/**
  * Check if:
  * controller - is first parameter
  * method - is second parameter
  * rest of parameters - are sorted
  *
  * @author Jakub Olek <*****@*****.**>
  *
  * @throws WikiaException
  */
 public final function init()
 {
     $webRequest = F::app()->wg->Request;
     $accessService = new ApiAccessService($this->getRequest());
     $controller = $webRequest->getVal('controller');
     $method = $webRequest->getVal('method');
     $accessService->checkUse($controller . 'Controller', $method);
     //this is used for monitoring purposes, do not change unless you know what you are doing
     //should set api/v1 as the transaction name
     if (!$this->request->isInternal()) {
         Transaction::setEntryPoint(Transaction::ENTRY_POINT_API_V1);
     }
     if (!$this->request->isInternal()) {
         if ($this->hideNonCommercialContent()) {
             $this->blockIfNonCommercialOnly();
         }
         $paramKeys = array_keys($webRequest->getQueryValues());
         $count = count($paramKeys);
         if ($count >= 2 && $paramKeys[0] === 'controller' && $paramKeys[1] === 'method') {
             if ($count > 2) {
                 $origParam = $paramKeys = array_flip(array_slice($paramKeys, 2));
                 ksort($paramKeys);
                 ksort($origParam);
                 if ($paramKeys !== $origParam) {
                     throw new BadRequestApiException('The parameters\' order is incorrect');
                 }
             }
         } else {
             throw new BadRequestApiException('Controller and/or method missing');
         }
     }
 }
Exemplo n.º 2
0
 /** Pass the request to our internal function.
  * BEWARE! Data are passed as they have been supplied by the user,
  * they should be carefully handled in the function processing the
  * request.
  */
 function performAction()
 {
     global $wgAjaxExportList, $wgOut, $wgUser;
     if (empty($this->mode)) {
         return;
     }
     /*
      * Wikia Change - begin
      */
     Transaction::setEntryPoint(Transaction::ENTRY_POINT_AJAX);
     Transaction::setAttribute(Transaction::PARAM_FUNCTION, $this->func_name);
     if (function_exists('newrelic_disable_autorum')) {
         newrelic_disable_autorum();
     }
     /*
      * Wikia Change - end
      */
     wfProfileIn(__METHOD__);
     if (!in_array($this->func_name, $wgAjaxExportList)) {
         wfDebug(__METHOD__ . ' Bad Request for unknown function ' . $this->func_name . "\n");
         wfHttpError(400, 'Bad Request', "unknown function " . (string) $this->func_name);
     } elseif (!in_array('read', User::getGroupPermissions(array('*')), true) && !$wgUser->isAllowed('read')) {
         wfHttpError(403, 'Forbidden', 'You must log in to view pages.');
     } else {
         wfDebug(__METHOD__ . ' dispatching ' . $this->func_name . "\n");
         if (strpos($this->func_name, '::') !== false) {
             $func = explode('::', $this->func_name, 2);
         } else {
             $func = $this->func_name;
         }
         try {
             $result = call_user_func_array($func, $this->args);
             if ($result === false || $result === null) {
                 wfDebug(__METHOD__ . ' ERROR while dispatching ' . $this->func_name . "(" . var_export($this->args, true) . "): " . "no data returned\n");
                 /* Wikia changes start */
                 //let's avoid falling back to Iowa (500, 503) in this case,
                 //probably someone is asking for a non-existing dynamic method name
                 wfHttpError(501, 'Not Implemented', "{$this->func_name} returned no data");
             } else {
                 if (is_string($result)) {
                     $result = new AjaxResponse($result);
                 }
                 $result->sendHeaders();
                 $result->printText();
                 wfDebug(__METHOD__ . ' dispatch complete for ' . $this->func_name . "\n");
             }
         } catch (Exception $e) {
             wfDebug(__METHOD__ . ' ERROR while dispatching ' . $this->func_name . "(" . var_export($this->args, true) . "): " . get_class($e) . ": " . $e->getMessage() . "\n");
