Write API should be restricted to logged-in users only

> Max Semenik managed to write:
>> API is intended for bots, not humans. Making it accept anon edits just
>> allows bots to edit accidentally logged off. And the AssertEdit
>> extension doesn't seem to work for API. What can be done about this?
>>
>> Simply adding an AlternateEdit hook call to ApiEditPage leads to ugly
>> HTML output.
>>
>>  
> I thought about assertions in API. I'll add them this week.
> --VasilievVV

> On 25.05.2008, 10:52 VasilievVV wrote:
>
>> Max Semenik managed to write:
>>> API is intended for bots, not humans. Making it accept anon edits just
>>> allows bots to edit accidentally logged off. And the AssertEdit
>>> extension doesn't seem to work for API. What can be done about this?
>>>
>>> Simply adding an AlternateEdit hook call to ApiEditPage leads to ugly
>>> HTML output.
>>>
>>>
>> I thought about assertions in API. I'll add them this week.
>> --VasilievVV
>
> This hook was implemented by Bryan Tong Minh in 35294[1], and in
> conjunction wit AssertEdit  it leads, as I warned, to AssertEdit
> attempting to display a HTML error page and choking with
> "Fatal error: Call to a member function getPrefixedText() on a
> non-object in C:\Projects\MediaWiki\includes\OutputPage.php on line
> 1314" instead of proper XML output. I suppose that other extensions
> that don't expect to be called from API may exhibit the same
> behaviour.
>
> ----
> [1] http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=35294
>
> --
> Best regards,
>  Max Semenik ([[User:MaxSem]])
>
>
> _______________________________________________
> Mediawiki-api mailing list
> Mediawiki-api@...
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
>

> On Sun, May 25, 2008 at 11:48 AM, Max Semenik <maxsem.wiki@...> wrote:
>> On 25.05.2008, 10:52 VasilievVV wrote:
>>
>>> Max Semenik managed to write:
>>>> API is intended for bots, not humans. Making it accept anon edits just
>>>> allows bots to edit accidentally logged off. And the AssertEdit
>>>> extension doesn't seem to work for API. What can be done about this?
>>>>
>>>> Simply adding an AlternateEdit hook call to ApiEditPage leads to ugly
>>>> HTML output.
>>>>
>>>>
>>> I thought about assertions in API. I'll add them this week.
>>> --VasilievVV
>>
>> This hook was implemented by Bryan Tong Minh in 35294[1], and in
>> conjunction wit AssertEdit  it leads, as I warned, to AssertEdit
>> attempting to display a HTML error page and choking with
>> "Fatal error: Call to a member function getPrefixedText() on a
>> non-object in C:\Projects\MediaWiki\includes\OutputPage.php on line
>> 1314" instead of proper XML output. I suppose that other extensions
>> that don't expect to be called from API may exhibit the same
>> behaviour.
>>
>> ----
>> [1] http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=35294
>>
>> --
>> Best regards,
>>  Max Semenik ([[User:MaxSem]])
>>
>>
>> _______________________________________________
>> Mediawiki-api mailing list
>> Mediawiki-api@...
>> https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
>>
> I think I added that hook on the wrong place. It should probably
> somewhere after the title has been set.
>
> Bryan
>

>>>> I think I added that hook on the wrong place. It should probably
>>>> somewhere after the title has been set.
>>>>
>>>> Bryan
>>>>
>>> ...or not. It appears that the error occurs because $wgTitle is not
>>> set. It should probably be set to something sensible or $wgOut should
>>> be set to a fake object that does nothing.
>>
>>> Bryan
>>
>> Probably, something like FauxOutputPage should relly be made, but it
>> would add extra time to load it and actual OutputPage from which it
>> will inherit. So my proposed patch modifies AssertEdit's behaviour to
>> depend on entry point and not to output anything if it's called from
>> API.
>>
>> --
>> Best regards,
>>  Max Semenik ([[User:MaxSem]])
>>
>>