dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "Add support for PHP7 random_bytes in favor of mcrypt_create_iv"
[lhc/web/wiklou.git] / includes / api / ApiEditPage.php
1 <?php
2 /**
3 *
4 *
5 * Created on August 16, 2007
6 *
7 * Copyright © 2007 Iker Labarga "<Firstname><Lastname>@gmail.com"
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
22 * http://www.gnu.org/copyleft/gpl.html
23 *
24 * @file
25 */
26
27 /**
28 * A module that allows for editing and creating pages.
29 *
30 * Currently, this wraps around the EditPage class in an ugly way,
31 * EditPage.php should be rewritten to provide a cleaner interface,
32 * see T20654 if you're inspired to fix this.
33 *
34 * @ingroup API
35 */
36 class ApiEditPage extends ApiBase {
37 public function execute() {
38 $this->useTransactionalTimeLimit();
39
40 $user = $this->getUser();
41 $params = $this->extractRequestParams();
42
43 $this->requireAtLeastOneParameter( $params, 'text', 'appendtext', 'prependtext', 'undo' );
44
45 $pageObj = $this->getTitleOrPageId( $params );
46 $titleObj = $pageObj->getTitle();
47 $apiResult = $this->getResult();
48
49 if ( $params['redirect'] ) {
50 if ( $params['prependtext'] === null && $params['appendtext'] === null
51 && $params['section'] !== 'new'
52 ) {
53 $this->dieWithError( 'apierror-redirect-appendonly' );
54 }
55 if ( $titleObj->isRedirect() ) {
56 $oldTitle = $titleObj;
57
58 $titles = Revision::newFromTitle( $oldTitle, false, Revision::READ_LATEST )
59 ->getContent( Revision::FOR_THIS_USER, $user )
60 ->getRedirectChain();
61 // array_shift( $titles );
62
63 $redirValues = [];
64
65 /** @var $newTitle Title */
66 foreach ( $titles as $id => $newTitle ) {
67
68 if ( !isset( $titles[$id - 1] ) ) {
69 $titles[$id - 1] = $oldTitle;
70 }
71
72 $redirValues[] = [
73 'from' => $titles[$id - 1]->getPrefixedText(),
74 'to' => $newTitle->getPrefixedText()
75 ];
76
77 $titleObj = $newTitle;
78 }
79
80 ApiResult::setIndexedTagName( $redirValues, 'r' );
81 $apiResult->addValue( null, 'redirects', $redirValues );
82
83 // Since the page changed, update $pageObj
84 $pageObj = WikiPage::factory( $titleObj );
85 }
86 }
87
88 if ( !isset( $params['contentmodel'] ) || $params['contentmodel'] == '' ) {
89 $contentHandler = $pageObj->getContentHandler();
90 } else {
91 $contentHandler = ContentHandler::getForModelID( $params['contentmodel'] );
92 }
93 $contentModel = $contentHandler->getModelID();
94
95 $name = $titleObj->getPrefixedDBkey();
96 $model = $contentHandler->getModelID();
97
98 if ( $params['undo'] > 0 ) {
99 // allow undo via api
100 } elseif ( $contentHandler->supportsDirectApiEditing() === false ) {
101 $this->dieWithError( [ 'apierror-no-direct-editing', $model, $name ] );
102 }
103
104 if ( !isset( $params['contentformat'] ) || $params['contentformat'] == '' ) {
105 $contentFormat = $contentHandler->getDefaultFormat();
106 } else {
107 $contentFormat = $params['contentformat'];
108 }
109
110 if ( !$contentHandler->isSupportedFormat( $contentFormat ) ) {
111 $this->dieWithError( [ 'apierror-badformat', $contentFormat, $model, $name ] );
112 }
113
114 if ( $params['createonly'] && $titleObj->exists() ) {
115 $this->dieWithError( 'apierror-articleexists' );
116 }
117 if ( $params['nocreate'] && !$titleObj->exists() ) {
118 $this->dieWithError( 'apierror-missingtitle' );
119 }
120
121 // Now let's check whether we're even allowed to do this
122 $this->checkTitleUserPermissions(
123 $titleObj,
124 $titleObj->exists() ? 'edit' : [ 'edit', 'create' ]
125 );
126
127 $toMD5 = $params['text'];
128 if ( !is_null( $params['appendtext'] ) || !is_null( $params['prependtext'] ) ) {
129 $content = $pageObj->getContent();
130
131 if ( !$content ) {
132 if ( $titleObj->getNamespace() == NS_MEDIAWIKI ) {
133 # If this is a MediaWiki:x message, then load the messages
134 # and return the message value for x.
