r25719 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r25718‎ \| r25719 \| r25720 >
Date:	07:48, 10 September 2007
Author:	werdna
Status:	old
Tags:
Comment:	* (bug 8759) Fixed bug where rollback was allowed on protected pages for wikis where rollback is given to non-sysops. * Replace rollback permissions error messages with the new variety.
Modified paths:	/trunk/phase3/RELEASE-NOTES (modified) (history) /trunk/phase3/includes/Article.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/Article.php
—	—	@@ -2188,8 +2188,10 @@
2189	2189	public function doRollback( $fromP, $summary, $token, $bot, &$resultDetails ) {
2190	2190	global $wgUser, $wgUseRCPatrol;
2191	2191	$resultDetails = null;
2192		-
2193		~~- if( $wgUser->isAllowed( 'rollback' ) ) {~~
	2192	+
	2193	+ # Just in case it's being called from elsewhere
	2194	+
	2195	+ if( $wgUser->isAllowed( 'rollback' ) && $this->mTitle->userCan( 'edit' ) ) {
2194	2196	if( $wgUser->isBlocked() ) {
2195	2197	return self::BLOCKED;
2196	2198	}
—	—	@@ -2200,6 +2202,7 @@
2201	2203	if ( wfReadOnly() ) {
2202	2204	return self::READONLY;
2203	2205	}
	2206	+
2204	2207	if( !$wgUser->matchEditToken( $token, array( $this->mTitle->getPrefixedText(), $fromP ) ) )
2205	2208	return self::BAD_TOKEN;
2206	2209
—	—	@@ -2282,6 +2285,17 @@
2283	2286	global $wgUser, $wgOut, $wgRequest, $wgUseRCPatrol;
2284	2287
2285	2288	$details = null;
	2289	+
	2290	+ # Skip the permissions-checking in doRollback() itself, by checking permissions here.
	2291	+
	2292	+ $perm_errors = array_merge( $this->mTitle->getUserPermissionsErrors( 'edit', $wgUser ),
	2293	+ $this->mTitle->getUserPermissionsErrors( 'rollback', $wgUser ) );
	2294	+
	2295	+ if (count($perm_errors)) {
	2296	+ $wgOut->showPermissionsErrorPage( $perm_errors );
	2297	+ return;
	2298	+ }
	2299	+
2286	2300	$result = $this->doRollback(
2287	2301	$wgRequest->getVal( 'from' ),
2288	2302	$wgRequest->getText( 'summary' ),
Index: trunk/phase3/RELEASE-NOTES
—	—	@@ -38,6 +38,8 @@
39	39	message, the level of protection.
40	40	* (bug 9611) Supply the blocker and reason for the cantcreateaccounttext
41	41	message.
	42	+* (bug 8759) Fixed bug where rollback was allowed on protected pages for wikis
	43	+ where rollback is given to non-sysops.
42	44
43	45	=== API changes in 1.12 ===
44	46

Follow-up revisions

Revision	Commit summary	Author	Date
r25754	Merged revisions 25607-25751 via svnmerge from...	david	23:02, 10 September 2007

Status & tagging log

15:20, 12 September 2011 Meno25 (talk | contribs) changed the status of r25719 [removed: ok added: old]