r99211 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r99210‎ \| r99211 \| r99212 >
Date:	13:58, 7 October 2011
Author:	maxsem
Status:	ok (Comments)
Tags:
Comment:	Revert r93246: besides the problems pointed out at CR, it also causes bug 31403, wreaking havoc on large wikis
Modified paths:	/trunk/phase3/includes/LogEventsList.php (modified) (history) /trunk/phase3/includes/Skin.php (modified) (history) /trunk/phase3/includes/api/ApiQueryDeletedrevs.php (modified) (history) /trunk/phase3/includes/api/ApiQueryFilearchive.php (modified) (history) /trunk/phase3/includes/diff/DifferenceEngine.php (modified) (history) /trunk/phase3/includes/specials/SpecialContributions.php (modified) (history) /trunk/phase3/includes/specials/SpecialDeletedContributions.php (modified) (history) /trunk/phase3/includes/specials/SpecialRevisiondelete.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/diff/DifferenceEngine.php
—	—	@@ -142,7 +142,7 @@
143	143	*/
144	144	function deletedLink( $id ) {
145	145	global $wgUser;
146		~~- if ( $wgUser->isAllowed( 'deletedhistory' ) && !$wgUser->isBlocked() ) {~~
	146	+ if ( $wgUser->isAllowed( 'deletedhistory' ) ) {
147	147	$dbr = wfGetDB( DB_SLAVE );
148	148	$row = $dbr->selectRow('archive', '*',
149	149	array( 'ar_rev_id' => $id ),
Index: trunk/phase3/includes/LogEventsList.php
—	—	@@ -509,7 +509,7 @@
510	510	}
511	511	$del = '';
512	512	// Don't show useless link to people who cannot hide revisions
513		~~- if( $wgUser->isAllowed( 'deletedhistory' ) && !$wgUser->isBlocked() ) {~~
	513	+ if( $wgUser->isAllowed( 'deletedhistory' ) ) {
514	514	if( $row->log_deleted \|\| $wgUser->isAllowed( 'deleterevision' ) ) {
515	515	$canHide = $wgUser->isAllowed( 'deleterevision' );
516	516	// If event was hidden from sysops
—	—	@@ -866,9 +866,9 @@
867	867	$this->mConds['log_user'] = $userid;
868	868	// Paranoia: avoid brute force searches (bug 17342)
869	869	$user = $this->getUser();
870		~~- if( !$user->isAllowed( 'deletedhistory' ) \|\| $user->isBlocked() ) {~~
	870	+ if( !$user->isAllowed( 'deletedhistory' ) ) {
871	871	$this->mConds[] = $this->mDb->bitAnd('log_deleted', LogPage::DELETED_USER) . ' = 0';
872		~~- } elseif( !$user->isAllowed( 'suppressrevision' ) \|\| $user->isBlocked() ) {~~
	872	+ } elseif( !$user->isAllowed( 'suppressrevision' ) ) {
873	873	$this->mConds[] = $this->mDb->bitAnd('log_deleted', LogPage::SUPPRESSED_USER) .
874	874	' != ' . LogPage::SUPPRESSED_USER;
875	875	}
—	—	@@ -920,9 +920,9 @@
921	921	}
922	922	// Paranoia: avoid brute force searches (bug 17342)
923	923	$user = $this->getUser();
924		~~- if( !$user->isAllowed( 'deletedhistory' ) \|\| $user->isBlocked() ) {~~
	924	+ if( !$user->isAllowed( 'deletedhistory' ) ) {
925	925	$this->mConds[] = $db->bitAnd('log_deleted', LogPage::DELETED_ACTION) . ' = 0';
926		~~- } elseif( !$user->isAllowed( 'suppressrevision' ) \|\| $user->isBlocked() ) {~~
	926	+ } elseif( !$user->isAllowed( 'suppressrevision' ) ) {
927	927	$this->mConds[] = $db->bitAnd('log_deleted', LogPage::SUPPRESSED_ACTION) .
928	928	' != ' . LogPage::SUPPRESSED_ACTION;
929	929	}
Index: trunk/phase3/includes/api/ApiQueryDeletedrevs.php
—	—	@@ -43,7 +43,7 @@
44	44	public function execute() {
45	45	global $wgUser;
46	46	// Before doing anything at all, let's check permissions
47		~~- if ( !$wgUser->isAllowed( 'deletedhistory' ) \|\| $wgUser->isBlocked() ) {~~
	47	+ if ( !$wgUser->isAllowed( 'deletedhistory' ) ) {
48	48	$this->dieUsage( 'You don\'t have permission to view deleted revision information', 'permissiondenied' );
49	49	}
50	50
Index: trunk/phase3/includes/api/ApiQueryFilearchive.php
—	—	@@ -45,7 +45,7 @@
46	46	public function execute() {
47	47	global $wgUser;
48	48	// Before doing anything at all, let's check permissions
