r64670 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r64669‎ \| r64670 \| r64671 >
Date:	21:00, 6 April 2010
Author:	daniel
Status:	deferred
Tags:
Comment:	fix for bug 22929: disable gadgets on Special:Userlogin
Modified paths:	/trunk/extensions/Gadgets/Gadgets.php (modified) (history)

Diff [purge]

Index: trunk/extensions/Gadgets/Gadgets.php
—	—	@@ -161,8 +161,15 @@
162	162	global $wgUser;
163	163	if ( !$wgUser->isLoggedIn() ) return true;
164	164
165		~~- //disable all gadgets on Special:Preferences~~
166		~~- if ( $out->getTitle()->isSpecial( 'Preferences' ) ) {~~
	165	+ //disable all gadgets on critical special pages
	166	+ //NOTE: $out->isUserJsAllowed() is tempting, but always fals if $wgAllowUserJs is false.
	167	+ // That would disable gadgets on wikis without user JS. Introducing $out->isJsAllowed()
	168	+ // may work, but should that really apply also to MediaWiki:common.js? Even on the preference page?
	169	+ // See bug 22929 for discussion.
	170	+ $title = $out->getTitle();
	171	+ if ( $title->isSpecial( 'Preferences' )
	172	+ \|\| $title->isSpecial( 'Resetpass' )
	173	+ \|\| $title->isSpecial( 'Userlogin' ) ) {
167	174	return true;
168	175	}
169	176

Follow-up revisions

Revision	Commit summary	Author	Date
r81524	Follow-up r64670 (bug22929): cleaner implementation of security for script (a...	happy-melon	16:39, 4 February 2011

Status & tagging log

23:21, 3 December 2010 Reedy (talk | contribs) changed the status of r64670 [removed: new added: deferred]