api.php

Go to the documentation of this file.

<?php

// So extensions (and other code) can check whether they're running in API mode
define( 'MW_API', true );

// Bail if PHP is too low
if ( !function_exists( 'version_compare' ) || version_compare( phpversion(), '5.2.3' ) < 0 ) {
        require( dirname( __FILE__ ) . '/includes/PHPVersionError.php' );
        wfPHPVersionError( 'api.php' );
}

// Initialise common code.
if ( isset( $_SERVER['MW_COMPILED'] ) ) {
        require ( 'phase3/includes/WebStart.php' );
} else {
        require ( dirname( __FILE__ ) . '/includes/WebStart.php' );
}

wfProfileIn( 'api.php' );
$starttime = microtime( true );

// URL safety checks
if ( !$wgRequest->checkUrlExtension() ) {
        return;
}

// Verify that the API has not been disabled
if ( !$wgEnableAPI ) {
        header( $_SERVER['SERVER_PROTOCOL'] . ' 500 MediaWiki configuration Error', true, 500 );
        echo( 'MediaWiki API is not enabled for this site. Add the following line to your LocalSettings.php'
                . '<pre><b>$wgEnableAPI=true;</b></pre>' );
        die(1);
}

// Selectively allow cross-site AJAX

function convertWildcard( $search ) {
        $search = preg_quote( $search, '/' );
        $search = str_replace(
                array( '\*', '\?' ),
                array( '.*?', '.' ),
                $search
        );
        return "/$search/";
}

if ( $wgCrossSiteAJAXdomains && isset( $_SERVER['HTTP_ORIGIN'] ) ) {
        $exceptions = array_map( 'convertWildcard', $wgCrossSiteAJAXdomainExceptions );
        $regexes = array_map( 'convertWildcard', $wgCrossSiteAJAXdomains );
        foreach ( $regexes as $regex ) {
                if ( preg_match( $regex, $_SERVER['HTTP_ORIGIN'] ) ) {
                        foreach ( $exceptions as $exc ) { // Check against exceptions
                                if ( preg_match( $exc, $_SERVER['HTTP_ORIGIN'] ) ) {
                                        break 2;
                                }
                        }
                        header( "Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}" );
                        header( 'Access-Control-Allow-Credentials: true' );
                        break;
                }
        }
}

// Set a dummy $wgTitle, because $wgTitle == null breaks various things
// In a perfect world this wouldn't be necessary
$wgTitle = Title::makeTitle( NS_MAIN, 'API' );

/* Construct an ApiMain with the arguments passed via the URL. What we get back
 * is some form of an ApiMain, possibly even one that produces an error message,
 * but we don't care here, as that is handled by the ctor.
 */
$processor = new ApiMain( $wgRequest, $wgEnableWriteAPI );

// Process data & print results
$processor->execute();

// Execute any deferred updates
DeferredUpdates::doUpdates();

// Log what the user did, for book-keeping purposes.
$endtime = microtime( true );
wfProfileOut( 'api.php' );
wfLogProfilingData();

// Log the request
if ( $wgAPIRequestLog ) {
        $items = array(
                        wfTimestamp( TS_MW ),
                        $endtime - $starttime,
                        $wgRequest->getIP(),
                        $_SERVER['HTTP_USER_AGENT']
        );
        $items[] = $wgRequest->wasPosted() ? 'POST' : 'GET';
        $module = $processor->getModule();
        if ( $module->mustBePosted() ) {
                $items[] = "action=" . $wgRequest->getVal( 'action' );
        } else {
                $items[] = wfArrayToCGI( $wgRequest->getValues() );
        }
        wfErrorLog( implode( ',', $items ) . "\n", $wgAPIRequestLog );
        wfDebug( "Logged API request to $wgAPIRequestLog\n" );
}

// Shut down the database.  foo()->bar() syntax is not supported in PHP4: we won't ever actually
// get here to worry about whether this should be = or =&, but the file has to parse properly.
$lb = wfGetLBFactory();
$lb->shutdown();