X-Git-Url: http://git.cyclocoop.org/%7B%24admin_url%7Dmes_infos.php?a=blobdiff_plain;f=includes%2FTitle.php;h=dd6aaefe24ec5771e88833e273db30ceff71be9d;hb=0697e414854d42f22687c5e191e331ee06dc310c;hp=e45994c0946e44acdcb1ff42d0b0acbee1f20753;hpb=5c68ea56aa61bb745cb6bc4b26b559e36a462f6a;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/Title.php b/includes/Title.php index e45994c094..dd6aaefe24 100644 --- a/includes/Title.php +++ b/includes/Title.php @@ -21,6 +21,9 @@ * * @file */ + +use Wikimedia\Rdbms\Database; +use Wikimedia\Rdbms\IDatabase; use MediaWiki\Linker\LinkTarget; use MediaWiki\Interwiki\InterwikiLookup; use MediaWiki\MediaWikiServices; @@ -1681,6 +1684,33 @@ class Title implements LinkTarget { return $url; } + /** + * Get a url appropriate for making redirects based on an untrusted url arg + * + * This is basically the same as getFullUrl(), but in the case of external + * interwikis, we send the user to a landing page, to prevent possible + * phishing attacks and the like. + * + * @note Uses current protocol by default, since technically relative urls + * aren't allowed in redirects per HTTP spec, so this is not suitable for + * places where the url gets cached, as might pollute between + * https and non-https users. + * @see self::getLocalURL for the arguments. + * @param array|string $query + * @param string $proto Protocol type to use in URL + * @return String. A url suitable to use in an HTTP location header. + */ + public function getFullUrlForRedirect( $query = '', $proto = PROTO_CURRENT ) { + $target = $this; + if ( $this->isExternal() ) { + $target = SpecialPage::getTitleFor( + 'GoToInterwiki', + $this->getPrefixedDBKey() + ); + } + return $target->getFullUrl( $query, false, $proto ); + } + /** * Get a URL with no fragment or server name (relative URL) from a Title object. * If this page is generated with action=render, however, @@ -2122,8 +2152,7 @@ class Title implements LinkTarget { private function checkCSSandJSPermissions( $action, $user, $errors, $rigor, $short ) { # Protect css/js subpages of user pages # XXX: this might be better using restrictions - # XXX: right 'editusercssjs' is deprecated, for backward compatibility only - if ( $action != 'patrol' && !$user->isAllowed( 'editusercssjs' ) ) { + if ( $action != 'patrol' ) { if ( preg_match( '/^' . preg_quote( $user->getName(), '/' ) . '\//', $this->mTextform ) ) { if ( $this->isCssSubpage() && !$user->isAllowedAny( 'editmyusercss', 'editusercss' ) ) { $errors[] = [ 'mycustomcssprotected', $action ]; @@ -2287,6 +2316,17 @@ class Title implements LinkTarget { ) { $errors[] = [ 'delete-toobig', $wgLang->formatNum( $wgDeleteRevisionsLimit ) ]; } + } elseif ( $action === 'undelete' ) { + if ( count( $this->getUserPermissionsErrorsInternal( 'edit', $user, $rigor, true ) ) ) { + // Undeleting implies editing + $errors[] = [ 'undelete-cantedit' ]; + } + if ( !$this->exists() + && count( $this->getUserPermissionsErrorsInternal( 'create', $user, $rigor, true ) ) + ) { + // Undeleting where nothing currently exists implies creating + $errors[] = [ 'undelete-cantcreate' ]; + } } return $errors; } @@ -4028,7 +4068,10 @@ class Title implements LinkTarget { $row = $db->selectRow( 'revision', Revision::selectFields(), [ 'rev_page' => $pageId ], __METHOD__, - [ 'ORDER BY' => 'rev_timestamp ASC', 'LIMIT' => 1 ] + [ + 'ORDER BY' => 'rev_timestamp ASC', + 'IGNORE INDEX' => 'rev_timestamp' + ] ); if ( $row ) { return new Revision( $row ); @@ -4608,7 +4651,7 @@ class Title implements LinkTarget { } /** - * Whether the magic words __INDEX__ and __NOINDEX__ function for this page. + * Whether the magic words __INDEX__ and __NOINDEX__ function for this page. * * @return bool */