135 $text = $titleObj->getDefaultMessageText();
136 if ( $text === false ) {
137 $text = '';
138 }
139
140 try {
141 $content = ContentHandler::makeContent( $text, $this->getTitle() );
142 } catch ( MWContentSerializationException $ex ) {
143 $this->dieWithException( $ex, [
144 'wrap' => ApiMessage::create( 'apierror-contentserializationexception', 'parseerror' )
145 ] );
146 return;
147 }
148 } else {
149 # Otherwise, make a new empty content.
150 $content = $contentHandler->makeEmptyContent();
151 }
152 }
153
154 // @todo Add support for appending/prepending to the Content interface
155
156 if ( !( $content instanceof TextContent ) ) {
157 $modelName = $contentHandler->getModelID();
158 $this->dieWithError( [ 'apierror-appendnotsupported', $modelName ] );
159 }
160
161 if ( !is_null( $params['section'] ) ) {
162 if ( !$contentHandler->supportsSections() ) {
163 $modelName = $contentHandler->getModelID();
164 $this->dieWithError( [ 'apierror-sectionsnotsupported', $modelName ] );
165 }
166
167 if ( $params['section'] == 'new' ) {
168 // DWIM if they're trying to prepend/append to a new section.
169 $content = null;
170 } else {
171 // Process the content for section edits
172 $section = $params['section'];
173 $content = $content->getSection( $section );
174
175 if ( !$content ) {
176 $this->dieWithError( [ 'apierror-nosuchsection', wfEscapeWikiText( $section ) ] );
177 }
178 }
179 }
180
181 if ( !$content ) {
182 $text = '';
183 } else {
184 $text = $content->serialize( $contentFormat );
185 }
186
187 $params['text'] = $params['prependtext'] . $text . $params['appendtext'];
188 $toMD5 = $params['prependtext'] . $params['appendtext'];
189 }
190
191 if ( $params['undo'] > 0 ) {
192 if ( $params['undoafter'] > 0 ) {
193 if ( $params['undo'] < $params['undoafter'] ) {
194 list( $params['undo'], $params['undoafter'] ) =
195 [ $params['undoafter'], $params['undo'] ];
196 }
197 $undoafterRev = Revision::newFromId( $params['undoafter'] );
198 }
199 $undoRev = Revision::newFromId( $params['undo'] );
200 if ( is_null( $undoRev ) || $undoRev->isDeleted( Revision::DELETED_TEXT ) ) {
201 $this->dieWithError( [ 'apierror-nosuchrevid', $params['undo'] ] );
202 }
203
204 if ( $params['undoafter'] == 0 ) {
205 $undoafterRev = $undoRev->getPrevious();
206 }
207 if ( is_null( $undoafterRev ) || $undoafterRev->isDeleted( Revision::DELETED_TEXT ) ) {
208 $this->dieWithError( [ 'apierror-nosuchrevid', $params['undoafter'] ] );
209 }
210
211 if ( $undoRev->getPage() != $pageObj->getId() ) {
212 $this->dieWithError( [ 'apierror-revwrongpage', $undoRev->getId(),
213 $titleObj->getPrefixedText() ] );
214 }
215 if ( $undoafterRev->getPage() != $pageObj->getId() ) {
216 $this->dieWithError( [ 'apierror-revwrongpage', $undoafterRev->getId(),
217 $titleObj->getPrefixedText() ] );
218 }
219
220 $newContent = $contentHandler->getUndoContent(
221 $pageObj->getRevision(),
222 $undoRev,
223 $undoafterRev
224 );
225
226 if ( !$newContent ) {
227 $this->dieWithError( 'undo-failure', 'undofailure' );
228 }
229 if ( empty( $params['contentmodel'] )
230 && empty( $params['contentformat'] )
231 ) {
232 // If we are reverting content model, the new content model
233 // might not support the current serialization format, in
234 // which case go back to the old serialization format,
235 // but only if the user hasn't specified a format/model
236 // parameter.
