api.php

   1 <?php
   2 /**
   3  * This file is the entry point for all API queries.
   4  *
   5  * It begins by checking whether the API is enabled on this wiki; if not,
   6  * it informs the user that s/he should set $wgEnableAPI to true and exits.
   7  * Otherwise, it constructs a new ApiMain using the parameter passed to it
   8  * as an argument in the URL ('?action=') and with write-enabled set to the
   9  * value of $wgEnableWriteAPI as specified in LocalSettings.php.
  10  * It then invokes "execute()" on the ApiMain object instance, which
  11  * produces output in the format specified in the URL.
  12  *
  13  * Copyright © 2006 Yuri Astrakhan <Firstname><Lastname>@gmail.com
  14  *
  15  * This program is free software; you can redistribute it and/or modify
  16  * it under the terms of the GNU General Public License as published by
  17  * the Free Software Foundation; either version 2 of the License, or
  18  * (at your option) any later version.
  19  *
  20  * This program is distributed in the hope that it will be useful,
  21  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  22  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  23  * GNU General Public License for more details.
  24  *
  25  * You should have received a copy of the GNU General Public License along
  26  * with this program; if not, write to the Free Software Foundation, Inc.,
  27  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  28  * http://www.gnu.org/copyleft/gpl.html
  29  *
  30  * @file
  31  */
  32
  33 use MediaWiki\Logger\LegacyLogger;
  34
  35 // So extensions (and other code) can check whether they're running in API mode
  36 define( 'MW_API', true );
  37
  38 require __DIR__ . '/includes/WebStart.php';
  39
  40 $starttime = microtime( true );
  41
  42 // URL safety checks
  43 if ( !$wgRequest->checkUrlExtension() ) {
  44         return;
  45 }
  46
  47 // Pathinfo can be used for stupid things. We don't support it for api.php at
  48 // all, so error out if it's present.
  49 if ( isset( $_SERVER['PATH_INFO'] ) && $_SERVER['PATH_INFO'] != '' ) {
  50         $correctUrl = wfAppendQuery( wfScript( 'api' ), $wgRequest->getQueryValues() );
  51         $correctUrl = wfExpandUrl( $correctUrl, PROTO_CANONICAL );
  52         header( "Location: $correctUrl", true, 301 );
  53         echo 'This endpoint does not support "path info", i.e. extra text between "api.php"'
  54                 . 'and the "?". Remove any such text and try again.';
  55         die( 1 );
  56 }
  57
  58 // Verify that the API has not been disabled
  59 if ( !$wgEnableAPI ) {
  60         header( $_SERVER['SERVER_PROTOCOL'] . ' 500 MediaWiki configuration Error', true, 500 );
  61         echo 'MediaWiki API is not enabled for this site. Add the following line to your LocalSettings.php'
  62                 . '<pre><b>$wgEnableAPI=true;</b></pre>';
  63         die( 1 );
  64 }
  65
  66 // Set a dummy $wgTitle, because $wgTitle == null breaks various things
  67 // In a perfect world this wouldn't be necessary
  68 $wgTitle = Title::makeTitle( NS_SPECIAL, 'Badtitle/dummy title for API calls set in api.php' );
  69
  70 // RequestContext will read from $wgTitle, but it will also whine about it.
  71 // In a perfect world this wouldn't be necessary either.
  72 RequestContext::getMain()->setTitle( $wgTitle );
  73
  74 try {
  75         /* Construct an ApiMain with the arguments passed via the URL. What we get back
  76          * is some form of an ApiMain, possibly even one that produces an error message,
  77          * but we don't care here, as that is handled by the constructor.
  78          */
  79         $processor = new ApiMain( RequestContext::getMain(), $wgEnableWriteAPI );
  80
  81         // Last chance hook before executing the API
  82         Hooks::run( 'ApiBeforeMain', [ &$processor ] );
  83         if ( !$processor instanceof ApiMain ) {
  84                 throw new MWException( 'ApiBeforeMain hook set $processor to a non-ApiMain class' );
  85         }
  86 } catch ( Exception $e ) {
  87         // Crap. Try to report the exception in API format to be friendly to clients.
  88         ApiMain::handleApiBeforeMainException( $e );
  89         $processor = false;
  90 }
  91
  92 // Process data & print results
  93 if ( $processor ) {
  94         $processor->execute();
  95 }
  96
  97 // Log what the user did, for book-keeping purposes.
  98 $endtime = microtime( true );
  99
 100 // Log the request
 101 if ( $wgAPIRequestLog ) {
 102         $items = [
 103                 wfTimestamp( TS_MW ),
 104                 $endtime - $starttime,
 105                 $wgRequest->getIP(),
 106                 $wgRequest->getHeader( 'User-agent' )
 107         ];
 108         $items[] = $wgRequest->wasPosted() ? 'POST' : 'GET';
 109         if ( $processor ) {
 110                 try {
 111                         $manager = $processor->getModuleManager();
 112                         $module = $manager->getModule( $wgRequest->getVal( 'action' ), 'action' );
 113                 } catch ( Exception $ex ) {
 114                         $module = null;
 115                 }
 116                 if ( !$module || $module->mustBePosted() ) {
 117                         $items[] = "action=" . $wgRequest->getVal( 'action' );
 118                 } else {
 119                         $items[] = wfArrayToCgi( $wgRequest->getValues() );
 120                 }
 121         } else {
 122                 $items[] = "failed in ApiBeforeMain";
 123         }
 124         LegacyLogger::emit( implode( ',', $items ) . "\n", $wgAPIRequestLog );
 125         wfDebug( "Logged API request to $wgAPIRequestLog\n" );
 126 }
 127
 128 $mediawiki = new MediaWiki();
 129 $mediawiki->doPostOutputShutdown( 'fast' );