Index: branches/REL1_16/extensions/UsabilityInitiative/ClickTracking/ApiClickTracking.php |
— | — | @@ -15,6 +15,7 @@ |
16 | 16 | public function execute() { |
17 | 17 | global $wgUser, $wgTitle, $wgClickTrackContribGranularity1, $wgClickTrackContribGranularity2, $wgClickTrackContribGranularity3; |
18 | 18 | |
| 19 | + $this->getMain()->setCachePrivate(); |
19 | 20 | $params = $this->extractRequestParams(); |
20 | 21 | $this->validateParams( $params ); |
21 | 22 | $eventid_to_lookup = $params['eventid']; |
Index: branches/REL1_16/extensions/LiquidThreads/api/ApiQueryLQTThreads.php |
— | — | @@ -43,8 +43,6 @@ |
44 | 44 | } |
45 | 45 | |
46 | 46 | public function execute() { |
47 | | - global $wgUser; |
48 | | - |
49 | 47 | $params = $this->extractRequestParams(); |
50 | 48 | $prop = array_flip( $params['prop'] ); |
51 | 49 | $result = $this->getResult(); |
— | — | @@ -86,6 +84,7 @@ |
87 | 85 | ); |
88 | 86 | |
89 | 87 | $this->addFields( $allFields ); |
| 88 | + $this->getMain()->setVaryCookie(); |
90 | 89 | } |
91 | 90 | |
92 | 91 | $res = $this->select( __METHOD__ ); |
Index: branches/REL1_16/extensions/CentralAuth/ApiQueryGlobalUserInfo.php |
— | — | @@ -41,6 +41,7 @@ |
42 | 42 | $prop = array_flip( (array)$params['prop'] ); |
43 | 43 | if ( is_null( $params['user'] ) ) { |
44 | 44 | $params['user'] = $wgUser->getName(); |
| 45 | + $this->getMain()->setVaryCookie(); |
45 | 46 | } |
46 | 47 | $user = new CentralAuthUser( $params['user'] ); |
47 | 48 | if ( !$user->exists() ) { |
Index: branches/REL1_16/extensions/FlaggedRevs/api/ApiQueryOldreviewedpages.php |
— | — | @@ -58,6 +58,7 @@ |
59 | 59 | $this->addWhere( 'GREATEST(page_len,rev_len)-LEAST(page_len,rev_len) <= '. |
60 | 60 | intval($params['maxsize']) ); |
61 | 61 | if( $params['filterwatched'] == 'watched' ) { |
| 62 | + $this->getMain()->setVaryCookie(); |
62 | 63 | if( !($uid = $wgUser->getId()) ) { |
63 | 64 | $this->dieUsage('You must be logged-in to have a watchlist', 'notloggedin'); |
64 | 65 | } |
— | — | @@ -82,7 +83,7 @@ |
83 | 84 | $this->addWhere( 'rev_id=fp_stable' ); |
84 | 85 | if ( !isset( $params['start'] ) && !isset( $params['end'] ) ) |
85 | 86 | $this->addWhere( 'fp_pending_since IS NOT NULL' ); |
86 | | - |
| 87 | + |
87 | 88 | $this->addOption( 'USE INDEX', $useIndex ); |
88 | 89 | |
89 | 90 | if ( is_null( $resultPageSet ) ) { |
Index: branches/REL1_16/extensions/AbuseFilter/ApiQueryAbuseFilters.php |
— | — | @@ -36,6 +36,7 @@ |
37 | 37 | |
38 | 38 | public function execute() { |
39 | 39 | global $wgUser; |
| 40 | + $this->getMain()->setVaryCookie(); |
40 | 41 | if ( !$wgUser->isAllowed( 'abusefilter-view' ) ) |
41 | 42 | $this->dieUsage( 'You don\'t have permission to view abuse filters', 'permissiondenied' ); |
42 | 43 | |
Index: branches/REL1_16/extensions/AbuseFilter/ApiQueryAbuseLog.php |
— | — | @@ -36,6 +36,7 @@ |
37 | 37 | |
38 | 38 | public function execute() { |
39 | 39 | global $wgUser; |
| 40 | + $this->getMain()->setVaryCookie(); |
40 | 41 | if ( !$wgUser->isAllowed( 'abusefilter-log' ) ) |
41 | 42 | $this->dieUsage( 'You don\'t have permission to view the abuse log', 'permissiondenied' ); |
