r69990 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r69989‎ \| r69990 \| r69991 >
Date:	08:44, 27 July 2010
Author:	tstarling
Status:	ok
Tags:
Comment:	* MFT r59948: restore the function of ApiMain::requestWriteMode(). * MFT r64694: add cookieprefix/sessionid in ApiLogin NEED_TOKEN responses. * Release notes for both.
Modified paths:	/branches/REL1_15/phase3/RELEASE-NOTES (modified) (history) /branches/REL1_15/phase3/includes/api/ApiLogin.php (modified) (history) /branches/REL1_15/phase3/includes/api/ApiMain.php (modified) (history)

Diff [purge]

Index: branches/REL1_15/phase3/includes/api/ApiLogin.php
—	—	@@ -91,8 +91,11 @@
92	92	break;
93	93
94	94	case LoginForm::NEED_TOKEN:
	95	+ global $wgCookiePrefix;
95	96	$result['result'] = 'NeedToken';
96	97	$result['token'] = $loginForm->getLoginToken();
	98	+ $result['cookieprefix'] = $wgCookiePrefix;
	99	+ $result['sessionid'] = session_id();
97	100	break;
98	101
99	102	case LoginForm::WRONG_TOKEN:
Property changes on: branches/REL1_15/phase3/includes/api/ApiLogin.php
___________________________________________________________________
Added: svn:mergeinfo
100	103	Merged /trunk/phase3/includes/api/ApiLogin.php:r48813-48814,48819,48836,48886,48892,48909,48989,48992,49002,49051,49068,49086,49191-49192,49212,49682,49685,49730,49775,49954,49956,49999,50041,50054,50070,50132,50134,50169,50215,50218,50328,50470,50580,50833,51587,54828,64694
Index: branches/REL1_15/phase3/includes/api/ApiMain.php
—	—	@@ -194,7 +194,12 @@
195	195	* Only kept for backwards compatibility
196	196	* @deprecated Use isWriteMode() instead
197	197	*/
198		~~- public function requestWriteMode() {}~~
	198	+ public function requestWriteMode() {
	199	+ if (!$this->mEnableWrite)
	200	+ $this->dieUsageMsg(array('writedisabled'));
	201	+ if (wfReadOnly())
	202	+ $this->dieUsageMsg(array('readonlytext'));
	203	+ }
199	204
200	205	/**
201	206	* Set how long the response should be cached.
Property changes on: branches/REL1_15/phase3/includes/api/ApiMain.php
___________________________________________________________________
Added: svn:mergeinfo
202	207	Merged /branches/REL1_16/phase3/includes/api/ApiMain.php:r69932
203	208	Merged /trunk/phase3/includes/api/ApiMain.php:r48813-48814,48819,48836,48886,48892,48909,48989,48992,49002,49051,49068,49086,49191-49192,49212,49682,49685,49730,49775,49954,49956,49999,50041,50054,50070,50132,50134,50169,50215,50218,50328,50470,50580,50833,51587,54828,59948,69339,69347,69350,69369,69379,69776,69931
Index: branches/REL1_15/phase3/RELEASE-NOTES
—	—	@@ -27,6 +27,11 @@
28	28	headers to be sent.
29	29	* Fixed an XSS vulnerability in profileinfo.php for installations with
30	30	$wgEnableProfileInfo = true (false by default)
	31	+* For backwards compatibility with extensions from 1.14.x or before, restored
	32	+ the original function ApiMain::requestWriteMode().
	33	+* In API login "need token" responses, added the cookieprefix and sessionid
	34	+ fields, as in MediaWiki 1.16.x. This is an improvement to the CSRF fix
	35	+ introduced in 1.15.3.
31	36
32	37	== Changes since 1.15.3 ==
33	38

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r59948	Restored the function of ApiMain::requestWriteMode(), as per the suggestion o...	tstarling	06:49, 11 December 2009
r64694	Fix for r64677: as reported on mediawiki-api, I forgot about clients that bui...	catrope	08:50, 7 April 2010

Status & tagging log

16:10, 16 October 2010 😂 (talk | contribs) changed the status of r69990 [removed: new added: ok]