             if (!headers_sent()) {
                 wfHttpError(500, 'Internal Error', $e->getMessage());
             } else {
                 print $e->getMessage();
             }
         }
     }
     $wgOut = null;
     wfProfileOut(__METHOD__);
 }
Exemplo n.º 3
0
    require $maintenance->loadSettings();
}
// Wikia change - begin - attach sink to the profiler (copied from WebStart.php)
if ($wgProfiler instanceof Profiler) {
    if (empty($wgProfilerSendViaScribe)) {
        $sink = new ProfilerDataUdpSink();
    } else {
        $sink = new ProfilerDataScribeSink();
    }
    $wgProfiler->addSink($sink);
    // keep the legacy stream of Mediawiki profiler data via UDP
    if ($wgProfiler instanceof ProfilerSimpleDataCollector and !$sink instanceof ProfilerDataUdpSink) {
        $wgProfiler->addSink(new ProfilerDataUdpSink());
    }
}
Transaction::setEntryPoint(Transaction::ENTRY_POINT_MAINTENANCE);
// Wikia change - end
if ($maintenance->getDbType() === Maintenance::DB_ADMIN && is_readable("{$IP}/AdminSettings.php")) {
    require MWInit::interpretedPath('AdminSettings.php');
}
$maintenance->finalSetup();
// Some last includes
require_once MWInit::compiledPath('includes/Setup.php');
// Much much faster startup than creating a title object
$wgTitle = null;
// Do the work
try {
    $maintenance->execute();
    // Potentially debug globals
    $maintenance->globals();
} catch (MWException $mwe) {
Exemplo n.º 4
0
 * in the URL.
 */
// So extensions (and other code) can check whether they're running in API mode
define('MW_API', true);
// Bail if PHP is too low
if (!function_exists('version_compare') || version_compare(phpversion(), '5.2.3') < 0) {
    require dirname(__FILE__) . '/includes/PHPVersionError.php';
    wfPHPVersionError('api.php');
}
// Initialise common code.
if (isset($_SERVER['MW_COMPILED'])) {
    require 'phase3/includes/WebStart.php';
} else {
    require dirname(__FILE__) . '/includes/WebStart.php';
}
Transaction::setEntryPoint(Transaction::ENTRY_POINT_API);
Transaction::setAttribute(Transaction::PARAM_API_ACTION, $wgRequest->getVal('action', null));
wfProfileIn('api.php');
$starttime = microtime(true);
// URL safety checks
if (!$wgRequest->checkUrlExtension()) {
    wfProfileOut('api.php');
    return;
}
// Verify that the API has not been disabled
if (!$wgEnableAPI) {
    header($_SERVER['SERVER_PROTOCOL'] . ' 500 MediaWiki configuration Error', true, 500);
    echo 'MediaWiki API is not enabled for this site. Add the following line to your LocalSettings.php' . '<pre><b>$wgEnableAPI=true;</b></pre>';
    die(1);
}
// Selectively allow cross-site AJAX
 public static function serve(WebRequest $request)
 {
     $type = $request->getText('type');
     try {
         switch ($type) {
             case 'one':
                 $builder = new AssetsManagerOneBuilder($request);
                 break;
             case 'group':
                 $builder = new AssetsManagerGroupBuilder($request);
                 break;
             case 'groups':
                 $builder = new AssetsManagerGroupsBuilder($request);
                 break;
             case 'sass':
                 $builder = new AssetsManagerSassBuilder($request);
                 break;
             case 'sasses':
                 $builder = new AssetsManagerSassesBuilder($request);
                 break;
             default:
                 Wikia::log(__METHOD__, false, "Unknown type: {$_SERVER['REQUEST_URI']}", true);
                 Wikia::log(__METHOD__, false, AssetsManager::getRequestDetails(), true);
                 throw new Exception('Unknown type.');
         }
     } catch (Exception $e) {
         header('HTTP/1.1 404 Not Found');
         echo $e->getMessage();
         return;
     }
     // do not log illegal request type (one/group/groups/sass supported only) - not to pollute
     // logs
     Transaction::setEntryPoint(Transaction::ENTRY_POINT_ASSETS_MANAGER);
     if (function_exists('newrelic_disable_autorum')) {
