Index: branches/REL1_18/phase3/includes/AjaxDispatcher.php |
— | — | @@ -68,7 +68,7 @@ |
69 | 69 | * request. |
70 | 70 | */ |
71 | 71 | function performAction() { |
72 | | - global $wgAjaxExportList, $wgOut; |
| 72 | + global $wgAjaxExportList, $wgOut, $wgUser; |
73 | 73 | |
74 | 74 | if ( empty( $this->mode ) ) { |
75 | 75 | return; |
— | — | @@ -84,6 +84,13 @@ |
85 | 85 | 'Bad Request', |
86 | 86 | "unknown function " . (string) $this->func_name |
87 | 87 | ); |
| 88 | + } elseif ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) |
| 89 | + && !$wgUser->isAllowed( 'read' ) ) |
| 90 | + { |
| 91 | + wfHttpError( |
| 92 | + 403, |
| 93 | + 'Forbidden', |
| 94 | + 'You must log in to view pages.' ); |
88 | 95 | } else { |
89 | 96 | wfDebug( __METHOD__ . ' dispatching ' . $this->func_name . "\n" ); |
90 | 97 | |
Index: branches/REL1_18/phase3/includes/Wiki.php |
— | — | @@ -128,7 +128,7 @@ |
129 | 129 | * @return void |
130 | 130 | */ |
131 | 131 | private function performRequest() { |
132 | | - global $wgServer, $wgUsePathInfo; |
| 132 | + global $wgServer, $wgUsePathInfo, $wgTitle; |
133 | 133 | |
134 | 134 | wfProfileIn( __METHOD__ ); |
135 | 135 | |
— | — | @@ -145,7 +145,6 @@ |
146 | 146 | |
147 | 147 | wfRunHooks( 'BeforeInitialize', |
148 | 148 | array( &$title, null, &$output, &$user, $request, $this ) ); |
149 | | - |
150 | 149 | // Invalid titles. Bug 21776: The interwikis must redirect even if the page name is empty. |
151 | 150 | if ( is_null( $title ) || ( $title->getDBkey() == '' && $title->getInterwiki() == '' ) || |
152 | 151 | $title->isSpecial( 'Badtitle' ) ) |
— | — | @@ -157,6 +156,16 @@ |
158 | 157 | // the Read array in order for the user to see it. (We have to check here to |
159 | 158 | // catch special pages etc. We check again in Article::view()) |
160 | 159 | } elseif ( !$title->userCanRead() ) { |
| 160 | + // Bug 32276: allowing the skin to generate output with $wgTitle |
| 161 | + // set to the input title would allow anonymous users to |
| 162 | + // determine whether a page exists, potentially leaking private data. In fact, the |
| 163 | + // curid and oldid request parameters would allow page titles to be enumerated even |
| 164 | + // when they are not guessable. So we reset the title to Special:Badtitle before the |
| 165 | + // permissions error is displayed. |
| 166 | + $badtitle = SpecialPage::getTitleFor( 'Badtitle' ); |
| 167 | + $output->setTitle( $badtitle ); |
| 168 | + $wgTitle = $badtitle; |
| 169 | + |
161 | 170 | $output->loginToUse(); |
162 | 171 | // Interwiki redirects |
163 | 172 | } elseif ( $title->getInterwiki() != '' ) { |
Index: branches/REL1_18/phase3/includes/SkinTemplate.php |
— | — | @@ -580,11 +580,19 @@ |
581 | 581 | /* set up the default links for the personal toolbar */ |
582 | 582 | $personal_urls = array(); |
583 | 583 | |
584 | | - $page = $wgRequest->getVal( 'returnto', $this->thispage ); |
585 | | - $query = $wgRequest->getVal( 'returntoquery', $this->thisquery ); |
586 | | - $a = array( 'returnto' => $page ); |
587 | | - if( $query != '' ) { |
588 | | - $a['returntoquery'] = $query; |
| 584 | + # Due to bug 32276, if a user does not have read permissions, |
| 585 | + # $this->getTitle() will just give Special:Badtitle, which is |
| 586 | + # not especially useful as a returnto parameter. Use the title |
| 587 | + # from the request instead, if there was one. |
| 588 | + $page = Title::newFromURL( $wgRequest->getVal( 'title', '' ) ); |
| 589 | + $page = $wgRequest->getVal( 'returnto', $page ); |
| 590 | + $a = array(); |
| 591 | + if ( strval( $page ) !== '' ) { |
| 592 | + $a['returnto'] = $page; |
| 593 | + $query = $wgRequest->getVal( 'returntoquery', $this->thisquery ); |
| 594 | + if( $query != '' ) { |
| 595 | + $a['returntoquery'] = $query; |
| 596 | + } |
589 | 597 | } |
590 | 598 | $returnto = wfArrayToCGI( $a ); |
591 | 599 | if( $this->loggedin ) { |