X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fapi%2FApiMain.php;h=458fd18ffa5ec60e187a1db548ed27dc192b8075;hb=240f789c892694cc92c896b87c98458581494149;hp=49b9786ccb934206c376003dbcc5e8951ff7a19b;hpb=8b2139e1a773ab4be16a58c8cf2edb1c86b4b798;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 49b9786ccb..458fd18ffa 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -769,7 +769,7 @@ class ApiMain extends ApiBase {
 					return;
 				}
 				// Logged out, send normal public headers below
-			} elseif ( session_id() != '' ) {
+			} elseif ( MediaWiki\Session\SessionManager::getGlobalSession()->isPersistent() ) {
 				// Logged in or otherwise has session (e.g. anonymous users who have edited)
 				// Mark request private
 				$response->header( "Cache-Control: $privateCache" );
@@ -1231,7 +1231,8 @@ class ApiMain extends ApiBase {
 	 * @param array $params An array with the request parameters
 	 */
 	protected function setupExternalResponse( $module, $params ) {
-		if ( !$this->getRequest()->wasPosted() && $module->mustBePosted() ) {
+		$request = $this->getRequest();
+		if ( !$request->wasPosted() && $module->mustBePosted() ) {
 			// Module requires POST. GET request might still be allowed
 			// if $wgDebugApi is true, otherwise fail.
 			$this->dieUsageMsgOrDebug( array( 'mustbeposted', $this->mAction ) );
@@ -1243,6 +1244,15 @@ class ApiMain extends ApiBase {
 			// Create an appropriate printer
 			$this->mPrinter = $this->createPrinterByName( $params['format'] );
 		}
+
+		if ( $request->getProtocol() === 'http' && (
+			$request->getSession()->shouldForceHTTPS() ||
+			( $this->getUser()->isLoggedIn() &&
+				$this->getUser()->requiresHTTPS() )
+		) ) {
+			$this->logFeatureUsage( 'https-expected' );
+			$this->setWarning( 'HTTP used when HTTPS was expected' );
+		}
 	}
 
 	/**
@@ -1253,6 +1263,8 @@ class ApiMain extends ApiBase {
 		$module = $this->setupModule();
 		$this->mModule = $module;
 
+		$this->setRequestExpectations( $module );
+
 		$this->checkExecutePermissions( $module );
 
 		if ( !$this->checkMaxLag( $module, $params ) ) {
@@ -1284,6 +1296,24 @@ class ApiMain extends ApiBase {
 		}
 	}
 
+	/**
+	 * Set database connection, query, and write expectations given this module request
+	 * @param ApiBase $module
+	 */
+	protected function setRequestExpectations( ApiBase $module ) {
+		$limits = $this->getConfig()->get( 'TrxProfilerLimits' );
+		$trxProfiler = Profiler::instance()->getTransactionProfiler();
+		if ( $this->getRequest()->wasPosted() ) {
+			if ( $module->isWriteMode() ) {
+				$trxProfiler->setExpectations( $limits['POST'], __METHOD__ );
+			} else {
+				$trxProfiler->setExpectations( $limits['POST-nonwrite'], __METHOD__ );
+			}
+		} else {
+			$trxProfiler->setExpectations( $limits['GET'], __METHOD__ );
+		}
+	}
+
 	/**
 	 * Log the preceding request
 	 * @param float $time Time in seconds
@@ -1768,15 +1798,6 @@ class ApiMain extends ApiBase {
 		$this->getModuleManager()->addModule( $name, 'format', $class );
 	}
 
-	/**
-	 * Get the array mapping module names to class names
-	 * @deprecated since 1.21, Use getModuleManager()'s methods instead.
-	 * @return array
-	 */
-	function getModules() {
-		return $this->getModuleManager()->getNamesWithClasses( 'action' );
-	}
-
 	/**
 	 * Returns the list of supported formats in form ( 'format' => 'ClassName' )
 	 *