Look up the assert parameter in the API On Jun 19, 2014 6:52 AM, "Petr Bena" <benapetr(a)gmail.com> wrote: _______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Can this parameter be anywhere in the url? for example api.php?action=query&assert=user&prop=blabla or does it need to be on a specific position, like token?

On Thu, 19 Jun 2014 15:16:22 +0200, MZMcBride <z(a)mzmcbride.com> wrote: Petr Bena wrote: Yeah… The API documentation mentions this, but I think it's wrong or at least misleading. https://www.mediawiki.org/wiki/API:Edit#Token "When passing this to the Edit API, always pass the token parameter last (or at least after the text parameter). That way, if the edit gets interrupted, the token won't be passed and the edit will fail." I'm reasonably sure that the HTTP and HTTPS protocols are smart enough to recognize "cut off" requests, and that any servers whatsoever are smart enough to implement this behavior. -- Matma Rex _______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l

At some point it makes sense. You shouldn't rely on servers :P I am placing token as last per this suggestion. On Thu, Jun 19, 2014 at 5:42 PM, Happy Melon <happy.melon.wiki(a)gmail.com> wrote: > Blame Reedy [1]. Or ask him for clarification... > > --HM > > [1] > https://www.mediawiki.org/w/index.php?title=API:Edit&diff=410992&ol… > > > On 19 June 2014 14:27, Bartosz Dziewoński <matma.rex(a)gmail.com> wrote: > >> On Thu, 19 Jun 2014 15:16:22 +0200, MZMcBride <z(a)mzmcbride.com> wrote: >> >> Petr Bena wrote: >>> >>>> Can this parameter be anywhere in the url? for example >>>> api.php?action=query&assert=user&prop=blabla or does it need to be on >>>> a specific position, like token? >>>> >>> It can be anywhere after "api.php", but not anywhere in the URL. >>> I don't believe any token requires a specific position in a URL. >>> >> >> Yeah… The API documentation mentions this, but I think it's wrong or at >> least misleading. >> >> https://www.mediawiki.org/wiki/API:Edit#Token >> >> "When passing this to the Edit API, always pass the token parameter last >> (or at least after the text parameter). That way, if the edit gets >> interrupted, the token won't be passed and the edit will fail." >> >> I'm reasonably sure that the HTTP and HTTPS protocols are smart enough to >> recognize "cut off" requests, and that any servers whatsoever are smart >> enough to implement this behavior. >> >> >> -- >> Matma Rex >> >> >> _______________________________________________ >> Wikitech-l mailing list >> Wikitech-l(a)lists.wikimedia.org >> https://lists.wikimedia.org/mailman/listinfo/wikitech-l >> > _______________________________________________ > Wikitech-l mailing list > Wikitech-l(a)lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l

On Thu, Jun 19, 2014 at 6:27 AM, Bartosz Dziewoński <matma.rex(a)gmail.com> wrote: Actually not. multipart/form-data POST requests have an end marker, but application/x-www-form-urlencoded requests have not - they use the same param1=foo&param2=bar format GET URLs do, there is no way to tell if that is cut off. Lower-level protocols will deal with issues like lost packets or network disconnection, but if the body of the request is truncated because of an error in the sending HTTP library, like using a buffer that is too small, there is no way the server could detect that.

On 6/19/14, Gergo Tisza <gtisza(a)wikimedia.org> wrote: What about the content-length header? I believe that's included with POST requests even when using application/x-www-form-urlencoded form. Although I have noticed we do have code in EditPage.php to detect this situation for normal edits, so I guess it must happen on occasion. --bawolff

On Thu, Jun 19, 2014 at 9:23 PM, Brian Wolff <bawolff(a)gmail.com> wrote: I suggest people in this thread read section 4.4 of RFC 2616. There is no situation in which an HTTP request can be "cut off" such that part of the query goes missing. Assuming you are using a compliant web server, the Content-Length header is basically required for request bodies (unless you're doing chunked encoding or something). Try right now submitting a POST request without a Content-Length header to Wikipedia. It results in a 400. Additionally, if you send an incorrect header, it will either wait until timeout if it's too long or give 400 if it's too short. Like Daniel said, the only situation that is possible is some sort of buffer issue, where there is a client-side application logic error that causes the incorrect request to be sent. But this is not really MediaWiki's problem, and client's should be using the Content-MD5 header (or whatever the bastardized MediaWiki version is, since MW doesn't actually support HTTP) if they really want to ensure data integrity.