Why not allow arbitrary SQL queries on most of the database tables?
Let's see, only a few, like the user table, have much confidential
information, and even only a few columns of it too.
So api.php could drop its read privileges for (parts of?) that table
before running any queries.
Motivation example:
It comes the time when all websites should check for link lint.
OK, so I need a list of external links that are present in my wikis.
$ echo "SELECT DISTINCT el_to FROM wiki_externallinks ORDER BY el_to;"|
mysql -B my_database
gets it for me all with one command.
Can api.php get all the external links, for all namespaces, all in one shot?
Can Special:Linksearch get them all either, all in one shot?
The sysop could also customize what tables/columns to restrict, and
how many rows to output. Also set the total row output limit too.
No need for only allowing SELECT, as api.php would first drop all
other privileges than read-only privileges, including the privilege to
GRANT its privileges back to itself... No need to even filter against
SQL injection attacks (but as I don't even know how to spell SQL,
don't quote me on that.)
Anyway, being able to do arbitrary SQL would greatly simplify many
api.php queries. Let's see, for the URL perhaps use:
api.php?sql=SELECT+DISTINCT...
(maybe use no CAPS in the examples to "sell the ease of the idea".)
First, it has come to my attention that emails from our exchange server are getting threaded incorrectly, so if this ends up in a wrong thread, instead of as a new thread, I apologize.
On to the issue.
Basically I am trying to mimic the results of: api.php?action=query&list=categorymembers&cmtitle=category:Foo
I have code that iterates over an object and extracts attributes and creates an indexed array with the relevant attributes of the element as well as other elements.
The indexed array looks like this:
$attribs = array('pageid'=>$articleID, 'ns'=>$namespaceID, 'title'=>$preFixedTitle, 'classification'=>$classString);
When I try calling $result->addValue( array('query','categorymembers'), 'cm', $attribs ) from inside the iteration I get the error:
"Exception Caught: Internal error in ApiResult::setElement: Attempting to merge element cm"
(external to the iteration I get [as expected] the correct format, but for only the final value of $attribs)
If I try omitting the $name (whether by using an empty string, null, or using $attribs as $name and omitting $value) I get this error:
"Exception Caught: Internal error in ApiFormatXml::recXmlPrint: (categorymembers, ...) has integer keys without _element value. Use ApiResult::setIndexedTagName()."
So I tried using $result->setIndexedTagName($attribs, 'cm') but that doesn't change anything.
I have been trying to find an example of setIndexedTagName() in use in the code, so that I can understand how it is used correctly, but I haven't managed yet. I have read the doxygen generated docs on ApiResult, but I am still unclear on the correct usage and, more importantly, the appropriate implantation of it.
Can anyone here provide some insight, please? Either on a better way to mimic the output, or the correct usage of the methods in question.
Thank you in advance.
--Sean Prunka
Hello list,
I'm new to WikiMedia in general, and have been given the task to extend to API.
We have created a SpecialPage that performs the actions desired, but we need to be able to access the output in XML, via the API.
I have been looking for a good tutorial on creating API extensions and have come up empty handed.
Do you (any of you) know of a good resource for sample code or a tutorial?
The general API documentation is good (though daunting) for making use of existing API calls, but what little information I did find (http://www.mediawiki.org/wiki/API:Calling_internally) is limited on creating a new API extension, especially when mimicking output of a 3rd party extension or custom written Special Page.
Any help will be appreciated. Thank you in advance!
--Sean Prunka
I am using Java to work with the mediawiki Api. We would like to add login to our queries.
Using a post routine, I entered api.php?action=login&lgname=username&lgpassword=password.
I retrieved the information including lgtoken. I add lgtoken=... to the end of my query and receive the following error:
<error code="unknown_action" info="Unrecognized value for parameter 'action': query" />
If I have "$wgGroupPermissions['*']['read'] = true" I receive no error.
I have read about the login, and it looks like I may need to use cookies. I would prefer not using cookies, but if I have to, I am not sure what to use.
Thanks,
Mary Beebe
I'm having some troubles can't post article content via API that is
bigger than ~5420 bytes. 5420 bytes works, but 5454 bytes fails.
And the problem is that I don't get any result or error message back.
Anyone had similar problems?
