-//
-// See RawPage.php for details; summary is that MSIE can override the
-// Content-Type if it sees a recognized extension on the URL, such as
-// might be appended via PATH_INFO after 'api.php'.
-//
-// Some data formats can end up containing unfiltered user-provided data
-// which will end up triggering HTML detection and execution, hence
-// XSS injection and all that entails.
-//
-// Ensure that all access is through the canonical entry point...
-//
-if( isset( $_SERVER['SCRIPT_URL'] ) ) {
- $url = $_SERVER['SCRIPT_URL'];
-} else {
- $url = $_SERVER['PHP_SELF'];
-}
-if( strcmp( "$wgScriptPath/api$wgScriptExtension", $url ) ) {
- wfHttpError( 403, 'Forbidden',
- 'API must be accessed through the primary script entry point.' );