From be7409947a46537d6b4aa609a831effde9b50acf Mon Sep 17 00:00:00 2001
From: Aaron Schulz <aaron@users.mediawiki.org>
Date: Wed, 14 Mar 2007 19:37:56 +0000
Subject: [PATCH] *Do not cascade unless each protection type is set to a group
 that can "protect" (bug 8796)

---
 includes/Article.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/includes/Article.php b/includes/Article.php
index e5a04e86e1..2ffc3be292 100644
--- a/includes/Article.php
+++ b/includes/Article.php
@@ -1652,7 +1652,7 @@ class Article {
 	 * @return bool true on success
 	 */
 	function updateRestrictions( $limit = array(), $reason = '', $cascade = 0, $expiry = null ) {
-		global $wgUser, $wgRestrictionTypes, $wgContLang;
+		global $wgUser, $wgRestrictionTypes, $wgContLang, $wgGroupPermissions;
 
 		$id = $this->mTitle->getArticleID();
 		if( !$wgUser->isAllowed( 'protect' ) || wfReadOnly() || $id == 0 ) {
@@ -1707,6 +1707,11 @@ class Article {
 				$nullRevision = Revision::newNullRevision( $dbw, $id, $comment, true );
 				$nullRevId = $nullRevision->insertOn( $dbw );
 
+				foreach( $limit as $action => $restrictions ) {
+					# Check if the group level required to edit also can protect pages
+					# Otherwise, people who cannot normally protect can "protect" pages via transclusion
+					$cascade = ( $cascade && isset($wgGroupPermissions[$restrictions]) && $wgGroupPermissions[$restrictions]['protect'] );	
+				}
 				# Update restrictions table
 				foreach( $limit as $action => $restrictions ) {
 					if ($restrictions != '' ) {
-- 
2.20.1