMode) {
	326	+ // Ignore mustBePosted() for internal calls
	327	+ if($module->mustBePosted() && !$this->mRequest->wasPosted())
	328	+ $this->dieUsage("The {$this->mAction} module requires a POST request", 'mustbeposted');
326	329
327	330	// See if custom printer is used
328	331	$this->mPrinter = $module->getCustomPrinter();
Index: trunk/phase3/includes/api/ApiRollback.php
—	—	@@ -86,6 +86,8 @@
87	87	$this->getResult()->addValue(null, $this->getModuleName(), $info);
88	88	}
89	89
	90	+ public function mustBePosted() { return true; }
	91	+
90	92	protected function getAllowedParams() {
91	93	return array (
92	94	'title' => null,
Index: trunk/phase3/includes/api/ApiBlock.php
—	—	@@ -113,6 +113,8 @@
114	114	$this->getResult()->addValue(null, $this->getModuleName(), $res);
115	115	}
116	116
	117	+ public function mustBePosted() { return true; }
	118	+
117	119	protected function getAllowedParams() {
118	120	return array (
119	121	'user' => null,
Index: trunk/phase3/includes/api/ApiDelete.php
—	—	@@ -118,6 +118,8 @@
119	119	return array(array('cannotdelete', $article->mTitle->getPrefixedText()));
120	120	}
121	121
	122	+ public function mustBePosted() { return true; }
	123	+
122	124	protected function getAllowedParams() {
123	125	return array (
124	126	'title' => null,
Index: trunk/phase3/includes/api/ApiUndelete.php
—	—	@@ -81,6 +81,8 @@
82	82	$this->getResult()->addValue(null, $this->getModuleName(), $info);
83	83	}
84	84
	85	+ public function mustBePosted() { return true; }
	86	+
85	87	protected function getAllowedParams() {
86	88	return array (
87	89	'title' => null,
Index: trunk/phase3/includes/api/ApiBase.php
—	—	@@ -652,6 +652,13 @@
653	653	public function isEditMode() {
654	654	return false;
655	655	}
	656	+
	657	+ /**
	658	+ * Indicates whether this module must be called with a POST request
	659	+ */
	660	+ public function mustBePosted() {
	661	+ return false;
	662	+ }
656	663
657	664
658	665	/**
Index: trunk/phase3/includes/api/ApiUnblock.php
—	—	@@ -82,6 +82,8 @@
83	83	$res['reason'] = $reason;
84	84	$this->getResult()->addValue(null, $this->getModuleName(), $res);
85	85	}
	86	+
	87	+ public function mustBePosted() { return true; }
86	88
87	89	protected function getAllowedParams() {
88	90	return array (
Index: trunk/phase3/RELEASE-NOTES
—	—	@@ -441,6 +441,7 @@
442	442	* Added cascade flag to prop=info&inprop=protections
443	443	* Added wlshow parameter to list=watchlist, similar to rcshow (list=recentchanges)
444	444	* Added support for image thumbnailing to prop=imageinfo
	445	+* action={login,block,delete,move,protect,rollback,unblock,undelete} now must be POSTed
445	446
446	447	=== Languages updated in 1.12 ===
447	448

Status & tagging log

15:23, 12 September 2011 Meno25 (talk | contribs) changed the status of r29934 [removed: ok added: old]