Page MenuHomePhabricator
Create Task
Maniphest T15049

API must be accessed through the primary script entry point error
Closed, ResolvedPublic
Actions

Description

Author: Bryan.TongMinh

Description:
I get the following error when accessing the API on my local MediaWiki: "API must be accessed through the primary script entry point." even when the API is accessed through its primary script entry point, but only when a query string is appended.

From line 57:
$wgScriptPath/api$wgScriptExtension: /local/w-dev/api.php
$url: /local/w-dev/api.php?action=query&list=categorymembers&cmtitle=Category:Living_people
$strcmp( "$wgScriptPath/api$wgScriptExtension", $url ): -65

PHP Version 5.2.5 is running as FastCGI.

I wonder why strcmp is used as comparison. According to the PHP docs strcmp will only return 0 if the strings are equal, in which case === can be used.

Version: 1.12.x
Severity: normal

Details

Reference
bz13049

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 10:01 PM
bzimport added a project: MediaWiki-Action-API.
bzimport set Reference to bz13049.
bzimport created this task.Feb 17 2008, 6:23 PM
Catrope added a comment.Feb 17 2008, 9:57 PM

Hmm, this is weird. Assigning to Brion as he was the one who introduced this in the first place.

brion added a comment.Feb 26 2008, 1:32 AM

Can you dump the values of $_SERVER['SCRIPT_URL'] and $_SERVER['PHP_SELF'] ?

bzimport added a comment.Feb 28 2008, 9:45 PM

Bryan.TongMinh wrote:

Url: http://localhost/local/w-dev/api.php?action=query&list=categorymembers&cmtitle=Category:Living_people
$_SERVER['SCRIPT_URL']: /local/w-dev/api.php?action=query&list=categorymembers&cmtitle=Category:Living_people
$_SERVER['PHP_SELF']: /local/w-dev/api.php/local/w-dev/api.php

That also looks like something wrong in the way PHP handles FastCGI in combination with Aliases in Abyss Web Server.

brion added a comment.Feb 29 2008, 12:25 AM

Interesting... do you have the same problem with action=raw pages?

eg:

http://localhost/local/w-dev/index.php?action=raw&title=Main_Page

It looks like we may have to add a wrapper to strip the query string manually here.

bzimport added a comment.Feb 29 2008, 12:36 PM

Bryan.TongMinh wrote:

"Raw pages must be accessed through the primary script entry point."

brion added a comment.Aug 11 2008, 11:12 PM

Reassigning this one to Tim; fun little compatibility bug. :)

bzimport added a comment.Feb 11 2009, 3:15 PM

mjbb81 wrote:

I am getting this same error with server specifications:

Windows server 2003 R2 Service Pack 1
Window XP on the work station.
IIS, php 5.2.8, mysql 5.0.22

I get it even with just mywiki/api.php. One wiki on the server works all others do not.

Catrope added a comment.Apr 24 2009, 7:51 PM

Should be fixed in r49833

brion added a comment.Apr 27 2009, 10:50 PM

r49833 looks wrong; it'll pull the PHP interpreter URL in CGI configurations, and may or may not work at all on other configs. We need to test it more widely and make sure we've got a clear idea of what's working where.

Alexsh added a comment.Jun 15 2009, 12:50 PM

I got a problem. cannot run API through secure link.It turn back:

Forbidden
API must be accessed through the primary script entry point.

bzimport added a comment.Jun 15 2009, 12:53 PM

russblau wrote:

Same problem as #10: https://secure.wikimedia.org/wikipedia/en/w/api.php returns HTTP 403 ("Forbidden") -- just started as an issue today, as a scheduled script ran without errors less than six hours ago.

brion added a comment.Jun 17 2009, 3:56 PM

(In reply to comment #11)

Same problem as #10: https://secure.wikimedia.org/wikipedia/en/w/api.php
returns HTTP 403 ("Forbidden") -- just started as an issue today, as a
scheduled script ran without errors less than six hours ago.

Local setup issue? Split out to bug 19263.

bzimport added a comment.Jul 12 2009, 10:07 PM

Bryan.TongMinh wrote:

(In reply to comment #9)

r49833 looks wrong; it'll pull the PHP interpreter URL in CGI configurations,
and may or may not work at all on other configs. We need to test it more widely
and make sure we've got a clear idea of what's working where.

It does work for me, and I can confirm that the safety check still works.

Marking as fixed.

tstarling added a comment.Aug 16 2009, 2:18 PM

(In reply to comment #13)

It does work for me, and I can confirm that the safety check still works.

Can you explain how you confirmed that the safety check works? Because I can't reproduce it.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL