From b5af0466b28b340102e9da31ce91c6cc606cd91e Mon Sep 17 00:00:00 2001 From: Alexandre Emsenhuber Date: Thu, 21 Jul 2011 10:37:43 +0000 Subject: [PATCH] * Made Skin::userCanPreview() use Title::getUserPermissionsErrors() instead of Title::userCanEditCssSubpage() and Title::userCanEditJsSubpage() so that the checks are the same as EditPage's ones * Marked Title::userCanEditCssSubpage() and Title::userCanEditJsSubpage() as deprecated since these were the lasts calls to that functions (core and extensions) * Get the action parameter from Skin::userCanPreview() instead of requesting it from the callers --- includes/OutputPage.php | 3 +-- includes/Skin.php | 24 ++++++++++-------------- includes/SkinTemplate.php | 4 +--- includes/Title.php | 8 ++++---- 4 files changed, 16 insertions(+), 23 deletions(-) diff --git a/includes/OutputPage.php b/includes/OutputPage.php index 1683b1d6eb..2ce48f4b6f 100644 --- a/includes/OutputPage.php +++ b/includes/OutputPage.php @@ -2628,8 +2628,7 @@ $templates // Add user JS if enabled if ( $wgAllowUserJs && $this->getUser()->isLoggedIn() ) { - $action = $this->getRequest()->getVal( 'action', 'view' ); - if( $this->getTitle() && $this->getTitle()->isJsSubpage() && $sk->userCanPreview( $action ) ) { + if( $this->getTitle() && $this->getTitle()->isJsSubpage() && $sk->userCanPreview() ) { # XXX: additional security check/prompt? $scripts .= Html::inlineScript( "\n" . $this->getRequest()->getText( 'wpTextbox1' ) . "\n" ) . "\n"; } else { diff --git a/includes/Skin.php b/includes/Skin.php index c7558e9143..f26a2c32f0 100644 --- a/includes/Skin.php +++ b/includes/Skin.php @@ -314,25 +314,21 @@ abstract class Skin extends ContextSource { * passed back with the preview request, we won't render * the code. * - * @param $action String: 'edit', 'submit' etc. * @return bool */ - public function userCanPreview( $action ) { - if ( $action != 'submit' ) { - return false; - } - if ( !$this->getRequest()->wasPosted() ) { - return false; - } - if ( !$this->getTitle()->userCanEditCssSubpage() ) { - return false; + public function userCanPreview() { + if ( $this->getRequest()->getVal( 'action' ) != 'submit' + || !$this->getRequest()->wasPosted() + || !$this->getUser()->matchEditToken( + $this->getRequest()->getVal( 'wpEditToken' ) ) + ) { + #return false; } - if ( !$this->getTitle()->userCanEditJsSubpage() ) { + if ( !$this->getTitle()->isJsSubpage() && !$this->getTitle()->isCssSubpage() ) { return false; } - return $this->getUser()->matchEditToken( - $this->getRequest()->getVal( 'wpEditToken' ) ); + return !count( $this->getTitle()->getUserPermissionsErrors( 'edit', $this->getUser() ) ); } /** @@ -386,7 +382,7 @@ abstract class Skin extends ContextSource { // Per-user custom styles if ( $wgAllowUserCss ) { - if ( $this->getTitle()->isCssSubpage() && $this->userCanPreview( $this->getRequest()->getVal( 'action' ) ) ) { + if ( $this->getTitle()->isCssSubpage() && $this->userCanPreview() ) { // @todo FIXME: Properly escape the cdata! $out->addInlineStyle( $this->getRequest()->getText( 'wpTextbox1' ) ); } else { diff --git a/includes/SkinTemplate.php b/includes/SkinTemplate.php index 7579f09e09..4b7def172a 100644 --- a/includes/SkinTemplate.php +++ b/includes/SkinTemplate.php @@ -1296,10 +1296,8 @@ class SkinTemplate extends Skin { global $wgRequest, $wgJsMimeType; wfProfileIn( __METHOD__ ); - $action = $wgRequest->getVal( 'action', 'view' ); - if( $allowUserJs && $this->loggedin ) { - if( $this->getTitle()->isJsSubpage() and $this->userCanPreview( $action ) ) { + if( $this->getTitle()->isJsSubpage() and $this->userCanPreview() ) { # XXX: additional security check/prompt? $this->userjsprev = '/*getText( 'wpTextbox1' ) . ' /*]]>*/'; } else { diff --git a/includes/Title.php b/includes/Title.php index fc80861524..a774404f28 100644 --- a/includes/Title.php +++ b/includes/Title.php @@ -1400,8 +1400,6 @@ class Title { private function checkCSSandJSPermissions( $action, $user, $errors, $doExpensiveQueries, $short ) { # Protect css/js subpages of user pages # XXX: this might be better using restrictions - # XXX: Find a way to work around the php bug that prevents using $this->userCanEditCssSubpage() - # and $this->userCanEditJsSubpage() from working # XXX: right 'editusercssjs' is deprecated, for backward compatibility only if ( $action != 'patrol' && !$user->isAllowed( 'editusercssjs' ) && !preg_match( '/^' . preg_quote( $user->getName(), '/' ) . '\//', $this->mTextform ) ) { @@ -2006,11 +2004,12 @@ class Title { * Protect css subpages of user pages: can $wgUser edit * this page? * + * @deprecated in 1.19; will be removed in 1.20. Use getUserPermissionsErrors() instead. * @return Bool - * @todo XXX: this might be better using restrictions */ public function userCanEditCssSubpage() { global $wgUser; + wfDeprecated( __METHOD__ ); return ( ( $wgUser->isAllowedAll( 'editusercssjs', 'editusercss' ) ) || preg_match( '/^' . preg_quote( $wgUser->getName(), '/' ) . '\//', $this->mTextform ) ); } @@ -2019,11 +2018,12 @@ class Title { * Protect js subpages of user pages: can $wgUser edit * this page? * + * @deprecated in 1.19; will be removed in 1.20. Use getUserPermissionsErrors() instead. * @return Bool - * @todo XXX: this might be better using restrictions */ public function userCanEditJsSubpage() { global $wgUser; + wfDeprecated( __METHOD__ ); return ( ( $wgUser->isAllowedAll( 'editusercssjs', 'edituserjs' ) ) || preg_match( '/^' . preg_quote( $wgUser->getName(), '/' ) . '\//', $this->mTextform ) ); } -- 2.20.1