dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Revert r24105, r24106, r24107 'security fix' forbidden text/css and text/javascript...
[lhc/web/wiklou.git] / includes / api / ApiQueryRevisions.php
1 <?php
2
3 /*
4 * Created on Sep 7, 2006
5 *
6 * API for MediaWiki 1.8+
7 *
8 * Copyright (C) 2006 Yuri Astrakhan <Firstname><Lastname>@gmail.com
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 * http://www.gnu.org/copyleft/gpl.html
24 */
25
26 if (!defined('MEDIAWIKI')) {
27 // Eclipse helper - will be ignored in production
28 require_once ('ApiQueryBase.php');
29 }
30
31 /**
32 * A query action to enumerate revisions of a given page, or show top revisions of multiple pages.
33 * Various pieces of information may be shown - flags, comments, and the actual wiki markup of the rev.
34 * In the enumeration mode, ranges of revisions may be requested and filtered.
35 *
36 * @addtogroup API
37 */
38 class ApiQueryRevisions extends ApiQueryBase {
39
40 public function __construct($query, $moduleName) {
41 parent :: __construct($query, $moduleName, 'rv');
42 }
43
44 private $fld_ids = false, $fld_flags = false, $fld_timestamp = false,
45 $fld_comment = false, $fld_user = false, $fld_content = false;
46
47 public function execute() {
48 $limit = $startid = $endid = $start = $end = $dir = $prop = $user = $excludeuser = null;
49 extract($this->extractRequestParams());
50
51 // If any of those parameters are used, work in 'enumeration' mode.
52 // Enum mode can only be used when exactly one page is provided.
53 // Enumerating revisions on multiple pages make it extremelly
54 // difficult to manage continuations and require additional sql indexes
55 $enumRevMode = (!is_null($user) || !is_null($excludeuser) || !is_null($limit) || !is_null($startid) || !is_null($endid) || $dir === 'newer' || !is_null($start) || !is_null($end));
56
57 $pageSet = $this->getPageSet();
58 $pageCount = $pageSet->getGoodTitleCount();
59 $revCount = $pageSet->getRevisionCount();
60
61 // Optimization -- nothing to do
62 if ($revCount === 0 && $pageCount === 0)
63 return;
64
65 if ($revCount > 0 && $enumRevMode)
66 $this->dieUsage('The revids= parameter may not be used with the list options (limit, startid, endid, dirNewer, start, end).', 'revids');
67
68 if ($pageCount > 1 && $enumRevMode)
69 $this->dieUsage('titles, pageids or a generator was used to supply multiple pages, but the limit, startid, endid, dirNewer, user, excludeuser, start, and end parameters may only be used on a single page.', 'multpages');
70
71 $this->addTables('revision');
72 $this->addWhere('rev_deleted=0');
73
74 $prop = array_flip($prop);
75
76 // These field are needed regardless of the client requesting them
77 $this->addFields('rev_id');
78 $this->addFields('rev_page');
79
80 // Optional fields
81 $this->fld_ids = isset ($prop['ids']);
82 // $this->addFieldsIf('rev_text_id', $this->fld_ids); // should this be exposed?
83 $this->fld_flags = $this->addFieldsIf('rev_minor_edit', isset ($prop['flags']));
84 $this->fld_timestamp = $this->addFieldsIf('rev_timestamp', isset ($prop['timestamp']));
85 $this->fld_comment = $this->addFieldsIf('rev_comment', isset ($prop['comment']));
86
87 if (isset ($prop['user'])) {
88 $this->addFields('rev_user');
89 $this->addFields('rev_user_text');
90 $this->fld_user = true;
91 }
92 if (isset ($prop['content'])) {
93
94 // For each page we will request, the user must have read rights for that page
95 foreach ($pageSet->getGoodTitles() as $title) {
96 if( !$title->userCanRead() )
97 $this->dieUsage(
98 'The current user is not allowed to read ' . $title->getPrefixedText(),
99 'accessdenied');
100 }
101
102 $this->addTables('text');
103 $this->addWhere('rev_text_id=old_id');
104 $this->addFields('old_id');
105 $this->addFields('old_text');
106 $this->addFields('old_flags');
107 $this->fld_content = true;
108 }
109
110 $userMax = ($this->fld_content ? 50 : 500);
111 $botMax = ($this->fld_content ? 200 : 10000);
112
113 if ($enumRevMode) {
114
115 // This is mostly to prevent parameter errors (and optimize sql?)
