jenkins-bot has submitted this change and it was merged.
Change subject: Require API modules to POST and have tokens
......................................................................
Require API modules to POST and have tokens
This also alteres the JS to post tokens
Bug: T110181
Change-Id: Ie7663519245f6f93490ec6fbc6617d2c03b6747f
---
M includes/ApiNewsletter.php
M includes/ApiNewsletterManage.php
M modules/ext.newsletter.js
M modules/ext.newslettermanage.js
M tests/ApiNewsletterTest.php
5 files changed, 23 insertions(+), 7 deletions(-)
Approvals:
01tonythomas: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/ApiNewsletter.php b/includes/ApiNewsletter.php
index 4befbf8..e903f46 100644
--- a/includes/ApiNewsletter.php
+++ b/includes/ApiNewsletter.php
@@ -37,4 +37,12 @@
);
}
+ public function needsToken() {
+ return 'csrf';
+ }
+
+ public function mustBePosted() {
+ return true;
+ }
+
}
diff --git a/includes/ApiNewsletterManage.php b/includes/ApiNewsletterManage.php
index aa23f69..882ef78 100644
--- a/includes/ApiNewsletterManage.php
+++ b/includes/ApiNewsletterManage.php
@@ -36,4 +36,12 @@
);
}
+ public function needsToken() {
+ return 'csrf';
+ }
+
+ public function mustBePosted() {
+ return true;
+ }
+
}
diff --git a/modules/ext.newsletter.js b/modules/ext.newsletter.js
index d402070..263a375 100644
--- a/modules/ext.newsletter.js
+++ b/modules/ext.newsletter.js
@@ -7,7 +7,7 @@
var api = new mw.Api();
$( 'input[type=radio][value=subscribe]' ).change( function() {
var newsletterId = ( this.name ).substr( ( this.name ).indexOf(
"-" ) + 1 );
- api.post( {
+ api.postWithToken( 'edit', {
action: 'newsletterapi',
newsletterId: newsletterId,
todo: 'subscribe'
@@ -19,7 +19,7 @@
$( 'input[type=radio][value=unsubscribe]' ).change( function() {
var newsletterId = ( this.name ).substr( ( this.name ).indexOf(
"-" ) + 1 );
- api.post( {
+ api.postWithToken( 'edit', {
action: 'newsletterapi',
newsletterId: newsletterId,
todo: 'unsubscribe'
diff --git a/modules/ext.newslettermanage.js b/modules/ext.newslettermanage.js
index b835785..dcc0332 100644
--- a/modules/ext.newslettermanage.js
+++ b/modules/ext.newslettermanage.js
@@ -8,7 +8,7 @@
$( 'input[type=button]').click( function() {
var remNewsletterId = this.name;
var publisherId = this.id;
- api.post( {
+ api.postWithToken( 'edit', {
action: 'newslettermanageapi',
publisher: publisherId,
newsletterId: remNewsletterId,
diff --git a/tests/ApiNewsletterTest.php b/tests/ApiNewsletterTest.php
index 19e1be6..15b848a 100644
--- a/tests/ApiNewsletterTest.php
+++ b/tests/ApiNewsletterTest.php
@@ -15,8 +15,8 @@
parent::setUp();
$dbw = wfGetDB( DB_MASTER );
- $user = User::newFromName( "Owner" );
- $user->addToDatabase();
+ $user = self::$users['sysop']->getUser();
+ $this->doLogin( 'sysop' );
$rowData = array(
'nl_name' => 'MyNewsletter',
@@ -48,7 +48,7 @@
}
public function testApiNewsletterForSubscribingNewsletter() {
- $this->doApiRequest(
+ $this->doApiRequestWithToken(
array(
'action' => 'newsletterapi',
'newsletterId' => $this->getNewsletterId(),
@@ -70,7 +70,7 @@
}
public function testApiNewsletterForUnsubscribingNewsletter() {
- $this->doApiRequest(
+ $this->doApiRequestWithToken(
array(
'action' => 'newsletterapi',
'newsletterId' => $this->getNewsletterId(),
--
To view, visit https://gerrit.wikimedia.org/r/234127
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ie7663519245f6f93490ec6fbc6617d2c03b6747f
Gerrit-PatchSet: 7
Gerrit-Project: mediawiki/extensions/Newsletter
Gerrit-Branch: master
Gerrit-Owner: Addshore <addshorew...@gmail.com>
Gerrit-Reviewer: 01tonythomas <01tonytho...@gmail.com>
Gerrit-Reviewer: Addshore <addshorew...@gmail.com>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