42 | 43 | |
Index: branches/REL1_16/extensions/GlobalBlocking/ApiQueryGlobalBlocks.php |
— | — | @@ -36,7 +36,6 @@ |
37 | 37 | } |
38 | 38 | |
39 | 39 | public function execute() { |
40 | | - global $wgUser; |
41 | 40 | $params = $this->extractRequestParams(); |
42 | 41 | |
43 | 42 | $prop = array_flip($params['prop']); |
Index: branches/REL1_16/extensions/CodeReview/api/ApiCodeDiff.php |
— | — | @@ -4,6 +4,7 @@ |
5 | 5 | |
6 | 6 | public function execute() { |
7 | 7 | global $wgUser, $wgCodeReviewMaxDiffSize; |
| 8 | + $this->getMain()->setVaryCookie(); |
8 | 9 | // Before doing anything at all, let's check permissions |
9 | 10 | if( !$wgUser->isAllowed('codereview-use') ) { |
10 | 11 | $this->dieUsage('You don\'t have permission to view code diffs','permissiondenied'); |
Index: branches/REL1_16/extensions/CodeReview/api/ApiCodeUpdate.php |
— | — | @@ -8,6 +8,7 @@ |
9 | 9 | if( !$wgUser->isAllowed('codereview-use') ) { |
10 | 10 | $this->dieUsage('You don\'t have permission update code','permissiondenied'); |
11 | 11 | } |
| 12 | + $this->getMain()->setVaryCookie(); |
12 | 13 | $params = $this->extractRequestParams(); |
13 | 14 | |
14 | 15 | if ( !isset( $params['repo'] ) ) { |
Index: branches/REL1_16/extensions/CodeReview/api/ApiCodeComments.php |
— | — | @@ -30,6 +30,7 @@ |
31 | 31 | |
32 | 32 | public function execute() { |
33 | 33 | global $wgUser; |
| 34 | + $this->getMain()->setVaryCookie(); |
34 | 35 | // Before doing anything at all, let's check permissions |
35 | 36 | if( !$wgUser->isAllowed('codereview-use') ) { |
36 | 37 | $this->dieUsage('You don\'t have permission to view code comments','permissiondenied'); |
Index: branches/REL1_16/phase3/includes/api/ApiQueryRevisions.php |
— | — | @@ -396,6 +396,9 @@ |
397 | 397 | |
398 | 398 | if ( !is_null( $this->token ) ) |
399 | 399 | { |
| 400 | + // Don't cache tokens |
| 401 | + $this->getMain()->setCachePrivate(); |
| 402 | + |
400 | 403 | $tokenFunctions = $this->getTokenFunctions(); |
401 | 404 | foreach ( $this->token as $t ) |
402 | 405 | { |
Index: branches/REL1_16/phase3/includes/api/ApiQueryInfo.php |
— | — | @@ -244,6 +244,7 @@ |
245 | 245 | $this->getProtectionInfo(); |
246 | 246 | |
247 | 247 | if ( $this->fld_watched ) |
| 248 | + $this->getMain()->setVaryCookie(); |
248 | 249 | $this->getWatchedInfo(); |
249 | 250 | |
250 | 251 | // Run the talkid/subjectid query if requested |
— | — | @@ -288,6 +289,9 @@ |
289 | 290 | } |
290 | 291 | |
291 | 292 | if ( !is_null( $this->params['token'] ) ) { |
| 293 | + // Don't cache tokens |
| 294 | + $this->getMain()->setCachePrivate(); |
| 295 | + |
292 | 296 | $tokenFunctions = $this->getTokenFunctions(); |
293 | 297 | $pageInfo['starttimestamp'] = wfTimestamp( TS_ISO_8601, time() ); |
294 | 298 | foreach ( $this->params['token'] as $t ) |
— | — | @@ -522,7 +526,7 @@ |
523 | 527 | } |
524 | 528 | |
525 | 529 | /** |
526 | | - * Get information about watched status and put it in $watched |
| 530 | + * Get information about watched status and put it in $this->watched |
527 | 531 | */ |
528 | 532 | private function getWatchedInfo() |
