summaryrefslogtreecommitdiff
path: root/www/wiki/includes/api/ApiEditPage.php
diff options
context:
space:
mode:
Diffstat (limited to 'www/wiki/includes/api/ApiEditPage.php')
-rw-r--r--www/wiki/includes/api/ApiEditPage.php625
1 files changed, 625 insertions, 0 deletions
diff --git a/www/wiki/includes/api/ApiEditPage.php b/www/wiki/includes/api/ApiEditPage.php
new file mode 100644
index 00000000..83f72e54
--- /dev/null
+++ b/www/wiki/includes/api/ApiEditPage.php
@@ -0,0 +1,625 @@
+<?php
+/**
+ * Copyright © 2007 Iker Labarga "<Firstname><Lastname>@gmail.com"
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @file
+ */
+
+/**
+ * A module that allows for editing and creating pages.
+ *
+ * Currently, this wraps around the EditPage class in an ugly way,
+ * EditPage.php should be rewritten to provide a cleaner interface,
+ * see T20654 if you're inspired to fix this.
+ *
+ * @ingroup API
+ */
+class ApiEditPage extends ApiBase {
+ public function execute() {
+ $this->useTransactionalTimeLimit();
+
+ $user = $this->getUser();
+ $params = $this->extractRequestParams();
+
+ $this->requireAtLeastOneParameter( $params, 'text', 'appendtext', 'prependtext', 'undo' );
+
+ $pageObj = $this->getTitleOrPageId( $params );
+ $titleObj = $pageObj->getTitle();
+ $apiResult = $this->getResult();
+
+ if ( $params['redirect'] ) {
+ if ( $params['prependtext'] === null && $params['appendtext'] === null
+ && $params['section'] !== 'new'
+ ) {
+ $this->dieWithError( 'apierror-redirect-appendonly' );
+ }
+ if ( $titleObj->isRedirect() ) {
+ $oldTitle = $titleObj;
+
+ $titles = Revision::newFromTitle( $oldTitle, false, Revision::READ_LATEST )
+ ->getContent( Revision::FOR_THIS_USER, $user )
+ ->getRedirectChain();
+ // array_shift( $titles );
+
+ $redirValues = [];
+
+ /** @var Title $newTitle */
+ foreach ( $titles as $id => $newTitle ) {
+ if ( !isset( $titles[$id - 1] ) ) {
+ $titles[$id - 1] = $oldTitle;
+ }
+
+ $redirValues[] = [
+ 'from' => $titles[$id - 1]->getPrefixedText(),
+ 'to' => $newTitle->getPrefixedText()
+ ];
+
+ $titleObj = $newTitle;
+ }
+
+ ApiResult::setIndexedTagName( $redirValues, 'r' );
+ $apiResult->addValue( null, 'redirects', $redirValues );
+
+ // Since the page changed, update $pageObj
+ $pageObj = WikiPage::factory( $titleObj );
+ }
+ }
+
+ if ( !isset( $params['contentmodel'] ) || $params['contentmodel'] == '' ) {
+ $contentHandler = $pageObj->getContentHandler();
+ } else {
+ $contentHandler = ContentHandler::getForModelID( $params['contentmodel'] );
+ }
+ $contentModel = $contentHandler->getModelID();
+
+ $name = $titleObj->getPrefixedDBkey();
+ $model = $contentHandler->getModelID();
+
+ if ( $params['undo'] > 0 ) {
+ // allow undo via api
+ } elseif ( $contentHandler->supportsDirectApiEditing() === false ) {
+ $this->dieWithError( [ 'apierror-no-direct-editing', $model, $name ] );
+ }
+
+ if ( !isset( $params['contentformat'] ) || $params['contentformat'] == '' ) {
+ $contentFormat = $contentHandler->getDefaultFormat();
+ } else {
+ $contentFormat = $params['contentformat'];
+ }
+
+ if ( !$contentHandler->isSupportedFormat( $contentFormat ) ) {
+ $this->dieWithError( [ 'apierror-badformat', $contentFormat, $model, $name ] );
+ }
+
+ if ( $params['createonly'] && $titleObj->exists() ) {
+ $this->dieWithError( 'apierror-articleexists' );
+ }
+ if ( $params['nocreate'] && !$titleObj->exists() ) {
+ $this->dieWithError( 'apierror-missingtitle' );
+ }
+
+ // Now let's check whether we're even allowed to do this
+ $this->checkTitleUserPermissions(
+ $titleObj,
+ $titleObj->exists() ? 'edit' : [ 'edit', 'create' ]
+ );
+
+ $toMD5 = $params['text'];
+ if ( !is_null( $params['appendtext'] ) || !is_null( $params['prependtext'] ) ) {
+ $content = $pageObj->getContent();
+
+ if ( !$content ) {
+ if ( $titleObj->getNamespace() == NS_MEDIAWIKI ) {
+ # If this is a MediaWiki:x message, then load the messages
+ # and return the message value for x.
