Move CSRF token handling into MediaWiki\Session\Session

[lhc/web/wiklou.git] / includes / api / ApiTokens.php

diff --git a/includes/api/ApiTokens.php b/includes/api/ApiTokens.php
index 9eb4020..c10c938 100644 (file)
--- a/includes/api/ApiTokens.php
+++ b/includes/api/ApiTokens.php
@@ -37,7 +37,9 @@ class ApiTokens extends ApiBase {
                $this->logFeatureUsage( "action=tokens" );
 
                $params = $this->extractRequestParams();
-               $res = array();
+               $res = array(
+                       ApiResult::META_TYPE => 'assoc',
+               );
 
                $types = $this->getTokenTypes();
                foreach ( $params['type'] as $type ) {
@@ -71,6 +73,19 @@ class ApiTokens extends ApiBase {
                        $types[$name] = array( 'ApiQueryInfo', 'get' . ucfirst( $name ) . 'Token' );
                }
                Hooks::run( 'ApiTokensGetTokenTypes', array( &$types ) );
+
+               // For forwards-compat, copy any token types from ApiQueryTokens that
+               // we don't already have something for.
+               $user = $this->getUser();
+               $request = $this->getRequest();
+               foreach ( ApiQueryTokens::getTokenTypeSalts() as $name => $salt ) {
+                       if ( !isset( $types[$name] ) ) {
+                               $types[$name] = function () use ( $salt, $user, $request ) {
+                                       return ApiQueryTokens::getToken( $user, $request->getSession(), $salt )->toString();
+                               };
+                       }
+               }
+
                ksort( $types );
 
                return $types;