Is there some general size limit for posting through the API, that I'm
exceeding? (Strange though that I don't get an error message)
More detailed info:
I'm using PHP Version 5.2.4-2ubuntu5.5 with cURL
Post max size in php.ini is 16M
I'm using the cURL handle class below (The functions "cURLHandle"
(constructor) and "post" should be the ones relevant here). As you can
see the timeout is set to 30 seconds ("curl_setopt($process,
CURLOPT_TIMEOUT, 30);" in the post function), but it doesn't take more
than merely a second or so before the execution ends.
class cURLHandle {
var $headers;
var $user_agent;
var $compression;
var $cookie_file;
var $proxy;
function
cURLHandle($cookies=TRUE,$cookie='./cookies/cookies.txt',$compression='gzip',$proxy='')
{
$this->headers[] = 'Accept: image/gif, image/x-bitmap, image/jpeg,
image/pjpeg';
$this->headers[] = 'Connection: Keep-Alive';
$this->headers[] = 'Content-type:
application/x-www-form-urlencoded;charset=UTF-8';
$this->user_agent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT
5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)';
$this->compression=$compression;
$this->proxy=$proxy;
$this->cookies=$cookies;
if ($this->cookies == TRUE) $this->cookie($cookie);
}
function cookie($cookie_file) {
if (file_exists($cookie_file)) {
$this->cookie_file=$cookie_file;
} else {
fopen($cookie_file,'w') or $this->error('The cookie file could not
be opened. Make sure this directory has the correct permissions');
$this->cookie_file=$cookie_file;
fclose($this->cookie_file);
}
}
function get($url) {
$process = curl_init($url);
curl_setopt($process, CURLOPT_HTTPHEADER, $this->headers);
curl_setopt($process, CURLOPT_HEADER, 0);
curl_setopt($process, CURLOPT_USERAGENT, $this->user_agent);
if ($this->cookies == TRUE) curl_setopt($process,
CURLOPT_COOKIEFILE, $this->cookie_file);
if ($this->cookies == TRUE) curl_setopt($process, CURLOPT_COOKIEJAR,
$this->cookie_file);
curl_setopt($process,CURLOPT_ENCODING , $this->compression);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
if ($this->proxy) curl_setopt($cUrl, CURLOPT_PROXY,
'proxy_ip:proxy_port');
curl_setopt($process, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1);
$return = curl_exec($process);
curl_close($process);
return $return;
}
function post($url,$data) {
$process = curl_init($url);
curl_setopt($process, CURLOPT_HTTPHEADER, $this->headers);
curl_setopt($process, CURLOPT_HEADER, 0); // Don't give us the headers
curl_setopt($process, CURLOPT_USERAGENT, $this->user_agent);
if ($this->cookies == TRUE) curl_setopt($process,
CURLOPT_COOKIEFILE, $this->cookie_file);
if ($this->cookies == TRUE) curl_setopt($process, CURLOPT_COOKIEJAR,
$this->cookie_file);
curl_setopt($process, CURLOPT_ENCODING , $this->compression);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
if ($this->proxy) curl_setopt($process, CURLOPT_PROXY, $this->proxy);
curl_setopt($process, CURLOPT_POSTFIELDS, $data);
curl_setopt($process, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($process, CURLOPT_POST, 1);
$return = curl_exec($process);
curl_close($process);
return $return;
}
function error($error) {
echo "<center><div style='width:500px;border: 3px solid #FFEEFF;
padding: 3px; background-color: #FFDDFF;font-family: verdana; font-size:
10px'><b>cURL Error</b><br>$error</div></center>";
die;
}
}
Regards
// Samuel Lampa
RIL Partner AB | http://www.rilnet.com
I'm following the following help page, in order to receive an edit token
(I'm using MW 1.14.0):
http://www.mediawiki.org/wiki/API:Edit_-_Create%26Edit_pages
It tells to use the Url on the following form:
api.php?action=query&prop=info|revisions&intoken=edit&titles=Main%20Page
But that gives me the following error:
<?xml version="1.0"?>
<api>
<error code="unknown_action" info="Unrecognized value for parameter 'action': query">
I've tried to execute the query with both GET (directly in the browser)
and POST (via Curl in PHP) with the same result. Have also tried the
following combinations with the same result:
api.php?action=query&prop=info|revisions and
api.php?action=query
Am I doing anything wrong, or is this the correct way to get an edit token?
Regards
Samuel Lampa
http://www.rilnet.com