116 if (!is_null($startid) && !is_null($start))
117 $this->dieUsage('start and startid cannot be used together', 'badparams');
118
119 if (!is_null($endid) && !is_null($end))
120 $this->dieUsage('end and endid cannot be used together', 'badparams');
121
122 if(!is_null($user) && !is_null( $excludeuser))
123 $this->dieUsage('user and excludeuser cannot be used together', 'badparams');
124
125 // This code makes an assumption that sorting by rev_id and rev_timestamp produces
126 // the same result. This way users may request revisions starting at a given time,
127 // but to page through results use the rev_id returned after each page.
128 // Switching to rev_id removes the potential problem of having more than
129 // one row with the same timestamp for the same page.
130 // The order needs to be the same as start parameter to avoid SQL filesort.
131
132 if (is_null($startid))
133 $this->addWhereRange('rev_timestamp', $dir, $start, $end);
134 else
135 $this->addWhereRange('rev_id', $dir, $startid, $endid);
136
137 // must manually initialize unset limit
138 if (is_null($limit))
139 $limit = 10;
140 $this->validateLimit('limit', $limit, 1, $userMax, $botMax);
141
142 // There is only one ID, use it
143 $this->addWhereFld('rev_page', current(array_keys($pageSet->getGoodTitles())));
144
145 if(!is_null($user)) {
146 $this->addWhereFld('rev_user_text', $user);
147 } elseif (!is_null( $excludeuser)) {
148 $this->addWhere('rev_user_text != ' . $this->getDB()->addQuotes($excludeuser));
149 }
150 }
151 elseif ($revCount > 0) {
152 $this->validateLimit('rev_count', $revCount, 1, $userMax, $botMax);
153
154 // Get all revision IDs
155 $this->addWhereFld('rev_id', array_keys($pageSet->getRevisionIDs()));
156
157 // assumption testing -- we should never get more then $revCount rows.
158 $limit = $revCount;
159 }
160 elseif ($pageCount > 0) {
161 // When working in multi-page non-enumeration mode,
162 // limit to the latest revision only
163 $this->addTables('page');
164 $this->addWhere('page_id=rev_page');
165 $this->addWhere('page_latest=rev_id');
166 $this->validateLimit('page_count', $pageCount, 1, $userMax, $botMax);
167
168 // Get all page IDs
169 $this->addWhereFld('page_id', array_keys($pageSet->getGoodTitles()));
170
171 // assumption testing -- we should never get more then $pageCount rows.
172 $limit = $pageCount;
173 } else
174 ApiBase :: dieDebug(__METHOD__, 'param validation?');
175
176 $this->addOption('LIMIT', $limit +1);
177
178 $data = array ();
179 $count = 0;
180 $res = $this->select(__METHOD__);
181
182 $db = $this->getDB();
183 while ($row = $db->fetchObject($res)) {
184
185 if (++ $count > $limit) {
186 // We've reached the one extra which shows that there are additional pages to be had. Stop here...
187 if (!$enumRevMode)
188 ApiBase :: dieDebug(__METHOD__, 'Got more rows then expected'); // bug report
189 $this->setContinueEnumParameter('startid', intval($row->rev_id));
190 break;
191 }
192
193 $this->getResult()->addValue(
194 array (
195 'query',
196 'pages',
197 intval($row->rev_page),
198 'revisions'),
199 null,
200 $this->extractRowInfo($row));
201 }
202 $db->freeResult($res);
203
204 // Ensure that all revisions are shown as '<rev>' elements
205 $result = $this->getResult();
206 if ($result->getIsRawMode()) {
207 $data =& $result->getData();
208 foreach ($data['query']['pages'] as & $page) {
209 if (is_array($page) && array_key_exists('revisions', $page)) {
210 $result->setIndexedTagName($page['revisions'], 'rev');
211 }
212 }
213 }
214 }
215
216 private function extractRowInfo($row) {
217
218 $vals = array ();
219
220 if ($this->fld_ids) {
221 $vals['revid'] = intval($row->rev_id);
222 $vals['pageid'] = intval($row->rev_page);
223 // $vals['oldid'] = intval($row->rev_text_id); // todo: should this be exposed?
