r85099 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r85098‎ \| r85099 \| r85100 >
Date:	23:09, 31 March 2011
Author:	happy-melon
Status:	ok
Tags:
Comment:	Fix for r85005: the getUserPermissionsErrors() calls were each returning a badaccess error when the user didn't have their particular permission, even if they had the other one, exclude these errors since they're already covered by the $user->isAllowedAny() check above. Also fix processForm() to check isAllowed('import') for transwiki; this wasn't being done which meant users with importupload but not import (an unlikely combination to be fair) could still spoof the form.
Modified paths:	/trunk/phase3/includes/specials/SpecialImport.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/specials/SpecialImport.php
—	—	@@ -71,9 +71,16 @@
72	72	# FIXME: Title::checkSpecialsAndNSPermissions() has a very wierd expectation of what
73	73	# getUserPermissionsErrors() might actually be used for, hence the 'ns-specialprotected'
74	74	$errors = wfMergeErrorArrays(
75		~~- $this->getTitle()->getUserPermissionsErrors( 'import', $wgUser, true, array( 'ns-specialprotected' ) ),~~
76		~~- $this->getTitle()->getUserPermissionsErrors( 'importupload', $wgUser, true, array( 'ns-specialprotected' ) )~~
	75	+ $this->getTitle()->getUserPermissionsErrors(
	76	+ 'import', $wgUser, true,
	77	+ array( 'ns-specialprotected', 'badaccess-group0', 'badaccess-groups' )
	78	+ ),
	79	+ $this->getTitle()->getUserPermissionsErrors(
	80	+ 'importupload', $wgUser, true,
	81	+ array( 'ns-specialprotected', 'badaccess-group0', 'badaccess-groups' )
	82	+ )
77	83	);
	84	+
78	85	if( $errors ){
79	86	$wgOut->showPermissionsErrorPage( $errors );
80	87	return;
—	—	@@ -107,6 +114,9 @@
108	115	return $wgOut->permissionRequired( 'importupload' );
109	116	}
110	117	} elseif ( $sourceName == "interwiki" ) {
	118	+ if( !$wgUser->isAllowed( 'import' ) ){
	119	+ return $wgOut->permissionRequired( 'import' );
	120	+ }
111	121	$this->interwiki = $wgRequest->getVal( 'interwiki' );
112	122	if ( !in_array( $this->interwiki, $wgImportSources ) ) {
113	123	$source = Status::newFatal( "import-invalid-interwiki" );

Revision	Commit summary	Author	Date
r85101	MFT r85099	platonides	23:27, 31 March 2011
r85102	MFT r85099	platonides	23:29, 31 March 2011
r85103	MFT r85099	reedy	23:34, 31 March 2011

Revision	Commit summary	Author	Date
r85005	(bug 15641) tweak Title::checkUserBlock() so that Title::getUserPermissionsEr...	happy-melon	12:53, 30 March 2011

19:47, 1 April 2011 😂 (talk | contribs) changed the tags for r85099 [removed: 1.17wmf1]
23:28, 31 March 2011 Platonides (talk | contribs) changed the tags for r85099 [removed: 1.17]
23:28, 31 March 2011 Platonides (talk | contribs) changed the status of r85099 [removed: new added: ok]
23:09, 31 March 2011 Happy-melon (talk | contribs) changed the tags for r85099 [added: 1.17,1.17wmf1]