| Index: branches/wmf/1.18wmf1/includes/AjaxDispatcher.php |
| — | — | @@ -68,7 +68,7 @@ |
| 69 | 69 | * request. |
| 70 | 70 | */ |
| 71 | 71 | function performAction() { |
| 72 | | - global $wgAjaxExportList, $wgOut; |
| | 72 | + global $wgAjaxExportList, $wgOut, $wgUser; |
| 73 | 73 | |
| 74 | 74 | if ( empty( $this->mode ) ) { |
| 75 | 75 | return; |
| — | — | @@ -84,6 +84,13 @@ |
| 85 | 85 | 'Bad Request', |
| 86 | 86 | "unknown function " . (string) $this->func_name |
| 87 | 87 | ); |
| | 88 | + } elseif ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) |
| | 89 | + && !$wgUser->isAllowed( 'read' ) ) |
| | 90 | + { |
| | 91 | + wfHttpError( |
| | 92 | + 403, |
| | 93 | + 'Forbidden', |
| | 94 | + 'You must log in to view pages.' ); |
| 88 | 95 | } else { |
| 89 | 96 | wfDebug( __METHOD__ . ' dispatching ' . $this->func_name . "\n" ); |
| 90 | 97 | |
| Index: branches/wmf/1.18wmf1/includes/Wiki.php |
| — | — | @@ -128,7 +128,7 @@ |
| 129 | 129 | * @return void |
| 130 | 130 | */ |
| 131 | 131 | private function performRequest() { |
| 132 | | - global $wgServer, $wgUsePathInfo; |
| | 132 | + global $wgServer, $wgUsePathInfo, $wgTitle; |
| 133 | 133 | |
| 134 | 134 | wfProfileIn( __METHOD__ ); |
| 135 | 135 | |
| — | — | @@ -145,7 +145,6 @@ |
| 146 | 146 | |
| 147 | 147 | wfRunHooks( 'BeforeInitialize', |
| 148 | 148 | array( &$title, null, &$output, &$user, $request, $this ) ); |
| 149 | | - |
| 150 | 149 | // Invalid titles. Bug 21776: The interwikis must redirect even if the page name is empty. |
| 151 | 150 | if ( is_null( $title ) || ( $title->getDBkey() == '' && $title->getInterwiki() == '' ) || |
| 152 | 151 | $title->isSpecial( 'Badtitle' ) ) |
| — | — | @@ -157,6 +156,16 @@ |
| 158 | 157 | // the Read array in order for the user to see it. (We have to check here to |
| 159 | 158 | // catch special pages etc. We check again in Article::view()) |
| 160 | 159 | } elseif ( !$title->userCanRead() ) { |
| | 160 | + // Bug 32276: allowing the skin to generate output with $wgTitle |
| | 161 | + // set to the input title would allow anonymous users to |
| | 162 | + // determine whether a page exists, potentially leaking private data. In fact, the |
| | 163 | + // curid and oldid request parameters would allow page titles to be enumerated even |
| | 164 | + // when they are not guessable. So we reset the title to Special:Badtitle before the |
| | 165 | + // permissions error is displayed. |
| | 166 | + $badtitle = SpecialPage::getTitleFor( 'Badtitle' ); |
| | 167 | + $output->setTitle( $badtitle ); |
| | 168 | + $wgTitle = $badtitle; |
| | 169 | + |
| 161 | 170 | $output->loginToUse(); |
| 162 | 171 | // Interwiki redirects |
| 163 | 172 | } elseif ( $title->getInterwiki() != '' ) { |
| Index: branches/wmf/1.18wmf1/includes/SkinTemplate.php |
| — | — | @@ -580,11 +580,19 @@ |
| 581 | 581 | /* set up the default links for the personal toolbar */ |
| 582 | 582 | $personal_urls = array(); |
| 583 | 583 | |
| 584 | | - $page = $wgRequest->getVal( 'returnto', $this->thispage ); |
| 585 | | - $query = $wgRequest->getVal( 'returntoquery', $this->thisquery ); |
| 586 | | - $a = array( 'returnto' => $page ); |
| 587 | | - if( $query != '' ) { |
| 588 | | - $a['returntoquery'] = $query; |
| | 584 | + # Due to bug 32276, if a user does not have read permissions, |
| | 585 | + # $this->getTitle() will just give Special:Badtitle, which is |
| | 586 | + # not especially useful as a returnto parameter. Use the title |
| | 587 | + # from the request instead, if there was one. |
| | 588 | + $page = Title::newFromURL( $wgRequest->getVal( 'title', '' ) ); |
| | 589 | + $page = $wgRequest->getVal( 'returnto', $page ); |
| | 590 | + $a = array(); |
| | 591 | + if ( strval( $page ) !== '' ) { |
| | 592 | + $a['returnto'] = $page; |
| | 593 | + $query = $wgRequest->getVal( 'returntoquery', $this->thisquery ); |
| | 594 | + if( $query != '' ) { |
| | 595 | + $a['returntoquery'] = $query; |
| | 596 | + } |
| 589 | 597 | } |
| 590 | 598 | $returnto = wfArrayToCGI( $a ); |
| 591 | 599 | if( $this->loggedin ) { |