Allow cleanupSpam.php optionally delete offending pages
[mediawiki.git] / api.php
blob1cd549747c42109fb9a609676d268086766ccde3
1 <?php
2 /**
3 * This file is the entry point for all API queries.
5 * It begins by checking whether the API is enabled on this wiki; if not,
6 * it informs the user that s/he should set $wgEnableAPI to true and exits.
7 * Otherwise, it constructs a new ApiMain using the parameter passed to it
8 * as an argument in the URL ('?action=') and with write-enabled set to the
9 * value of $wgEnableWriteAPI as specified in LocalSettings.php.
10 * It then invokes "execute()" on the ApiMain object instance, which
11 * produces output in the format sepecified in the URL.
13 * Copyright © 2006 Yuri Astrakhan <Firstname><Lastname>@gmail.com
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
17 * the Free Software Foundation; either version 2 of the License, or
18 * (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License along
26 * with this program; if not, write to the Free Software Foundation, Inc.,
27 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
28 * http://www.gnu.org/copyleft/gpl.html
30 * @file
33 // So extensions (and other code) can check whether they're running in API mode
34 define( 'MW_API', true );
36 // Bail if PHP is too low
37 if ( !function_exists( 'version_compare' ) || version_compare( phpversion(), '5.3.2' ) < 0 ) {
38 require( dirname( __FILE__ ) . '/includes/PHPVersionError.php' );
39 wfPHPVersionError( 'api.php' );
42 // Initialise common code.
43 if ( isset( $_SERVER['MW_COMPILED'] ) ) {
44 require ( 'core/includes/WebStart.php' );
45 } else {
46 require ( dirname( __FILE__ ) . '/includes/WebStart.php' );
49 wfProfileIn( 'api.php' );
50 $starttime = microtime( true );
52 // URL safety checks
53 if ( !$wgRequest->checkUrlExtension() ) {
54 return;
57 // Verify that the API has not been disabled
58 if ( !$wgEnableAPI ) {
59 header( $_SERVER['SERVER_PROTOCOL'] . ' 500 MediaWiki configuration Error', true, 500 );
60 echo( 'MediaWiki API is not enabled for this site. Add the following line to your LocalSettings.php'
61 . '<pre><b>$wgEnableAPI=true;</b></pre>' );
62 die(1);
65 // Selectively allow cross-site AJAX
67 /**
68 * Helper function to convert wildcard string into a regex
69 * '*' => '.*?'
70 * '?' => '.'
72 * @param $search string
73 * @return string
75 function convertWildcard( $search ) {
76 $search = preg_quote( $search, '/' );
77 $search = str_replace(
78 array( '\*', '\?' ),
79 array( '.*?', '.' ),
80 $search
82 return "/$search/";
85 if ( $wgCrossSiteAJAXdomains && isset( $_SERVER['HTTP_ORIGIN'] ) ) {
86 $exceptions = array_map( 'convertWildcard', $wgCrossSiteAJAXdomainExceptions );
87 $regexes = array_map( 'convertWildcard', $wgCrossSiteAJAXdomains );
88 foreach ( $regexes as $regex ) {
89 if ( preg_match( $regex, $_SERVER['HTTP_ORIGIN'] ) ) {
90 foreach ( $exceptions as $exc ) { // Check against exceptions
91 if ( preg_match( $exc, $_SERVER['HTTP_ORIGIN'] ) ) {
92 break 2;
95 header( "Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}" );
96 header( 'Access-Control-Allow-Credentials: true' );
97 break;
102 // Set a dummy $wgTitle, because $wgTitle == null breaks various things
103 // In a perfect world this wouldn't be necessary
104 $wgTitle = Title::makeTitle( NS_MAIN, 'API' );
106 /* Construct an ApiMain with the arguments passed via the URL. What we get back
107 * is some form of an ApiMain, possibly even one that produces an error message,
108 * but we don't care here, as that is handled by the ctor.
110 $processor = new ApiMain( $wgRequest, $wgEnableWriteAPI );
112 // Process data & print results
113 $processor->execute();
115 // Execute any deferred updates
116 DeferredUpdates::doUpdates();
118 // Log what the user did, for book-keeping purposes.
119 $endtime = microtime( true );
120 wfProfileOut( 'api.php' );
121 wfLogProfilingData();
123 // Log the request
124 if ( $wgAPIRequestLog ) {
125 $items = array(
126 wfTimestamp( TS_MW ),
127 $endtime - $starttime,
128 $wgRequest->getIP(),
129 $_SERVER['HTTP_USER_AGENT']
131 $items[] = $wgRequest->wasPosted() ? 'POST' : 'GET';
132 $module = $processor->getModule();
133 if ( $module->mustBePosted() ) {
134 $items[] = "action=" . $wgRequest->getVal( 'action' );
135 } else {
136 $items[] = wfArrayToCGI( $wgRequest->getValues() );
138 wfErrorLog( implode( ',', $items ) . "\n", $wgAPIRequestLog );
139 wfDebug( "Logged API request to $wgAPIRequestLog\n" );
142 // Shut down the database. foo()->bar() syntax is not supported in PHP4: we won't ever actually
143 // get here to worry about whether this should be = or =&, but the file has to parse properly.
144 $lb = wfGetLBFactory();
145 $lb->shutdown();