aboutsummaryrefslogtreecommitdiffstats
path: root/includes/api
Commit message (Collapse)AuthorAgeFilesLines
* * (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token ↵1.19.0beta2Reedy2012-03-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | parameter present * (bug 35317) CSRF in Special:Upload Revert r56793, which removed the CSRF check for Special:Upload for normal file uploads. Cross-site posting of file uploads without user interaction has been possible since at least as early as Chrome 8 (late 2010) and Firefox 6 (mid 2011). Commonist has used api.php since version 0.4.0 (April 2010), and the API already requires an edit token, so Commonist 0.4.0+ is not affected by this change. * (bug 34907) Fix for CSRF vulnerability due to mw.user.tokens. Patch by Roan Kattouw and Tim Starling. * Filter out private modules early in ResourceLoader::makeResponse() and just pretend they weren't specified. This means these modules cannot be loaded through load.php . This filtering must not happen in makeModuleResponse(), because that would break inlining. * Force inlining of private modules in OutputPage::makeResourceLoaderLink(), disregarding $wgResourceLoaderInlinePrivateModules * Remove $wgResourceLoaderInlinePrivateModules * Remove special treatment of private modules ($private) in ResourceLoader::makeResponse() and sendResponseHeaders(), because we're not allowing private modules to be loaded through here any more * Remove identity checks in ResourceLoaderUserOptionsModule and ResourceLoaderUserCSSPrefsModule, they didn't make a lot of sense before but they're certainly useless now. * Factored out error comment construction in ResourceLoader.php and stripped comment terminations from exception messages. I didn't find an XSS vulnerability but it looked scary. Change-Id: I0a4d7d2cc19ab3af018604037be150bda5187434
* MFT r113171, r113195, r1132111.19.0beta1Sam Reed2012-03-071-0/+1
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/113235
* MFT r111427, r112347, r112374, r112383, r112700, r112750, r112855Sam Reed2012-03-051-10/+30
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/113040
* MFT r112169, r112170, r112172, r112173, r112179, r112184, r112290, r112313Sam Reed2012-02-281-0/+3
|\ | | | | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/112644
| * Fix possibly undefined variablesSam Reed2012-02-181-1/+3
| | | | | | | | | | | | | | | | | | Move $db further up Return something on all paths Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/111811
| * Merge r111667 into trunkSam Reed2012-02-161-3/+8
| | | | | | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/111673
| * * (bug 34377) action=watch now parses messages using the correct title ↵Alexandre Emsenhuber2012-02-131-2/+2
| | | | | | | | | | | | | | instead of "API" Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/111397
| * * (bug 34313) MediaWiki API intro message about "HTML format" should mention ↵Sam Reed2012-02-101-2/+4
| | | | | | | | | | | | | | the format parameter. Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/111160
| * * (bug 34316) Add ability to retrieve maximum upload size from MediaWiki API. Sam Reed2012-02-101-0/+2
| | | | | | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/111159
| * * (bug 32341) Add upload by URL domain limitation.Sam Reed2012-02-092-0/+5
| | | | | | | | | | | | | | | | | | Essentially reverts r109741 live again Which was r109562, r109564, r109570 Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/111120
| * More return documentationSam Reed2012-02-091-2/+6
| | | | | | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/111101
| * Fixing some of the "@return true" or "@return false", need to be "@return ↵Sam Reed2012-02-092-2/+2
| | | | | | | | | | | | | | | | | | bool" and then the metadata can say true if foo, false if bar Other documentation improvements Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/111073
| * Fixing some of the "@return true" or "@return false", need to be "@return ↵Sam Reed2012-02-093-3/+3
| | | | | | | | | | | | | | | | | | bool" and then the metadata can say true if foo, false if bar Other documentation improvements Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/111053
| * Fixing some of the "@return true" or "@return false", need to be "@return ↵Sam Reed2012-02-092-3/+3
| | | | | | | | | | | | | | | | | | bool" and then the metadata can say true if foo, false if bar Other documentation improvements Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/111049
| * Documentation and whitespaceSam Reed2012-02-091-2/+2
| | | | | | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/111004
* | MFT r111673Sam Reed2012-02-161-3/+8
| | | | | | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/111675
* | * (bug 34377) action=watch now parses messages using the correct title ↵Alexandre Emsenhuber2012-02-131-2/+2
|/ | | | | | | instead of "API" Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/111398
* Bug 34032 - API help header not alignedSam Reed2012-01-301-2/+2
| | | | | | | $ocd++; Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/110273
* Revert feature out of r109562, r109564, r109570Sam Reed2012-01-222-5/+0
| | | | | | | Leaving typo/brace fixes and other minor code improvements Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/109741
* * (bug 33865) Exception thrown when using API sandbox action=parseSam Reed2012-01-211-1/+6
| | | | | | | The actual bug is from wrongly using title when the user wanted page, and hence weren't passing any wikitext... Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/109693
* Fix bug 32948:Alexandre Emsenhuber2012-01-211-1/+2
| | | | | | | | * {{REVISIONID}} and related variables are no longer blank after doing a null edit * {{REVISIONID}} and related variables are no longer blank after calling action=purge&forcelinkupdate Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/109679
* * (bug 32341) Add upload by URL domain limitation.Sam Reed2012-01-192-1/+5
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/109562
* * (bug 33733) API: Unknown error: mustbeloggedinSam Reed2012-01-141-0/+2
| | | | | | | Add message to messagemap Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/108946
