r69354 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r69353‎ | r69354 | r69355 >
Date:22:09, 14 July 2010
Author:mah
Status:reverted (Comments)
Tags:
Comment:
1.16: MFT r69339
Modified paths:
  • /branches/REL1_16/extensions/AbuseFilter/ApiQueryAbuseFilters.php (modified) (history)
  • /branches/REL1_16/extensions/AbuseFilter/ApiQueryAbuseLog.php (modified) (history)
  • /branches/REL1_16/extensions/CentralAuth/ApiQueryGlobalUserInfo.php (modified) (history)
  • /branches/REL1_16/extensions/CodeReview/api/ApiCodeComments.php (modified) (history)
  • /branches/REL1_16/extensions/CodeReview/api/ApiCodeDiff.php (modified) (history)
  • /branches/REL1_16/extensions/CodeReview/api/ApiCodeUpdate.php (modified) (history)
  • /branches/REL1_16/extensions/FlaggedRevs/api/ApiQueryOldreviewedpages.php (modified) (history)
  • /branches/REL1_16/extensions/GlobalBlocking/ApiQueryGlobalBlocks.php (modified) (history)
  • /branches/REL1_16/extensions/LiquidThreads/api/ApiQueryLQTThreads.php (modified) (history)
  • /branches/REL1_16/extensions/UsabilityInitiative/ClickTracking/ApiClickTracking.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiFeedWatchlist.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiLogout.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiMain.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiParse.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiPatrol.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiPurge.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiQueryAllmessages.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiQueryBlocks.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiQueryDeletedrevs.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiQueryInfo.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiQueryLogEvents.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiQueryProtectedTitles.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiQueryRecentChanges.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiQueryRevisions.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiQueryUserContributions.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiQueryUserInfo.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiQueryUsers.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiQueryWatchlist.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiQueryWatchlistRaw.php (modified) (history)
  • /branches/REL1_16/phase3/includes/api/ApiWatch.php (modified) (history)

Diff [purge]

Index: branches/REL1_16/extensions/UsabilityInitiative/ClickTracking/ApiClickTracking.php
@@ -15,6 +15,7 @@
1616 public function execute() {
1717 global $wgUser, $wgTitle, $wgClickTrackContribGranularity1, $wgClickTrackContribGranularity2, $wgClickTrackContribGranularity3;
1818
 19+ $this->getMain()->setCachePrivate();
1920 $params = $this->extractRequestParams();
2021 $this->validateParams( $params );
2122 $eventid_to_lookup = $params['eventid'];
Index: branches/REL1_16/extensions/LiquidThreads/api/ApiQueryLQTThreads.php
@@ -43,8 +43,6 @@
4444 }
4545
4646 public function execute() {
47 - global $wgUser;
48 -
4947 $params = $this->extractRequestParams();
5048 $prop = array_flip( $params['prop'] );
5149 $result = $this->getResult();
@@ -86,6 +84,7 @@
8785 );
8886
8987 $this->addFields( $allFields );
 88+ $this->getMain()->setVaryCookie();
9089 }
9190
9291 $res = $this->select( __METHOD__ );
Index: branches/REL1_16/extensions/CentralAuth/ApiQueryGlobalUserInfo.php
@@ -41,6 +41,7 @@
4242 $prop = array_flip( (array)$params['prop'] );
4343 if ( is_null( $params['user'] ) ) {
4444 $params['user'] = $wgUser->getName();
 45+ $this->getMain()->setVaryCookie();
4546 }
4647 $user = new CentralAuthUser( $params['user'] );
4748 if ( !$user->exists() ) {
Index: branches/REL1_16/extensions/FlaggedRevs/api/ApiQueryOldreviewedpages.php
@@ -58,6 +58,7 @@
5959 $this->addWhere( 'GREATEST(page_len,rev_len)-LEAST(page_len,rev_len) <= '.
6060 intval($params['maxsize']) );
6161 if( $params['filterwatched'] == 'watched' ) {
 62+ $this->getMain()->setVaryCookie();
6263 if( !($uid = $wgUser->getId()) ) {
6364 $this->dieUsage('You must be logged-in to have a watchlist', 'notloggedin');
6465 }
@@ -82,7 +83,7 @@
8384 $this->addWhere( 'rev_id=fp_stable' );
8485 if ( !isset( $params['start'] ) && !isset( $params['end'] ) )
8586 $this->addWhere( 'fp_pending_since IS NOT NULL' );
86 -
 87+
8788 $this->addOption( 'USE INDEX', $useIndex );
8889
8990 if ( is_null( $resultPageSet ) ) {
Index: branches/REL1_16/extensions/AbuseFilter/ApiQueryAbuseFilters.php
@@ -36,6 +36,7 @@
3737
3838 public function execute() {
3939 global $wgUser;
 40+ $this->getMain()->setVaryCookie();
4041 if ( !$wgUser->isAllowed( 'abusefilter-view' ) )
4142 $this->dieUsage( 'You don\'t have permission to view abuse filters', 'permissiondenied' );
4243
Index: branches/REL1_16/extensions/AbuseFilter/ApiQueryAbuseLog.php
@@ -36,6 +36,7 @@
3737
3838 public function execute() {
3939 global $wgUser;
 40+ $this->getMain()->setVaryCookie();
4041 if ( !$wgUser->isAllowed( 'abusefilter-log' ) )
4142 $this->dieUsage( 'You don\'t have permission to view the abuse log', 'permissiondenied' );
4243
Index: branches/REL1_16/extensions/GlobalBlocking/ApiQueryGlobalBlocks.php
@@ -36,7 +36,6 @@
3737 }
3838
3939 public function execute() {
40 - global $wgUser;
4140 $params = $this->extractRequestParams();
4241
4342 $prop = array_flip($params['prop']);
Index: branches/REL1_16/extensions/CodeReview/api/ApiCodeDiff.php
@@ -4,6 +4,7 @@
55
66 public function execute() {
77 global $wgUser, $wgCodeReviewMaxDiffSize;
 8+ $this->getMain()->setVaryCookie();
89 // Before doing anything at all, let's check permissions
910 if( !$wgUser->isAllowed('codereview-use') ) {
1011 $this->dieUsage('You don\'t have permission to view code diffs','permissiondenied');
Index: branches/REL1_16/extensions/CodeReview/api/ApiCodeUpdate.php
@@ -8,6 +8,7 @@
99 if( !$wgUser->isAllowed('codereview-use') ) {
1010 $this->dieUsage('You don\'t have permission update code','permissiondenied');
1111 }
 12+ $this->getMain()->setVaryCookie();
1213 $params = $this->extractRequestParams();
1314
1415 if ( !isset( $params['repo'] ) ) {
Index: branches/REL1_16/extensions/CodeReview/api/ApiCodeComments.php
@@ -30,6 +30,7 @@
3131
3232 public function execute() {
3333 global $wgUser;
