SECURITY: API: Avoid some silliness with browser-guessed filenames

[lhc/web/wiklou.git] / includes / api / ApiHelp.php
diff --git a/includes/api/ApiHelp.php b/includes/api/ApiHelp.php

index 60b95a5..ea4f724 100644 (file)
--- a/includes/api/ApiHelp.php
+++ b/includes/api/ApiHelp.php
@@ -62,6 +62,7 @@ class ApiHelp extends ApiBase {
                 if ( $params['wrap'] ) {
                         $data = [
                                 'mime' => 'text/html',
+                               'filename' => 'api-help.html',
                                 'help' => $html,
                         ];
                         ApiResult::setSubelementsList( $data, 'help' );
@@ -70,6 +71,7 @@ class ApiHelp extends ApiBase {
                         $result->reset();
                         $result->addValue( null, 'text', $html, ApiResult::NO_SIZE_CHECK );
                         $result->addValue( null, 'mime', 'text/html', ApiResult::NO_SIZE_CHECK );
+                       $result->addValue( null, 'filename', 'api-help.html', ApiResult::NO_SIZE_CHECK );
                 }
         }
  
@@ -485,16 +487,28 @@ class ApiHelp extends ApiBase {
                                                 $type = $settings[ApiBase::PARAM_TYPE];
                                                 $multi = !empty( $settings[ApiBase::PARAM_ISMULTI] );
                                                 $hintPipeSeparated = true;
-                                               $count = ApiBase::LIMIT_SML2 + 1;
+                                               $count = !empty( $settings[ApiBase::PARAM_ISMULTI_LIMIT2] )
+                                                       ? $settings[ApiBase::PARAM_ISMULTI_LIMIT2] + 1
+                                                       : ApiBase::LIMIT_SML2 + 1;
  
