-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gurch wrote:
It is possible to use api.php on a wiki to which one
does not have
access (read-only or otherwise) to do some things to which access
through the interface is denied.
For example, I can obtain a list of all pages on
board.wikimedia.org or
internal.wikimedia.org (neither of which I have read or write access
to), while attempting to view Special:Allpages on one of these gives a
"login required" error.
Attempting to retrieve revision information via the API correctly gives
a "no read permission" error, so I can't actually see the content of any
pages.
Is this a bug, or a feature?
Shouldn't happen; I'm disabling the read API for private wikis pending
security review.
- -- brion vibber (brion @
wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iD8DBQFGS4utwRnhpk1wk44RAhuzAJ9ck17q+gdkbAG4lkZCcJ94FPM8PACfZ00X
1LfXakGtJL/ePKV4DP4DIu4=
=6Q1k
-----END PGP SIGNATURE-----