From: Rob Church <robchurch@users.mediawiki.org>
Date: Fri, 6 Jan 2006 23:25:26 +0000 (+0000)
Subject: Prevent blocked users from changing page protection levels
X-Git-Tag: 1.6.0~741
X-Git-Url: http://git.cyclocoop.org/%7B%24admin_url%7Dcompta/comptes/journal.php?a=commitdiff_plain;h=868e8a971aa8892062a701c04f5fb86f6fb7eaa6;p=lhc%2Fweb%2Fwiklou.git

Prevent blocked users from changing page protection levels
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 4112e378a9..1b385fb6dc 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -411,7 +411,7 @@ fully support the editing toolbar, but was found to be too confusing.
   which are not of known image types. This is in response to
   http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
 * (bug 4507) Adjust FULLPAGENAMEE escaping to standard form
-* Blocked users can no longer use rollback, or delete/undelete pages
+* Blocked users can no longer roll back, change the protection of, or delete/undelete pages
 
 
 === Caveats ===
diff --git a/includes/ProtectionForm.php b/includes/ProtectionForm.php
index c0c666ade9..b0b31bba18 100644
--- a/includes/ProtectionForm.php
+++ b/includes/ProtectionForm.php
@@ -41,7 +41,7 @@ class ProtectionForm {
 		}
 		
 		// The form will be available in read-only to show levels.
-		$this->disabled = !$wgUser->isAllowed( 'protect' ) || wfReadOnly();
+		$this->disabled = !$wgUser->isAllowed( 'protect' ) || wfReadOnly() || $wgUser->isBlocked();
 		$this->disabledAttrib = $this->disabled
 			? array( 'disabled' => 'disabled' )
 			: array();