237 if ( !$newContent->isSupportedFormat( $contentFormat ) ) {
238 $contentFormat = $undoafterRev->getContentFormat();
239 }
240 // Override content model with model of undid revision.
241 $contentModel = $newContent->getModel();
242 }
243 $params['text'] = $newContent->serialize( $contentFormat );
244 // If no summary was given and we only undid one rev,
245 // use an autosummary
246 if ( is_null( $params['summary'] ) &&
247 $titleObj->getNextRevisionID( $undoafterRev->getId() ) == $params['undo']
248 ) {
249 $params['summary'] = wfMessage( 'undo-summary' )
250 ->params( $params['undo'], $undoRev->getUserText() )->inContentLanguage()->text();
251 }
252 }
253
254 // See if the MD5 hash checks out
255 if ( !is_null( $params['md5'] ) && md5( $toMD5 ) !== $params['md5'] ) {
256 $this->dieWithError( 'apierror-badmd5' );
257 }
258
259 // EditPage wants to parse its stuff from a WebRequest
260 // That interface kind of sucks, but it's workable
261 $requestArray = [
262 'wpTextbox1' => $params['text'],
263 'format' => $contentFormat,
264 'model' => $contentModel,
265 'wpEditToken' => $params['token'],
266 'wpIgnoreBlankSummary' => true,
267 'wpIgnoreBlankArticle' => true,
268 'wpIgnoreSelfRedirect' => true,
269 'bot' => $params['bot'],
270 ];
271
272 if ( !is_null( $params['summary'] ) ) {
273 $requestArray['wpSummary'] = $params['summary'];
274 }
275
276 if ( !is_null( $params['sectiontitle'] ) ) {
277 $requestArray['wpSectionTitle'] = $params['sectiontitle'];
278 }
279
280 // TODO: Pass along information from 'undoafter' as well
281 if ( $params['undo'] > 0 ) {
282 $requestArray['wpUndidRevision'] = $params['undo'];
283 }
284
285 // Watch out for basetimestamp == '' or '0'
286 // It gets treated as NOW, almost certainly causing an edit conflict
287 if ( $params['basetimestamp'] !== null && (bool)$this->getMain()->getVal( 'basetimestamp' ) ) {
288 $requestArray['wpEdittime'] = $params['basetimestamp'];
289 } else {
290 $requestArray['wpEdittime'] = $pageObj->getTimestamp();
291 }
292
293 if ( $params['starttimestamp'] !== null ) {
294 $requestArray['wpStarttime'] = $params['starttimestamp'];
295 } else {
296 $requestArray['wpStarttime'] = wfTimestampNow(); // Fake wpStartime
297 }
298
299 if ( $params['minor'] || ( !$params['notminor'] && $user->getOption( 'minordefault' ) ) ) {
300 $requestArray['wpMinoredit'] = '';
301 }
302
303 if ( $params['recreate'] ) {
304 $requestArray['wpRecreate'] = '';
305 }
306
307 if ( !is_null( $params['section'] ) ) {
308 $section = $params['section'];
309 if ( !preg_match( '/^((T-)?\d+|new)$/', $section ) ) {
310 $this->dieWithError( 'apierror-invalidsection' );
311 }
312 $content = $pageObj->getContent();
313 if ( $section !== '0' && $section != 'new'
314 && ( !$content || !$content->getSection( $section ) )
315 ) {
316 $this->dieWithError( [ 'apierror-nosuchsection', $section ] );
317 }