 34+ $this->getMain()->setVaryCookie();
3435 // Before doing anything at all, let's check permissions
3536 if( !$wgUser->isAllowed('codereview-use') ) {
3637 $this->dieUsage('You don\'t have permission to view code comments','permissiondenied');
Index: branches/REL1_16/phase3/includes/api/ApiQueryRevisions.php
@@ -396,6 +396,9 @@
397397
398398 if ( !is_null( $this->token ) )
399399 {
 400+ // Don't cache tokens
 401+ $this->getMain()->setCachePrivate();
 402+
400403 $tokenFunctions = $this->getTokenFunctions();
401404 foreach ( $this->token as $t )
402405 {
Index: branches/REL1_16/phase3/includes/api/ApiQueryInfo.php
@@ -244,6 +244,7 @@
245245 $this->getProtectionInfo();
246246
247247 if ( $this->fld_watched )
 248+ $this->getMain()->setVaryCookie();
248249 $this->getWatchedInfo();
249250
250251 // Run the talkid/subjectid query if requested
@@ -288,6 +289,9 @@
289290 }
290291
291292 if ( !is_null( $this->params['token'] ) ) {
 293+ // Don't cache tokens
 294+ $this->getMain()->setCachePrivate();
 295+
292296 $tokenFunctions = $this->getTokenFunctions();
293297 $pageInfo['starttimestamp'] = wfTimestamp( TS_ISO_8601, time() );
294298 foreach ( $this->params['token'] as $t )
@@ -522,7 +526,7 @@
523527 }
524528
525529 /**
526 - * Get information about watched status and put it in $watched
 530+ * Get information about watched status and put it in $this->watched
527531 */
528532 private function getWatchedInfo()
529533 {
Index: branches/REL1_16/phase3/includes/api/ApiFeedWatchlist.php
@@ -79,6 +79,9 @@
8080 $fauxReqArr['wlowner'] = $params['wlowner'];
8181 }
8282 if ( !is_null( $params['wltoken'] ) ) {
 83+ // Don't cache tokens
 84+ $this->getMain()->setCachePrivate();
 85+
8386 $fauxReqArr['wltoken'] = $params['wltoken'];
8487 }
8588
Index: branches/REL1_16/phase3/includes/api/ApiQueryUsers.php
@@ -156,6 +156,9 @@
157157
158158 if ( !is_null( $params['token'] ) )
159159 {
 160+ // Don't cache tokens
 161+ $this->getMain()->setCachePrivate();
 162+
160163 $tokenFunctions = $this->getTokenFunctions();
161164 foreach ( $params['token'] as $t )
162165 {
Index: branches/REL1_16/phase3/includes/api/ApiQueryUserContributions.php
@@ -164,7 +164,9 @@
165165 "rev_timestamp $op= '$encTS')" );
166166 }
167167
168 - if ( !$wgUser->isAllowed( 'hideuser' ) )
 168+ // Make sure private data (deleted revisions) isn't cached
 169+ $this->getMain()->setVaryCookie();
 170+ if ( !$wgUser->isAllowed( 'hideuser' ) ) {
169171 $this->addWhere( $this->getDB()->bitAnd( 'rev_deleted', Revision::DELETED_USER ) . ' = 0' );
170172 // We only want pages by the specified users.
171173 if ( $this->prefixMode )
@@ -210,8 +212,12 @@
211213 $this->fld_patrolled )
212214 {
213215 global $wgUser;
214 - if ( !$wgUser->useRCPatrol() && !$wgUser->useNPPatrol() )
215 - $this->dieUsage( "You need the patrol right to request the patrolled flag", 'permissiondenied' );
 216+ // Don't cache private data
 217+ $this->getMain()->setVaryCookie();
 218+ if ( !$wgUser->useRCPatrol() && !$wgUser->useNPPatrol() ) {
 219+ $this->dieUsage( 'You need the patrol right to request the patrolled flag', 'permissiondenied' );
 220+ }
 221+
216222 // Use a redundant join condition on both
217223 // timestamp and ID so we can use the timestamp
218224 // index
Index: branches/REL1_16/phase3/includes/api/ApiQueryRecentChanges.php
@@ -137,8 +137,12 @@
138138
139139 // Check permissions
140140 global $wgUser;
141 - if ( ( isset( $show['patrolled'] ) || isset( $show['!patrolled'] ) ) && !$wgUser->useRCPatrol() && !$wgUser->useNPPatrol() )
142 - $this->dieUsage( "You need the patrol right to request the patrolled flag", 'permissiondenied' );
 141+ if ( isset( $show['patrolled'] ) || isset( $show['!patrolled'] ) ) {
 142+ $this->getMain()->setVaryCookie();
 143+ if ( !$wgUser->useRCPatrol() && !$wgUser->useNPPatrol() ) {
