Last modified: 2012-07-21 14:49:36 UTC
Looking at <https://www.mediawiki.org/w/api.php>, the auto-generated documentation for action=patrol reads: --- * action=patrol * Patrol a page or revision This module requires read rights This module requires write rights This module only accepts POST requests Parameters: token - Patrol token obtained from list=recentchanges rcid - Recentchanges ID to patrol This parameter is required --- The token parameter is required with action=patrol, so it should be marked as such (with the text "This parameter is required"). This same problem (token parameter not being marked as required) may apply to a few other parts of the MediaWiki API's auto-generated documentation. For now, I'm focused on action=patrol.
None of the API modules that use the built-in method for token handling are have their "token" parameter documented as "This parameter is required". The built-in (and recommended) method is: - getTokenSalt(): string - needsToken(): true e.g. ApiBlock, ApiDelete, ApiEdit, ApiPatrol.
Sounds like a good idea, but you cannot set it for all modules with a token, because modules with "gettoken" (like block/unblock) needs a optional token param.
Done for core with Gerrit change #14608
(In reply to comment #2) > Sounds like a good idea, but you cannot set it for all modules with a token, > because modules with "gettoken" (like block/unblock) needs a optional token > param. The modules have needsToken: return true; And ApiBase: if ( $params ) { foreach ( $params as $paramName => $paramSettings ) { if ( isset( $paramSettings[ApiBase::PARAM_REQUIRED] ) ) { $ret[] = array( 'missingparam', $paramName ); } } } /* .. */ if ( $this->needsToken() ) { $ret[] = array( 'missingparam', 'token' ); /* .. */ So it looks like this isn't working properly?
(In reply to comment #4) > So it looks like this isn't working properly? It works (you have to set the user param, but it works), you get the token and a warning about "The gettoken parameter has been deprecated.". You code snap is from method ApiBase::getPossibleErrors which only gets all possible errors for action=paraminfo. it will never trigger the error. In ApiMain::setupModule the check for the token param exist. It looks like needsToken is superseeded by getTokenSalt.
successfully merged for core (under that this bug was filled) Please create seperate bugs for extensions. Thanks.