| Index: trunk/phase3/includes/Wiki.php |
| — | — | @@ -163,14 +163,14 @@ |
| 164 | 164 | // We will check again in Article::view(). |
| 165 | 165 | $permErrors = $title->getUserPermissionsErrors( 'read', $user ); |
| 166 | 166 | if ( count( $permErrors ) ) { |
| 167 | | - // Bug 32276: allowing the skin to generate output with $wgTitle or |
| 168 | | - // $this->context->title set to the input title would allow anonymous users to |
| 169 | | - // determine whether a page exists, potentially leaking private data. In fact, the |
| 170 | | - // curid and oldid request parameters would allow page titles to be enumerated even |
| 171 | | - // when they are not guessable. So we reset the title to Special:Badtitle before the |
| | 167 | + // Bug 32276: allowing the skin to generate output with $wgTitle or |
| | 168 | + // $this->context->title set to the input title would allow anonymous users to |
| | 169 | + // determine whether a page exists, potentially leaking private data. In fact, the |
| | 170 | + // curid and oldid request parameters would allow page titles to be enumerated even |
| | 171 | + // when they are not guessable. So we reset the title to Special:Badtitle before the |
| 172 | 172 | // permissions error is displayed. |
| 173 | 173 | // |
| 174 | | - // The skin mostly uses $this->context->getTitle() these days, but some extensions |
| | 174 | + // The skin mostly uses $this->context->getTitle() these days, but some extensions |
| 175 | 175 | // still use $wgTitle. |
| 176 | 176 | |
| 177 | 177 | $badTitle = SpecialPage::getTitleFor( 'Badtitle' ); |