529 | 533 | { |
Index: branches/REL1_16/phase3/includes/api/ApiFeedWatchlist.php |
— | — | @@ -79,6 +79,9 @@ |
80 | 80 | $fauxReqArr['wlowner'] = $params['wlowner']; |
81 | 81 | } |
82 | 82 | if ( !is_null( $params['wltoken'] ) ) { |
| 83 | + // Don't cache tokens |
| 84 | + $this->getMain()->setCachePrivate(); |
| 85 | + |
83 | 86 | $fauxReqArr['wltoken'] = $params['wltoken']; |
84 | 87 | } |
85 | 88 | |
Index: branches/REL1_16/phase3/includes/api/ApiQueryUsers.php |
— | — | @@ -156,6 +156,9 @@ |
157 | 157 | |
158 | 158 | if ( !is_null( $params['token'] ) ) |
159 | 159 | { |
| 160 | + // Don't cache tokens |
| 161 | + $this->getMain()->setCachePrivate(); |
| 162 | + |
160 | 163 | $tokenFunctions = $this->getTokenFunctions(); |
161 | 164 | foreach ( $params['token'] as $t ) |
162 | 165 | { |
Index: branches/REL1_16/phase3/includes/api/ApiQueryUserContributions.php |
— | — | @@ -164,7 +164,9 @@ |
165 | 165 | "rev_timestamp $op= '$encTS')" ); |
166 | 166 | } |
167 | 167 | |
168 | | - if ( !$wgUser->isAllowed( 'hideuser' ) ) |
| 168 | + // Make sure private data (deleted revisions) isn't cached |
| 169 | + $this->getMain()->setVaryCookie(); |
| 170 | + if ( !$wgUser->isAllowed( 'hideuser' ) ) { |
169 | 171 | $this->addWhere( $this->getDB()->bitAnd( 'rev_deleted', Revision::DELETED_USER ) . ' = 0' ); |
170 | 172 | // We only want pages by the specified users. |
171 | 173 | if ( $this->prefixMode ) |
— | — | @@ -210,8 +212,12 @@ |
211 | 213 | $this->fld_patrolled ) |
212 | 214 | { |
213 | 215 | global $wgUser; |
214 | | - if ( !$wgUser->useRCPatrol() && !$wgUser->useNPPatrol() ) |
215 | | - $this->dieUsage( "You need the patrol right to request the patrolled flag", 'permissiondenied' ); |
| 216 | + // Don't cache private data |
| 217 | + $this->getMain()->setVaryCookie(); |
| 218 | + if ( !$wgUser->useRCPatrol() && !$wgUser->useNPPatrol() ) { |
| 219 | + $this->dieUsage( 'You need the patrol right to request the patrolled flag', 'permissiondenied' ); |
| 220 | + } |
| 221 | + |
216 | 222 | // Use a redundant join condition on both |
217 | 223 | // timestamp and ID so we can use the timestamp |
218 | 224 | // index |
Index: branches/REL1_16/phase3/includes/api/ApiQueryRecentChanges.php |
— | — | @@ -137,8 +137,12 @@ |
138 | 138 | |
139 | 139 | // Check permissions |
140 | 140 | global $wgUser; |
141 | | - if ( ( isset( $show['patrolled'] ) || isset( $show['!patrolled'] ) ) && !$wgUser->useRCPatrol() && !$wgUser->useNPPatrol() ) |
142 | | - $this->dieUsage( "You need the patrol right to request the patrolled flag", 'permissiondenied' ); |
| 141 | + if ( isset( $show['patrolled'] ) || isset( $show['!patrolled'] ) ) { |
| 142 | + $this->getMain()->setVaryCookie(); |
| 143 | + if ( !$wgUser->useRCPatrol() && !$wgUser->useNPPatrol() ) { |
| 144 | + $this->dieUsage( 'You need the patrol right to request the patrolled flag', 'permissiondenied' ); |
| 145 | + } |
| 146 | + } |
143 | 147 | |
144 | 148 | /* Add additional conditions to query depending upon parameters. */ |
145 | 149 | $this->addWhereIf( 'rc_minor = 0', isset ( $show['!minor'] ) ); |
