/** * Check if: * controller - is first parameter * method - is second parameter * rest of parameters - are sorted * * @author Jakub Olek <*****@*****.**> * * @throws WikiaException */ public final function init() { $webRequest = F::app()->wg->Request; $accessService = new ApiAccessService($this->getRequest()); $controller = $webRequest->getVal('controller'); $method = $webRequest->getVal('method'); $accessService->checkUse($controller . 'Controller', $method); //this is used for monitoring purposes, do not change unless you know what you are doing //should set api/v1 as the transaction name if (!$this->request->isInternal()) { Transaction::setEntryPoint(Transaction::ENTRY_POINT_API_V1); } if (!$this->request->isInternal()) { if ($this->hideNonCommercialContent()) { $this->blockIfNonCommercialOnly(); } $paramKeys = array_keys($webRequest->getQueryValues()); $count = count($paramKeys); if ($count >= 2 && $paramKeys[0] === 'controller' && $paramKeys[1] === 'method') { if ($count > 2) { $origParam = $paramKeys = array_flip(array_slice($paramKeys, 2)); ksort($paramKeys); ksort($origParam); if ($paramKeys !== $origParam) { throw new BadRequestApiException('The parameters\' order is incorrect'); } } } else { throw new BadRequestApiException('Controller and/or method missing'); } } }
/** Pass the request to our internal function. * BEWARE! Data are passed as they have been supplied by the user, * they should be carefully handled in the function processing the * request. */ function performAction() { global $wgAjaxExportList, $wgOut, $wgUser; if (empty($this->mode)) { return; } /* * Wikia Change - begin */ Transaction::setEntryPoint(Transaction::ENTRY_POINT_AJAX); Transaction::setAttribute(Transaction::PARAM_FUNCTION, $this->func_name); if (function_exists('newrelic_disable_autorum')) { newrelic_disable_autorum(); } /* * Wikia Change - end */ wfProfileIn(__METHOD__); if (!in_array($this->func_name, $wgAjaxExportList)) { wfDebug(__METHOD__ . ' Bad Request for unknown function ' . $this->func_name . "\n"); wfHttpError(400, 'Bad Request', "unknown function " . (string) $this->func_name); } elseif (!in_array('read', User::getGroupPermissions(array('*')), true) && !$wgUser->isAllowed('read')) { wfHttpError(403, 'Forbidden', 'You must log in to view pages.'); } else { wfDebug(__METHOD__ . ' dispatching ' . $this->func_name . "\n"); if (strpos($this->func_name, '::') !== false) { $func = explode('::', $this->func_name, 2); } else { $func = $this->func_name; } try { $result = call_user_func_array($func, $this->args); if ($result === false || $result === null) { wfDebug(__METHOD__ . ' ERROR while dispatching ' . $this->func_name . "(" . var_export($this->args, true) . "): " . "no data returned\n"); /* Wikia changes start */ //let's avoid falling back to Iowa (500, 503) in this case, //probably someone is asking for a non-existing dynamic method name wfHttpError(501, 'Not Implemented', "{$this->func_name} returned no data"); } else { if (is_string($result)) { $result = new AjaxResponse($result); } $result->sendHeaders(); $result->printText(); wfDebug(__METHOD__ . ' dispatch complete for ' . $this->func_name . "\n"); } } catch (Exception $e) { wfDebug(__METHOD__ . ' ERROR while dispatching ' . $this->func_name . "(" . var_export($this->args, true) . "): " . get_class($e) . ": " . $e->getMessage() . "\n"); if (!headers_sent()) { wfHttpError(500, 'Internal Error', $e->getMessage()); } else { print $e->getMessage(); } } } $wgOut = null; wfProfileOut(__METHOD__); }
require $maintenance->loadSettings(); } // Wikia change - begin - attach sink to the profiler (copied from WebStart.php) if ($wgProfiler instanceof Profiler) { if (empty($wgProfilerSendViaScribe)) { $sink = new ProfilerDataUdpSink(); } else { $sink = new ProfilerDataScribeSink(); } $wgProfiler->addSink($sink); // keep the legacy stream of Mediawiki profiler data via UDP if ($wgProfiler instanceof ProfilerSimpleDataCollector and !$sink instanceof ProfilerDataUdpSink) { $wgProfiler->addSink(new ProfilerDataUdpSink()); } } Transaction::setEntryPoint(Transaction::ENTRY_POINT_MAINTENANCE); // Wikia change - end if ($maintenance->getDbType() === Maintenance::DB_ADMIN && is_readable("{$IP}/AdminSettings.php")) { require MWInit::interpretedPath('AdminSettings.php'); } $maintenance->finalSetup(); // Some last includes require_once MWInit::compiledPath('includes/Setup.php'); // Much much faster startup than creating a title object $wgTitle = null; // Do the work try { $maintenance->execute(); // Potentially debug globals $maintenance->globals(); } catch (MWException $mwe) {
* in the URL. */ // So extensions (and other code) can check whether they're running in API mode define('MW_API', true); // Bail if PHP is too low if (!function_exists('version_compare') || version_compare(phpversion(), '5.2.3') < 0) { require dirname(__FILE__) . '/includes/PHPVersionError.php'; wfPHPVersionError('api.php'); } // Initialise common code. if (isset($_SERVER['MW_COMPILED'])) { require 'phase3/includes/WebStart.php'; } else { require dirname(__FILE__) . '/includes/WebStart.php'; } Transaction::setEntryPoint(Transaction::ENTRY_POINT_API); Transaction::setAttribute(Transaction::PARAM_API_ACTION, $wgRequest->getVal('action', null)); wfProfileIn('api.php'); $starttime = microtime(true); // URL safety checks if (!$wgRequest->checkUrlExtension()) { wfProfileOut('api.php'); return; } // Verify that the API has not been disabled if (!$wgEnableAPI) { header($_SERVER['SERVER_PROTOCOL'] . ' 500 MediaWiki configuration Error', true, 500); echo 'MediaWiki API is not enabled for this site. Add the following line to your LocalSettings.php' . '<pre><b>$wgEnableAPI=true;</b></pre>'; die(1); } // Selectively allow cross-site AJAX
