r85075 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r85074‎ \| r85075 \| r85076 >
Date:	18:06, 31 March 2011
Author:	platonides
Status:	ok (Comments)
Tags:
Comment:	MFT r85005 & r85006 Backported the patch to 1.17 (isAllowedAny usage) and tweaked RELEASE-NOTES.
Modified paths:	/branches/REL1_17/phase3/RELEASE-NOTES (modified) (history) /branches/REL1_17/phase3/includes/specials/SpecialImport.php (modified) (history)

Diff [purge]

Index: branches/REL1_17/phase3/includes/specials/SpecialImport.php
—	—	@@ -51,7 +51,7 @@
52	52	* Execute
53	53	*/
54	54	function execute( $par ) {
55		~~- global $wgRequest;~~
	55	+ global $wgRequest, $wgUser, $wgOut;
56	56
57	57	$this->setHeaders();
58	58	$this->outputHeader();
—	—	@@ -62,6 +62,21 @@
63	63	return;
64	64	}
65	65
	66	+ if( !$wgUser->isAllowed( 'import' ) && !$wgUser->isAllowed( 'importupload' ) )
	67	+ return $wgOut->permissionRequired( 'import' );
	68	+
	69	+ # TODO: allow Title::getUserPermissionsErrors() to take an array
	70	+ # FIXME: Title::checkSpecialsAndNSPermissions() has a very wierd expectation of what
	71	+ # getUserPermissionsErrors() might actually be used for, hence the 'ns-specialprotected'
	72	+ $errors = wfMergeErrorArrays(
	73	+ $this->getTitle()->getUserPermissionsErrors( 'import', $wgUser, true, array( 'ns-specialprotected' ) ),
	74	+ $this->getTitle()->getUserPermissionsErrors( 'importupload', $wgUser, true, array( 'ns-specialprotected' ) )
	75	+ );
	76	+ if( $errors ){
	77	+ $wgOut->showPermissionsErrorPage( $errors );
	78	+ return;
	79	+ }
	80	+
66	81	if ( $wgRequest->wasPosted() && $wgRequest->getVal( 'action' ) == 'submit' ) {
67	82	$this->doImport();
68	83	}
—	—	@@ -144,8 +159,6 @@
145	160
146	161	private function showForm() {
147	162	global $wgUser, $wgOut, $wgImportSources, $wgExportMaxLinkDepth;
148		~~- if( !$wgUser->isAllowed( 'import' ) && !$wgUser->isAllowed( 'importupload' ) )~~
149		~~- return $wgOut->permissionRequired( 'import' );~~
150	163
151	164	$action = $this->getTitle()->getLocalUrl( array( 'action' => 'submit' ) );
152	165
Index: branches/REL1_17/phase3/RELEASE-NOTES
—	—	@@ -502,6 +502,8 @@
503	503	are also set.
504	504	* (bug 26223) Concurrently moving an article to different titles leaks a
505	505	redirect revision with no page.
	506	+* (bug 15641) Fixed permissions checks in Special:Import which allowed users without
	507	+ the 'import' permission to import pages from configured import sources.
506	508
507	509	=== API changes in 1.17 ===
508	510	* BREAKING CHANGE: action=patrol now requires POST
Property changes on: branches/REL1_17/phase3/RELEASE-NOTES
___________________________________________________________________
Modified: svn:mergeinfo
509	511	Merged /trunk/phase3/RELEASE-NOTES:r85006

Follow-up revisions

Revision	Commit summary	Author	Date
r85076	Merge r85075 from 1.17 branch (r85005 on trunk).	platonides	18:22, 31 March 2011
r85078	1.17wmf1: Merge r85075 from REL1_17	catrope	18:55, 31 March 2011

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r85005	(bug 15641) tweak Title::checkUserBlock() so that Title::getUserPermissionsEr...	happy-melon	12:53, 30 March 2011
r85006	Additional release notes for r85005, which I meant to commit as two separate ...	happy-melon	12:58, 30 March 2011

Comments

#Comment by Platonides (talk | contribs) 18:11, 31 March 2011

Note: It only merges the SpecialImport.php half of r85005.

Status & tagging log

13:19, 3 April 2011 Catrope (talk | contribs) changed the tags for r85075 [removed: 1.17wmf1]
18:50, 31 March 2011 Catrope (talk | contribs) changed the status of r85075 [removed: new added: ok]
18:07, 31 March 2011 Platonides (talk | contribs) changed the tags for r85075 [added: 1.17wmf1]