r92739 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r92738‎ | r92739 | r92740 >
Date:10:37, 21 July 2011
Author:ialex
Status:resolved (Comments)
Tags:
Comment:
* Made Skin::userCanPreview() use Title::getUserPermissionsErrors() instead of Title::userCanEditCssSubpage() and Title::userCanEditJsSubpage() so that the checks are the same as EditPage's ones
* Marked Title::userCanEditCssSubpage() and Title::userCanEditJsSubpage() as deprecated since these were the lasts calls to that functions (core and extensions)
* Get the action parameter from Skin::userCanPreview() instead of requesting it from the callers
Modified paths:
  • /trunk/phase3/includes/OutputPage.php (modified) (history)
  • /trunk/phase3/includes/Skin.php (modified) (history)
  • /trunk/phase3/includes/SkinTemplate.php (modified) (history)
  • /trunk/phase3/includes/Title.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/OutputPage.php
@@ -2628,8 +2628,7 @@
26292629
26302630 // Add user JS if enabled
26312631 if ( $wgAllowUserJs && $this->getUser()->isLoggedIn() ) {
2632 - $action = $this->getRequest()->getVal( 'action', 'view' );
2633 - if( $this->getTitle() && $this->getTitle()->isJsSubpage() && $sk->userCanPreview( $action ) ) {
 2632+ if( $this->getTitle() && $this->getTitle()->isJsSubpage() && $sk->userCanPreview() ) {
26342633 # XXX: additional security check/prompt?
26352634 $scripts .= Html::inlineScript( "\n" . $this->getRequest()->getText( 'wpTextbox1' ) . "\n" ) . "\n";
26362635 } else {
Index: trunk/phase3/includes/Title.php
@@ -1400,8 +1400,6 @@
14011401 private function checkCSSandJSPermissions( $action, $user, $errors, $doExpensiveQueries, $short ) {
14021402 # Protect css/js subpages of user pages
14031403 # XXX: this might be better using restrictions
1404 - # XXX: Find a way to work around the php bug that prevents using $this->userCanEditCssSubpage()
1405 - # and $this->userCanEditJsSubpage() from working
14061404 # XXX: right 'editusercssjs' is deprecated, for backward compatibility only
14071405 if ( $action != 'patrol' && !$user->isAllowed( 'editusercssjs' )
14081406 && !preg_match( '/^' . preg_quote( $user->getName(), '/' ) . '\//', $this->mTextform ) ) {
@@ -2006,11 +2004,12 @@
20072005 * Protect css subpages of user pages: can $wgUser edit
20082006 * this page?
20092007 *
 2008+ * @deprecated in 1.19; will be removed in 1.20. Use getUserPermissionsErrors() instead.
20102009 * @return Bool
2011 - * @todo XXX: this might be better using restrictions
20122010 */
20132011 public function userCanEditCssSubpage() {
20142012 global $wgUser;
 2013+ wfDeprecated( __METHOD__ );
20152014 return ( ( $wgUser->isAllowedAll( 'editusercssjs', 'editusercss' ) )
20162015 || preg_match( '/^' . preg_quote( $wgUser->getName(), '/' ) . '\//', $this->mTextform ) );
20172016 }
@@ -2019,11 +2018,12 @@
20202019 * Protect js subpages of user pages: can $wgUser edit
20212020 * this page?
20222021 *
 2022+ * @deprecated in 1.19; will be removed in 1.20. Use getUserPermissionsErrors() instead.
20232023 * @return Bool
2024 - * @todo XXX: this might be better using restrictions
20252024 */
20262025 public function userCanEditJsSubpage() {
20272026 global $wgUser;
 2027+ wfDeprecated( __METHOD__ );
20282028 return ( ( $wgUser->isAllowedAll( 'editusercssjs', 'edituserjs' ) )
20292029 || preg_match( '/^' . preg_quote( $wgUser->getName(), '/' ) . '\//', $this->mTextform ) );
20302030 }
Index: trunk/phase3/includes/SkinTemplate.php
@@ -1296,10 +1296,8 @@
12971297 global $wgRequest, $wgJsMimeType;
12981298 wfProfileIn( __METHOD__ );
12991299
1300 - $action = $wgRequest->getVal( 'action', 'view' );
1301 -
13021300 if( $allowUserJs && $this->loggedin ) {
1303 - if( $this->getTitle()->isJsSubpage() and $this->userCanPreview( $action ) ) {
 1301+ if( $this->getTitle()->isJsSubpage() and $this->userCanPreview() ) {
13041302 # XXX: additional security check/prompt?
13051303 $this->userjsprev = '/*<![CDATA[*/ ' . $wgRequest->getText( 'wpTextbox1' ) . ' /*]]>*/';
13061304 } else {
Index: trunk/phase3/includes/Skin.php
@@ -314,25 +314,21 @@
315315 * passed back with the preview request, we won't render
316316 * the code.
317317 *
318 - * @param $action String: 'edit', 'submit' etc.
319318 * @return bool
320319 */
321 - public function userCanPreview( $action ) {
322 - if ( $action != 'submit' ) {
323 - return false;
 320+ public function userCanPreview() {
 321+ if ( $this->getRequest()->getVal( 'action' ) != 'submit'
 322+ || !$this->getRequest()->wasPosted()
 323+ || !$this->getUser()->matchEditToken(
 324+ $this->getRequest()->getVal( 'wpEditToken' ) )
 325+ ) {
 326+ #return false;
324327 }
325 - if ( !$this->getRequest()->wasPosted() ) {
 328+ if ( !$this->getTitle()->isJsSubpage() && !$this->getTitle()->isCssSubpage() ) {
326329 return false;
327330 }
328 - if ( !$this->getTitle()->userCanEditCssSubpage() ) {
329 - return false;
330 - }
331 - if ( !$this->getTitle()->userCanEditJsSubpage() ) {
332 - return false;
333 - }
334331
335 - return $this->getUser()->matchEditToken(
336 - $this->getRequest()->getVal( 'wpEditToken' ) );
 332+ return !count( $this->getTitle()->getUserPermissionsErrors( 'edit', $this->getUser() ) );
337333 }
338334
339335 /**
@@ -386,7 +382,7 @@
387383
388384 // Per-user custom styles
389385 if ( $wgAllowUserCss ) {
390 - if ( $this->getTitle()->isCssSubpage() && $this->userCanPreview( $this->getRequest()->getVal( 'action' ) ) ) {
 386+ if ( $this->getTitle()->isCssSubpage() && $this->userCanPreview() ) {
391387 // @todo FIXME: Properly escape the cdata!
392388 $out->addInlineStyle( $this->getRequest()->getText( 'wpTextbox1' ) );
393389 } else {

Follow-up revisions

RevisionCommit summaryAuthorDate
r92744Fix for r92740: removed debugging codeialex12:13, 21 July 2011

Comments

#Comment by Aaron Schulz (talk | contribs)   19:10, 2 August 2011 
 #return false;

Debugging code?

#Comment by IAlex (talk | contribs)   19:34, 2 August 2011

That was fixed in r92744; sorry I mentioned the wrong revision there.

Status & tagging log