         newrelic_disable_autorum();
     }
     $headers = array();
     if ($builder->getContentType()) {
         $headers['Content-Type'] = $builder->getContentType();
     }
     // BugId:31327
     $headers['Vary'] = $builder->getVary();
     $cacheDuration = $builder->getCacheDuration();
     // render the response
     try {
         $content = $builder->getContent();
     } catch (Exception $e) {
         // return HTTP 503 in case of SASS processing error (BAC-592)
         // Varnish will cache such response for 5 seconds
         header('HTTP/1.1 503');
         // log exception messages
         \Wikia\Logger\WikiaLogger::instance()->error('AssetsManagerServer::serve failed', ['type' => $type, 'exception' => $e]);
         // emit full message on devboxes only
         global $wgDevelEnvironment;
         $content = !empty($wgDevelEnvironment) ? $msg = $e->getMessage() : '/* SASS processing failed! */';
     }
     if ($cacheDuration > 0) {
         $headers['Cache-Control'] = 'public, max-age=' . $cacheDuration['server'];
         $headers['X-Pass-Cache-Control'] = 'public, max-age=' . $cacheDuration['client'];
     }
     $headers['Last-Modified'] = gmdate('D, d M Y H:i:s \\G\\M\\T');
     // Add X-Served-By and X-Backend-Response-Time response headers to MediaWiki pages
     // See BAC-550 for details
     // @macbre
     global $wgRequestTime;
     $headers['X-Served-By'] = wfHostname();
     $headers['X-Backend-Response-Time'] = round(microtime(true) - $wgRequestTime, 3);
     foreach ($headers as $k => $v) {
         header($k . ': ' . $v);
     }
     echo $content;
 }
Exemplo n.º 6
0
<?php

// This is from google translate, just return early.
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
    header("HTTP/1.1 200", true, 200);
    return;
}
// prevent $_GET['title'] from being overwritten on API calls (BAC-906)
define('DONT_INTERPOLATE_TITLE', true);
// Initialise common MW code
require dirname(__FILE__) . '/includes/WebStart.php';
if ($wgProfiler instanceof Profiler) {
    $wgProfiler->setTemplated(true);
}
// Construct a tag for newrelic -- wgRequest is global in this scope
Transaction::setEntryPoint(Transaction::ENTRY_POINT_NIRVANA);
if (is_object($wgRequest)) {
    Transaction::setAttribute(Transaction::PARAM_CONTROLLER, $wgRequest->getVal('controller'));
    Transaction::setAttribute(Transaction::PARAM_METHOD, $wgRequest->getVal('method'));
}
if (function_exists('newrelic_disable_autorum')) {
    newrelic_disable_autorum();
}
if (!empty($wgEnableNirvanaAPI)) {
    // temporarily force ApiDocs extension regardless of config
    require_once $IP . "/extensions/wikia/ApiDocs/ApiDocs.setup.php";
    // same for JsonFormat
    require_once $IP . "/extensions/wikia/JsonFormat/JsonFormat.setup.php";
    $app = F::app();
    // Ensure that we have a title stub, otherwise parser does not work BugId: 12901
    $app->wg->title = Wikia::createTitleFromRequest($app->wg->Request);
Exemplo n.º 7
0
// Bail if PHP is too low
if (!function_exists('version_compare') || version_compare(phpversion(), '5.2.3') < 0) {
    require dirname(__FILE__) . '/includes/PHPVersionError.php';
    wfPHPVersionError('load.php');
}
// Wikia change - begin - @author
// don't load user from session
$wgUserForceAnon = true;
// Wikia change - end
if (isset($_SERVER['MW_COMPILED'])) {
    require 'phase3/includes/WebStart.php';
} else {
    require dirname(__FILE__) . '/includes/WebStart.php';
}
// Construct a tag for newrelic
Transaction::setEntryPoint(Transaction::ENTRY_POINT_RESOURCE_LOADER);
if (function_exists('newrelic_disable_autorum')) {
    newrelic_disable_autorum();
}
wfProfileIn('load.php');
// URL safety checks
if (!$wgRequest->checkUrlExtension()) {
    wfProfileOut('load.php');
    return;
}
// Respond to resource loading request
$resourceLoader = new ResourceLoader();
$resourceLoader->respond(new ResourceLoaderContext($resourceLoader, $wgRequest));
wfProfileOut('load.php');
wfLogProfilingData();
// Shut down the database.  foo()->bar() syntax is not supported in PHP4, and this file