318 $requestArray['wpSection'] = $params['section'];
319 } else {
320 $requestArray['wpSection'] = '';
321 }
322
323 $watch = $this->getWatchlistValue( $params['watchlist'], $titleObj );
324
325 // Deprecated parameters
326 if ( $params['watch'] ) {
327 $watch = true;
328 } elseif ( $params['unwatch'] ) {
329 $watch = false;
330 }
331
332 if ( $watch ) {
333 $requestArray['wpWatchthis'] = '';
334 }
335
336 // Apply change tags
337 if ( count( $params['tags'] ) ) {
338 $tagStatus = ChangeTags::canAddTagsAccompanyingChange( $params['tags'], $user );
339 if ( $tagStatus->isOK() ) {
340 $requestArray['wpChangeTags'] = implode( ',', $params['tags'] );
341 } else {
342 $this->dieStatus( $tagStatus );
343 }
344 }
345
346 // Pass through anything else we might have been given, to support extensions
347 // This is kind of a hack but it's the best we can do to make extensions work
348 $requestArray += $this->getRequest()->getValues();
349
350 global $wgTitle, $wgRequest;
351
352 $req = new DerivativeRequest( $this->getRequest(), $requestArray, true );
353
354 // Some functions depend on $wgTitle == $ep->mTitle
355 // TODO: Make them not or check if they still do
356 $wgTitle = $titleObj;
357
358 $articleContext = new RequestContext;
359 $articleContext->setRequest( $req );
360 $articleContext->setWikiPage( $pageObj );
361 $articleContext->setUser( $this->getUser() );
362
363 /** @var $articleObject Article */
364 $articleObject = Article::newFromWikiPage( $pageObj, $articleContext );
365
366 $ep = new EditPage( $articleObject );
367
368 $ep->setApiEditOverride( true );
369 $ep->setContextTitle( $titleObj );
370 $ep->importFormData( $req );
371 $content = $ep->textbox1;
372
373 // Run hooks
374 // Handle APIEditBeforeSave parameters
375 $r = [];
376 // Deprecated in favour of EditFilterMergedContent
377 if ( !Hooks::run( 'APIEditBeforeSave', [ $ep, $content, &$r ], '1.28' ) ) {
378 if ( count( $r ) ) {
379 $r['result'] = 'Failure';
380 $apiResult->addValue( null, $this->getModuleName(), $r );
381
382 return;
383 }
384
385 $this->dieWithError( 'hookaborted' );
386 }
387
388 // Do the actual save
389 $oldRevId = $articleObject->getRevIdFetched();
390 $result = null;
391 // Fake $wgRequest for some hooks inside EditPage
392 // @todo FIXME: This interface SUCKS
393 $oldRequest = $wgRequest;
394 $wgRequest = $req;
395
396 $status = $ep->attemptSave( $result );
397 $wgRequest = $oldRequest;
398
399 switch ( $status->value ) {
400 case EditPage::AS_HOOK_ERROR:
401 case EditPage::AS_HOOK_ERROR_EXPECTED:
402 if ( isset( $status->apiHookResult ) ) {
403 $r = $status->apiHookResult;
404 $r['result'] = 'Failure';
405 $apiResult->addValue( null, $this->getModuleName(), $r );
406 return;
407 }
408 if ( !$status->getErrors() ) {
409 $status->fatal( 'hookaborted' );
410 }
411 $this->dieStatus( $status );
412
413 case EditPage::AS_BLOCKED_PAGE_FOR_USER:
414 $this->dieWithError(
415 'apierror-blocked',
416 'blocked',
417 [ 'blockinfo' => ApiQueryUserInfo::getBlockInfo( $user->getBlock() ) ]
418 );
419
420 case EditPage::AS_READ_ONLY_PAGE:
421 $this->dieReadOnly();
422
423 case EditPage::AS_SUCCESS_NEW_ARTICLE:
424 $r['new'] = true;
425 // fall-through
426
427 case EditPage::AS_SUCCESS_UPDATE:
428 $r['result'] = 'Success';
429 $r['pageid'] = intval( $titleObj->getArticleID() );
430 $r['title'] = $titleObj->getPrefixedText();
431 $r['contentmodel'] = $articleObject->getContentModel();
432 $newRevId = $articleObject->getLatest();
433 if ( $newRevId == $oldRevId ) {
434 $r['nochange'] = true;
435 } else {
436 $r['oldrevid'] = intval( $oldRevId );
437 $r['newrevid'] = intval( $newRevId );
438 $r['newtimestamp'] = wfTimestamp( TS_ISO_8601,
439 $pageObj->getTimestamp() );
440 }
441 break;
442
443 default:
444 if ( !$status->getErrors() ) {
445 // EditPage sometimes only sets the status code without setting
446 // any actual error messages. Supply defaults for those cases.
447 switch ( $status->value ) {
448 // Currently needed
449 case EditPage::AS_IMAGE_REDIRECT_ANON:
450 $status->fatal( 'apierror-noimageredirect-anon' );
451 break;
452 case EditPage::AS_IMAGE_REDIRECT_LOGGED:
453 $status->fatal( 'apierror-noimageredirect-logged' );
454 break;
455 case EditPage::AS_CONTENT_TOO_BIG:
456 case EditPage::AS_MAX_ARTICLE_SIZE_EXCEEDED:
457 $status->fatal( 'apierror-contenttoobig', $this->getConfig()->get( 'MaxArticleSize' ) );
458 break;
459 case EditPage::AS_READ_ONLY_PAGE_ANON:
460 $status->fatal( 'apierror-noedit-anon' );
461 break;
462 case EditPage::AS_NO_CHANGE_CONTENT_MODEL:
463 $status->fatal( 'apierror-cantchangecontentmodel' );
464 break;
465 case EditPage::AS_ARTICLE_WAS_DELETED:
466 $status->fatal( 'apierror-pagedeleted' );
467 break;
468 case EditPage::AS_CONFLICT_DETECTED:
469 $status->fatal( 'editconflict' );
470 break;
471
472 // Currently shouldn't be needed, but here in case
473 // hooks use them without setting appropriate
474 // errors on the status.
475 case EditPage::AS_SPAM_ERROR:
476 $status->fatal( 'apierror-spamdetected', $result['spam'] );
477 break;
478 case EditPage::AS_READ_ONLY_PAGE_LOGGED:
479 $status->fatal( 'apierror-noedit' );
480 break;
481 case EditPage::AS_RATE_LIMITED:
482 $status->fatal( 'apierror-ratelimited' );
483 break;
484 case EditPage::AS_NO_CREATE_PERMISSION:
485 $status->fatal( 'nocreate-loggedin' );
486 break;
487 case EditPage::AS_BLANK_ARTICLE:
488 $status->fatal( 'apierror-emptypage' );
489 break;
490 case EditPage::AS_TEXTBOX_EMPTY:
491 $status->fatal( 'apierror-emptynewsection' );
492 break;
493 case EditPage::AS_SUMMARY_NEEDED:
494 $status->fatal( 'apierror-summaryrequired' );
495 break;
496 default:
497 wfWarn( __METHOD__ . ": Unknown EditPage code {$status->value} with no message" );
498 $status->fatal( 'apierror-unknownerror-editpage', $status->value );
