r92608 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r92607‎ | r92608 | r92609 >
Date:02:34, 20 July 2011
Author:simetrical
Status:ok
Tags:
Comment:
Allow blocked sysops to view Special:Unblock

Previously, trying to visit [[Special:Unblock]] while blocked would give
an error, even if the user has the unblockself permission. I moved the
permission check from execute() to right before the code that does the
actual unblocking. This should probably be examined closely for
security, since I'm not familiar with this code, although the impact of
a bug would be small. I tested some simple cases manually and they all
worked as expected:

* Unblocking self works (as before)
* Submitting the form fails unless you're trying to unblock yourself (as
before)
* GETting the page with any parameters works (previously failed unless
the target was your own username)
Modified paths:
  • /trunk/phase3/includes/specials/SpecialUnblock.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/specials/SpecialUnblock.php
@@ -51,13 +51,6 @@
5252 list( $this->target, $this->type ) = SpecialBlock::getTargetAndType( $par, $wgRequest );
5353 $this->block = Block::newFromTarget( $this->target );
5454
55 - # bug 15810: blocked admins should have limited access here. This won't allow sysops
56 - # to remove autoblocks on themselves, but they should have ipblock-exempt anyway
57 - $status = SpecialBlock::checkUnblockSelf( $this->target );
58 - if ( $status !== true ) {
59 - throw new ErrorPageError( 'badaccess', $status );
60 - }
61 -
6255 $wgOut->setPageTitle( wfMsg( 'unblockip' ) );
6356 $wgOut->addModules( 'mediawiki.special' );
6457
@@ -162,6 +155,14 @@
163156 return array( array( 'ipb_cant_unblock', $target ) );
164157 }
165158
 159+ # bug 15810: blocked admins should have limited access here. This
 160+ # won't allow sysops to remove autoblocks on themselves, but they
 161+ # should have ipblock-exempt anyway
 162+ $status = SpecialBlock::checkUnblockSelf( $target );
 163+ if ( $status !== true ) {
 164+ throw new ErrorPageError( 'badaccess', $status );
 165+ }
 166+
166167 # If the specified IP is a single address, and the block is a range block, don't
167168 # unblock the whole range.
168169 list( $target, $type ) = SpecialBlock::getTargetAndType( $target );

Sign-offs

UserFlagDate
Nikerabbitinspected09:31, 20 July 2011

Status & tagging log