api.php 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125
  1. <?php
  2. /**
  3. * This file is the entry point for all API queries.
  4. *
  5. * It begins by constructing a new ApiMain using the parameter passed to it
  6. * as an argument in the URL ('?action='). It then invokes "execute()" on the
  7. * ApiMain object instance, which produces output in the format specified in
  8. * the URL.
  9. *
  10. * Copyright © 2006 Yuri Astrakhan <Firstname><Lastname>@gmail.com
  11. *
  12. * This program is free software; you can redistribute it and/or modify
  13. * it under the terms of the GNU General Public License as published by
  14. * the Free Software Foundation; either version 2 of the License, or
  15. * (at your option) any later version.
  16. *
  17. * This program is distributed in the hope that it will be useful,
  18. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  20. * GNU General Public License for more details.
  21. *
  22. * You should have received a copy of the GNU General Public License along
  23. * with this program; if not, write to the Free Software Foundation, Inc.,
  24. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  25. * http://www.gnu.org/copyleft/gpl.html
  26. *
  27. * @file
  28. */
  29. use MediaWiki\Logger\LegacyLogger;
  30. // So extensions (and other code) can check whether they're running in API mode
  31. define( 'MW_API', true );
  32. define( 'MW_ENTRY_POINT', 'api' );
  33. require __DIR__ . '/includes/WebStart.php';
  34. $starttime = microtime( true );
  35. // URL safety checks
  36. if ( !$wgRequest->checkUrlExtension() ) {
  37. return;
  38. }
  39. // PATH_INFO can be used for stupid things. We don't support it for api.php at
  40. // all, so error out if it's present.
  41. if ( isset( $_SERVER['PATH_INFO'] ) && $_SERVER['PATH_INFO'] != '' ) {
  42. $correctUrl = wfAppendQuery( wfScript( 'api' ), $wgRequest->getQueryValuesOnly() );
  43. $correctUrl = wfExpandUrl( $correctUrl, PROTO_CANONICAL );
  44. header( "Location: $correctUrl", true, 301 );
  45. echo 'This endpoint does not support "path info", i.e. extra text between "api.php"'
  46. . 'and the "?". Remove any such text and try again.';
  47. die( 1 );
  48. }
  49. // Set a dummy $wgTitle, because $wgTitle == null breaks various things
  50. // In a perfect world this wouldn't be necessary
  51. $wgTitle = Title::makeTitle( NS_SPECIAL, 'Badtitle/dummy title for API calls set in api.php' );
  52. // RequestContext will read from $wgTitle, but it will also whine about it.
  53. // In a perfect world this wouldn't be necessary either.
  54. RequestContext::getMain()->setTitle( $wgTitle );
  55. try {
  56. // Construct an ApiMain with the arguments passed via the URL. What we get back
  57. // is some form of an ApiMain, possibly even one that produces an error message,
  58. // but we don't care here, as that is handled by the constructor.
  59. $processor = new ApiMain( RequestContext::getMain(), true );
  60. // Last chance hook before executing the API
  61. Hooks::run( 'ApiBeforeMain', [ &$processor ] );
  62. if ( !$processor instanceof ApiMain ) {
  63. throw new MWException( 'ApiBeforeMain hook set $processor to a non-ApiMain class' );
  64. }
  65. } catch ( Exception $e ) { // @todo Remove this block when HHVM is no longer supported
  66. // Crap. Try to report the exception in API format to be friendly to clients.
  67. ApiMain::handleApiBeforeMainException( $e );
  68. $processor = false;
  69. } catch ( Throwable $e ) {
  70. // Crap. Try to report the exception in API format to be friendly to clients.
  71. ApiMain::handleApiBeforeMainException( $e );
  72. $processor = false;
  73. }
  74. // Process data & print results
  75. if ( $processor ) {
  76. $processor->execute();
  77. }
  78. // Log what the user did, for book-keeping purposes.
  79. $endtime = microtime( true );
  80. // Log the request
  81. if ( $wgAPIRequestLog ) {
  82. $items = [
  83. wfTimestamp( TS_MW ),
  84. $endtime - $starttime,
  85. $wgRequest->getIP(),
  86. $wgRequest->getHeader( 'User-agent' )
  87. ];
  88. $items[] = $wgRequest->wasPosted() ? 'POST' : 'GET';
  89. if ( $processor ) {
  90. try {
  91. $manager = $processor->getModuleManager();
  92. $module = $manager->getModule( $wgRequest->getVal( 'action' ), 'action' );
  93. } catch ( Exception $ex ) { // @todo Remove this block when HHVM is no longer supported
  94. $module = null;
  95. } catch ( Throwable $ex ) {
  96. $module = null;
  97. }
  98. if ( !$module || $module->mustBePosted() ) {
  99. $items[] = "action=" . $wgRequest->getVal( 'action' );
  100. } else {
  101. $items[] = wfArrayToCgi( $wgRequest->getValues() );
  102. }
  103. } else {
  104. $items[] = "failed in ApiBeforeMain";
  105. }
  106. LegacyLogger::emit( implode( ',', $items ) . "\n", $wgAPIRequestLog );
  107. wfDebug( "Logged API request to $wgAPIRequestLog\n" );
  108. }
  109. $mediawiki = new MediaWiki();
  110. $mediawiki->doPostOutputShutdown( 'fast' );