                                                 if ( is_array( $type ) ) {
                                                         $count = count( $type );
+                                                       $deprecatedValues = isset( $settings[ApiBase::PARAM_DEPRECATED_VALUES] )
+                                                               ? $settings[ApiBase::PARAM_DEPRECATED_VALUES]
+                                                               : [];
                                                         $links = isset( $settings[ApiBase::PARAM_VALUE_LINKS] )
                                                                 ? $settings[ApiBase::PARAM_VALUE_LINKS]
                                                                 : [];
-                                                       $values = array_map( function ( $v ) use ( $links ) {
-                                                               // We can't know whether this contains LTR or RTL text.
-                                                               $ret = $v === '' ? $v : Html::element( 'span', [ 'dir' => 'auto' ], $v );
+                                                       $values = array_map( function ( $v ) use ( $links, $deprecatedValues ) {
+                                                               $attr = [];
+                                                               if ( $v !== '' ) {
+                                                                       // We can't know whether this contains LTR or RTL text.
+                                                                       $attr['dir'] = 'auto';
+                                                               }
+                                                               if ( isset( $deprecatedValues[$v] ) ) {
+                                                                       $attr['class'] = 'apihelp-deprecated-value';
+                                                               }
+                                                               $ret = $attr ? Html::element( 'span', $attr, $v ) : $v;
                                                                 if ( isset( $links[$v] ) ) {
                                                                         $ret = "[[{$links[$v]}|$ret]]";
                                                                 }
@@ -519,23 +533,42 @@ class ApiHelp extends ApiBase {
                                                         switch ( $type ) {
                                                                 case 'submodule':
                                                                         $groups[] = $name;
+
                                                                         if ( isset( $settings[ApiBase::PARAM_SUBMODULE_MAP] ) ) {
                                                                                 $map = $settings[ApiBase::PARAM_SUBMODULE_MAP];
-                                                                               ksort( $map );
-                                                                               $submodules = [];
-                                                                               foreach ( $map as $v => $m ) {
-                                                                                       $submodules[] = "[[Special:ApiHelp/{$m}|{$v}]]";
-                                                                               }
+                                                                               $defaultAttrs = [];
                                                                         } else {
-                                                                               $submodules = $module->getModuleManager()->getNames( $name );
-                                                                               sort( $submodules );
-                                                                               $prefix = $module->isMain()
-                                                                                       ? '' : ( $module->getModulePath() . '+' );
-                                                                               $submodules = array_map( function ( $name ) use ( $prefix ) {
-                                                                                       $text = Html::element( 'span', [ 'dir' => 'ltr', 'lang' => 'en' ], $name );
-                                                                                       return "[[Special:ApiHelp/{$prefix}{$name}|{$text}]]";
-                                                                               }, $submodules );
+                                                                               $prefix = $module->isMain() ? '' : ( $module->getModulePath() . '+' );
+                                                                               $map = [];
+                                                                               foreach ( $module->getModuleManager()->getNames( $name ) as $submoduleName ) {
+                                                                                       $map[$submoduleName] = $prefix . $submoduleName;
+                                                                               }
+                                                                               $defaultAttrs = [ 'dir' => 'ltr', 'lang' => 'en' ];
                                                                         }
+                                                                       ksort( $map );
+
+                                                                       $submodules = [];
+                                                                       $deprecatedSubmodules = [];
+                                                                       foreach ( $map as $v => $m ) {
+                                                                               $attrs = $defaultAttrs;
+                                                                               $arr = &$submodules;
+                                                                               try {
+                                                                                       $submod = $module->getModuleFromPath( $m );
+                                                                                       if ( $submod ) {
+                                                                                               if ( $submod->isDeprecated() ) {
+                                                                                                       $arr = &$deprecatedSubmodules;
+                                                                                                       $attrs['class'] = 'apihelp-deprecated-value';
+                                                                                               }
+                                                                                       }
+                                                                               } catch ( ApiUsageException $ex ) {
+                                                                                       // Ignore
+                                                                               }
+                                                                               if ( $attrs ) {
+                                                                                       $v = Html::element( 'span', $attrs, $v );
+                                                                               }
+                                                                               $arr[] = "[[Special:ApiHelp/{$m}|{$v}]]";
+                                                                       }
+                                                                       $submodules = array_merge( $submodules, $deprecatedSubmodules );
                                                                         $count = count( $submodules );
                                                                         $info[] = $context->msg( 'api-help-param-list' )
                                                                                 ->params( $multi ? 2 : 1 )
@@ -640,13 +673,25 @@ class ApiHelp extends ApiBase {
  
                                                 if ( $multi ) {
                                                         $extra = [];
+                                                       $lowcount = !empty( $settings[ApiBase::PARAM_ISMULTI_LIMIT1] )
+                                                               ? $settings[ApiBase::PARAM_ISMULTI_LIMIT1]
+                                                               : ApiBase::LIMIT_SML1;
+                                                       $highcount = !empty( $settings[ApiBase::PARAM_ISMULTI_LIMIT2] )
+                                                               ? $settings[ApiBase::PARAM_ISMULTI_LIMIT2]
+                                                               : ApiBase::LIMIT_SML2;
+
                                                         if ( $hintPipeSeparated ) {
                                                                 $extra[] = $context->msg( 'api-help-param-multi-separate' )->parse();
                                                         }
-                                                       if ( $count > ApiBase::LIMIT_SML1 ) {
-                                                               $extra[] = $context->msg( 'api-help-param-multi-max' )
-                                                                       ->numParams( ApiBase::LIMIT_SML1, ApiBase::LIMIT_SML2 )
-                                                                       ->parse();
+                                                       if ( $count > $lowcount ) {
+                                                               if ( $lowcount === $highcount ) {
+                                                                       $msg = $context->msg( 'api-help-param-multi-max-simple' )
+                                                                               ->numParams( $lowcount );
+                                                               } else {
+                                                                       $msg = $context->msg( 'api-help-param-multi-max' )
+                                                                               ->numParams( $lowcount, $highcount );
+                                                               }
+                                                               $extra[] = $msg->parse();
                                                         }
                                                         if ( $extra ) {
                                                                 $info[] = implode( ' ', $extra );