Difference between revisions of "Tokens class"

From Apibot
Jump to: navigation, search
m (5 replacements)
m (Mains -> Core)
 
Line 3: Line 3:
 
Some tokens change with every action. Others, however, are specific for the session or the object of the action. It makes sense to cache these instead of requesting them every time. This is implemented in the '''<code>Tokens</code>''' class.
 
Some tokens change with every action. Others, however, are specific for the session or the object of the action. It makes sense to cache these instead of requesting them every time. This is implemented in the '''<code>Tokens</code>''' class.
  
The API and the Web interface of MediaWiki handle tokens differently. For this reason, the <code>Tokens</code> class has two descendants - <code>Tokens_API</code> and <code>Tokens_Web</code> - who implement the differences. In addition, tokens for the same action may differ between an API session and a Web session. Accordingly, the Apibot [[Mains class|Mains object]] contains two <code>Tokens</code> objects - the <code>$tokens_api</code> and <code>$tokens_web</code> properties.
+
The API and the Web interface of MediaWiki handle tokens differently. For this reason, the <code>Tokens</code> class has two descendants - <code>Tokens_API</code> and <code>Tokens_Web</code> - who implement the differences. In addition, tokens for the same action may differ between an API session and a Web session. Accordingly, the Apibot [[Core class|Core object]] contains two <code>Tokens</code> objects - the <code>$tokens_api</code> and <code>$tokens_web</code> properties.
  
 
== Creating ==
 
== Creating ==
Line 9: Line 9:
 
Creating an object of the <code>Tokens</code> class or its descendants requires three parameters:
 
Creating an object of the <code>Tokens</code> class or its descendants requires three parameters:
  
* <code>$exchanger</code> - the <code>[[Exchanger class|$exchanger_api]]</code> Mains sub-object for <code>Tokens_API</code>, and the <code>[[Exchanger class|$exchanger_web]]</code> for <code>Tokens_Web</code>, respectively
+
* <code>$exchanger</code> - the <code>[[Exchanger class|$exchanger_api]]</code> Core sub-object for <code>Tokens_API</code>, and the <code>[[Exchanger class|$exchanger_web]]</code> for <code>Tokens_Web</code>, respectively
* <code>$info</code> - the Mains [[Info class|Info sub-object]]
+
* <code>$info</code> - the Core [[Info class|Info sub-object]]
* <code>$settings</code> - the Mains [[Settings class|Settings sub-object]]
+
* <code>$settings</code> - the Core [[Settings class|Settings sub-object]]
  
 
== Public methods ==
 
== Public methods ==

Latest revision as of 01:40, 10 November 2014

All MediaWiki actions that might change the wiki content require submitting (in addition to all info about the action) also special pieces of info called tokens. This helps defending the wiki against some forms of attacks (cross-scripting etc).

Some tokens change with every action. Others, however, are specific for the session or the object of the action. It makes sense to cache these instead of requesting them every time. This is implemented in the Tokens class.

The API and the Web interface of MediaWiki handle tokens differently. For this reason, the Tokens class has two descendants - Tokens_API and Tokens_Web - who implement the differences. In addition, tokens for the same action may differ between an API session and a Web session. Accordingly, the Apibot Core object contains two Tokens objects - the $tokens_api and $tokens_web properties.

Creating

Creating an object of the Tokens class or its descendants requires three parameters:

Public methods

Obtaining tokens

These functions will return the appropriate token. If not present, it will be fetched from the wiki (and cached, if this makes sense).

  • edit_token()
  • move_token()
  • delete_token()
  • undelete_token()
  • protect_token()
  • block_token()
  • unblock_token()
  • watch_token()
  • emailuser_token()
  • import_token()
  • upload_token()
  • patrol_token()
  • userrights_token ( $user )
  • rollback_token ( $title )

Setting tokens

These functions will set the appropriate token to the tokens cache. (Typically this will not be required.)

  • set_edit_token ( $token )
  • set_move_token ( $token )
  • set_delete_token ( $token )
  • set_undelete_token ( $token )
  • set_protect_token ( $token )
  • set_block_token ( $token )
  • set_unblock_token ( $token )
  • set_watch_token ( $token )
  • set_emailuser_token ( $token )
  • set_import_token ( $token )
  • set_upload_token ( $token )
  • set_patrol_token ( $token )
  • set_userrights_token ( $user, $token )
  • set_rollback_token ( $title, $token )