Page MenuHomePhabricator
Create Task
Maniphest T99489

Possibility to make API calls from Lua scripts
Closed, DuplicatePublic
Actions

Description

Recently Yuri discovered that Lua is very effective when used with the graph extension. This has brought us to a point where we need to put the scripts between the external data (an API call) and the graph. This is only possible if we let Lua make external calls to an api url.
We are aware that this may bring up some concerns about security and speed. If this is strictly necessary we could limit this feature in some way to meet this security and speed requirements.

Event Timeline

Gerardduenas created this task.May 18 2015, 5:27 AM
Gerardduenas raised the priority of this task from to Needs Triage.
Gerardduenas updated the task description. (Show Details)
Gerardduenas added projects: Scribunto, MediaWiki-extensions-Lua.
Gerardduenas added subscribers: Gerardduenas, Yurik.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 18 2015, 5:27 AM
Gerardduenas set Security to None.May 18 2015, 5:27 AM
Gerardduenas updated the task description. (Show Details)May 18 2015, 5:34 AM
Gerardduenas added a project: MediaWiki-extensions-Graph.
Gerardduenas removed a subscriber: Aklapper.
Gerardduenas added a subscriber: Aklapper.May 18 2015, 5:36 AM
Bawolff subscribed.May 18 2015, 5:54 AM

I do not think this should actually make external api calls. It should do internal api calls. (Although last I heard there were some issues with $wgParser recursion when doing that sort of thing during a parse. Not sure if that's fixed)

Provided that the calls are unauthenticated, I don't think its a security issue. It should obviously be marked as an "expensive" function. Performance concerns should be considered carefully (Whee loops), but don't seem insurmountable.

Yurik added a comment.May 18 2015, 9:32 AM

I presume this is the same issue I proposed earlier - to allow forvarious readonly api.php?action=query and similar. Are there any specific API calls that should not be allowed this way?

Yurik added a subscriber: daniel.May 18 2015, 9:33 AM
Anomie removed a project: MediaWiki-extensions-Lua.May 18 2015, 2:09 PM
Anomie closed this task as a duplicate of T51726: Create a Lua module to allow calling API internally.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL