jenkins-bot has submitted this change and it was merged. Change subject: Require API modules to POST and have tokens ......................................................................
Require API modules to POST and have tokens This also alteres the JS to post tokens Bug: T110181 Change-Id: Ie7663519245f6f93490ec6fbc6617d2c03b6747f --- M includes/ApiNewsletter.php M includes/ApiNewsletterManage.php M modules/ext.newsletter.js M modules/ext.newslettermanage.js M tests/ApiNewsletterTest.php 5 files changed, 23 insertions(+), 7 deletions(-) Approvals: 01tonythomas: Looks good to me, approved jenkins-bot: Verified diff --git a/includes/ApiNewsletter.php b/includes/ApiNewsletter.php index 4befbf8..e903f46 100644 --- a/includes/ApiNewsletter.php +++ b/includes/ApiNewsletter.php @@ -37,4 +37,12 @@ ); } + public function needsToken() { + return 'csrf'; + } + + public function mustBePosted() { + return true; + } + } diff --git a/includes/ApiNewsletterManage.php b/includes/ApiNewsletterManage.php index aa23f69..882ef78 100644 --- a/includes/ApiNewsletterManage.php +++ b/includes/ApiNewsletterManage.php @@ -36,4 +36,12 @@ ); } + public function needsToken() { + return 'csrf'; + } + + public function mustBePosted() { + return true; + } + } diff --git a/modules/ext.newsletter.js b/modules/ext.newsletter.js index d402070..263a375 100644 --- a/modules/ext.newsletter.js +++ b/modules/ext.newsletter.js @@ -7,7 +7,7 @@ var api = new mw.Api(); $( 'input[type=radio][value=subscribe]' ).change( function() { var newsletterId = ( this.name ).substr( ( this.name ).indexOf( "-" ) + 1 ); - api.post( { + api.postWithToken( 'edit', { action: 'newsletterapi', newsletterId: newsletterId, todo: 'subscribe' @@ -19,7 +19,7 @@ $( 'input[type=radio][value=unsubscribe]' ).change( function() { var newsletterId = ( this.name ).substr( ( this.name ).indexOf( "-" ) + 1 ); - api.post( { + api.postWithToken( 'edit', { action: 'newsletterapi', newsletterId: newsletterId, todo: 'unsubscribe' diff --git a/modules/ext.newslettermanage.js b/modules/ext.newslettermanage.js index b835785..dcc0332 100644 --- a/modules/ext.newslettermanage.js +++ b/modules/ext.newslettermanage.js @@ -8,7 +8,7 @@ $( 'input[type=button]').click( function() { var remNewsletterId = this.name; var publisherId = this.id; - api.post( { + api.postWithToken( 'edit', { action: 'newslettermanageapi', publisher: publisherId, newsletterId: remNewsletterId, diff --git a/tests/ApiNewsletterTest.php b/tests/ApiNewsletterTest.php index 19e1be6..15b848a 100644 --- a/tests/ApiNewsletterTest.php +++ b/tests/ApiNewsletterTest.php @@ -15,8 +15,8 @@ parent::setUp(); $dbw = wfGetDB( DB_MASTER ); - $user = User::newFromName( "Owner" ); - $user->addToDatabase(); + $user = self::$users['sysop']->getUser(); + $this->doLogin( 'sysop' ); $rowData = array( 'nl_name' => 'MyNewsletter', @@ -48,7 +48,7 @@ } public function testApiNewsletterForSubscribingNewsletter() { - $this->doApiRequest( + $this->doApiRequestWithToken( array( 'action' => 'newsletterapi', 'newsletterId' => $this->getNewsletterId(), @@ -70,7 +70,7 @@ } public function testApiNewsletterForUnsubscribingNewsletter() { - $this->doApiRequest( + $this->doApiRequestWithToken( array( 'action' => 'newsletterapi', 'newsletterId' => $this->getNewsletterId(), -- To view, visit https://gerrit.wikimedia.org/r/234127 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ie7663519245f6f93490ec6fbc6617d2c03b6747f Gerrit-PatchSet: 7 Gerrit-Project: mediawiki/extensions/Newsletter Gerrit-Branch: master Gerrit-Owner: Addshore <addshorew...@gmail.com> Gerrit-Reviewer: 01tonythomas <01tonytho...@gmail.com> Gerrit-Reviewer: Addshore <addshorew...@gmail.com> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits