X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=api.php;h=d9a69db37e62a25d596982d74d788753273cc1b1;hp=a6ce3b25e317d114b7f382ce4e73002dc2b959d1;hb=ebc5cca3181d19c4ed488ba78cd3a39446dcb055;hpb=ef1f66b2351ce726ba8da21c3c7db290c31e0b37

diff --git a/api.php b/api.php
index a6ce3b25e3..d9a69db37e 100644
--- a/api.php
+++ b/api.php
@@ -44,6 +44,17 @@ if ( !$wgRequest->checkUrlExtension() ) {
 	return;
 }
 
+// Pathinfo can be used for stupid things. We don't support it for api.php at
+// all, so error out if it's present.
+if ( isset( $_SERVER['PATH_INFO'] ) && $_SERVER['PATH_INFO'] != '' ) {
+	$correctUrl = wfAppendQuery( wfScript( 'api' ), $wgRequest->getQueryValues() );
+	$correctUrl = wfExpandUrl( $correctUrl, PROTO_CANONICAL );
+	header( "Location: $correctUrl", true, 301 );
+	echo 'This endpoint does not support "path info", i.e. extra text between "api.php"'
+		. 'and the "?". Remove any such text and try again.';
+	die( 1 );
+}
+
 // Verify that the API has not been disabled
 if ( !$wgEnableAPI ) {
 	header( $_SERVER['SERVER_PROTOCOL'] . ' 500 MediaWiki configuration Error', true, 500 );