+ $text = $titleObj->getDefaultMessageText();
+ if ( $text === false ) {
+ $text = '';
+ }
+
+ try {
+ $content = ContentHandler::makeContent( $text, $titleObj );
+ } catch ( MWContentSerializationException $ex ) {
+ $this->dieWithException( $ex, [
+ 'wrap' => ApiMessage::create( 'apierror-contentserializationexception', 'parseerror' )
+ ] );
+ return;
+ }
+ } else {
+ # Otherwise, make a new empty content.
+ $content = $contentHandler->makeEmptyContent();
+ }
+ }
+
+ // @todo Add support for appending/prepending to the Content interface
+
+ if ( !( $content instanceof TextContent ) ) {
+ $modelName = $contentHandler->getModelID();
+ $this->dieWithError( [ 'apierror-appendnotsupported', $modelName ] );
+ }
+
+ if ( !is_null( $params['section'] ) ) {
+ if ( !$contentHandler->supportsSections() ) {
+ $modelName = $contentHandler->getModelID();
+ $this->dieWithError( [ 'apierror-sectionsnotsupported', $modelName ] );
+ }
+
+ if ( $params['section'] == 'new' ) {
+ // DWIM if they're trying to prepend/append to a new section.
+ $content = null;
+ } else {
+ // Process the content for section edits
+ $section = $params['section'];
+ $content = $content->getSection( $section );
+
+ if ( !$content ) {
+ $this->dieWithError( [ 'apierror-nosuchsection', wfEscapeWikiText( $section ) ] );
+ }
+ }
+ }
+
+ if ( !$content ) {
+ $text = '';
+ } else {
+ $text = $content->serialize( $contentFormat );
+ }
+
+ $params['text'] = $params['prependtext'] . $text . $params['appendtext'];
+ $toMD5 = $params['prependtext'] . $params['appendtext'];
+ }
+
+ if ( $params['undo'] > 0 ) {
+ if ( $params['undoafter'] > 0 ) {
+ if ( $params['undo'] < $params['undoafter'] ) {
+ list( $params['undo'], $params['undoafter'] ) =
+ [ $params['undoafter'], $params['undo'] ];
+ }
+ $undoafterRev = Revision::newFromId( $params['undoafter'] );
+ }
+ $undoRev = Revision::newFromId( $params['undo'] );
+ if ( is_null( $undoRev ) || $undoRev->isDeleted( Revision::DELETED_TEXT ) ) {
+ $this->dieWithError( [ 'apierror-nosuchrevid', $params['undo'] ] );
+ }
+
+ if ( $params['undoafter'] == 0 ) {
+ $undoafterRev = $undoRev->getPrevious();
+ }
+ if ( is_null( $undoafterRev ) || $undoafterRev->isDeleted( Revision::DELETED_TEXT ) ) {
+ $this->dieWithError( [ 'apierror-nosuchrevid', $params['undoafter'] ] );
+ }
+
+ if ( $undoRev->getPage() != $pageObj->getId() ) {
+ $this->dieWithError( [ 'apierror-revwrongpage', $undoRev->getId(),
+ $titleObj->getPrefixedText() ] );
+ }
+ if ( $undoafterRev->getPage() != $pageObj->getId() ) {
+ $this->dieWithError( [ 'apierror-revwrongpage', $undoafterRev->getId(),
+ $titleObj->getPrefixedText() ] );
+ }
+
+ $newContent = $contentHandler->getUndoContent(
+ $pageObj->getRevision(),
+ $undoRev,
+ $undoafterRev
+ );
+
+ if ( !$newContent ) {
+ $this->dieWithError( 'undo-failure', 'undofailure' );
+ }
+ if ( empty( $params['contentmodel'] )
+ && empty( $params['contentformat'] )
+ ) {
+ // If we are reverting content model, the new content model
+ // might not support the current serialization format, in
+ // which case go back to the old serialization format,
+ // but only if the user hasn't specified a format/model
+ // parameter.
