From e3c3dfba8502c520e9afcbe7b0230458c41fc0ce Mon Sep 17 00:00:00 2001
From: Kevin Israel <pleasestand@live.com>
Date: Tue, 28 May 2013 08:00:52 -0400
Subject: [PATCH] Check if API enabled before loading dependent JS modules

Affects whether these modules are loaded:

* mediawiki.searchSuggest ($wgEnableAPI only)
* mediawiki.page.watch.ajax ($wgEnableAPI, $wgEnableWriteAPI,
  'writeapi' right)
* mediawiki.page.patrol.ajax (same as above)

Checking of $wgUseAjax has not been removed where it was
already present, in case some users have set the variable
to false to disable these specific features.

Bug: 30213
Change-Id: If2ec219cfbb94e7c9718c58b9b54a508d0e0c656
---
 RELEASE-NOTES-1.22                 |  3 +++
 includes/Article.php               |  6 ++++--
 includes/Skin.php                  | 16 ++++++++++------
 includes/diff/DifferenceEngine.php |  8 ++++++--
 4 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22
index 4e04940967..f3905e4782 100644
--- a/RELEASE-NOTES-1.22
+++ b/RELEASE-NOTES-1.22
@@ -112,6 +112,9 @@ production.
 * (bug 36641) Patrol page links no longer show on non-existent revisions.
 * (bug 35810) Pages not linked from Special:RecentChanges or Special:NewPages
   are patrollable now.
+* (bug 30213) JavaScript for search suggestions is now disabled when the API
+  is disabled, and AJAX patrolling and watching are now disabled when use of
+  the write API is not allowed.
 
 === API changes in 1.22 ===
 * (bug 46626) xmldoublequote parameter was removed. Because of a bug, the
diff --git a/includes/Article.php b/includes/Article.php
index c4b0835a6f..da24a98527 100644
--- a/includes/Article.php
+++ b/includes/Article.php
@@ -1052,7 +1052,7 @@ class Article implements Page {
 	 * OutputPage::preventClickjacking() and load mediawiki.page.patrol.ajax.
 	 */
 	public function showPatrolFooter() {
-		global $wgUseRCPatrol, $wgUseNPPatrol, $wgRCMaxAge;
+		global $wgUseRCPatrol, $wgUseNPPatrol, $wgRCMaxAge, $wgEnableAPI, $wgEnableWriteAPI;
 
 		$request = $this->getContext()->getRequest();
 		$outputPage = $this->getContext()->getOutput();
@@ -1167,7 +1167,9 @@ class Article implements Page {
 		$token = $user->getEditToken( $rcid );
 
 		$outputPage->preventClickjacking();
-		$outputPage->addModules( 'mediawiki.page.patrol.ajax' );
+		if ( $wgEnableAPI && $wgEnableWriteAPI && $user->isAllowed( 'writeapi' ) ) {
+			$outputPage->addModules( 'mediawiki.page.patrol.ajax' );
+		}
 
 		$link = Linker::linkKnown(
 			$this->getTitle(),
diff --git a/includes/Skin.php b/includes/Skin.php
index 07abcb5740..53003c67a5 100644
--- a/includes/Skin.php
+++ b/includes/Skin.php
@@ -205,7 +205,7 @@ abstract class Skin extends ContextSource {
 	 */
 	public function getDefaultModules() {
 		global $wgIncludeLegacyJavaScript, $wgPreloadJavaScriptMwUtil, $wgUseAjax,
-			$wgAjaxWatch;
+			$wgAjaxWatch, $wgEnableAPI, $wgEnableWriteAPI;
 
 		$out = $this->getOutput();
 		$user = $out->getUser();
@@ -235,12 +235,16 @@ abstract class Skin extends ContextSource {
 		if ( $wgUseAjax ) {
 			$modules['legacy'][] = 'mediawiki.legacy.ajax';
 
-			if ( $wgAjaxWatch && $user->isLoggedIn() ) {
-				$modules['watch'][] = 'mediawiki.page.watch.ajax';
-			}
+			if ( $wgEnableAPI ) {
+				if ( $wgEnableWriteAPI && $wgAjaxWatch && $user->isLoggedIn()
+					&& $user->isAllowed( 'writeapi' )
+				) {
+					$modules['watch'][] = 'mediawiki.page.watch.ajax';
+				}
 
-			if ( !$user->getOption( 'disablesuggest', false ) ) {
-				$modules['search'][] =  'mediawiki.searchSuggest';
+				if ( !$user->getOption( 'disablesuggest', false ) ) {
+					$modules['search'][] = 'mediawiki.searchSuggest';
+				}
 			}
 		}
 
diff --git a/includes/diff/DifferenceEngine.php b/includes/diff/DifferenceEngine.php
index c551107520..5cdc0b6f5e 100644
--- a/includes/diff/DifferenceEngine.php
+++ b/includes/diff/DifferenceEngine.php
@@ -410,7 +410,7 @@ class DifferenceEngine extends ContextSource {
 	 * @return String
 	 */
 	protected function markPatrolledLink() {
-		global $wgUseRCPatrol, $wgRCMaxAge;
+		global $wgUseRCPatrol, $wgRCMaxAge, $wgEnableAPI, $wgEnableWriteAPI;
 		$cache = wfGetMainCache();
 
 		if ( $this->mMarkPatrolledLink === null ) {
@@ -447,7 +447,11 @@ class DifferenceEngine extends ContextSource {
 				// Build the link
 				if ( $rcid ) {
 					$this->getOutput()->preventClickjacking();
-					$this->getOutput()->addModules( 'mediawiki.page.patrol.ajax' );
+					if ( $wgEnableAPI && $wgEnableWriteAPI
+						&& $this->getUser()->isAllowed( 'writeapi' )
+					) {
+						$this->getOutput()->addModules( 'mediawiki.page.patrol.ajax' );
+					}
 
 					$token = $this->getUser()->getEditToken( $rcid );
 					$this->mMarkPatrolledLink = ' <span class="patrollink">[' . Linker::linkKnown(
-- 
2.20.1