— | — | @@ -390,6 +394,9 @@ |
391 | 395 | |
392 | 396 | if ( !is_null( $this->token ) ) |
393 | 397 | { |
| 398 | + // Don't cache tokens |
| 399 | + $this->getMain()->setCachePrivate(); |
| 400 | + |
394 | 401 | $tokenFunctions = $this->getTokenFunctions(); |
395 | 402 | foreach ( $this->token as $t ) |
396 | 403 | { |
Index: branches/REL1_16/phase3/includes/api/ApiWatch.php |
— | — | @@ -41,7 +41,8 @@ |
42 | 42 | |
43 | 43 | public function execute() { |
44 | 44 | global $wgUser; |
45 | | - if ( !$wgUser->isLoggedIn() ) |
| 45 | + $this->getMain()->setCachePrivate(); |
| 46 | + if ( !$wgUser->isLoggedIn() ) { |
46 | 47 | $this->dieUsage( 'You must be logged-in to have a watchlist', 'notloggedin' ); |
47 | 48 | |
48 | 49 | $params = $this->extractRequestParams(); |
Index: branches/REL1_16/phase3/includes/api/ApiLogout.php |
— | — | @@ -42,6 +42,7 @@ |
43 | 43 | |
44 | 44 | public function execute() { |
45 | 45 | global $wgUser; |
| 46 | + $this->getMain()->setCachePrivate(); |
46 | 47 | $oldName = $wgUser->getName(); |
47 | 48 | $wgUser->logout(); |
48 | 49 | |
Index: branches/REL1_16/phase3/includes/api/ApiParse.php |
— | — | @@ -118,10 +118,11 @@ |
119 | 119 | if ( !$titleObj ) |
120 | 120 | $titleObj = Title::newFromText( "API" ); |
121 | 121 | $wgTitle = $titleObj; |
122 | | - if ( $params['pst'] || $params['onlypst'] ) |
| 122 | + if ( $params['pst'] || $params['onlypst'] ) { |
123 | 123 | $text = $wgParser->preSaveTransform( $text, $titleObj, $wgUser, $popts ); |
124 | | - if ( $params['onlypst'] ) |
125 | | - { |
| 124 | + $this->getMain()->setVaryCookie(); |
| 125 | + } |
| 126 | + if ( $params['onlypst'] ) { |
126 | 127 | // Build a result and bail out |
127 | 128 | $result_array['text'] = array(); |
128 | 129 | $this->getResult()->setContent( $result_array['text'], $text ); |
— | — | @@ -325,4 +326,4 @@ |
326 | 327 | public function getVersion() { |
327 | 328 | return __CLASS__ . ': $Id$'; |
328 | 329 | } |
329 | | -} |
\ No newline at end of file |
| 330 | +} |
Index: branches/REL1_16/phase3/includes/api/ApiPurge.php |
— | — | @@ -42,6 +42,7 @@ |
43 | 43 | */ |
44 | 44 | public function execute() { |
45 | 45 | global $wgUser; |
| 46 | + $this->getMain()->setCachePrivate(); |
46 | 47 | $params = $this->extractRequestParams(); |
47 | 48 | if ( !$wgUser->isAllowed( 'purge' ) ) |
48 | 49 | $this->dieUsageMsg( array( 'cantpurge' ) ); |
Index: branches/REL1_16/phase3/includes/api/ApiQueryDeletedrevs.php |
— | — | @@ -42,6 +42,7 @@ |
43 | 43 | public function execute() { |
44 | 44 | |
45 | 45 | global $wgUser; |
| 46 | + $this->getMain()->setVaryCookie(); |
46 | 47 | // Before doing anything at all, let's check permissions |
47 | 48 | if ( !$wgUser->isAllowed( 'deletedhistory' ) ) |
48 | 49 | $this->dieUsage( 'You don\'t have permission to view deleted revision information', 'permissiondenied' ); |
Index: branches/REL1_16/phase3/includes/api/ApiQueryBlocks.php |
— | — | @@ -121,7 +121,10 @@ |
122 | 122 | 'ipb_auto' => 0 |
123 | 123 | ) ); |
124 | 124 | } |
125 | | - if ( !$wgUser->isAllowed( 'hideuser' ) ) |
| 125 | + |
