2010/1/10 Angela <beesley(a)gmail.com>om>:
On Sun, Jan 10, 2010 at 3:15 PM, Aryeh Gregor
<Simetrical+wikilist(a)gmail.com> wrote:
No. At this point we should remove $wgEnableAPI
and set it to true
unconditionally. Other things already randomly depend on it, like
watchlist RSS feeds.
Enabling it has caused data to be leaked from private wikis in the
past. Has that been fixed?
Actually, the API is now overly restrictive on private wikis,
disallowing all actions except login from users without read rights.
This means they can't get certain data that they could get through the
UI (like the content of whitelisted pages such as the main page, the
/name/ of the main page, the wiki's name and content language, etc.).
For most users this is annoying and should be fixed, but for operators
of private wikis it's probably a comforting thought that, for now,
even the most innocent requests to do anything but log in will be
denied to users without read rights.
Roan Kattouw (Catrope)