2010/1/10 Angela beesley@gmail.com:
On Sun, Jan 10, 2010 at 3:15 PM, Aryeh Gregor Simetrical+wikilist@gmail.com wrote:
No. At this point we should remove $wgEnableAPI and set it to true unconditionally. Other things already randomly depend on it, like watchlist RSS feeds.
Enabling it has caused data to be leaked from private wikis in the past. Has that been fixed?
Actually, the API is now overly restrictive on private wikis, disallowing all actions except login from users without read rights. This means they can't get certain data that they could get through the UI (like the content of whitelisted pages such as the main page, the /name/ of the main page, the wiki's name and content language, etc.). For most users this is annoying and should be fixed, but for operators of private wikis it's probably a comforting thought that, for now, even the most innocent requests to do anything but log in will be denied to users without read rights.
Roan Kattouw (Catrope)