| 126 | + // Make sure private data (deleted blocks) isn't cached |
| 127 | + $this->getMain()->setVaryCookie(); |
| 128 | + if ( !$wgUser->isAllowed( 'hideuser' ) ) { |
126 | 129 | $this->addWhereFld( 'ipb_deleted', 0 ); |
127 | 130 | |
128 | 131 | // Purge expired entries on one in every 10 queries |
Index: branches/REL1_16/phase3/includes/api/ApiQueryAllmessages.php |
— | — | @@ -46,6 +46,9 @@ |
47 | 47 | { |
48 | 48 | global $wgLang; |
49 | 49 | $wgLang = Language::factory( $params['lang'] ); |
| 50 | + } else if ( is_null( $params['lang'] ) ) { |
| 51 | + // Language not determined by URL but by user preferences, so don't cache |
| 52 | + $this->getMain()->setVaryCookie(); |
50 | 53 | } |
51 | 54 | |
52 | 55 | $prop = array_flip( (array)$params['prop'] ); |
Index: branches/REL1_16/phase3/includes/api/ApiQueryLogEvents.php |
— | — | @@ -267,6 +267,7 @@ |
268 | 268 | |
269 | 269 | if ( $this->fld_parsedcomment ) { |
270 | 270 | global $wgUser; |
| 271 | + $this->getMain()->setVaryCookie(); |
271 | 272 | $vals['parsedcomment'] = $wgUser->getSkin()->formatComment( $row->log_comment, $title ); |
272 | 273 | } |
273 | 274 | } |
Index: branches/REL1_16/phase3/includes/api/ApiQueryWatchlistRaw.php |
— | — | @@ -188,4 +188,4 @@ |
189 | 189 | public function getVersion() { |
190 | 190 | return __CLASS__ . ': $Id$'; |
191 | 191 | } |
192 | | -} |
\ No newline at end of file |
| 192 | +} |
Index: branches/REL1_16/phase3/includes/api/ApiQueryProtectedTitles.php |
— | — | @@ -100,6 +100,7 @@ |
101 | 101 | |
102 | 102 | if ( isset( $prop['parsedcomment'] ) ) { |
103 | 103 | global $wgUser; |
| 104 | + $this->getMain()->setVaryCookie(); |
104 | 105 | $vals['parsedcomment'] = $wgUser->getSkin()->formatComment( $row->pt_reason, $title ); |
105 | 106 | } |
106 | 107 | |
Index: branches/REL1_16/phase3/includes/api/ApiQueryUserInfo.php |
— | — | @@ -40,6 +40,7 @@ |
41 | 41 | } |
42 | 42 | |
43 | 43 | public function execute() { |
| 44 | + $this->getMain()->setCachePrivate(); |
44 | 45 | $params = $this->extractRequestParams(); |
45 | 46 | $result = $this->getResult(); |
46 | 47 | $r = array(); |
Index: branches/REL1_16/phase3/includes/api/ApiMain.php |
— | — | @@ -124,7 +124,7 @@ |
125 | 125 | |
126 | 126 | private $mPrinter, $mModules, $mModuleNames, $mFormats, $mFormatNames; |
127 | 127 | private $mResult, $mAction, $mShowVersions, $mEnableWrite, $mRequest; |
128 | | - private $mInternalMode, $mSquidMaxage, $mModule; |
| 128 | + private $mInternalMode, $mSquidMaxage, $mModule, $mVaryCookie; |
129 | 129 | |
130 | 130 | private $mCacheControl = array( 'must-revalidate' => true ); |
131 | 131 | |
— | — | @@ -171,6 +171,7 @@ |
172 | 172 | |
173 | 173 | $this->mSquidMaxage = - 1; // flag for executeActionWithErrorHandling() |
174 | 174 | $this->mCommit = false; |
| 175 | + $this->mVaryCookie = false; |
175 | 176 | } |
176 | 177 | |
177 | 178 | /** |
— | — | @@ -221,6 +222,14 @@ |
222 | 223 | 's-maxage' => $maxage |
223 | 224 | ) ); |
224 | 225 | } |
| 226 | + |
| 227 | + /** |
| 228 | + * Make sure Cache-Control: private is set. Use this when the output of a request |