 144+ $this->dieUsage( 'You need the patrol right to request the patrolled flag', 'permissiondenied' );
 145+ }
 146+ }
143147
144148 /* Add additional conditions to query depending upon parameters. */
145149 $this->addWhereIf( 'rc_minor = 0', isset ( $show['!minor'] ) );
@@ -390,6 +394,9 @@
391395
392396 if ( !is_null( $this->token ) )
393397 {
 398+ // Don't cache tokens
 399+ $this->getMain()->setCachePrivate();
 400+
394401 $tokenFunctions = $this->getTokenFunctions();
395402 foreach ( $this->token as $t )
396403 {
Index: branches/REL1_16/phase3/includes/api/ApiWatch.php
@@ -41,7 +41,8 @@
4242
4343 public function execute() {
4444 global $wgUser;
45 - if ( !$wgUser->isLoggedIn() )
 45+ $this->getMain()->setCachePrivate();
 46+ if ( !$wgUser->isLoggedIn() ) {
4647 $this->dieUsage( 'You must be logged-in to have a watchlist', 'notloggedin' );
4748
4849 $params = $this->extractRequestParams();
Index: branches/REL1_16/phase3/includes/api/ApiLogout.php
@@ -42,6 +42,7 @@
4343
4444 public function execute() {
4545 global $wgUser;
 46+ $this->getMain()->setCachePrivate();
4647 $oldName = $wgUser->getName();
4748 $wgUser->logout();
4849
Index: branches/REL1_16/phase3/includes/api/ApiParse.php
@@ -118,10 +118,11 @@
119119 if ( !$titleObj )
120120 $titleObj = Title::newFromText( "API" );
121121 $wgTitle = $titleObj;
122 - if ( $params['pst'] || $params['onlypst'] )
 122+ if ( $params['pst'] || $params['onlypst'] ) {
123123 $text = $wgParser->preSaveTransform( $text, $titleObj, $wgUser, $popts );
124 - if ( $params['onlypst'] )
125 - {
 124+ $this->getMain()->setVaryCookie();
 125+ }
 126+ if ( $params['onlypst'] ) {
126127 // Build a result and bail out
127128 $result_array['text'] = array();
128129 $this->getResult()->setContent( $result_array['text'], $text );
@@ -325,4 +326,4 @@
326327 public function getVersion() {
327328 return __CLASS__ . ': $Id$';
328329 }
329 -}
\ No newline at end of file
 330+}
Index: branches/REL1_16/phase3/includes/api/ApiPurge.php
@@ -42,6 +42,7 @@
4343 */
4444 public function execute() {
4545 global $wgUser;
 46+ $this->getMain()->setCachePrivate();
4647 $params = $this->extractRequestParams();
4748 if ( !$wgUser->isAllowed( 'purge' ) )
4849 $this->dieUsageMsg( array( 'cantpurge' ) );
Index: branches/REL1_16/phase3/includes/api/ApiQueryDeletedrevs.php
@@ -42,6 +42,7 @@
4343 public function execute() {
4444
4545 global $wgUser;
 46+ $this->getMain()->setVaryCookie();
4647 // Before doing anything at all, let's check permissions
4748 if ( !$wgUser->isAllowed( 'deletedhistory' ) )
4849 $this->dieUsage( 'You don\'t have permission to view deleted revision information', 'permissiondenied' );
Index: branches/REL1_16/phase3/includes/api/ApiQueryBlocks.php
@@ -121,7 +121,10 @@
122122 'ipb_auto' => 0
123123 ) );
124124 }
125 - if ( !$wgUser->isAllowed( 'hideuser' ) )
 125+
 126+ // Make sure private data (deleted blocks) isn't cached
 127+ $this->getMain()->setVaryCookie();
 128+ if ( !$wgUser->isAllowed( 'hideuser' ) ) {
126129 $this->addWhereFld( 'ipb_deleted', 0 );
127130
128131 // Purge expired entries on one in every 10 queries
Index: branches/REL1_16/phase3/includes/api/ApiQueryAllmessages.php
@@ -46,6 +46,9 @@
4747 {
4848 global $wgLang;
4949 $wgLang = Language::factory( $params['lang'] );
 50+ } else if ( is_null( $params['lang'] ) ) {
 51+ // Language not determined by URL but by user preferences, so don't cache
 52+ $this->getMain()->setVaryCookie();
5053 }
5154
5255 $prop = array_flip( (array)$params['prop'] );
Index: branches/REL1_16/phase3/includes/api/ApiQueryLogEvents.php
@@ -267,6 +267,7 @@
268268
269269 if ( $this->fld_parsedcomment ) {
270270 global $wgUser;
 271+ $this->getMain()->setVaryCookie();
271272 $vals['parsedcomment'] = $wgUser->getSkin()->formatComment( $row->log_comment, $title );
272273 }
