Ricordisamoa has uploaded a new change for review.
https://gerrit.wikimedia.org/r/179595
Change subject: API: new hashing features for action=edit
......................................................................
API: new hashing features for action=edit
ApiEditPage supports two new parameters, 'hashfunction' and
'hash'. The values accepted as 'hashfunction' can be set via
the configuration variable $wgAPIHashFunctions.
The 'md5' parameter added in 2008 by Roan Kattouw with
commit cf5484e56f664d53b7fccb844bc4a72c13ec3acd has been
deprecated, to go on with turning that algorithm out of doors
(see commit 95a8974c6bda2c6353612c40b01b9c78527b8956
and commit 6f458cfba3ad913df5f28ab5f4f41f5f38e9932b).
If algorithms were used as parameter names, as with 'md5',
sending a hash for an unsupported function would skip the
validation altogether; instead, using a single 'hashfunction'
parameter, the action is skipped whenever the algorithm name
is not recognized.
Change-Id: I5853bdd636fccda177d4dd200640ef6795ee5d3e
---
M RELEASE-NOTES-1.25
M includes/api/ApiEditPage.php
M includes/api/i18n/en.json
M includes/api/i18n/qqq.json
4 files changed, 33 insertions(+), 5 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/95/179595/1
diff --git a/RELEASE-NOTES-1.25 b/RELEASE-NOTES-1.25
index d98d7bb..86a91ea 100644
--- a/RELEASE-NOTES-1.25
+++ b/RELEASE-NOTES-1.25
@@ -153,6 +153,8 @@
* (T76051) list=tags will now continue correctly.
* (T76052) list=tags can now indicate whether a tag is defined.
* (T75522) list=prefixsearch now supports continuation
+* The 'md5' parameter of the action=edit API has been deprecated. The new
+ parameters 'hash' and 'hashfunction' should be used instead.
=== Action API internal changes in 1.25 ===
* ApiHelp has been rewritten to support i18n and paginated HTML output.
diff --git a/includes/api/ApiEditPage.php b/includes/api/ApiEditPage.php
index f7f4dc2..5c98784 100644
--- a/includes/api/ApiEditPage.php
+++ b/includes/api/ApiEditPage.php
@@ -123,7 +123,7 @@
$this->dieUsageMsg( $errors[0] );
}
- $toMD5 = $params['text'];
+ $toHash = $params['text'];
if ( !is_null( $params['appendtext'] ) || !is_null(
$params['prependtext'] ) ) {
$content = $pageObj->getContent();
@@ -186,7 +186,7 @@
}
$params['text'] = $params['prependtext'] . $text .
$params['appendtext'];
- $toMD5 = $params['prependtext'] . $params['appendtext'];
+ $toHash = $params['prependtext'] .
$params['appendtext'];
}
if ( $params['undo'] > 0 ) {
@@ -241,9 +241,11 @@
}
// See if the MD5 hash checks out
- if ( !is_null( $params['md5'] ) && md5( $toMD5 ) !==
$params['md5'] ) {
+ if ( !is_null( $params['md5'] ) && md5( $toHash ) !==
$params['md5'] ) {
$this->dieUsageMsg( array( 'hashcheckfailed', 'md5',
'MD5' ) );
}
+ // Check other hash functions if needed
+ $this->checkHash( $params['hash'], $params['hashfunction'],
$toHash );
// EditPage wants to parse its stuff from a WebRequest
// That interface kind of sucks, but it's workable
@@ -508,7 +510,7 @@
}
public function getAllowedParams() {
- return array(
+ $params = array(
'title' => array(
ApiBase::PARAM_TYPE => 'string',
),
@@ -546,7 +548,10 @@
'nochange'
),
),
- 'md5' => null,
+ 'md5' => array(
+ ApiBase::PARAM_TYPE => 'string',
+ ApiBase::PARAM_DEPRECATED => true,
+ ),
'prependtext' => null,
'appendtext' => null,
'undo' => array(
@@ -570,6 +575,23 @@
ApiBase::PARAM_HELP_MSG_APPEND => array(
'apihelp-edit-param-token' ),
),
);
+ $hashFunctions = $this->getHashFunctions();
+ if ( count( $hashFunctions ) > 0 ) {
+ // Insert 'hash' and 'hashfunction' after 'md5'
+ $indexOfMd5 = array_search( 'md5', array_keys( $params
) );
+ $params = array_slice( $params, 0, $indexOfMd5 + 1 ) +
+ array(
+ 'hash' => array(
+ ApiBase::PARAM_TYPE => 'string',
+ ),
+ 'hashfunction' => array(
+ // Intentionally without
default value
+ ApiBase::PARAM_TYPE =>
array_keys( $hashFunctions ),
+ ),
+ ) +
+ array_slice( $params, $indexOfMd5 + 1 );
+ }
+ return $params;
}
public function needsToken() {
diff --git a/includes/api/i18n/en.json b/includes/api/i18n/en.json
index 21b546c..1c5c31a 100644
--- a/includes/api/i18n/en.json
+++ b/includes/api/i18n/en.json
@@ -90,6 +90,8 @@
"apihelp-edit-param-unwatch": "Remove the page from your watchlist.",
"apihelp-edit-param-watchlist": "Unconditionally add or remove the page
from your watchlist, use preferences or do not change watch.",
"apihelp-edit-param-md5": "The MD5 hash of the $1text parameter, or the
$1prependtext and $1appendtext parameters concatenated. If set, the edit won't
be done unless the hash is correct.",
+ "apihelp-edit-param-hash": "The hash of the $1text parameter, or the
$1prependtext and $1appendtext parameters concatenated, according to
$1hashfunction. If set, the edit won't be done unless the hash is correct.",
+ "apihelp-edit-param-hashfunction": "The hashing function to use for
$1hash.",
"apihelp-edit-param-prependtext": "Add this text to the beginning of
the page. Overrides $1text.",
"apihelp-edit-param-appendtext": "Add this text to the end of the page.
Overrides $1text.\n\nUse $1section=new to append a new section, rather than
this parameter.",
"apihelp-edit-param-undo": "Undo this revision. Overrides $1text,
$1prependtext and $1appendtext.",
diff --git a/includes/api/i18n/qqq.json b/includes/api/i18n/qqq.json
index 0889dc9..bb4e58c 100644
--- a/includes/api/i18n/qqq.json
+++ b/includes/api/i18n/qqq.json
@@ -84,6 +84,8 @@
"apihelp-edit-param-unwatch": "{{doc-apihelp-param|edit|unwatch}}",
"apihelp-edit-param-watchlist": "{{doc-apihelp-param|edit|watchlist}}",
"apihelp-edit-param-md5": "{{doc-apihelp-param|edit|md5}}",
+ "apihelp-edit-param-hash": "{{doc-apihelp-param|edit|hash}}",
+ "apihelp-edit-param-hashfunction":
"{{doc-apihelp-param|edit|hashfunction}}",
"apihelp-edit-param-prependtext":
"{{doc-apihelp-param|edit|prependtext}}",
"apihelp-edit-param-appendtext":
"{{doc-apihelp-param|edit|appendtext}}",
"apihelp-edit-param-undo": "{{doc-apihelp-param|edit|undo}}",
--
To view, visit https://gerrit.wikimedia.org/r/179595
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I5853bdd636fccda177d4dd200640ef6795ee5d3e
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Ricordisamoa <ricordisa...@openmailbox.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
