From 33534edfbda600314339959edf53022301d95237 Mon Sep 17 00:00:00 2001 From: Happy-melon Date: Wed, 30 Mar 2011 12:53:13 +0000 Subject: [PATCH] (bug 15641) tweak Title::checkUserBlock() so that Title::getUserPermissionsErrors() more comprehensively prevents blocked users from performing various actions; particularly prevents blocked admins from protecting or deleting their own talk page. --- RELEASE-NOTES | 3 +++ includes/Title.php | 10 ++++++++-- includes/specials/SpecialImport.php | 21 +++++++++++++++++---- 3 files changed, 28 insertions(+), 6 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 200e991c8b..08850efb78 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -205,6 +205,9 @@ PHP if you have not done so prior to upgrading MediaWiki. since length can vary by localization. * (bug 28242) Make redirects generated by urls containing a local interwiki prefix be a 301 instead of a 302. +* (bug 15641) blocked administrators are now prevented from deleting or protecting + their own talk page; and all blocked users are more comprehensively prevented + from performing other actions === API changes in 1.18 === * (bug 26339) Throw warning when truncating an overlarge API result diff --git a/includes/Title.php b/includes/Title.php index 4f0000b016..c5fd079c22 100644 --- a/includes/Title.php +++ b/includes/Title.php @@ -1541,8 +1541,14 @@ class Title { $errors[] = array( 'confirmedittext' ); } - // Edit blocks should not affect reading. Account creation blocks handled at userlogin. - if ( $action != 'read' && $action != 'createaccount' && $user->isBlockedFrom( $this ) ) { + if ( in_array( $action, array( 'read', 'createaccount', 'unblock' ) ) ){ + // Edit blocks should not affect reading. + // Account creation blocks handled at userlogin. + // Unblocking handled in SpecialUnblock + } elseif( ( $action == 'edit' || $action == 'create' ) && !$user->isBlockedFrom( $this ) ){ + // Don't block the user from editing their own talk page unless they've been + // explicitly blocked from that too. + } elseif( $user->isBlocked() && $user->mBlock->prevents( $action ) !== false ) { $block = $user->mBlock; // This is from OutputPage::blockedPage diff --git a/includes/specials/SpecialImport.php b/includes/specials/SpecialImport.php index 431f1a091c..e337abbd0d 100644 --- a/includes/specials/SpecialImport.php +++ b/includes/specials/SpecialImport.php @@ -52,7 +52,7 @@ class SpecialImport extends SpecialPage { * Execute */ function execute( $par ) { - global $wgRequest; + global $wgRequest, $wgUser, $wgOut; $this->setHeaders(); $this->outputHeader(); @@ -63,6 +63,22 @@ class SpecialImport extends SpecialPage { return; } + if( !$wgUser->isAllowedAny( 'import', 'importupload' ) ) { + return $wgOut->permissionRequired( 'import' ); + } + + # TODO: allow Title::getUserPermissionsErrors() to take an array + # FIXME: Title::checkSpecialsAndNSPermissions() has a very wierd expectation of what + # getUserPermissionsErrors() might actually be used for, hence the 'ns-specialprotected' + $errors = wfMergeErrorArrays( + $this->getTitle()->getUserPermissionsErrors( 'import', $wgUser, true, array( 'ns-specialprotected' ) ), + $this->getTitle()->getUserPermissionsErrors( 'importupload', $wgUser, true, array( 'ns-specialprotected' ) ) + ); + if( $errors ){ + $wgOut->showPermissionsErrorPage( $errors ); + return; + } + if ( $wgRequest->wasPosted() && $wgRequest->getVal( 'action' ) == 'submit' ) { $this->doImport(); } @@ -145,9 +161,6 @@ class SpecialImport extends SpecialPage { private function showForm() { global $wgUser, $wgOut, $wgImportSources, $wgExportMaxLinkDepth; - if( !$wgUser->isAllowedAny( 'import', 'importupload' ) ) { - return $wgOut->permissionRequired( 'import' ); - } $action = $this->getTitle()->getLocalUrl( array( 'action' => 'submit' ) ); -- 2.20.1