r25715 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r25714‎ | r25715 | r25716 >
Date:06:27, 10 September 2007
Author:werdna
Status:old
Tags:
Comment:
* Ensure, on the server side, that cascading protection cannot be applied to anything but full protection, so as to prevent people from using semi-cascade-protected pages to protect arbitrary pages.
* Fix a bug in the previous javascript implementation of this behaviour (protection is per-right, not per-group!)
Modified paths:
  • /trunk/phase3/includes/ProtectionForm.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/ProtectionForm.php
@@ -185,6 +185,16 @@
186186
187187 }
188188
 189+ # They shouldn't be able to do this anyway, but just to make sure, ensure that cascading restrictions aren't being applied
 190+ # to a semi-protected page.
 191+ global $wgGroupPermissions;
 192+
 193+ $edit_restriction = $this->mRestrictions['edit'];
 194+
 195+ if ($this->mCascade && ($edit_restriction != 'protect') &&
 196+ !(isset($wgGroupPermissions[$edit_restriction]['protect']) && $wgGroupPermissions[$edit_restriction]['protect'] ) )
 197+ $this->mCascade = false;
 198+
189199 $ok = $this->mArticle->updateRestrictions( $this->mRestrictions, $this->mReason, $this->mCascade, $expiry );
190200 if( !$ok ) {
191201 throw new FatalError( "Unknown error at restriction save time." );
@@ -359,7 +369,7 @@
360370 $script = 'var wgCascadeableLevels=';
361371 $CascadeableLevels = array();
362372 foreach( $wgRestrictionLevels as $key ) {
363 - if ( isset($wgGroupPermissions[$key]['protect']) && $wgGroupPermissions[$key]['protect'] ) {
 373+ if ( (isset($wgGroupPermissions[$key]['protect']) && $wgGroupPermissions[$key]['protect']) || $key == 'protect' ) {
364374 $CascadeableLevels[]="'" . wfEscapeJsString($key) . "'";
365375 }
366376 }

Follow-up revisions

RevisionCommit summaryAuthorDate
r25754Merged revisions 25607-25751 via svnmerge from...david23:02, 10 September 2007

Status & tagging log