499 break;
500 }
501 }
502 $this->dieStatus( $status );
503 break;
504 }
505 $apiResult->addValue( null, $this->getModuleName(), $r );
506 }
507
508 public function mustBePosted() {
509 return true;
510 }
511
512 public function isWriteMode() {
513 return true;
514 }
515
516 public function getAllowedParams() {
517 return [
518 'title' => [
519 ApiBase::PARAM_TYPE => 'string',
520 ],
521 'pageid' => [
522 ApiBase::PARAM_TYPE => 'integer',
523 ],
524 'section' => null,
525 'sectiontitle' => [
526 ApiBase::PARAM_TYPE => 'string',
527 ],
528 'text' => [
529 ApiBase::PARAM_TYPE => 'text',
530 ],
531 'summary' => null,
532 'tags' => [
533 ApiBase::PARAM_TYPE => 'tags',
534 ApiBase::PARAM_ISMULTI => true,
535 ],
536 'minor' => false,
537 'notminor' => false,
538 'bot' => false,
539 'basetimestamp' => [
540 ApiBase::PARAM_TYPE => 'timestamp',
541 ],
542 'starttimestamp' => [
543 ApiBase::PARAM_TYPE => 'timestamp',
544 ],
545 'recreate' => false,
546 'createonly' => false,
547 'nocreate' => false,
548 'watch' => [
549 ApiBase::PARAM_DFLT => false,
550 ApiBase::PARAM_DEPRECATED => true,
551 ],
552 'unwatch' => [
553 ApiBase::PARAM_DFLT => false,
554 ApiBase::PARAM_DEPRECATED => true,
555 ],
556 'watchlist' => [
557 ApiBase::PARAM_DFLT => 'preferences',
558 ApiBase::PARAM_TYPE => [
559 'watch',
560 'unwatch',
561 'preferences',
562 'nochange'
563 ],
564 ],
565 'md5' => null,
566 'prependtext' => [
567 ApiBase::PARAM_TYPE => 'text',
568 ],
569 'appendtext' => [
570 ApiBase::PARAM_TYPE => 'text',
571 ],
572 'undo' => [
573 ApiBase::PARAM_TYPE => 'integer'
574 ],
575 'undoafter' => [
576 ApiBase::PARAM_TYPE => 'integer'
577 ],
578 'redirect' => [
579 ApiBase::PARAM_TYPE => 'boolean',
580 ApiBase::PARAM_DFLT => false,
581 ],
582 'contentformat' => [
583 ApiBase::PARAM_TYPE => ContentHandler::getAllContentFormats(),
584 ],
585 'contentmodel' => [
586 ApiBase::PARAM_TYPE => ContentHandler::getContentModels(),
587 ],
588 'token' => [
589 // Standard definition automatically inserted
590 ApiBase::PARAM_HELP_MSG_APPEND => [ 'apihelp-edit-param-token' ],
591 ],
592 ];
593 }
594
595 public function needsToken() {
596 return 'csrf';
597 }
598
599 protected function getExamplesMessages() {
600 return [
601 'action=edit&title=Test&summary=test%20summary&' .
602 'text=article%20content&basetimestamp=2007-08-24T12:34:54Z&token=123ABC'
603 => 'apihelp-edit-example-edit',
604 'action=edit&title=Test&summary=NOTOC&minor=&' .
605 'prependtext=__NOTOC__%0A&basetimestamp=2007-08-24T12:34:54Z&token=123ABC'
606 => 'apihelp-edit-example-prepend',
607 'action=edit&title=Test&undo=13585&undoafter=13579&' .
608 'basetimestamp=2007-08-24T12:34:54Z&token=123ABC'
609 => 'apihelp-edit-example-undo',
610 ];
611 }
612
613 public function getHelpUrls() {
614 return 'https://www.mediawiki.org/wiki/API:Edit';
615 }
616 }
Wiklou, le Wiki du Wiklou