X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=api.php;h=d9a69db37e62a25d596982d74d788753273cc1b1;hp=83c1373c14a97b645ad1d7948e1b774ded6806d0;hb=c75f0e95c9888489961548c72ef24786c43838aa;hpb=23299ca8790bcf1aebcf54e0932b94338e630474

diff --git a/api.php b/api.php
index 83c1373c14..d9a69db37e 100644
--- a/api.php
+++ b/api.php
@@ -44,6 +44,17 @@ if ( !$wgRequest->checkUrlExtension() ) {
 	return;
 }
 
+// Pathinfo can be used for stupid things. We don't support it for api.php at
+// all, so error out if it's present.
+if ( isset( $_SERVER['PATH_INFO'] ) && $_SERVER['PATH_INFO'] != '' ) {
+	$correctUrl = wfAppendQuery( wfScript( 'api' ), $wgRequest->getQueryValues() );
+	$correctUrl = wfExpandUrl( $correctUrl, PROTO_CANONICAL );
+	header( "Location: $correctUrl", true, 301 );
+	echo 'This endpoint does not support "path info", i.e. extra text between "api.php"'
+		. 'and the "?". Remove any such text and try again.';
+	die( 1 );
+}
+
 // Verify that the API has not been disabled
 if ( !$wgEnableAPI ) {
 	header( $_SERVER['SERVER_PROTOCOL'] . ' 500 MediaWiki configuration Error', true, 500 );
@@ -63,12 +74,12 @@ RequestContext::getMain()->setTitle( $wgTitle );
 try {
 	/* Construct an ApiMain with the arguments passed via the URL. What we get back
 	 * is some form of an ApiMain, possibly even one that produces an error message,
-	 * but we don't care here, as that is handled by the ctor.
+	 * but we don't care here, as that is handled by the constructor.
 	 */
 	$processor = new ApiMain( RequestContext::getMain(), $wgEnableWriteAPI );
 
 	// Last chance hook before executing the API
-	Hooks::run( 'ApiBeforeMain', array( &$processor ) );
+	Hooks::run( 'ApiBeforeMain', [ &$processor ] );
 	if ( !$processor instanceof ApiMain ) {
 		throw new MWException( 'ApiBeforeMain hook set $processor to a non-ApiMain class' );
 	}
@@ -88,12 +99,12 @@ $endtime = microtime( true );
 
 // Log the request
 if ( $wgAPIRequestLog ) {
-	$items = array(
+	$items = [
 		wfTimestamp( TS_MW ),
 		$endtime - $starttime,
 		$wgRequest->getIP(),
 		$wgRequest->getHeader( 'User-agent' )
-	);
+	];
 	$items[] = $wgRequest->wasPosted() ? 'POST' : 'GET';
 	if ( $processor ) {
 		try {