| 229 | + * is for the current recipient only and should not be cached in any shared cache. |
| 230 | + */ |
| 231 | + public function setCachePrivate() { |
| 232 | + $this->setCacheControl( array( 'private' => true ) ); |
| 233 | + } |
225 | 234 | |
226 | 235 | /** |
227 | 236 | * Set directives (key/value pairs) for the Cache-Control header. |
— | — | @@ -232,6 +241,35 @@ |
233 | 242 | } |
234 | 243 | |
235 | 244 | /** |
| 245 | + * Make sure Vary: Cookie and friends are set. Use this when the output of a request |
| 246 | + * may be cached for anons but may not be cached for logged-in users. |
| 247 | + * |
| 248 | + * WARNING: This function must be called CONSISTENTLY for a given URL. This means that a |
| 249 | + * given URL must either always or never call this function; if it sometimes does and |
| 250 | + * sometimes doesn't, stuff will break. |
| 251 | + */ |
| 252 | + public function setVaryCookie() { |
| 253 | + $this->mVaryCookie = true; |
| 254 | + } |
| 255 | + |
| 256 | + /** |
| 257 | + * Actually output the Vary: Cookie header and its friends, if flagged with setVaryCookie(). |
| 258 | + * Outputs the appropriate X-Vary-Options header and Cache-Control: private if needed. |
| 259 | + */ |
| 260 | + private function outputVaryCookieHeader() { |
| 261 | + global $wgUseXVO, $wgOut; |
| 262 | + if ( $this->mVaryCookie ) { |
| 263 | + header( 'Vary: Cookie' ); |
| 264 | + if ( $wgUseXVO ) { |
| 265 | + header( $wgOut->getXVO() ); |
| 266 | + if ( $wgOut->hasCacheVaryCookies() ) { |
| 267 | + $this->setCacheControl( array( 'private' => true ) ); |
| 268 | + } |
| 269 | + } |
| 270 | + } |
| 271 | + } |
| 272 | + |
| 273 | + /** |
236 | 274 | * Create an instance of an output formatter by its name |
237 | 275 | */ |
238 | 276 | public function createPrinterByName( $format ) { |
— | — | @@ -281,6 +319,7 @@ |
282 | 320 | |
283 | 321 | // Error results should not be cached |
284 | 322 | $this->setCacheMaxAge( 0 ); |
| 323 | + $this->setCachePrivate(); |
285 | 324 | |
286 | 325 | $headerStr = 'MediaWiki-API-Error: ' . $errCode; |
287 | 326 | if ( $e->getCode() === 0 ) |
— | — | @@ -295,6 +334,11 @@ |
296 | 335 | $this->mPrinter->safeProfileOut(); |
297 | 336 | $this->printResult( true ); |
298 | 337 | } |
| 338 | + |
| 339 | + // If this wiki is private, don't cache anything ever |
| 340 | + if ( in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) { |
| 341 | + $this->setCachePrivate(); |
| 342 | + } |
299 | 343 | |
300 | 344 | // If nobody called setCacheMaxAge(), use the (s)maxage parameters |
301 | 345 | if ( !isset( $this->mCacheControl['s-maxage'] ) ) { |
— | — | @@ -326,6 +370,7 @@ |
327 | 371 | } |
328 | 372 | |
329 | 373 | header( "Cache-Control: $ccHeader" ); |
| 374 | + $this->outputVaryCookieHeader(); |
330 | 375 | |
331 | 376 | if ( $this->mPrinter->getIsHtml() ) |
332 | 377 | echo wfReportTime(); |
— | — | @@ -446,7 +491,8 @@ |
447 | 492 | } |
448 | 493 | |
449 | 494 | global $wgUser, $wgGroupPermissions; |
450 | | - if ( $module->isReadMode() && !$wgGroupPermissions['*']['read'] && !$wgUser->isAllowed( 'read' ) ) |