+ if ( !$newContent->isSupportedFormat( $contentFormat ) ) {
+ $contentFormat = $undoafterRev->getContentFormat();
+ }
+ // Override content model with model of undid revision.
+ $contentModel = $newContent->getModel();
+ }
+ $params['text'] = $newContent->serialize( $contentFormat );
+ // If no summary was given and we only undid one rev,
+ // use an autosummary
+ if ( is_null( $params['summary'] ) &&
+ $titleObj->getNextRevisionID( $undoafterRev->getId() ) == $params['undo']
+ ) {
+ $params['summary'] = wfMessage( 'undo-summary' )
+ ->params( $params['undo'], $undoRev->getUserText() )->inContentLanguage()->text();
+ }
+ }
+
+ // See if the MD5 hash checks out
+ if ( !is_null( $params['md5'] ) && md5( $toMD5 ) !== $params['md5'] ) {
+ $this->dieWithError( 'apierror-badmd5' );
+ }
+
+ // EditPage wants to parse its stuff from a WebRequest
+ // That interface kind of sucks, but it's workable
+ $requestArray = [
+ 'wpTextbox1' => $params['text'],
+ 'format' => $contentFormat,
+ 'model' => $contentModel,
+ 'wpEditToken' => $params['token'],
+ 'wpIgnoreBlankSummary' => true,
+ 'wpIgnoreBlankArticle' => true,
+ 'wpIgnoreSelfRedirect' => true,
+ 'bot' => $params['bot'],
+ 'wpUnicodeCheck' => EditPage::UNICODE_CHECK,
+ ];
+
+ if ( !is_null( $params['summary'] ) ) {
+ $requestArray['wpSummary'] = $params['summary'];
+ }
+
+ if ( !is_null( $params['sectiontitle'] ) ) {
+ $requestArray['wpSectionTitle'] = $params['sectiontitle'];
+ }
+
+ // TODO: Pass along information from 'undoafter' as well
+ if ( $params['undo'] > 0 ) {
+ $requestArray['wpUndidRevision'] = $params['undo'];
+ }
+
+ // Watch out for basetimestamp == '' or '0'
+ // It gets treated as NOW, almost certainly causing an edit conflict
+ if ( $params['basetimestamp'] !== null && (bool)$this->getMain()->getVal( 'basetimestamp' ) ) {
+ $requestArray['wpEdittime'] = $params['basetimestamp'];
+ } else {
+ $requestArray['wpEdittime'] = $pageObj->getTimestamp();
+ }
+
+ if ( $params['starttimestamp'] !== null ) {
+ $requestArray['wpStarttime'] = $params['starttimestamp'];
+ } else {
+ $requestArray['wpStarttime'] = wfTimestampNow(); // Fake wpStartime
+ }
+
+ if ( $params['minor'] || ( !$params['notminor'] && $user->getOption( 'minordefault' ) ) ) {
+ $requestArray['wpMinoredit'] = '';
+ }
+
+ if ( $params['recreate'] ) {
+ $requestArray['wpRecreate'] = '';
+ }
+
+ if ( !is_null( $params['section'] ) ) {
+ $section = $params['section'];
+ if ( !preg_match( '/^((T-)?\d+|new)$/', $section ) ) {
+ $this->dieWithError( 'apierror-invalidsection' );
+ }
+ $content = $pageObj->getContent();
+ if ( $section !== '0' && $section != 'new'
+ && ( !$content || !$content->getSection( $section ) )
+ ) {
+ $this->dieWithError( [ 'apierror-nosuchsection', $section ] );
+ }
+ $requestArray['wpSection'] = $params['section'];
+ } else {
+ $requestArray['wpSection'] = '';
+ }
+
