r93813 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r93812‎ \| r93813 \| r93814 >
Date:	09:28, 3 August 2011
Author:	krinkle
Status:	ok (Comments)
Tags:	aft
Comment:	Don't show AFT if user is both logged out and on action=purge, because in that scenario there is no article being shown (instead, in such scenario the user sees a form with a button to clear the cache, which is then redirected back to the article (action=view). This bug was fairly rare though, since the MediaWiki interface doesn't contain any links to action=purge for logged-out users (or even logged-in users for that matter), but some gadgets and templates do link to it. Resolves bug 30100 - Hide AFT for anonymous users on purge action.
Modified paths:	/trunk/extensions/ArticleFeedback/ArticleFeedback.php (modified) (history) /trunk/extensions/ArticleFeedback/modules/ext.articleFeedback/ext.articleFeedback.startup.js (modified) (history)

Diff [purge]

Index: trunk/extensions/ArticleFeedback/modules/ext.articleFeedback/ext.articleFeedback.startup.js
—	—	@@ -12,6 +12,10 @@
13	13	&& mw.config.get( 'wgArticleId' ) > 0
14	14	// View pages
15	15	&& ( mw.config.get( 'wgAction' ) == 'view' \|\| mw.config.get( 'wgAction' ) == 'purge' )
	16	+ // If user is logged in, showiong on action=purge is OK,
	17	+ // but if user is logged out, action=purge shows a form instead of the article,
	18	+ // so return false in that case.
	19	+ && !( mw.config.get( 'wgAction' ) == 'purge' && mw.user.anonymous() )
16	20	// Current revision
17	21	&& mw.util.getParamValue( 'diff' ) == null
18	22	&& mw.util.getParamValue( 'oldid' ) == null
Index: trunk/extensions/ArticleFeedback/ArticleFeedback.php
—	—	@@ -139,6 +139,7 @@
140	140	'Adam Miller',
141	141	'Nimish Gautam',
142	142	'Arthur Richards',
	143	+ 'Timo Tijhof',
143	144	),
144	145	'version' => '0.2.0',
145	146	'descriptionmsg' => 'articlefeedback-desc',

Follow-up revisions

Revision	Commit summary	Author	Date
r94330	Fix type from r93813	krinkle	08:30, 12 August 2011

Comments

#Comment by He7d3r (talk | contribs) 16:33, 3 August 2011

Shouldn't this be replicated to ApiArticleFeedback.php?

PS: There is a typo on "showiong".

#Comment by Krinkle (talk | contribs) 08:31, 12 August 2011

It can't be replicated to ApiArticleFeedback.php as as the action is not a page or revision property, it's simply the current view of the article. Even if the API request would run in the same request context, it's still trivial to circumvent it by changing wgAction from the console or by going to a different url (eg. reading the article and rating the article there), so it's not like someone is able to rate an article that was otherwise not ratable (which is the purpose of the check in ApiArticleFeedback.php).

For the same reason the original wgAction-check here wasn't in ApiArticleFeedback.php either.

Thanks for the typo-catch, fixed in r94330.

Status & tagging log

14:32, 24 December 2011 Nikerabbit (talk | contribs) changed the status of r93813 [removed: new added: ok]
07:14, 23 December 2011 RobLa (talk | contribs) changed the tags for r93813 [removed: features added: aft]
02:54, 23 December 2011 RobLa-WMF (talk | contribs) changed the tags for r93813 [added: features]