public static function serve(WebRequest $request) { $type = $request->getText('type'); try { switch ($type) { case 'one': $builder = new AssetsManagerOneBuilder($request); break; case 'group': $builder = new AssetsManagerGroupBuilder($request); break; case 'groups': $builder = new AssetsManagerGroupsBuilder($request); break; case 'sass': $builder = new AssetsManagerSassBuilder($request); break; case 'sasses': $builder = new AssetsManagerSassesBuilder($request); break; default: Wikia::log(__METHOD__, false, "Unknown type: {$_SERVER['REQUEST_URI']}", true); Wikia::log(__METHOD__, false, AssetsManager::getRequestDetails(), true); throw new Exception('Unknown type.'); } } catch (Exception $e) { header('HTTP/1.1 404 Not Found'); echo $e->getMessage(); return; } // do not log illegal request type (one/group/groups/sass supported only) - not to pollute // logs Transaction::setEntryPoint(Transaction::ENTRY_POINT_ASSETS_MANAGER); if (function_exists('newrelic_disable_autorum')) { newrelic_disable_autorum(); } $headers = array(); if ($builder->getContentType()) { $headers['Content-Type'] = $builder->getContentType(); } // BugId:31327 $headers['Vary'] = $builder->getVary(); $cacheDuration = $builder->getCacheDuration(); // render the response try { $content = $builder->getContent(); } catch (Exception $e) { // return HTTP 503 in case of SASS processing error (BAC-592) // Varnish will cache such response for 5 seconds header('HTTP/1.1 503'); // log exception messages \Wikia\Logger\WikiaLogger::instance()->error('AssetsManagerServer::serve failed', ['type' => $type, 'exception' => $e]); // emit full message on devboxes only global $wgDevelEnvironment; $content = !empty($wgDevelEnvironment) ? $msg = $e->getMessage() : '/* SASS processing failed! */'; } if ($cacheDuration > 0) { $headers['Cache-Control'] = 'public, max-age=' . $cacheDuration['server']; $headers['X-Pass-Cache-Control'] = 'public, max-age=' . $cacheDuration['client']; } $headers['Last-Modified'] = gmdate('D, d M Y H:i:s \\G\\M\\T'); // Add X-Served-By and X-Backend-Response-Time response headers to MediaWiki pages // See BAC-550 for details // @macbre global $wgRequestTime; $headers['X-Served-By'] = wfHostname(); $headers['X-Backend-Response-Time'] = round(microtime(true) - $wgRequestTime, 3); foreach ($headers as $k => $v) { header($k . ': ' . $v); } echo $content; }
<?php // This is from google translate, just return early. if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') { header("HTTP/1.1 200", true, 200); return; } // prevent $_GET['title'] from being overwritten on API calls (BAC-906) define('DONT_INTERPOLATE_TITLE', true); // Initialise common MW code require dirname(__FILE__) . '/includes/WebStart.php'; if ($wgProfiler instanceof Profiler) { $wgProfiler->setTemplated(true); } // Construct a tag for newrelic -- wgRequest is global in this scope Transaction::setEntryPoint(Transaction::ENTRY_POINT_NIRVANA); if (is_object($wgRequest)) { Transaction::setAttribute(Transaction::PARAM_CONTROLLER, $wgRequest->getVal('controller')); Transaction::setAttribute(Transaction::PARAM_METHOD, $wgRequest->getVal('method')); } if (function_exists('newrelic_disable_autorum')) { newrelic_disable_autorum(); } if (!empty($wgEnableNirvanaAPI)) { // temporarily force ApiDocs extension regardless of config require_once $IP . "/extensions/wikia/ApiDocs/ApiDocs.setup.php"; // same for JsonFormat require_once $IP . "/extensions/wikia/JsonFormat/JsonFormat.setup.php"; $app = F::app(); // Ensure that we have a title stub, otherwise parser does not work BugId: 12901 $app->wg->title = Wikia::createTitleFromRequest($app->wg->Request);
// Bail if PHP is too low if (!function_exists('version_compare') || version_compare(phpversion(), '5.2.3') < 0) { require dirname(__FILE__) . '/includes/PHPVersionError.php'; wfPHPVersionError('load.php'); } // Wikia change - begin - @author // don't load user from session $wgUserForceAnon = true; // Wikia change - end if (isset($_SERVER['MW_COMPILED'])) { require 'phase3/includes/WebStart.php'; } else { require dirname(__FILE__) . '/includes/WebStart.php'; } // Construct a tag for newrelic Transaction::setEntryPoint(Transaction::ENTRY_POINT_RESOURCE_LOADER); if (function_exists('newrelic_disable_autorum')) { newrelic_disable_autorum(); } wfProfileIn('load.php'); // URL safety checks if (!$wgRequest->checkUrlExtension()) { wfProfileOut('load.php'); return; } // Respond to resource loading request $resourceLoader = new ResourceLoader(); $resourceLoader->respond(new ResourceLoaderContext($resourceLoader, $wgRequest)); wfProfileOut('load.php'); wfLogProfilingData(); // Shut down the database. foo()->bar() syntax is not supported in PHP4, and this file