+ $watch = $this->getWatchlistValue( $params['watchlist'], $titleObj );
+
+ // Deprecated parameters
+ if ( $params['watch'] ) {
+ $watch = true;
+ } elseif ( $params['unwatch'] ) {
+ $watch = false;
+ }
+
+ if ( $watch ) {
+ $requestArray['wpWatchthis'] = '';
+ }
+
+ // Apply change tags
+ if ( $params['tags'] ) {
+ $tagStatus = ChangeTags::canAddTagsAccompanyingChange( $params['tags'], $user );
+ if ( $tagStatus->isOK() ) {
+ $requestArray['wpChangeTags'] = implode( ',', $params['tags'] );
+ } else {
+ $this->dieStatus( $tagStatus );
+ }
+ }
+
+ // Pass through anything else we might have been given, to support extensions
+ // This is kind of a hack but it's the best we can do to make extensions work
+ $requestArray += $this->getRequest()->getValues();
+
+ global $wgTitle, $wgRequest;
+
+ $req = new DerivativeRequest( $this->getRequest(), $requestArray, true );
+
+ // Some functions depend on $wgTitle == $ep->mTitle
+ // TODO: Make them not or check if they still do
+ $wgTitle = $titleObj;
+
+ $articleContext = new RequestContext;
+ $articleContext->setRequest( $req );
+ $articleContext->setWikiPage( $pageObj );
+ $articleContext->setUser( $this->getUser() );
+
+ /** @var Article $articleObject */
+ $articleObject = Article::newFromWikiPage( $pageObj, $articleContext );
+
+ $ep = new EditPage( $articleObject );
+
+ $ep->setApiEditOverride( true );
+ $ep->setContextTitle( $titleObj );
+ $ep->importFormData( $req );
+ $content = $ep->textbox1;
+
+ // Run hooks
+ // Handle APIEditBeforeSave parameters
+ $r = [];
+ // Deprecated in favour of EditFilterMergedContent
+ if ( !Hooks::run( 'APIEditBeforeSave', [ $ep, $content, &$r ], '1.28' ) ) {
+ if ( count( $r ) ) {
+ $r['result'] = 'Failure';
+ $apiResult->addValue( null, $this->getModuleName(), $r );
+
+ return;
+ }
+
+ $this->dieWithError( 'hookaborted' );
+ }
+
+ // Do the actual save
+ $oldRevId = $articleObject->getRevIdFetched();
+ $result = null;
+ // Fake $wgRequest for some hooks inside EditPage
+ // @todo FIXME: This interface SUCKS
+ $oldRequest = $wgRequest;
+ $wgRequest = $req;
+
+ $status = $ep->attemptSave( $result );
+ $wgRequest = $oldRequest;
+
+ switch ( $status->value ) {
+ case EditPage::AS_HOOK_ERROR:
+ case EditPage::AS_HOOK_ERROR_EXPECTED:
+ if ( isset( $status->apiHookResult ) ) {
+ $r = $status->apiHookResult;
+ $r['result'] = 'Failure';
+ $apiResult->addValue( null, $this->getModuleName(), $r );
+ return;
+ }
+ if ( !$status->getErrors() ) {
+ // This appears to be unreachable right now, because all
+ // code paths will set an error. Could change, though.
+ $status->fatal( 'hookaborted' ); //@codeCoverageIgnore
+ }
+ $this->dieStatus( $status );
+
+ // These two cases will normally have been caught earlier, and will
+ // only occur if something blocks the user between the earlier
+ // check and the check in EditPage (presumably a hook). It's not
+ // obvious that this is even possible.