224 }
225
226 if ($this->fld_flags && $row->rev_minor_edit)
227 $vals['minor'] = '';
228
229 if ($this->fld_user) {
230 $vals['user'] = $row->rev_user_text;
231 if (!$row->rev_user)
232 $vals['anon'] = '';
233 }
234
235 if ($this->fld_timestamp) {
236 $vals['timestamp'] = wfTimestamp(TS_ISO_8601, $row->rev_timestamp);
237 }
238
239 if ($this->fld_comment && !empty ($row->rev_comment)) {
240 $vals['comment'] = $row->rev_comment;
241 }
242
243 if ($this->fld_content) {
244 ApiResult :: setContent($vals, Revision :: getRevisionText($row));
245 }
246
247 return $vals;
248 }
249
250 protected function getAllowedParams() {
251 return array (
252 'prop' => array (
253 ApiBase :: PARAM_ISMULTI => true,
254 ApiBase :: PARAM_DFLT => 'ids|timestamp|flags|comment|user',
255 ApiBase :: PARAM_TYPE => array (
256 'ids',
257 'flags',
258 'timestamp',
259 'user',
260 'comment',
261 'content'
262 )
263 ),
264 'limit' => array (
265 ApiBase :: PARAM_TYPE => 'limit',
266 ApiBase :: PARAM_MIN => 1,
267 ApiBase :: PARAM_MAX => ApiBase :: LIMIT_SML1,
268 ApiBase :: PARAM_MAX2 => ApiBase :: LIMIT_SML2
269 ),
270 'startid' => array (
271 ApiBase :: PARAM_TYPE => 'integer'
272 ),
273 'endid' => array (
274 ApiBase :: PARAM_TYPE => 'integer'
275 ),
276 'start' => array (
277 ApiBase :: PARAM_TYPE => 'timestamp'
278 ),
279 'end' => array (
280 ApiBase :: PARAM_TYPE => 'timestamp'
281 ),
282 'dir' => array (
283 ApiBase :: PARAM_DFLT => 'older',
284 ApiBase :: PARAM_TYPE => array (
285 'newer',
286 'older'
287 )
288 ),
289 'user' => array(
290 ApiBase :: PARAM_TYPE => 'user'
291 ),
292 'excludeuser' => array(
293 ApiBase :: PARAM_TYPE => 'user'
294 )
295 );
296 }
297
298 protected function getParamDescription() {
299 return array (
300 'prop' => 'Which properties to get for each revision.',
301 'limit' => 'limit how many revisions will be returned (enum)',
302 'startid' => 'from which revision id to start enumeration (enum)',
303 'endid' => 'stop revision enumeration on this revid (enum)',
304 'start' => 'from which revision timestamp to start enumeration (enum)',
305 'end' => 'enumerate up to this timestamp (enum)',
306 'dir' => 'direction of enumeration - towards "newer" or "older" revisions (enum)',
307 'user' => 'only include revisions made by user',
308 'excludeuser' => 'exclude revisions made by user',
309 );
310 }
311
312 protected function getDescription() {
313 return array (
314 'Get revision information.',
315 'This module may be used in several ways:',
316 ' 1) Get data about a set of pages (last revision), by setting titles or pageids parameter.',
317 ' 2) Get revisions for one given page, by using titles/pageids with start/end/limit params.',
318 ' 3) Get data about a set of revisions by setting their IDs with revids parameter.',
319 'All parameters marked as (enum) may only be used with a single page (#2).'
320 );
321 }
322
323 protected function getExamples() {
324 return array (
325 'Get data with content for the last revision of titles "API" and "Main Page":',
326 ' api.php?action=query&prop=revisions&titles=API|Main%20Page&rvprop=timestamp|user|comment|content',
327 'Get last 5 revisions of the "Main Page":',
328 ' api.php?action=query&prop=revisions&titles=Main%20Page&rvlimit=5&rvprop=timestamp|user|comment',
329 'Get first 5 revisions of the "Main Page":',
330 ' api.php?action=query&prop=revisions&titles=Main%20Page&rvlimit=5&rvprop=timestamp|user|comment&rvdir=newer',
331 'Get first 5 revisions of the "Main Page" made after 2006-05-01:',
332 ' api.php?action=query&prop=revisions&titles=Main%20Page&rvlimit=5&rvprop=timestamp|user|comment&rvdir=newer&rvstart=20060501000000',
333 'Get first 5 revisions of the "Main Page" that were not made made by anonymous user "127.0.0.1"',
334 ' api.php?action=query&prop=revisions&titles=Main%20Page&rvlimit=5&rvprop=timestamp|user|comment&rvexcludeuser=127.0.0.1',
335 'Get first 5 revisions of the "Main Page" that were made by the user "MediaWiki default"',
336 ' api.php?action=query&prop=revisions&titles=Main%20Page&rvlimit=5&rvprop=timestamp|user|comment&rvuser=MediaWiki%20default',
337 );
338 }
339
340 public function getVersion() {
341 return __CLASS__ . ': $Id$';
342 }
343 }
344
Wiklou, le Wiki du Wiklou