headers
Roan Kattouw | 2 Dec 2007 01:19
Picon
Favicon

Re: Getting differences between revisions

Roan Kattouw schreef:
> S. Nunes schreef:
>   
>> Thanks for the quick implementation.
>> Can you please post an example on how to call this new function of the API?
>>   
>>     
> Get a diff between r64 and r65:
> api.php?action=query&prop=revisions&revids=65&rvdiffto=64
>
> Diff each rev of Main Page to the previous rev:
> api.php?action=query&prop=revisions&titles=Main%20Page&rvdifftoprev
>   
>> Is this readily available on Wikipedia? 
>>     
> No.
>   
>> If not, when will it be?
>>   
>>     
> On the next software update, probably in a couple of weeks.
>
> Roan Kattouw (Catrope)
>   
Because of its too high performance impact, this diff generation stuff 
has been removed. I'll see if I can get this to work in some other way, 
but for now you'll just have to diff stuff yourself.

Roan Kattouw (Catrope)
(Continue reading)

Permalink | Reply | 0 comments |
headers
Eddie Roger | 4 Dec 2007 16:29
Picon

Disabled Login Tokens

I was looking through changes to the apiedit branch and saw a revert to disable login tokens. I read the note in SVN as to why, but I don't understand the benefit of just using cookies versus using tokens, especially for robots. I'm not questioning Brion's decision, just wondering if there was explanation. Also, I don't understand how to implement his suggestion - is that just with cookies now? Thanks.

Eddie

_______________________________________________
Mediawiki-api mailing list
Mediawiki-api@...
http://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Permalink | Reply | 3 comments |
headers
Roan Kattouw | 4 Dec 2007 16:29
Picon
Favicon

Re: Disabled Login Tokens

Eddie Roger schreef:
> but I don't understand the benefit of just using cookies versus using 
> tokens, especially for robots. I'm not questioning Brion's decision, 
> just wondering if there was explanation.
The login token thing was insecure, because someone could sneak in a URL 
like:
api.php?action=something&...&lgtoken=123ABC
With lgtoken being a valid login token, assigned to the attacker's 
session. That would force the victim to take over the attacker's 
session, and possibly get his IP autoblocked.
> Also, I don't understand how to implement his suggestion - is that 
> just with cookies now?
Yep, just cookies. See here [1] for an example of how to login using PHP 
and Snoopy.

Roan Kattouw (Catrope)

[1] 
http://lists.wikimedia.org/pipermail/mediawiki-api/2007-October/000117.html
Permalink | Reply | 1 comment |
headers
Eddie Roger | 4 Dec 2007 16:34
Picon

Re: Disabled Login Tokens

Dang. Oh well. I'm attempting this through Ruby methods, so I'll have to get out some old cookie handling code to deal. Thanks for the answer.


On Dec 4, 2007 9:29 AM, Roan Kattouw < roan.kattouw-CmkmPbn3yAE@public.gmane.org> wrote:
Eddie Roger schreef:
> but I don't understand the benefit of just using cookies versus using
> tokens, especially for robots. I'm not questioning Brion's decision,
> just wondering if there was explanation.
The login token thing was insecure, because someone could sneak in a URL
like:
api.php?action=something&...&lgtoken=123ABC
With lgtoken being a valid login token, assigned to the attacker's
session. That would force the victim to take over the attacker's
session, and possibly get his IP autoblocked.
> Also, I don't understand how to implement his suggestion - is that
> just with cookies now?
Yep, just cookies. See here [1] for an example of how to login using PHP
and Snoopy.

Roan Kattouw (Catrope)

[1]
http://lists.wikimedia.org/pipermail/mediawiki-api/2007-October/000117.html

_______________________________________________
Mediawiki-api mailing list
Mediawiki-api-RusutVdil2icGmH+5r0DM0B+6BGkLq7r@public.gmane.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-api

_______________________________________________
Mediawiki-api mailing list
Mediawiki-api@...
http://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Permalink | Reply | 0 comments |
headers
Platonides | 4 Dec 2007 23:10
Picon

Re: Disabled Login Tokens

Eddie Roger wrote:
> I was looking through changes to the apiedit branch and saw a revert to 
> disable login tokens. I read the note in SVN as to why, but I don't 
> understand the benefit of just using cookies versus using tokens, 
> especially for robots. I'm not questioning Brion's decision, just 
> wondering if there was explanation.

