dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "Perform a permission check on the title when changing the page language"
[lhc/web/wiklou.git] / includes / api / ApiEditPage.php
1 <?php
2 /**
3 *
4 *
5 * Created on August 16, 2007
6 *
7 * Copyright © 2007 Iker Labarga "<Firstname><Lastname>@gmail.com"
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
22 * http://www.gnu.org/copyleft/gpl.html
23 *
24 * @file
25 */
26
27 /**
28 * A module that allows for editing and creating pages.
29 *
30 * Currently, this wraps around the EditPage class in an ugly way,
31 * EditPage.php should be rewritten to provide a cleaner interface,
32 * see T20654 if you're inspired to fix this.
33 *
34 * @ingroup API
35 */
36 class ApiEditPage extends ApiBase {
37 public function execute() {
38 $this->useTransactionalTimeLimit();
39
40 $user = $this->getUser();
41 $params = $this->extractRequestParams();
42
43 $this->requireAtLeastOneParameter( $params, 'text', 'appendtext', 'prependtext', 'undo' );
44
45 $pageObj = $this->getTitleOrPageId( $params );
46 $titleObj = $pageObj->getTitle();
47 $apiResult = $this->getResult();
48
49 if ( $params['redirect'] ) {
50 if ( $params['prependtext'] === null && $params['appendtext'] === null
51 && $params['section'] !== 'new'
52 ) {
53 $this->dieWithError( 'apierror-redirect-appendonly' );
54 }
55 if ( $titleObj->isRedirect() ) {
56 $oldTitle = $titleObj;
57
58 $titles = Revision::newFromTitle( $oldTitle, false, Revision::READ_LATEST )
59 ->getContent( Revision::FOR_THIS_USER, $user )
60 ->getRedirectChain();
61 // array_shift( $titles );
62
63 $redirValues = [];
64
65 /** @var $newTitle Title */
66 foreach ( $titles as $id => $newTitle ) {
67 if ( !isset( $titles[$id - 1] ) ) {
68 $titles[$id - 1] = $oldTitle;
69 }
70
71 $redirValues[] = [
72 'from' => $titles[$id - 1]->getPrefixedText(),
73 'to' => $newTitle->getPrefixedText()
74 ];
75
76 $titleObj = $newTitle;
77 }
78
79 ApiResult::setIndexedTagName( $redirValues, 'r' );
80 $apiResult->addValue( null, 'redirects', $redirValues );
81
82 // Since the page changed, update $pageObj
83 $pageObj = WikiPage::factory( $titleObj );
84 }
85 }
86
87 if ( !isset( $params['contentmodel'] ) || $params['contentmodel'] == '' ) {
88 $contentHandler = $pageObj->getContentHandler();
89 } else {
90 $contentHandler = ContentHandler::getForModelID( $params['contentmodel'] );
91 }
92 $contentModel = $contentHandler->getModelID();
93
94 $name = $titleObj->getPrefixedDBkey();
95 $model = $contentHandler->getModelID();
96
97 if ( $params['undo'] > 0 ) {
98 // allow undo via api
99 } elseif ( $contentHandler->supportsDirectApiEditing() === false ) {
100 $this->dieWithError( [ 'apierror-no-direct-editing', $model, $name ] );
101 }
102
103 if ( !isset( $params['contentformat'] ) || $params['contentformat'] == '' ) {
104 $contentFormat = $contentHandler->getDefaultFormat();
105 } else {
106 $contentFormat = $params['contentformat'];
107 }
108
109 if ( !$contentHandler->isSupportedFormat( $contentFormat ) ) {
110 $this->dieWithError( [ 'apierror-badformat', $contentFormat, $model, $name ] );
111 }
112
113 if ( $params['createonly'] && $titleObj->exists() ) {
114 $this->dieWithError( 'apierror-articleexists' );
115 }
116 if ( $params['nocreate'] && !$titleObj->exists() ) {
117 $this->dieWithError( 'apierror-missingtitle' );
118 }
119
120 // Now let's check whether we're even allowed to do this
121 $this->checkTitleUserPermissions(
122 $titleObj,
123 $titleObj->exists() ? 'edit' : [ 'edit', 'create' ]
124 );
125
126 $toMD5 = $params['text'];
127 if ( !is_null( $params['appendtext'] ) || !is_null( $params['prependtext'] ) ) {
128 $content = $pageObj->getContent();
129
130 if ( !$content ) {
131 if ( $titleObj->getNamespace() == NS_MEDIAWIKI ) {
132 # If this is a MediaWiki:x message, then load the messages
133 # and return the message value for x.
134 $text = $titleObj->getDefaultMessageText();
135 if ( $text === false ) {
136 $text = '';
137 }
138
139 try {
140 $content = ContentHandler::makeContent( $text, $this->getTitle() );
141 } catch ( MWContentSerializationException $ex ) {
142 $this->dieWithException( $ex, [
143 'wrap' => ApiMessage::create( 'apierror-contentserializationexception', 'parseerror' )
144 ] );
145 return;
146 }
147 } else {
148 # Otherwise, make a new empty content.
149 $content = $contentHandler->makeEmptyContent();
150 }
151 }
152
153 // @todo Add support for appending/prepending to the Content interface
154
155 if ( !( $content instanceof TextContent ) ) {
156 $modelName = $contentHandler->getModelID();
157 $this->dieWithError( [ 'apierror-appendnotsupported', $modelName ] );
158 }
159
160 if ( !is_null( $params['section'] ) ) {
161 if ( !$contentHandler->supportsSections() ) {
162 $modelName = $contentHandler->getModelID();
163 $this->dieWithError( [ 'apierror-sectionsnotsupported', $modelName ] );
164 }
165
166 if ( $params['section'] == 'new' ) {
167 // DWIM if they're trying to prepend/append to a new section.
168 $content = null;
169 } else {
170 // Process the content for section edits
171 $section = $params['section'];
172 $content = $content->getSection( $section );
173
174 if ( !$content ) {
175 $this->dieWithError( [ 'apierror-nosuchsection', wfEscapeWikiText( $section ) ] );
176 }
177 }
178 }
179
180 if ( !$content ) {
181 $text = '';
182 } else {
183 $text = $content->serialize( $contentFormat );
184 }
185
186 $params['text'] = $params['prependtext'] . $text . $params['appendtext'];
187 $toMD5 = $params['prependtext'] . $params['appendtext'];
188 }
189
190 if ( $params['undo'] > 0 ) {
191 if ( $params['undoafter'] > 0 ) {
192 if ( $params['undo'] < $params['undoafter'] ) {
193 list( $params['undo'], $params['undoafter'] ) =
194 [ $params['undoafter'], $params['undo'] ];
195 }
196 $undoafterRev = Revision::newFromId( $params['undoafter'] );
197 }
198 $undoRev = Revision::newFromId( $params['undo'] );
199 if ( is_null( $undoRev ) || $undoRev->isDeleted( Revision::DELETED_TEXT ) ) {
200 $this->dieWithError( [ 'apierror-nosuchrevid', $params['undo'] ] );
201 }
202
203 if ( $params['undoafter'] == 0 ) {
204 $undoafterRev = $undoRev->getPrevious();
205 }
206 if ( is_null( $undoafterRev ) || $undoafterRev->isDeleted( Revision::DELETED_TEXT ) ) {
207 $this->dieWithError( [ 'apierror-nosuchrevid', $params['undoafter'] ] );
208 }
209
210 if ( $undoRev->getPage() != $pageObj->getId() ) {
211 $this->dieWithError( [ 'apierror-revwrongpage', $undoRev->getId(),
212 $titleObj->getPrefixedText() ] );
213 }
214 if ( $undoafterRev->getPage() != $pageObj->getId() ) {
215 $this->dieWithError( [ 'apierror-revwrongpage', $undoafterRev->getId(),
216 $titleObj->getPrefixedText() ] );
217 }
218
219 $newContent = $contentHandler->getUndoContent(
220 $pageObj->getRevision(),
221 $undoRev,
222 $undoafterRev
223 );
224
225 if ( !$newContent ) {
226 $this->dieWithError( 'undo-failure', 'undofailure' );
227 }
228 if ( empty( $params['contentmodel'] )
229 && empty( $params['contentformat'] )
230 ) {
231 // If we are reverting content model, the new content model
232 // might not support the current serialization format, in
233 // which case go back to the old serialization format,
234 // but only if the user hasn't specified a format/model
235 // parameter.
236 if ( !$newContent->isSupportedFormat( $contentFormat ) ) {
237 $contentFormat = $undoafterRev->getContentFormat();
238 }
239 // Override content model with model of undid revision.