* Rather than using an error code of unknownerror, use the error code returned ↵Sam Reed2012-01-131-1/+5
| | | | | | | by EditPage if it's a string, and it has length, else just return the usual "unknownerror" Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/108876
* () are valid in URLs, not sure why we're using them as a finishing point in ↵Sam Reed2012-01-131-1/+1
| | | | | | | | | ApiFormatBase Fixes fixme on r95572 as urls are now complete with () in them Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/108853
* Ping r108847, missed one half quoteNiklas Laxström2012-01-131-1/+1
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/108849
* Change usage of quotes in API messages from ``x'' to "x".Siebrand Mazeland2012-01-137-25/+25
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/108847
* Reverted r108743 per CR comment. This should at least be discussed first.Aaron Schulz2012-01-1216-4/+25
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/108745
* Kill "* @return void"Sam Reed2012-01-1216-25/+4
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/108743
* Consistency: made all API examples a verbsMax Semenik2012-01-126-7/+7
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/108734
* * (bug 33117) prop=revisions allows deleted text to be exposed through cache ↵Sam Reed2012-01-111-1/+1
| | | | | | | pollution Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/108682
* reverts Concurrency worksAntoine Musso2012-01-112-106/+0
| | | | | | | | | | | | | | | | | | | trunk is frozen pending stabilisation so we can release MediaWiki 1.19. Those changes introduces API changes and new SQL tables, so that sounds like new feature we do not have time to review right now. Please reapply changes in branches/concurrency and have code review handled there. Once the branch has been reviewed, please hold. Once trunk is stable enough and 1.19 got branched, you are welcome to merge the branch in trunk. Note: we can have a Jenkins jobs setup to run the branch tests if you need. Reverts: r108595 r108591 r108585 r108584 108572 r108564 108560 r108559 Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/108601
* Add svn:keywords IdSam Reed2012-01-101-7/+5
| | | | | | | | | Trim trailing whitespace Add explicit member variables Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/108560
* MERGE branches/concurrency 108301:108557 into trunkIan Baker2012-01-102-0/+108
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/108559
* * (bug 33483) One space to much in header of auto-generated documentationSam Reed2012-01-031-1/+1
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/107891
* Missing check for ISMULTI on help parameters, thanks santhoshJohn Du Hart2012-01-031-1/+1
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/107878
* Bug 33482 - Api incorrectly calls ApiBase::parseMultiValue if allowed values ↵John Du Hart2012-01-031-0/+5
| | | | | | | | | is given as an array Simply means that if you have an array of acceptable values and you only accept one at a time, you can have pipes in the allowed values. Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/107876
* Followup r107393, treat '' the same as getting false from getExamples, the ↵Sam Reed2011-12-311-1/+1
| | | | | | | default if it's not overridden Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/107681
* Related to bug 33223Sam Reed2011-12-301-1/+1
| | | | | | | Update static list of languages that support variants Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/107665
* * (bug 33398) Wrong escape in online documentation for usercontribsSam Reed2011-12-281-1/+1
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/107487
* Re-instate most of the revisions for bug 33147 "API examples should explain ↵Sam Reed2011-12-2726-103/+150
| | | | | | | | | | | what they do" Using this to sync up my working copies Should have the little niggles tidied up though Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/107393
* * Integrate $wgDeleteRevisionsLimit in Title::getUserPermissionsErrors() ↵Alexandre Emsenhuber2011-12-271-5/+0
| | | | | | | | | | | (only if doing expensive checks) * Moved WikiPage::estimateRevisionCount() and WikiPage::isBigDeletion() to Title and marked those WikiPage methods as deprecated (only call in extensions removed in r107385) * Show an error message when deleting a page to move another one in Special:MovePage and the deletion fails due to permissions errors (previously the form would simply show again) * Cache the result of Title::estimateRevisionCount() since it's called two times when showing the deletion form and the user doesn't have 'bigdelete' right (one for the permissions check and the other when showing the number of revisions) Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/107386
* * Use local context to get messagesAlexandre Emsenhuber2011-12-261-1/+1
| | | | | | | * Pass the context to ContribsPager Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/107328
* Revert r106439, r106441 - bad formatting mushing separate lines togetherBrion Vibber2011-12-2014-103/+57
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/106879
* Revert r106870: doesn't seem like it would format things consistently as ↵Brion Vibber2011-12-201-3/+3
| | | | | | | expected. Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/106878
* FU r106514: Sanity check for empty sha1 values in the DBAaron Schulz2011-12-202-2/+10
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/106876
* For r106521/r106865, wrap long example description stringsSam Reed2011-12-201-3/+3
| | | | | | | Follows up r106439 Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/106870
* Provisional revert of r105831: as noted it's not safe; alternative fix was a ↵Brion Vibber2011-12-201-2/+1
| | | | | | | weird abstraction violation that would leave you not knowing whether the data would be present or not. Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/106868
* grammar :) followup r106514Brion Vibber2011-12-201-1/+1
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/106867
* Revert r106521: creates lots of long, unwrappable lines in help outputBrion Vibber2011-12-2011-31/+31
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/106865
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 06:25:33 +0000