api.php

Go to the documentation of this file.

<?php
use MediaWiki\Logger\LegacyLogger;
 
// So extensions (and other code) can check whether they're running in API mode
define( 'MW_API', true );
 
require __DIR__ . '/includes/WebStart.php';
 
$starttime = microtime( true );
 
// URL safety checks
if ( !$wgRequest->checkUrlExtension() ) {
    return;
}
 
// Pathinfo can be used for stupid things. We don't support it for api.php at
// all, so error out if it's present.
if ( isset( $_SERVER['PATH_INFO'] ) && $_SERVER['PATH_INFO'] != '' ) {
    $correctUrl = wfAppendQuery( wfScript( 'api' ), $wgRequest->getQueryValues() );
    $correctUrl = wfExpandUrl( $correctUrl, PROTO_CANONICAL );
    header( "Location: $correctUrl", true, 301 );
    echo 'This endpoint does not support "path info", i.e. extra text between "api.php"'
        . 'and the "?". Remove any such text and try again.';
    die( 1 );
}
 
// Verify that the API has not been disabled
if ( !$wgEnableAPI ) {
    header( $_SERVER['SERVER_PROTOCOL'] . ' 500 MediaWiki configuration Error', true, 500 );
    echo 'MediaWiki API is not enabled for this site. Add the following line to your LocalSettings.php'
        . '<pre><b>$wgEnableAPI=true;</b></pre>';
    die( 1 );
}
 
// Set a dummy $wgTitle, because $wgTitle == null breaks various things
// In a perfect world this wouldn't be necessary
$wgTitle = Title::makeTitle( NS_SPECIAL, 'Badtitle/dummy title for API calls set in api.php' );
 
// RequestContext will read from $wgTitle, but it will also whine about it.
// In a perfect world this wouldn't be necessary either.
RequestContext::getMain()->setTitle( $wgTitle );
 
try {
    /* Construct an ApiMain with the arguments passed via the URL. What we get back
     * is some form of an ApiMain, possibly even one that produces an error message,
     * but we don't care here, as that is handled by the constructor.
     */
    $processor = new ApiMain( RequestContext::getMain(), $wgEnableWriteAPI );
 
    // Last chance hook before executing the API
    Hooks::run( 'ApiBeforeMain', [ &$processor ] );
    if ( !$processor instanceof ApiMain ) {
        throw new MWException( 'ApiBeforeMain hook set $processor to a non-ApiMain class' );
    }
} catch ( Exception $e ) {
    // Crap. Try to report the exception in API format to be friendly to clients.
    ApiMain::handleApiBeforeMainException( $e );
    $processor = false;
}
 
// Process data & print results
if ( $processor ) {
    $processor->execute();
}
 
// Log what the user did, for book-keeping purposes.
$endtime = microtime( true );
 
// Log the request
if ( $wgAPIRequestLog ) {
    $items = [
        wfTimestamp( TS_MW ),
        $endtime - $starttime,
        $wgRequest->getIP(),
        $wgRequest->getHeader( 'User-agent' )
    ];
    $items[] = $wgRequest->wasPosted() ? 'POST' : 'GET';
    if ( $processor ) {
        try {
            $manager = $processor->getModuleManager();
            $module = $manager->getModule( $wgRequest->getVal( 'action' ), 'action' );
        } catch ( Exception $ex ) {
            $module = null;
        }
        if ( !$module || $module->mustBePosted() ) {
            $items[] = "action=" . $wgRequest->getVal( 'action' );
        } else {
            $items[] = wfArrayToCgi( $wgRequest->getValues() );
        }
    } else {
        $items[] = "failed in ApiBeforeMain";
    }
    LegacyLogger::emit( implode( ',', $items ) . "\n", $wgAPIRequestLog );
    wfDebug( "Logged API request to $wgAPIRequestLog\n" );
}
 
$mediawiki = new MediaWiki();
$mediawiki->doPostOutputShutdown( 'fast' );