240 $contentModel = $newContent->getModel();
241 }
242 $params['text'] = $newContent->serialize( $contentFormat );
243 // If no summary was given and we only undid one rev,
244 // use an autosummary
245 if ( is_null( $params['summary'] ) &&
246 $titleObj->getNextRevisionID( $undoafterRev->getId() ) == $params['undo']
247 ) {
248 $params['summary'] = wfMessage( 'undo-summary' )
249 ->params( $params['undo'], $undoRev->getUserText() )->inContentLanguage()->text();
250 }
251 }
252
253 // See if the MD5 hash checks out
254 if ( !is_null( $params['md5'] ) && md5( $toMD5 ) !== $params['md5'] ) {
255 $this->dieWithError( 'apierror-badmd5' );
256 }
257
258 // EditPage wants to parse its stuff from a WebRequest
259 // That interface kind of sucks, but it's workable
260 $requestArray = [
261 'wpTextbox1' => $params['text'],
262 'format' => $contentFormat,
263 'model' => $contentModel,
264 'wpEditToken' => $params['token'],
265 'wpIgnoreBlankSummary' => true,
266 'wpIgnoreBlankArticle' => true,
267 'wpIgnoreSelfRedirect' => true,
268 'bot' => $params['bot'],
269 ];
270
271 if ( !is_null( $params['summary'] ) ) {
272 $requestArray['wpSummary'] = $params['summary'];
273 }
274
275 if ( !is_null( $params['sectiontitle'] ) ) {
276 $requestArray['wpSectionTitle'] = $params['sectiontitle'];
277 }
278
279 // TODO: Pass along information from 'undoafter' as well
280 if ( $params['undo'] > 0 ) {
281 $requestArray['wpUndidRevision'] = $params['undo'];
282 }
283
284 // Watch out for basetimestamp == '' or '0'
285 // It gets treated as NOW, almost certainly causing an edit conflict
286 if ( $params['basetimestamp'] !== null && (bool)$this->getMain()->getVal( 'basetimestamp' ) ) {
287 $requestArray['wpEdittime'] = $params['basetimestamp'];
288 } else {
289 $requestArray['wpEdittime'] = $pageObj->getTimestamp();
290 }
291
292 if ( $params['starttimestamp'] !== null ) {
293 $requestArray['wpStarttime'] = $params['starttimestamp'];
294 } else {
295 $requestArray['wpStarttime'] = wfTimestampNow(); // Fake wpStartime
296 }
297
298 if ( $params['minor'] || ( !$params['notminor'] && $user->getOption( 'minordefault' ) ) ) {
299 $requestArray['wpMinoredit'] = '';
300 }
301
302 if ( $params['recreate'] ) {
303 $requestArray['wpRecreate'] = '';
304 }
305
306 if ( !is_null( $params['section'] ) ) {
307 $section = $params['section'];
308 if ( !preg_match( '/^((T-)?\d+|new)$/', $section ) ) {
309 $this->dieWithError( 'apierror-invalidsection' );
310 }
311 $content = $pageObj->getContent();
312 if ( $section !== '0' && $section != 'new'
313 && ( !$content || !$content->getSection( $section ) )
314 ) {
315 $this->dieWithError( [ 'apierror-nosuchsection', $section ] );
316 }
317 $requestArray['wpSection'] = $params['section'];
318 } else {
319 $requestArray['wpSection'] = '';
320 }
321
322 $watch = $this->getWatchlistValue( $params['watchlist'], $titleObj );
323
324 // Deprecated parameters
325 if ( $params['watch'] ) {
326 $watch = true;
327 } elseif ( $params['unwatch'] ) {
328 $watch = false;
329 }
330
331 if ( $watch ) {
332 $requestArray['wpWatchthis'] = '';
333 }
334
335 // Apply change tags
336 if ( count( $params['tags'] ) ) {
337 $tagStatus = ChangeTags::canAddTagsAccompanyingChange( $params['tags'], $user );
338 if ( $tagStatus->isOK() ) {
339 $requestArray['wpChangeTags'] = implode( ',', $params['tags'] );
340 } else {
341 $this->dieStatus( $tagStatus );
342 }
343 }
344
345 // Pass through anything else we might have been given, to support extensions
346 // This is kind of a hack but it's the best we can do to make extensions work
347 $requestArray += $this->getRequest()->getValues();
348
349 global $wgTitle, $wgRequest;
350
351 $req = new DerivativeRequest( $this->getRequest(), $requestArray, true );
352
353 // Some functions depend on $wgTitle == $ep->mTitle
