Thanks for the heads up, it might be related to the recent change i committed.
Can someone help with setting up an automated unit testing for the API?
Thanks! --Yuri
On 5/16/07, Brion Vibber brion@wikimedia.org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gurch wrote:
It is possible to use api.php on a wiki to which one does not have access (read-only or otherwise) to do some things to which access through the interface is denied.
For example, I can obtain a list of all pages on board.wikimedia.org or internal.wikimedia.org (neither of which I have read or write access to), while attempting to view Special:Allpages on one of these gives a "login required" error.
Attempting to retrieve revision information via the API correctly gives a "no read permission" error, so I can't actually see the content of any pages.
Is this a bug, or a feature?
Shouldn't happen; I'm disabling the read API for private wikis pending security review.
- -- brion vibber (brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGS4utwRnhpk1wk44RAhuzAJ9ck17q+gdkbAG4lkZCcJ94FPM8PACfZ00X 1LfXakGtJL/ePKV4DP4DIu4= =6Q1k -----END PGP SIGNATURE-----
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/wikitech-l