Difference between revisions of "Tokens class"

From Apibot
Jump to: navigation, search
(some info)
m (moved Apibot 0.40 Tokens class to Tokens class: 0.40 is the stable version now - why numbering it?)
(No difference)

Revision as of 15:39, 13 April 2014

All MediaWiki actions that might change the wiki content require submitting (in addition to all info about the action) also special pieces of info called tokens. This helps defending the wiki against some forms of attacks (cross-scripting etc).

Some tokens change with every action. Others, however, are specific for the session or the object of the action. It makes sense to cache these instead of requesting them every time. This is implemented in the Tokens class.

The API and the Web interface of MediaWiki handle tokens differently. For this reason, the Tokens class has two descendants - Tokens_API and Tokens_Web - who implement the differences. In addition, tokens for the same action may differ between an API session and a Web session. Accordingly, the Apibot Mains object contains two Tokens objects - the $tokens_api and $tokens_web properties.


Creating an object of the Tokens class or its descendants requires three parameters:

Public methods

Obtaining tokens

These functions will return the appropriate token. If not present, it will be fetched from the wiki (and cached, if this makes sense).

  • edit_token()
  • move_token()
  • delete_token()
  • undelete_token()
  • protect_token()
  • block_token()
  • unblock_token()
  • watch_token()
  • emailuser_token()
  • import_token()
  • upload_token()
  • patrol_token()
  • userrights_token ( $user )
  • rollback_token ( $title )

Setting tokens

These functions will set the appropriate token to the tokens cache. (Typically this will not be required.)

  • set_edit_token ( $token )
  • set_move_token ( $token )
  • set_delete_token ( $token )
  • set_undelete_token ( $token )
  • set_protect_token ( $token )
  • set_block_token ( $token )
  • set_unblock_token ( $token )
  • set_watch_token ( $token )
  • set_emailuser_token ( $token )
  • set_import_token ( $token )
  • set_upload_token ( $token )
  • set_patrol_token ( $token )
  • set_userrights_token ( $user, $token )
  • set_rollback_token ( $title, $token )