273274 }
Index: branches/REL1_16/phase3/includes/api/ApiQueryWatchlistRaw.php
@@ -188,4 +188,4 @@
189189 public function getVersion() {
190190 return __CLASS__ . ': $Id$';
191191 }
192 -}
\ No newline at end of file
 192+}
Index: branches/REL1_16/phase3/includes/api/ApiQueryProtectedTitles.php
@@ -100,6 +100,7 @@
101101
102102 if ( isset( $prop['parsedcomment'] ) ) {
103103 global $wgUser;
 104+ $this->getMain()->setVaryCookie();
104105 $vals['parsedcomment'] = $wgUser->getSkin()->formatComment( $row->pt_reason, $title );
105106 }
106107
Index: branches/REL1_16/phase3/includes/api/ApiQueryUserInfo.php
@@ -40,6 +40,7 @@
4141 }
4242
4343 public function execute() {
 44+ $this->getMain()->setCachePrivate();
4445 $params = $this->extractRequestParams();
4546 $result = $this->getResult();
4647 $r = array();
Index: branches/REL1_16/phase3/includes/api/ApiMain.php
@@ -124,7 +124,7 @@
125125
126126 private $mPrinter, $mModules, $mModuleNames, $mFormats, $mFormatNames;
127127 private $mResult, $mAction, $mShowVersions, $mEnableWrite, $mRequest;
128 - private $mInternalMode, $mSquidMaxage, $mModule;
 128+ private $mInternalMode, $mSquidMaxage, $mModule, $mVaryCookie;
129129
130130 private $mCacheControl = array( 'must-revalidate' => true );
131131
@@ -171,6 +171,7 @@
172172
173173 $this->mSquidMaxage = - 1; // flag for executeActionWithErrorHandling()
174174 $this->mCommit = false;
 175+ $this->mVaryCookie = false;
175176 }
176177
177178 /**
@@ -221,6 +222,14 @@
222223 's-maxage' => $maxage
223224 ) );
224225 }
 226+
 227+ /**
 228+ * Make sure Cache-Control: private is set. Use this when the output of a request
 229+ * is for the current recipient only and should not be cached in any shared cache.
 230+ */
 231+ public function setCachePrivate() {
 232+ $this->setCacheControl( array( 'private' => true ) );
 233+ }
225234
226235 /**
227236 * Set directives (key/value pairs) for the Cache-Control header.
@@ -232,6 +241,35 @@
233242 }
234243
235244 /**
 245+ * Make sure Vary: Cookie and friends are set. Use this when the output of a request
 246+ * may be cached for anons but may not be cached for logged-in users.
 247+ *
 248+ * WARNING: This function must be called CONSISTENTLY for a given URL. This means that a
 249+ * given URL must either always or never call this function; if it sometimes does and
 250+ * sometimes doesn't, stuff will break.
 251+ */
 252+ public function setVaryCookie() {
 253+ $this->mVaryCookie = true;
 254+ }
 255+
 256+ /**
 257+ * Actually output the Vary: Cookie header and its friends, if flagged with setVaryCookie().
 258+ * Outputs the appropriate X-Vary-Options header and Cache-Control: private if needed.
 259+ */
 260+ private function outputVaryCookieHeader() {
 261+ global $wgUseXVO, $wgOut;
 262+ if ( $this->mVaryCookie ) {
 263+ header( 'Vary: Cookie' );
 264+ if ( $wgUseXVO ) {
 265+ header( $wgOut->getXVO() );
 266+ if ( $wgOut->hasCacheVaryCookies() ) {
 267+ $this->setCacheControl( array( 'private' => true ) );
 268+ }
 269+ }
 270+ }
 271+ }
 272+
 273+ /**
236274 * Create an instance of an output formatter by its name
237275 */
238276 public function createPrinterByName( $format ) {
@@ -281,6 +319,7 @@
282320
283321 // Error results should not be cached
284322 $this->setCacheMaxAge( 0 );
 323+ $this->setCachePrivate();
285324
286325 $headerStr = 'MediaWiki-API-Error: ' . $errCode;
287326 if ( $e->getCode() === 0 )
@@ -295,6 +334,11 @@
296335 $this->mPrinter->safeProfileOut();
297336 $this->printResult( true );
298337 }
 338+
 339+ // If this wiki is private, don't cache anything ever
 340+ if ( in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) {
 341+ $this->setCachePrivate();
 342+ }
299343
300344 // If nobody called setCacheMaxAge(), use the (s)maxage parameters
301345 if ( !isset( $this->mCacheControl['s-maxage'] ) ) {
@@ -326,6 +370,7 @@
327371 }
328372
329373 header( "Cache-Control: $ccHeader" );
 374+ $this->outputVaryCookieHeader();
330375
331376 if ( $this->mPrinter->getIsHtml() )
332377 echo wfReportTime();
@@ -446,7 +491,8 @@
447492 }
448493
449494 global $wgUser, $wgGroupPermissions;
450 - if ( $module->isReadMode() && !$wgGroupPermissions['*']['read'] && !$wgUser->isAllowed( 'read' ) )
 495+ if ( $module->isReadMode() && !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) &&
 496+ !$wgUser->isAllowed( 'read' ) )
451497 $this->dieUsageMsg( array( 'readrequired' ) );
452498 if ( $module->isWriteMode() ) {
453499 if ( !$this->mEnableWrite )
Index: branches/REL1_16/phase3/includes/api/ApiQueryWatchlist.php
@@ -68,9 +68,12 @@
6969 if ( $token == '' || $token != $params['token'] ) {
7070 $this->dieUsage( 'Incorrect watchlist token provided -- please set a correct token in Special:Preferences', 'bad_wltoken' );
7171 }
72 - } elseif ( !$wgUser->isLoggedIn() ) {
73 - $this->dieUsage( 'You must be logged-in to have a watchlist', 'notloggedin' );
7472 } else {
 73+ // User not determined by URL, so don't cache
 74+ $this->getMain()->setVaryCookie();
 75+ if ( !$wgUser->isLoggedIn() ) {
 76+ $this->dieUsage( 'You must be logged-in to have a watchlist', 'notloggedin' );
 77+ }
7578 $user = $wgUser;
7679 }
7780
@@ -90,7 +93,8 @@
9194 $this->fld_notificationtimestamp = isset( $prop['notificationtimestamp'] );
9295
9396 if ( $this->fld_patrol ) {
94 - if ( !$user->useRCPatrol() && !$user->useNPPatrol() )
 97+ $this->getMain()->setVaryCookie();
 98+ if ( !$user->useRCPatrol() && !$user->useNPPatrol() ) {
9599 $this->dieUsage( 'patrol property is not available', 'patrol' );
96100 }
97101 }
@@ -155,8 +159,12 @@
156160 }
157161
158162 // Check permissions. FIXME: should this check $user instead of $wgUser?
159 - if ( ( isset( $show['patrolled'] ) || isset( $show['!patrolled'] ) ) && !$wgUser->useRCPatrol() && !$wgUser->useNPPatrol() )
160 - $this->dieUsage( "You need the patrol right to request the patrolled flag", 'permissiondenied' );
 163+ if ( isset( $show['patrolled'] ) || isset( $show['!patrolled'] ) ) {
 164+ $this->getMain()->setVaryCookie();
 165+ if ( !$wgUser->useRCPatrol() && !$wgUser->useNPPatrol() ) {
 166+ $this->dieUsage( 'You need the patrol right to request the patrolled flag', 'permissiondenied' );
 167+ }
 168+ }
161169
162170 /* Add additional conditions to query depending upon parameters. */
163171 $this->addWhereIf( 'rc_minor = 0', isset ( $show['!minor'] ) );
@@ -272,6 +280,8 @@
273281
274282 if ( $this->fld_parsedcomment && isset( $row->rc_comment ) ) {
275283 global $wgUser;
 284+ $this->getMain()->setVaryCookie();
 285+
276286 $vals['parsedcomment'] = $wgUser->getSkin()->formatComment( $row->rc_comment, $title );
277287 }
278288
Index: branches/REL1_16/phase3/includes/api/ApiPatrol.php
@@ -41,6 +41,7 @@
4242 * Patrols the article or provides the reason the patrol failed.
4343 */
4444 public function execute() {
 45+ $this->getMain()->setCachePrivate();
4546 $params = $this->extractRequestParams();
4647
4748 if ( !isset( $params['rcid'] ) )

Follow-up revisions

RevisionCommit summaryAuthorDate
r69355followup r69354: setVaryCookie() one more timemah22:14, 14 July 2010
r69578Revert backport of broken bug fix for the API cache header bug. Reverted r693...tstarling02:46, 20 July 2010

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r69339API: Make output containing private or user-specific data uncacheable for log...catrope19:00, 14 July 2010

Comments

#Comment by Tim Starling (talk | contribs)   02:39, 20 July 2010

Where are the release notes?

#Comment by MarkAHershberger (talk | contribs)   23:57, 20 July 2010

My mistake. Since this has been reverted, though, I guess I shouldn't worry about them.

Status & tagging log