+ // @codeCoverageIgnoreStart
+ case EditPage::AS_BLOCKED_PAGE_FOR_USER:
+ $this->dieWithError(
+ 'apierror-blocked',
+ 'blocked',
+ [ 'blockinfo' => ApiQueryUserInfo::getBlockInfo( $user->getBlock() ) ]
+ );
+
+ case EditPage::AS_READ_ONLY_PAGE:
+ $this->dieReadOnly();
+ // @codeCoverageIgnoreEnd
+
+ case EditPage::AS_SUCCESS_NEW_ARTICLE:
+ $r['new'] = true;
+ // fall-through
+
+ case EditPage::AS_SUCCESS_UPDATE:
+ $r['result'] = 'Success';
+ $r['pageid'] = intval( $titleObj->getArticleID() );
+ $r['title'] = $titleObj->getPrefixedText();
+ $r['contentmodel'] = $articleObject->getContentModel();
+ $newRevId = $articleObject->getLatest();
+ if ( $newRevId == $oldRevId ) {
+ $r['nochange'] = true;
+ } else {
+ $r['oldrevid'] = intval( $oldRevId );
+ $r['newrevid'] = intval( $newRevId );
+ $r['newtimestamp'] = wfTimestamp( TS_ISO_8601,
+ $pageObj->getTimestamp() );
+ }
+ break;
+
+ default:
+ if ( !$status->getErrors() ) {
+ // EditPage sometimes only sets the status code without setting
+ // any actual error messages. Supply defaults for those cases.
+ switch ( $status->value ) {
+ // Currently needed
+ case EditPage::AS_IMAGE_REDIRECT_ANON:
+ $status->fatal( 'apierror-noimageredirect-anon' );
+ break;
+ case EditPage::AS_IMAGE_REDIRECT_LOGGED:
+ $status->fatal( 'apierror-noimageredirect' );
+ break;
+ case EditPage::AS_CONTENT_TOO_BIG:
+ case EditPage::AS_MAX_ARTICLE_SIZE_EXCEEDED:
+ $status->fatal( 'apierror-contenttoobig', $this->getConfig()->get( 'MaxArticleSize' ) );
+ break;
+ case EditPage::AS_READ_ONLY_PAGE_ANON:
+ $status->fatal( 'apierror-noedit-anon' );
+ break;
+ case EditPage::AS_NO_CHANGE_CONTENT_MODEL:
+ $status->fatal( 'apierror-cantchangecontentmodel' );
+ break;
+ case EditPage::AS_ARTICLE_WAS_DELETED:
+ $status->fatal( 'apierror-pagedeleted' );
+ break;
+ case EditPage::AS_CONFLICT_DETECTED:
+ $status->fatal( 'editconflict' );
+ break;
+
+ // Currently shouldn't be needed, but here in case
+ // hooks use them without setting appropriate
+ // errors on the status.
+ // @codeCoverageIgnoreStart
+ case EditPage::AS_SPAM_ERROR:
+ $status->fatal( 'apierror-spamdetected', $result['spam'] );
+ break;
+ case EditPage::AS_READ_ONLY_PAGE_LOGGED:
+ $status->fatal( 'apierror-noedit' );
+ break;
+ case EditPage::AS_RATE_LIMITED:
+ $status->fatal( 'apierror-ratelimited' );
+ break;
+ case EditPage::AS_NO_CREATE_PERMISSION:
+ $status->fatal( 'nocreate-loggedin' );
+ break;
+ case EditPage::AS_BLANK_ARTICLE:
+ $status->fatal( 'apierror-emptypage' );
+ break;
+ case EditPage::AS_TEXTBOX_EMPTY:
+ $status->fatal( 'apierror-emptynewsection' );
+ break;
+ case EditPage::AS_SUMMARY_NEEDED:
+ $status->fatal( 'apierror-summaryrequired' );
+ break;
+ default:
+ wfWarn( __METHOD__ . ": Unknown EditPage code {$status->value} with no message" );
+ $status->fatal( 'apierror-unknownerror-editpage', $status->value );
