* (bug 22903) Revdelete log entries now show in the user preferred language.
* (bug 22905) Correctly handle <abbr> followed by ISBN
* (bug 22940) Namespace aliases pointing to main namespace don't work
+* (bug 15810) blocked admins can no longer block/unblock other users, nor
+ themselves unless they are given the 'unblockself' permission.
== API changes in 1.17 ==
* (bug 22738) Allow filtering by action type on query=logevent
}
$ipb = new IPBlockForm( $par );
+
+ # bug 15810: blocked admins should have limited access here
+ if( $wgUser->isBlocked() ){
+ $user = User::newFromName( $ipb->BlockAddress );
+ if( $user instanceof User
+ && $user->getId() == $wgUser->getId() )
+ {
+ # User is trying to unblock themselves
+ if( !$wgUser->isAllowed( 'unblockself' ) ){
+ throw new ErrorPageError( 'badaccess', 'ipbnounblockself' );
+ }
+ } else {
+ # User is trying to block/unblock someone else
+ throw new ErrorPageError( 'badaccess', 'ipbblocked' );
+ }
+ }
$action = $wgRequest->getVal( 'action' );
if( 'success' == $action ) {
$ipu = new IPUnblockForm( $ip, $id, $reason );
- if( $action == 'unblock' ) {
+ if( $action == 'unblock' || $action == 'submit' && $wgRequest->wasPosted() ) {
# Check permissions
if( !$wgUser->isAllowed( 'block' ) ) {
$wgOut->permissionRequired( 'block' );
$wgOut->readOnlyPage();
return;
}
- # Show unblock form
- $ipu->showForm( '' );
- } elseif( $action == 'submit' && $wgRequest->wasPosted()
- && $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
- # Check permissions
- if( !$wgUser->isAllowed( 'block' ) ) {
- $wgOut->permissionRequired( 'block' );
- return;
+
+ # bug 15810: blocked admins should have limited access here
+ if( $wgUser->isBlocked() ){
+ if( $id ){
+ # This doesn't pick up on autoblocks, but admins
+ # should have the ipblock-exempt permission anyway
+ $block = Block::newFromID( $id );
+ $user = User::newFromName( $block->mAddress );
+ } else {
+ $user = User::newFromName( $ip );
+ }
+ if( $user instanceof User
+ && $user->getId() == $wgUser->getId() )
+ {
+ # User is trying to unblock themselves
+ if( !$wgUser->isAllowed( 'unblockself' ) ){
+ throw new ErrorPageError( 'badaccess', 'ipbnounblockself' );
+ }
+ } else {
+ # User is trying to block/unblock someone else
+ throw new ErrorPageError( 'badaccess', 'ipbblocked' );
+ }
}
- # Check for database lock
- if( wfReadOnly() ) {
- $wgOut->readOnlyPage();
- return;
+ if( $action == 'unblock' ){
+ # Show unblock form
+ $ipu->showForm( '' );
+ } elseif( $action == 'submit'
+ && $wgRequest->wasPosted()
+ && $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) )
+ {
+ # Remove blocks and redirect user to success page
+ $ipu->doSubmit();
}
- # Remove blocks and redirect user to success page
- $ipu->doSubmit();
+
} elseif( $action == 'success' ) {
# Inform the user of a successful unblock
# (No need to check permissions or locks here,
'right-override-export-depth' => 'Export pages including linked pages up to a depth of 5',
'right-versiondetail' => 'Show the extended software version information',
'right-sendemail' => 'Send e-mail to other users',
+'right-unblockself' => 'Unblock themselves',
# User rights log
'rightslog' => 'User rights log',
'cant-block-while-blocked' => 'You cannot block other users while you are blocked.',
'cant-see-hidden-user' => "The user you are trying to block has already been blocked and hidden.
Since you do not have the hideuser right, you cannot see or edit the user's block.",
+'ipbblocked' => 'You cannot block or unblock other users, because you are yourself blocked',
+'ipbnounblockself' => 'You are not allowed to unblock yourself',
# Developer tools
'lockdb' => 'Lock database',
'blockme' => 'The page title of [[Special:Blockme]], a feature which is disabled by default.',
'sorbs' => '{{optional}}',
'cant-see-hidden-user' => 'Used as (red) error message on Special:Block when you try to change (as sysop w/o the hideuser right) the block of a hidden user.',
+'ipbblocked' => 'Error message shown when a user tries to alter block settings when they are themselves blocked.',
+'ipbnounblockself' => 'Error message shown when a user without the <tt>unblockself</tt> right tries to unblock themselves.',
# Developer tools
'lockdb' => 'The title of the special page [[Special:LockDB]].
'right-override-export-depth',
'right-versiondetail',
'right-sendemail',
+ 'right-unblockself',
),
'rightslog' => array(
'rightslog',
'sorbsreason',
'sorbs_create_account_reason',
'cant-block-while-blocked',
- 'cant-see-hidden-user'
+ 'cant-see-hidden-user',
+ 'ipbblocked',
+ 'ipbnounblockself',
),
'developertools' => array(
'lockdb',