X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fapi%2FApiCheckToken.php;h=5d641d83e4f65bb400ba837f1b313f94ebed8caa;hb=8def7a9fc37a7af37c96bcc495bdc22e86059178;hp=dfcbaf890e3f91e44420dadef88f07fe43de5b2e;hpb=4b63ca7113ee48b8c33ad19abc5b89d452b3590e;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/api/ApiCheckToken.php b/includes/api/ApiCheckToken.php index dfcbaf890e..5d641d83e4 100644 --- a/includes/api/ApiCheckToken.php +++ b/includes/api/ApiCheckToken.php @@ -1,8 +1,6 @@ getUser(), $this->getRequest()->getSession(), $salts[$params['type']] ); + + if ( substr( $token, -strlen( urldecode( Token::SUFFIX ) ) ) === urldecode( Token::SUFFIX ) ) { + $this->addWarning( 'apiwarn-checktoken-percentencoding' ); + } + if ( $tokenObj->match( $token, $maxage ) ) { $res['result'] = 'valid'; } elseif ( $maxage !== null && $tokenObj->match( $token ) ) { @@ -47,7 +52,7 @@ class ApiCheckToken extends ApiBase { $res['result'] = 'invalid'; } - $ts = MediaWiki\Session\Token::getTimestamp( $token ); + $ts = Token::getTimestamp( $token ); if ( $ts !== null ) { $mwts = new MWTimestamp(); $mwts->timestamp->setTimestamp( $ts ); @@ -58,25 +63,26 @@ class ApiCheckToken extends ApiBase { } public function getAllowedParams() { - return array( - 'type' => array( + return [ + 'type' => [ ApiBase::PARAM_TYPE => array_keys( ApiQueryTokens::getTokenTypeSalts() ), ApiBase::PARAM_REQUIRED => true, - ), - 'token' => array( + ], + 'token' => [ ApiBase::PARAM_TYPE => 'string', ApiBase::PARAM_REQUIRED => true, - ), - 'maxtokenage' => array( + ApiBase::PARAM_SENSITIVE => true, + ], + 'maxtokenage' => [ ApiBase::PARAM_TYPE => 'integer', - ), - ); + ], + ]; } protected function getExamplesMessages() { - return array( + return [ 'action=checktoken&type=csrf&token=123ABC' => 'apihelp-checktoken-example-simple', - ); + ]; } }