A page can only be protected with cascading protection if the
requested restriction level is included in this array.
This replaces previously hard-coded values of 'sysop' and 'protect'.
This is necessary, because if any protection could be
cascading, users could who cannot normally protect pages could
"protect" them by transcluding them on protected pages they are
allowed to edit.
Bug: 47617
Change-Id: I5f8bcc899b46d466161894606cd27bf3b8624bd0
activated; when $wgUseVFormCreateAccount is true, the redesign of
Special:UserLogin/signup is activated.
* $wgVectorUseIconWatch is now enabled by default.
activated; when $wgUseVFormCreateAccount is true, the redesign of
Special:UserLogin/signup is activated.
* $wgVectorUseIconWatch is now enabled by default.
+* $wgCascadingRestrictionLevels was added.
=== New features in 1.22 ===
* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and attributes.
=== New features in 1.22 ===
* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and attributes.
* mediawiki.log: Added log.warn wrapper (uses console.warn and console.trace).
* mediawiki.log: Implemented log.deprecate. This method defines a property and
uses ES5 getter/setter to emit a warning when they are used.
* mediawiki.log: Added log.warn wrapper (uses console.warn and console.trace).
* mediawiki.log: Implemented log.deprecate. This method defines a property and
uses ES5 getter/setter to emit a warning when they are used.
+* $wgCascadingRestrictionLevels was added, allowing one to specify restriction levels
+ which can be cascading (previously 'sysop' was hard-coded as the only one).
=== Bug fixes in 1.22 ===
* Disable Special:PasswordReset when $wgEnableEmail. Previously one could still
=== Bug fixes in 1.22 ===
* Disable Special:PasswordReset when $wgEnableEmail. Previously one could still
*/
$wgRestrictionLevels = array( '', 'autoconfirmed', 'sysop' );
*/
$wgRestrictionLevels = array( '', 'autoconfirmed', 'sysop' );
+/**
+ * Restriction levels that can be used with cascading protection
+ *
+ * A page can only be protected with cascading protection if the
+ * requested restriction level is included in this array.
+ *
+ * This is intended to prevent abuse - if any protection could be
+ * cascading, users could who cannot normally protect pages could
+ * "protect" them by transcluding them on protected pages they are
+ * allowed to edit.
+ *
+ * 'sysop' is quietly rewritten to 'protect' for backwards compatibility.
+ */
+$wgCascadingRestrictionLevels = array( 'sysop' );
+
/**
* Set the minimum permissions required to edit pages in each
* namespace. If you list more than one permission, a user must
/**
* Set the minimum permissions required to edit pages in each
* namespace. If you list more than one permission, a user must
}
function buildCleanupScript() {
}
function buildCleanupScript() {
- global $wgRestrictionLevels, $wgOut;
+ global $wgRestrictionLevels, $wgCascadingRestrictionLevels, $wgOut;
- $cascadeableLevels = array();
- foreach ( $wgRestrictionLevels as $key ) {
- if ( User::groupHasPermission( $key, 'protect' )
- || $key == 'protect'
- ) {
- $cascadeableLevels[] = $key;
- }
- }
+ $cascadeableLevels = $wgCascadingRestrictionLevels;
$options = array(
'tableId' => 'mwProtectSet',
'labelText' => wfMessage( 'protect-unchain-permissions' )->plain(),
$options = array(
'tableId' => 'mwProtectSet',
'labelText' => wfMessage( 'protect-unchain-permissions' )->plain(),
* @return Status
*/
public function doUpdateRestrictions( array $limit, array $expiry, &$cascade, $reason, User $user ) {
* @return Status
*/
public function doUpdateRestrictions( array $limit, array $expiry, &$cascade, $reason, User $user ) {
+ global $wgContLang, $wgCascadingRestrictionLevels;
if ( wfReadOnly() ) {
return Status::newFatal( 'readonlytext', wfReadOnlyReason() );
if ( wfReadOnly() ) {
return Status::newFatal( 'readonlytext', wfReadOnlyReason() );
return Status::newGood();
}
return Status::newGood();
}
- // Only restrictions with the 'protect' right can cascade...
- // Otherwise, people who cannot normally protect can "protect" pages via transclusion
+ // Only certain restrictions can cascade... Otherwise, users who cannot normally protect pages
+ // could "protect" them by transcluding them on protected pages they are allowed to edit.
$editrestriction = isset( $limit['edit'] ) ? array( $limit['edit'] ) : $this->mTitle->getRestrictions( 'edit' );
$editrestriction = isset( $limit['edit'] ) ? array( $limit['edit'] ) : $this->mTitle->getRestrictions( 'edit' );
+ $cascadingRestrictionLevels = $wgCascadingRestrictionLevels;
+ if ( in_array( 'sysop', $cascadingRestrictionLevels ) ) {
+ $cascadingRestrictionLevels[] = 'protect'; // backwards compatibility
+ }
+
// The schema allows multiple restrictions
// The schema allows multiple restrictions
- if ( !in_array( 'protect', $editrestriction ) && !in_array( 'sysop', $editrestriction ) ) {
+ if ( !array_intersect( $editrestriction, $cascadingRestrictionLevels ) ) {