49		~~- if ( !$wgUser->isAllowed( 'deletedhistory' ) \|\| $wgUser->isBlocked() ) {~~
	49	+ if ( !$wgUser->isAllowed( 'deletedhistory' ) ) {
50	50	$this->dieUsage( 'You don\'t have permission to view deleted file information', 'permissiondenied' );
51	51	}
52	52
Index: trunk/phase3/includes/specials/SpecialRevisiondelete.php
—	—	@@ -118,8 +118,6 @@
119	119	throw new PermissionsError( 'deletedhistory' );
120	120	} elseif( wfReadOnly() ) {
121	121	throw new ReadOnlyError;
122		~~- } elseif( $user->isBlocked() ) {~~
123		~~- throw new UserBlockedError( $user->getBlock() );~~
124	122	}
125	123
126	124	$this->mIsAllowed = $user->isAllowed('deleterevision'); // for changes
Index: trunk/phase3/includes/specials/SpecialContributions.php
—	—	@@ -311,7 +311,7 @@
312	312	);
313	313
314	314	# Add link to deleted user contributions for priviledged users
315		~~- if( $subject->isAllowed( 'deletedhistory' ) && !$subject->isBlocked() ) {~~
	315	+ if( $subject->isAllowed( 'deletedhistory' ) ) {
316	316	$tools[] = Linker::linkKnown(
317	317	SpecialPage::getTitleFor( 'DeletedContributions', $username ),
318	318	wfMsgHtml( 'sp-contributions-deleted' )
—	—	@@ -464,7 +464,7 @@
465	465	$user = $this->getUser();
466	466	$conds = array_merge( $userCond, $this->getNamespaceCond() );
467	467	// Paranoia: avoid brute force searches (bug 17342)
468		~~- if( !$user->isAllowed( 'deletedhistory' ) \|\| $user->isBlocked() ) {~~
	468	+ if( !$user->isAllowed( 'deletedhistory' ) ) {
469	469	$conds[] = $this->mDb->bitAnd('rev_deleted',Revision::DELETED_USER) . ' = 0';
470	470	} elseif( !$user->isAllowed( 'suppressrevision' ) ) {
471	471	$conds[] = $this->mDb->bitAnd('rev_deleted',Revision::SUPPRESSED_USER) .
Index: trunk/phase3/includes/specials/SpecialDeletedContributions.php
—	—	@@ -266,10 +266,6 @@
267	267	return;
268	268	}
269	269
270		~~- if( $user->isBlocked() ){~~
271		~~- throw new UserBlockedError( $user->getBlock() );~~
272		~~- }~~
273		-
274	270	$request = $this->getRequest();
275	271	$out = $this->getOutput();
276	272	$out->setPageTitle( wfMsgExt( 'deletedcontributions-title', array( 'parsemag' ) ) );
Index: trunk/phase3/includes/Skin.php
—	—	@@ -636,7 +636,7 @@
637	637	function getUndeleteLink() {
638	638	$action = $this->getRequest()->getVal( 'action', 'view' );
639	639
640		~~- if ( $this->getUser()->isAllowed( 'deletedhistory' ) && !$this->getUser()->isBlocked() &&~~
	640	+ if ( $this->getUser()->isAllowed( 'deletedhistory' ) &&
641	641	( $this->getTitle()->getArticleId() == 0 \|\| $action == 'history' ) ) {
642	642	$n = $this->getTitle()->isDeleted();
643	643

Follow-up revisions

Revision	Commit summary	Author	Date
r99213	Follow-up r99211: forgot to revert one file	maxsem	14:21, 7 October 2011

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r93246	(bug 15641) prevent blocked administrators from accessing deleted revisions.	happy-melon	20:54, 26 July 2011

Comments

#Comment by Siebrand (talk | contribs) 14:08, 7 October 2011

The original commit touched 11 files. This revert touches 8, and is the only follow-up. Are you sure it's a complete revert?

#Comment by MaxSem (talk | contribs) 14:21, 7 October 2011

The changes to SkinTemplate and SpecialUpload were removed before me (careless conflict resolution?). Thanks for noticing that SpecialUndelete is not like them - reverted.

#Comment by Aaron Schulz (talk | contribs) 17:35, 7 October 2011

That revision does not appear to even be in 1.18wmf1.

Status & tagging log

19:54, 7 October 2011 Aaron Schulz (talk | contribs) changed the tags for r99211 [removed: 1.18,1.18wmf1]
17:18, 7 October 2011 Aaron Schulz (talk | contribs) changed the status of r99211 [removed: new added: ok]
13:59, 7 October 2011 MaxSem (talk | contribs) changed the tags for r99211 [added: 1.18,1.18wmf1]