http://www.mediawiki.org/wiki/Special:Code/MediaWiki/66539
Revision: 66539
Author: reedy
Date: 2010-05-16 16:37:34 +0000 (Sun, 16 May 2010)
Log Message:
-----------
* (bug 23548) Allow access of another users watchlist through watchlistraw
using token and username
Refactored code into static method, and reused in both places
Modified Paths:
--------------
trunk/phase3/RELEASE-NOTES
trunk/phase3/includes/api/ApiQueryWatchlist.php
trunk/phase3/includes/api/ApiQueryWatchlistRaw.php
Modified: trunk/phase3/RELEASE-NOTES
===================================================================
--- trunk/phase3/RELEASE-NOTES 2010-05-16 16:31:13 UTC (rev 66538)
+++ trunk/phase3/RELEASE-NOTES 2010-05-16 16:37:34 UTC (rev 66539)
@@ -180,6 +180,7 @@
* (bug 23460) Parse action should have a section option
* (bug 21346) Make deleted images searchable by hash
* (bug 23461) Normalise usage of parameter names in parameter descriptions
+* (bug 23548) Allow access of another users watchlist through watchlistraw
using token and username
=== Languages updated in 1.17 ===
Modified: trunk/phase3/includes/api/ApiQueryWatchlist.php
===================================================================
--- trunk/phase3/includes/api/ApiQueryWatchlist.php 2010-05-16 16:31:13 UTC
(rev 66538)
+++ trunk/phase3/includes/api/ApiQueryWatchlist.php 2010-05-16 16:37:34 UTC
(rev 66539)
@@ -53,27 +53,12 @@
$fld_notificationtimestamp = false;
private function run( $resultPageSet = null ) {
- global $wgUser;
-
$this->selectNamedDB( 'watchlist', DB_SLAVE, 'watchlist' );
$params = $this->extractRequestParams();
+
+ $user = ApiQueryWatchlist::getWatchlistUser( $params );
- if ( !is_null( $params['owner'] ) && !is_null( $params['token']
) ) {
- $user = User::newFromName( $params['owner'], false );
- if ( !$user->getId() ) {
- $this->dieUsage( 'Specified user does not
exist', 'bad_wlowner' );
- }
- $token = $user->getOption( 'watchlisttoken' );
- if ( $token == '' || $token != $params['token'] ) {
- $this->dieUsage( 'Incorrect watchlist token
provided -- please set a correct token in Special:Preferences', 'bad_wltoken' );
- }
- } elseif ( !$wgUser->isLoggedIn() ) {
- $this->dieUsage( 'You must be logged-in to have a
watchlist', 'notloggedin' );
- } else {
- $user = $wgUser;
- }
-
if ( !is_null( $params['prop'] ) && is_null( $resultPageSet ) )
{
$prop = array_flip( $params['prop'] );
@@ -290,6 +275,30 @@
return $vals;
}
+ /**
+ * Gets the user for whom to get the watchlist for
+ *
+ * @returns User
+ */
+ public static function getWatchlistUser( $params ) {
+ global $wgUser;
+ if ( !is_null( $params['owner'] ) && !is_null( $params['token']
) ) {
+ $user = User::newFromName( $params['owner'], false );
+ if ( !$user->getId() ) {
+ $this->dieUsage( 'Specified user does not
exist', 'bad_wlowner' );
+ }
+ $token = $user->getOption( 'watchlisttoken' );
+ if ( $token == '' || $token != $params['token'] ) {
+ $this->dieUsage( 'Incorrect watchlist token
provided -- please set a correct token in Special:Preferences', 'bad_wltoken' );
+ }
+ } elseif ( !$wgUser->isLoggedIn() ) {
+ $this->dieUsage( 'You must be logged-in to have a
watchlist', 'notloggedin' );
+ } else {
+ $user = $wgUser;
+ }
+ return $user;
+ }
+
public function getAllowedParams() {
return array(
'allrev' => false,
Modified: trunk/phase3/includes/api/ApiQueryWatchlistRaw.php
===================================================================
--- trunk/phase3/includes/api/ApiQueryWatchlistRaw.php 2010-05-16 16:31:13 UTC
(rev 66538)
+++ trunk/phase3/includes/api/ApiQueryWatchlistRaw.php 2010-05-16 16:37:34 UTC
(rev 66539)
@@ -49,14 +49,12 @@
}
private function run( $resultPageSet = null ) {
- global $wgUser;
-
$this->selectNamedDB( 'watchlist', DB_SLAVE, 'watchlist' );
+
+ $params = $this->extractRequestParams();
- if ( !$wgUser->isLoggedIn() ) {
- $this->dieUsage( 'You must be logged-in to have a
watchlist', 'notloggedin' );
- }
- $params = $this->extractRequestParams();
+ $user = ApiQueryWatchlist::getWatchlistUser( $params );
+
$prop = array_flip( (array)$params['prop'] );
$show = array_flip( (array)$params['show'] );
if ( isset( $show['changed'] ) && isset( $show['!changed'] ) ) {
@@ -66,7 +64,7 @@
$this->addTables( 'watchlist' );
$this->addFields( array( 'wl_namespace', 'wl_title' ) );
$this->addFieldsIf( 'wl_notificationtimestamp', isset(
$prop['changed'] ) );
- $this->addWhereFld( 'wl_user', $wgUser->getId() );
+ $this->addWhereFld( 'wl_user', $user->getId() );
$this->addWhereFld( 'wl_namespace', $params['namespace'] );
$this->addWhereIf( 'wl_notificationtimestamp IS NOT NULL',
isset( $show['changed'] ) );
$this->addWhereIf( 'wl_notificationtimestamp IS NULL', isset(
$show['!changed'] ) );
@@ -157,6 +155,12 @@
'changed',
'!changed',
)
+ ),
+ 'owner' => array(
+ ApiBase::PARAM_TYPE => 'user'
+ ),
+ 'token' => array(
+ ApiBase::PARAM_TYPE => 'string'
)
);
}
@@ -168,6 +172,8 @@
'limit' => 'How many total results to return per
request',
'prop' => 'Which additional properties to get
(non-generator mode only)',
'show' => 'Only list items that meet these criteria',
+ 'owner' => 'The name of the user whose watchlist you\'d
like to access',
+ 'token' => 'Give a security token (settable in
preferences) to allow access to another user\'s watchlist',
);
}
@@ -179,6 +185,8 @@
return array_merge( parent::getPossibleErrors(), array(
array( 'code' => 'notloggedin', 'info' => 'You must be
logged-in to have a watchlist' ),
array( 'show' ),
+ array( 'code' => 'bad_wlowner', 'info' => 'Specified
user does not exist' ),
+ array( 'code' => 'bad_wltoken', 'info' => 'Incorrect
watchlist token provided -- please set a correct token in Special:Preferences'
),
) );
}
_______________________________________________
MediaWiki-CVS mailing list
MediaWiki-CVS@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
