* Marked Title::userCanEditCssSubpage() and Title::userCanEditJsSubpage() as deprecated since these were the lasts calls to that functions (core and extensions)
* Get the action parameter from Skin::userCanPreview() instead of requesting it from the callers
// Add user JS if enabled
if ( $wgAllowUserJs && $this->getUser()->isLoggedIn() ) {
- $action = $this->getRequest()->getVal( 'action', 'view' );
- if( $this->getTitle() && $this->getTitle()->isJsSubpage() && $sk->userCanPreview( $action ) ) {
+ if( $this->getTitle() && $this->getTitle()->isJsSubpage() && $sk->userCanPreview() ) {
# XXX: additional security check/prompt?
$scripts .= Html::inlineScript( "\n" . $this->getRequest()->getText( 'wpTextbox1' ) . "\n" ) . "\n";
} else {
* passed back with the preview request, we won't render
* the code.
*
- * @param $action String: 'edit', 'submit' etc.
* @return bool
*/
- public function userCanPreview( $action ) {
- if ( $action != 'submit' ) {
- return false;
- }
- if ( !$this->getRequest()->wasPosted() ) {
- return false;
- }
- if ( !$this->getTitle()->userCanEditCssSubpage() ) {
- return false;
+ public function userCanPreview() {
+ if ( $this->getRequest()->getVal( 'action' ) != 'submit'
+ || !$this->getRequest()->wasPosted()
+ || !$this->getUser()->matchEditToken(
+ $this->getRequest()->getVal( 'wpEditToken' ) )
+ ) {
+ #return false;
}
- if ( !$this->getTitle()->userCanEditJsSubpage() ) {
+ if ( !$this->getTitle()->isJsSubpage() && !$this->getTitle()->isCssSubpage() ) {
return false;
}
- return $this->getUser()->matchEditToken(
- $this->getRequest()->getVal( 'wpEditToken' ) );
+ return !count( $this->getTitle()->getUserPermissionsErrors( 'edit', $this->getUser() ) );
}
/**
// Per-user custom styles
if ( $wgAllowUserCss ) {
- if ( $this->getTitle()->isCssSubpage() && $this->userCanPreview( $this->getRequest()->getVal( 'action' ) ) ) {
+ if ( $this->getTitle()->isCssSubpage() && $this->userCanPreview() ) {
// @todo FIXME: Properly escape the cdata!
$out->addInlineStyle( $this->getRequest()->getText( 'wpTextbox1' ) );
} else {
global $wgRequest, $wgJsMimeType;
wfProfileIn( __METHOD__ );
- $action = $wgRequest->getVal( 'action', 'view' );
-
if( $allowUserJs && $this->loggedin ) {
- if( $this->getTitle()->isJsSubpage() and $this->userCanPreview( $action ) ) {
+ if( $this->getTitle()->isJsSubpage() and $this->userCanPreview() ) {
# XXX: additional security check/prompt?
$this->userjsprev = '/*<![CDATA[*/ ' . $wgRequest->getText( 'wpTextbox1' ) . ' /*]]>*/';
} else {
private function checkCSSandJSPermissions( $action, $user, $errors, $doExpensiveQueries, $short ) {
# Protect css/js subpages of user pages
# XXX: this might be better using restrictions
- # XXX: Find a way to work around the php bug that prevents using $this->userCanEditCssSubpage()
- # and $this->userCanEditJsSubpage() from working
# XXX: right 'editusercssjs' is deprecated, for backward compatibility only
if ( $action != 'patrol' && !$user->isAllowed( 'editusercssjs' )
&& !preg_match( '/^' . preg_quote( $user->getName(), '/' ) . '\//', $this->mTextform ) ) {
* Protect css subpages of user pages: can $wgUser edit
* this page?
*
+ * @deprecated in 1.19; will be removed in 1.20. Use getUserPermissionsErrors() instead.
* @return Bool
- * @todo XXX: this might be better using restrictions
*/
public function userCanEditCssSubpage() {
global $wgUser;
+ wfDeprecated( __METHOD__ );
return ( ( $wgUser->isAllowedAll( 'editusercssjs', 'editusercss' ) )
|| preg_match( '/^' . preg_quote( $wgUser->getName(), '/' ) . '\//', $this->mTextform ) );
}
* Protect js subpages of user pages: can $wgUser edit
* this page?
*
+ * @deprecated in 1.19; will be removed in 1.20. Use getUserPermissionsErrors() instead.
* @return Bool
- * @todo XXX: this might be better using restrictions
*/
public function userCanEditJsSubpage() {
global $wgUser;
+ wfDeprecated( __METHOD__ );
return ( ( $wgUser->isAllowedAll( 'editusercssjs', 'edituserjs' ) )
|| preg_match( '/^' . preg_quote( $wgUser->getName(), '/' ) . '\//', $this->mTextform ) );
}
dépôts / lhc / web / wiklou.git / commitdiff