| 495 | + if ( $module->isReadMode() && !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) && |
| 496 | + !$wgUser->isAllowed( 'read' ) ) |
451 | 497 | $this->dieUsageMsg( array( 'readrequired' ) ); |
452 | 498 | if ( $module->isWriteMode() ) { |
453 | 499 | if ( !$this->mEnableWrite ) |
Index: branches/REL1_16/phase3/includes/api/ApiQueryWatchlist.php |
— | — | @@ -68,9 +68,12 @@ |
69 | 69 | if ( $token == '' || $token != $params['token'] ) { |
70 | 70 | $this->dieUsage( 'Incorrect watchlist token provided -- please set a correct token in Special:Preferences', 'bad_wltoken' ); |
71 | 71 | } |
72 | | - } elseif ( !$wgUser->isLoggedIn() ) { |
73 | | - $this->dieUsage( 'You must be logged-in to have a watchlist', 'notloggedin' ); |
74 | 72 | } else { |
| 73 | + // User not determined by URL, so don't cache |
| 74 | + $this->getMain()->setVaryCookie(); |
| 75 | + if ( !$wgUser->isLoggedIn() ) { |
| 76 | + $this->dieUsage( 'You must be logged-in to have a watchlist', 'notloggedin' ); |
| 77 | + } |
75 | 78 | $user = $wgUser; |
76 | 79 | } |
77 | 80 | |
— | — | @@ -90,7 +93,8 @@ |
91 | 94 | $this->fld_notificationtimestamp = isset( $prop['notificationtimestamp'] ); |
92 | 95 | |
93 | 96 | if ( $this->fld_patrol ) { |
94 | | - if ( !$user->useRCPatrol() && !$user->useNPPatrol() ) |
| 97 | + $this->getMain()->setVaryCookie(); |
| 98 | + if ( !$user->useRCPatrol() && !$user->useNPPatrol() ) { |
95 | 99 | $this->dieUsage( 'patrol property is not available', 'patrol' ); |
96 | 100 | } |
97 | 101 | } |
— | — | @@ -155,8 +159,12 @@ |
156 | 160 | } |
157 | 161 | |
158 | 162 | // Check permissions. FIXME: should this check $user instead of $wgUser? |
159 | | - if ( ( isset( $show['patrolled'] ) || isset( $show['!patrolled'] ) ) && !$wgUser->useRCPatrol() && !$wgUser->useNPPatrol() ) |
160 | | - $this->dieUsage( "You need the patrol right to request the patrolled flag", 'permissiondenied' ); |
| 163 | + if ( isset( $show['patrolled'] ) || isset( $show['!patrolled'] ) ) { |
| 164 | + $this->getMain()->setVaryCookie(); |
| 165 | + if ( !$wgUser->useRCPatrol() && !$wgUser->useNPPatrol() ) { |
| 166 | + $this->dieUsage( 'You need the patrol right to request the patrolled flag', 'permissiondenied' ); |
| 167 | + } |
| 168 | + } |
161 | 169 | |
162 | 170 | /* Add additional conditions to query depending upon parameters. */ |
163 | 171 | $this->addWhereIf( 'rc_minor = 0', isset ( $show['!minor'] ) ); |
— | — | @@ -272,6 +280,8 @@ |
273 | 281 | |
274 | 282 | if ( $this->fld_parsedcomment && isset( $row->rc_comment ) ) { |
275 | 283 | global $wgUser; |
| 284 | + $this->getMain()->setVaryCookie(); |
| 285 | + |
276 | 286 | $vals['parsedcomment'] = $wgUser->getSkin()->formatComment( $row->rc_comment, $title ); |
277 | 287 | } |
278 | 288 | |
Index: branches/REL1_16/phase3/includes/api/ApiPatrol.php |
— | — | @@ -41,6 +41,7 @@ |
42 | 42 | * Patrols the article or provides the reason the patrol failed. |
43 | 43 | */ |
44 | 44 | public function execute() { |
| 45 | + $this->getMain()->setCachePrivate(); |
45 | 46 | $params = $this->extractRequestParams(); |
46 | 47 | |
47 | 48 | if ( !isset( $params['rcid'] ) ) |