The reason and vulnerability (which Roan already told you) was discussed 
on wikitech at the time.
Permalink | Reply | 0 comments |
headers
Roan Kattouw | 5 Dec 2007 19:56
Picon
Favicon

ANNOUNCEMENT: APIedit branch discontinued

Because the apiedit branch [1] has been merged with trunk [2], it will 
no longer be maintained. All changes to the relevant API modules should 
happen in trunk, and the apiedit branch will shortly be deleted.

Roan Kattouw (Catrope)

P.S.: Sorry for cross-posting

[1] http://svn.wikimedia.org/viewvc/mediawiki/branches/apiedit/
[2] http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=28051
Permalink | Reply | 2 comments |
headers
Roan Kattouw | 5 Dec 2007 22:49
Picon
Favicon

Re: [Mediawiki-api] ANNOUNCEMENT: APIedit branch discontinued

Yuri Astrakhan schreef:
> Congrats :)
>   
Thanks. It took some 5 months to get the whole thing done, and I'm glad 
it's more or less finished now. When I have more time (in a few weeks) 
I'll look into the apiedit_vodafone branch, which has been inactive for 
quite a while if memory serves.

BTW, the apiedit branch has actually been deleted now, in r28187.

Roan Kattouw (Catrope)
Permalink | Reply | 1 comment |
headers
Daniel Cannon | 6 Dec 2007 01:29
Picon

Re: ANNOUNCEMENT: APIedit branch discontinued


Roan Kattouw wrote:
> Yuri Astrakhan schreef:
>> Congrats :)
>>   

Congrats from me too! Excellent work -- it will surely make a lot of
people out there (myself included) very happy :)

--
Daniel Cannon (AmiDaniel)

cannon.danielc@...
Permalink | Reply | 0 comments |
headers
Brion Vibber | 6 Dec 2007 16:24
Picon
Gravatar

Re: [Wikitech-l] ANNOUNCEMENT: APIedit branch discontinued

Roan Kattouw wrote:
> Because the apiedit branch [1] has been merged with trunk [2], it will 
> no longer be maintained. All changes to the relevant API modules should 
> happen in trunk, and the apiedit branch will shortly be deleted.

Whee! :D

Congrats, all!

-- brion
Permalink | Reply | 0 comments |
headers
Scott Wilfong | 7 Dec 2007 01:29

Rendering Issue

The following wiki markup:
 

[[Image:Michelino DanteAndHisPoem.jpg|thumb|right|250px|''La commedia illumina Firenze'' in the dome of [[Santa Maria del Fiore]]]]

is rendering using the API function (api.php?action=render&text=[[Image:Michelino DanteAndHisPoem.jpg|thumb|right|250px|''La commedia illumina Firenze'' in the dome of [[Santa Maria del Fiore]]]]) as follows:

http://en.wikipedia.org/wiki/Image:Michelino_DanteAndHisPoem.jpg" class="image" title="La commedia illumina Firenze in the dome of Santa Maria del Fiore">http://upload.wikimedia.org/wikipedia/en/thumb/e/e2/Michelino_DanteAndHisPoem.jpg/250px-Michelino_DanteAndHisPoem.jpg" width="250" height="203" border="0" class="thumbimage" />
http://en.wikipedia.org/wiki/Image:Michelino_DanteAndHisPoem.jpg" class="internal" title="Enlarge">
La commedia illumina Firenze in the dome of http://en.wikipedia.org/wiki/Santa_Maria_del_Fiore" title="Santa Maria del Fiore">Santa Maria del Fiore
Notice that the first tag has an tag in it's href attribute. This cannot be right. Is this a bug? Scott     
_______________________________________________
Mediawiki-api mailing list
Mediawiki-api@...
http://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Permalink | Reply | 3 comments |

Gmane