354 // TODO: Make them not or check if they still do
355 $wgTitle = $titleObj;
356
357 $articleContext = new RequestContext;
358 $articleContext->setRequest( $req );
359 $articleContext->setWikiPage( $pageObj );
360 $articleContext->setUser( $this->getUser() );
361
362 /** @var $articleObject Article */
363 $articleObject = Article::newFromWikiPage( $pageObj, $articleContext );
364
365 $ep = new EditPage( $articleObject );
366
367 $ep->setApiEditOverride( true );
368 $ep->setContextTitle( $titleObj );
369 $ep->importFormData( $req );
370 $content = $ep->textbox1;
371
372 // Run hooks
373 // Handle APIEditBeforeSave parameters
374 $r = [];
375 // Deprecated in favour of EditFilterMergedContent
376 if ( !Hooks::run( 'APIEditBeforeSave', [ $ep, $content, &$r ], '1.28' ) ) {
377 if ( count( $r ) ) {
378 $r['result'] = 'Failure';
379 $apiResult->addValue( null, $this->getModuleName(), $r );
380
381 return;
382 }
383
384 $this->dieWithError( 'hookaborted' );
385 }
386
387 // Do the actual save
388 $oldRevId = $articleObject->getRevIdFetched();
389 $result = null;
390 // Fake $wgRequest for some hooks inside EditPage
391 // @todo FIXME: This interface SUCKS
392 $oldRequest = $wgRequest;
393 $wgRequest = $req;
394
395 $status = $ep->attemptSave( $result );
396 $wgRequest = $oldRequest;
397
398 switch ( $status->value ) {
399 case EditPage::AS_HOOK_ERROR:
400 case EditPage::AS_HOOK_ERROR_EXPECTED:
401 if ( isset( $status->apiHookResult ) ) {
402 $r = $status->apiHookResult;
403 $r['result'] = 'Failure';
404 $apiResult->addValue( null, $this->getModuleName(), $r );
405 return;
406 }
407 if ( !$status->getErrors() ) {
408 $status->fatal( 'hookaborted' );
409 }
410 $this->dieStatus( $status );
411
412 case EditPage::AS_BLOCKED_PAGE_FOR_USER:
413 $this->dieWithError(
414 'apierror-blocked',
415 'blocked',
416 [ 'blockinfo' => ApiQueryUserInfo::getBlockInfo( $user->getBlock() ) ]
417 );
418
419 case EditPage::AS_READ_ONLY_PAGE:
420 $this->dieReadOnly();
421
422 case EditPage::AS_SUCCESS_NEW_ARTICLE:
423 $r['new'] = true;
424 // fall-through
425
426 case EditPage::AS_SUCCESS_UPDATE:
427 $r['result'] = 'Success';
428 $r['pageid'] = intval( $titleObj->getArticleID() );
429 $r['title'] = $titleObj->getPrefixedText();
430 $r['contentmodel'] = $articleObject->getContentModel();
431 $newRevId = $articleObject->getLatest();
432 if ( $newRevId == $oldRevId ) {
433 $r['nochange'] = true;
434 } else {
435 $r['oldrevid'] = intval( $oldRevId );
436 $r['newrevid'] = intval( $newRevId );
437 $r['newtimestamp'] = wfTimestamp( TS_ISO_8601,
438 $pageObj->getTimestamp() );
439 }
440 break;
441
442 default:
443 if ( !$status->getErrors() ) {
444 // EditPage sometimes only sets the status code without setting
445 // any actual error messages. Supply defaults for those cases.
446 switch ( $status->value ) {
447 // Currently needed
448 case EditPage::AS_IMAGE_REDIRECT_ANON:
449 $status->fatal( 'apierror-noimageredirect-anon' );
450 break;
451 case EditPage::AS_IMAGE_REDIRECT_LOGGED:
452 $status->fatal( 'apierror-noimageredirect-logged' );
453 break;
454 case EditPage::AS_CONTENT_TOO_BIG:
455 case EditPage::AS_MAX_ARTICLE_SIZE_EXCEEDED:
456 $status->fatal( 'apierror-contenttoobig', $this->getConfig()->get( 'MaxArticleSize' ) );
457 break;
458 case EditPage::AS_READ_ONLY_PAGE_ANON:
459 $status->fatal( 'apierror-noedit-anon' );
460 break;
461 case EditPage::AS_NO_CHANGE_CONTENT_MODEL:
462 $status->fatal( 'apierror-cantchangecontentmodel' );
463 break;
464 case EditPage::AS_ARTICLE_WAS_DELETED:
465 $status->fatal( 'apierror-pagedeleted' );
466 break;
467 case EditPage::AS_CONFLICT_DETECTED:
468 $status->fatal( 'editconflict' );
469 break;
470
471 // Currently shouldn't be needed, but here in case
472 // hooks use them without setting appropriate
473 // errors on the status.
474 case EditPage::AS_SPAM_ERROR:
475 $status->fatal( 'apierror-spamdetected', $result['spam'] );
476 break;
477 case EditPage::AS_READ_ONLY_PAGE_LOGGED:
478 $status->fatal( 'apierror-noedit' );
479 break;
480 case EditPage::AS_RATE_LIMITED:
481 $status->fatal( 'apierror-ratelimited' );
482 break;
483 case EditPage::AS_NO_CREATE_PERMISSION:
484 $status->fatal( 'nocreate-loggedin' );
485 break;
486 case EditPage::AS_BLANK_ARTICLE:
487 $status->fatal( 'apierror-emptypage' );
488 break;
489 case EditPage::AS_TEXTBOX_EMPTY:
490 $status->fatal( 'apierror-emptynewsection' );
491 break;
492 case EditPage::AS_SUMMARY_NEEDED:
493 $status->fatal( 'apierror-summaryrequired' );
494 break;
495 default:
496 wfWarn( __METHOD__ . ": Unknown EditPage code {$status->value} with no message" );
497 $status->fatal( 'apierror-unknownerror-editpage', $status->value );
498 break;
499 }
500 }
501 $this->dieStatus( $status );
502 break;
503 }
504 $apiResult->addValue( null, $this->getModuleName(), $r );
505 }
506
507 public function mustBePosted() {
508 return true;
509 }
510
511 public function isWriteMode() {
512 return true;
513 }
514
515 public function getAllowedParams() {
516 return [
517 'title' => [
518 ApiBase::PARAM_TYPE => 'string',
519 ],
520 'pageid' => [
521 ApiBase::PARAM_TYPE => 'integer',
522 ],
523 'section' => null,
524 'sectiontitle' => [
525 ApiBase::PARAM_TYPE => 'string',
526 ],
527 'text' => [
528 ApiBase::PARAM_TYPE => 'text',
529 ],
530 'summary' => null,
531 'tags' => [
532 ApiBase::PARAM_TYPE => 'tags',
533 ApiBase::PARAM_ISMULTI => true,
534 ],
535 'minor' => false,
536 'notminor' => false,
537 'bot' => false,
538 'basetimestamp' => [
539 ApiBase::PARAM_TYPE => 'timestamp',
540 ],
541 'starttimestamp' => [
542 ApiBase::PARAM_TYPE => 'timestamp',
543 ],
544 'recreate' => false,
545 'createonly' => false,
546 'nocreate' => false,
547 'watch' => [
548 ApiBase::PARAM_DFLT => false,
549 ApiBase::PARAM_DEPRECATED => true,
550 ],
551 'unwatch' => [
552 ApiBase::PARAM_DFLT => false,
553 ApiBase::PARAM_DEPRECATED => true,
554 ],
555 'watchlist' => [
556 ApiBase::PARAM_DFLT => 'preferences',
557 ApiBase::PARAM_TYPE => [
558 'watch',
559 'unwatch',
560 'preferences',
561 'nochange'
562 ],
563 ],
564 'md5' => null,
565 'prependtext' => [
566 ApiBase::PARAM_TYPE => 'text',
567 ],
568 'appendtext' => [
569 ApiBase::PARAM_TYPE => 'text',
570 ],
571 'undo' => [
572 ApiBase::PARAM_TYPE => 'integer'
573 ],
574 'undoafter' => [
575 ApiBase::PARAM_TYPE => 'integer'
576 ],
577 'redirect' => [
578 ApiBase::PARAM_TYPE => 'boolean',
579 ApiBase::PARAM_DFLT => false,
580 ],
581 'contentformat' => [
582 ApiBase::PARAM_TYPE => ContentHandler::getAllContentFormats(),
583 ],
584 'contentmodel' => [
585 ApiBase::PARAM_TYPE => ContentHandler::getContentModels(),
586 ],
587 'token' => [
588 // Standard definition automatically inserted
589 ApiBase::PARAM_HELP_MSG_APPEND => [ 'apihelp-edit-param-token' ],
590 ],
591 ];
592 }
593
594 public function needsToken() {
595 return 'csrf';
596 }
597
598 protected function getExamplesMessages() {
599 return [
600 'action=edit&title=Test&summary=test%20summary&' .
601 'text=article%20content&basetimestamp=2007-08-24T12:34:54Z&token=123ABC'
602 => 'apihelp-edit-example-edit',
603 'action=edit&title=Test&summary=NOTOC&minor=&' .
604 'prependtext=__NOTOC__%0A&basetimestamp=2007-08-24T12:34:54Z&token=123ABC'
605 => 'apihelp-edit-example-prepend',
606 'action=edit&title=Test&undo=13585&undoafter=13579&' .
607 'basetimestamp=2007-08-24T12:34:54Z&token=123ABC'
608 => 'apihelp-edit-example-undo',
609 ];
610 }
611
612 public function getHelpUrls() {
613 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Edit';
614 }
615 }
Wiklou, le Wiki du Wiklou