+ break;
+ // @codeCoverageIgnoreEnd
+ }
+ }
+ $this->dieStatus( $status );
+ }
+ $apiResult->addValue( null, $this->getModuleName(), $r );
+ }
+
+ public function mustBePosted() {
+ return true;
+ }
+
+ public function isWriteMode() {
+ return true;
+ }
+
+ public function getAllowedParams() {
+ return [
+ 'title' => [
+ ApiBase::PARAM_TYPE => 'string',
+ ],
+ 'pageid' => [
+ ApiBase::PARAM_TYPE => 'integer',
+ ],
+ 'section' => null,
+ 'sectiontitle' => [
+ ApiBase::PARAM_TYPE => 'string',
+ ],
+ 'text' => [
+ ApiBase::PARAM_TYPE => 'text',
+ ],
+ 'summary' => null,
+ 'tags' => [
+ ApiBase::PARAM_TYPE => 'tags',
+ ApiBase::PARAM_ISMULTI => true,
+ ],
+ 'minor' => false,
+ 'notminor' => false,
+ 'bot' => false,
+ 'basetimestamp' => [
+ ApiBase::PARAM_TYPE => 'timestamp',
+ ],
+ 'starttimestamp' => [
+ ApiBase::PARAM_TYPE => 'timestamp',
+ ],
+ 'recreate' => false,
+ 'createonly' => false,
+ 'nocreate' => false,
+ 'watch' => [
+ ApiBase::PARAM_DFLT => false,
+ ApiBase::PARAM_DEPRECATED => true,
+ ],
+ 'unwatch' => [
+ ApiBase::PARAM_DFLT => false,
+ ApiBase::PARAM_DEPRECATED => true,
+ ],
+ 'watchlist' => [
+ ApiBase::PARAM_DFLT => 'preferences',
+ ApiBase::PARAM_TYPE => [
+ 'watch',
+ 'unwatch',
+ 'preferences',
+ 'nochange'
+ ],
+ ],
+ 'md5' => null,
+ 'prependtext' => [
+ ApiBase::PARAM_TYPE => 'text',
+ ],
+ 'appendtext' => [
+ ApiBase::PARAM_TYPE => 'text',
+ ],
+ 'undo' => [
+ ApiBase::PARAM_TYPE => 'integer',
+ ApiBase::PARAM_MIN => 0,
+ ApiBase::PARAM_RANGE_ENFORCE => true,
+ ],
+ 'undoafter' => [
+ ApiBase::PARAM_TYPE => 'integer',
+ ApiBase::PARAM_MIN => 0,
+ ApiBase::PARAM_RANGE_ENFORCE => true,
+ ],
+ 'redirect' => [
+ ApiBase::PARAM_TYPE => 'boolean',
+ ApiBase::PARAM_DFLT => false,
+ ],
+ 'contentformat' => [
+ ApiBase::PARAM_TYPE => ContentHandler::getAllContentFormats(),
+ ],
+ 'contentmodel' => [
+ ApiBase::PARAM_TYPE => ContentHandler::getContentModels(),
+ ],
+ 'token' => [
+ // Standard definition automatically inserted
+ ApiBase::PARAM_HELP_MSG_APPEND => [ 'apihelp-edit-param-token' ],
+ ],
+ ];
+ }
+
+ public function needsToken() {
+ return 'csrf';
+ }
+
+ protected function getExamplesMessages() {
+ return [
+ 'action=edit&title=Test&summary=test%20summary&' .
+ 'text=article%20content&basetimestamp=2007-08-24T12:34:54Z&token=123ABC'
+ => 'apihelp-edit-example-edit',
+ 'action=edit&title=Test&summary=NOTOC&minor=&' .
+ 'prependtext=__NOTOC__%0A&basetimestamp=2007-08-24T12:34:54Z&token=123ABC'
+ => 'apihelp-edit-example-prepend',
+ 'action=edit&title=Test&undo=13585&undoafter=13579&' .
+ 'basetimestamp=2007-08-24T12:34:54Z&token=123ABC'
+ => 'apihelp-edit-example-undo',
+ ];
+ }
+
+ public function getHelpUrls() {
+ return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Edit';
+ }
+}
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-05 06:55:59 +0000