Page MenuHomePhabricator
Create Task
Maniphest T24226

AntiBot GenericFormEncoding prevents editing via API
Closed, InvalidPublic
Actions

Description

When editing via API (using GET request and application/x-www-form-urlencoded parameters) GenericFormEncoding prevents editing and writes to the log:

192.2.3.1 AntiBot plugin AntiBot_GenericFormEncoding hit: <no action> [[<no title>]] "{|| some wikitext"

  1. it would be useful to have some more information via the API which extension failed (and, if possible, why)
  2. Either extensions should assume less about the how the edits are done (not always POST etc.) or use of some other hook should be introduced here to disregard API edits.

Version: unspecified
Severity: major

Details

Reference
bz22226

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 10:53 PM
bzimport added a project: MediaWiki-extensions-Other.
bzimport set Reference to bz22226.
saper created this task.Jan 22 2010, 2:29 AM
Bawolff added a comment.Jan 22 2010, 6:42 PM

Umm, you can't edit with the API via GET whatsoever (regardless of what extensions you have installed), you need to POST. (I assume this is because GET actions are not supposed to have side-affects)

saper added a comment.Jan 25 2010, 11:54 AM

Sorry, I've made a mistake in the bug report. Of course I am using POST request, but the data are sent with Content-Type: application/x-www-form-urlencoded:

POST /w/api.php
Content-Length: 2248
Accept-Encoding: gzip
User-Agent: PythonWikipediaBot/1.0
Host: www....
Cookie: <somecookies>
Content-Type: application/x-www-form-urlencoded

The AnitBot plugin just requires anything POST'ed to be done with:

Content-Type: multipart/form-data

as specified on the MediaWiki HTML forms.

Catrope added a comment.Jan 25 2010, 11:57 AM

(In reply to comment #2)

The AnitBot plugin just requires anything POST'ed to be done with:

Content-Type: multipart/form-data

as specified on the MediaWiki HTML forms.

That's a stupid limitation in Antibot that should be removed then.

tstarling added a comment.Jan 25 2010, 12:12 PM

It's just a sample plugin, designed to show how to write them, it's not the real thing. It's obvious that it will have false positives and it says so in the file header. There are two real plugins, which target specific bugs in XRumer. Neither of them are public due to the fear that the XRumer people may google for themselves and fix the bugs.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL