r97794 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r97793‎ \| r97794 \| r97795 >
Date:	06:10, 22 September 2011
Author:	tstarling
Status:	ok
Tags:
Comment:	Fix for r76344: you can't access $wgUser during the CentralAuthAutoCreate hook, because it's the same object that invoked CentralAuth via UserLoadFromSession, after mLoadedItems is set to true but before any data is initialised. The calling code in CentralAuth does permissions checks correctly, by creating a new User object for the anonymous user who is logging in. That's what I've implemented here too. Most of the changes here are just propagating the anonymous user object through the call stack.
Modified paths:	/trunk/extensions/TitleBlacklist/TitleBlacklist.hooks.php (modified) (history) /trunk/extensions/TitleBlacklist/TitleBlacklist.list.php (modified) (history)

Diff [purge]

Index: trunk/extensions/TitleBlacklist/TitleBlacklist.hooks.php
—	—	@@ -74,10 +74,10 @@
75	75	*
76	76	* @return bool Acceptable
77	77	*/
78		~~- private static function acceptNewUserName( $userName, &$err, $override = true ) {~~
79		~~- global $wgUser;~~
	78	+ private static function acceptNewUserName( $userName, $permissionsUser, &$err, $override = true ) {
80	79	$title = Title::makeTitleSafe( NS_USER, $userName );
81		~~- $blacklisted = TitleBlacklist::singleton()->userCannot( $title, $wgUser, 'new-account', $override );~~
	80	+ $blacklisted = TitleBlacklist::singleton()->userCannot( $title, $permissionsUser,
	81	+ 'new-account', $override );
82	82	if( $blacklisted instanceof TitleBlacklistEntry ) {
83	83	$message = $blacklisted->getErrorMessage( 'new-account' );
84	84	$err = wfMsgWikiHtml( $message, $blacklisted->getRaw(), $userName );
—	—	@@ -94,13 +94,15 @@
95	95	public static function abortNewAccount( $user, &$message ) {
96	96	global $wgUser, $wgRequest;
97	97	$override = $wgRequest->getCheck( 'wpIgnoreTitleBlacklist' );
98		~~- return self::acceptNewUserName( $user->getName(), $message, $override );~~
	98	+ return self::acceptNewUserName( $user->getName(), $wgUser, $message, $override );
99	99	}
100	100
101	101	/** CentralAuthAutoCreate hook */
102	102	public static function centralAuthAutoCreate( $user, $userName ) {
103	103	$message = ''; # Will be ignored
104		~~- return self::acceptNewUserName( $userName, $message );~~
	104	+ $anon = new User;
	105	+ global $wgUser;
	106	+ return self::acceptNewUserName( $userName, $anon, $message );
105	107	}
106	108
107	109	/**
—	—	@@ -169,9 +171,9 @@
170	172
171	173	/** UserCreateForm hook based on the one from AntiSpoof extension */
172	174	public static function addOverrideCheckbox( &$template ) {
173		~~- global $wgRequest;~~
	175	+ global $wgRequest, $wgUser;
174	176
175		~~- if ( TitleBlacklist::userCanOverride( 'new-account' ) ) {~~
	177	+ if ( TitleBlacklist::userCanOverride( $wgUser, 'new-account' ) ) {
176	178	$template->addInputItem( 'wpIgnoreTitleBlacklist',
177	179	$wgRequest->getCheck( 'wpIgnoreTitleBlacklist' ),
178	180	'checkbox', 'titleblacklist-override' );
Index: trunk/extensions/TitleBlacklist/TitleBlacklist.list.php
—	—	@@ -152,7 +152,7 @@
153	153	* otherwise FALSE
154	154	*/
155	155	public function userCannot( $title, $user, $action = 'edit', $override = true ) {
156		~~- if( $override && self::userCanOverride( $action ) ) {~~
	156	+ if( $override && self::userCanOverride( $user, $action ) ) {
157	157	return false;
158	158	} else {
159	159	return $this->isBlacklisted( $title, $action );
—	—	@@ -283,10 +283,9 @@
284	284	*
285	285	* @return bool
286	286	*/
287		~~- public static function userCanOverride( $action ) {~~
288		~~- global $wgUser;~~
289		~~- return $wgUser->isAllowed( 'tboverride' ) \|\|~~
290		~~- ( $action == 'new-account' && $wgUser->isAllowed( 'tboverride-account' ) );~~
	287	+ public static function userCanOverride( $user, $action ) {
	288	+ return $user->isAllowed( 'tboverride' ) \|\|
	289	+ ( $action == 'new-account' && $user->isAllowed( 'tboverride-account' ) );
291	290	}
292	291	}
293	292

Follow-up revisions

Revision	Commit summary	Author	Date
r97796	Add another hook parameter and extensive documentation to CentralAuthAutoCrea...	tstarling	06:19, 22 September 2011
r97798	MFT r97794, r97797: Fixed TitleBlacklist which was causing "Invalid argument ...	tstarling	06:32, 22 September 2011
r98759	MFT r92930, r96665, r97650, r97701, r97702, r97733, r97794, r97892	reedy	13:31, 3 October 2011

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r76344	Title blacklist:...	vasilievvv	21:55, 8 November 2010

Status & tagging log

13:31, 3 October 2011 Reedy (talk | contribs) changed the tags for r97794 [removed: 1.18]
06:40, 22 September 2011 Aaron Schulz (talk | contribs) changed the status of r97794 [removed: new added: ok]
06:24, 22 September 2011 Tim Starling (talk | contribs) changed the tags for r97794 [added: 1.18]