From 03d743a250ecf56e0d31d5c25fd42cb27a6165ae Mon Sep 17 00:00:00 2001
From: Aaron Schulz <aaron@users.mediawiki.org>
Date: Sat, 24 May 2008 23:56:07 +0000
Subject: [PATCH] Extra sanity check

---
 includes/Article.php        | 5 +++--
 includes/FileDeleteForm.php | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/includes/Article.php b/includes/Article.php
index 0cda45638f..2099d4d287 100644
--- a/includes/Article.php
+++ b/includes/Article.php
@@ -2019,7 +2019,8 @@ class Article {
 			$reason = $this->DeleteReason;
 		}
 		# Flag to hide all contents of the archived revisions
-		$suppress = $wgRequest->getVal( 'wpSuppress' ) && $wgUser->isAllowed('hiderevision');
+		$suppress = $wgRequest->getVal( 'wpSuppress' ) && $wgUser->isAllowed('deleterevision') 
+			&& $wgUser->isAllowed('hiderevision');
 
 		# This code desperately needs to be totally rewritten
 
@@ -2170,7 +2171,7 @@ class Article {
 		$wgOut->setRobotpolicy( 'noindex,nofollow' );
 		$wgOut->addWikiMsg( 'confirmdeletetext' );
 
-		if( $wgUser->isAllowed( 'hiderevision' ) ) {
+		if( $wgUser->isAllowed( 'deleterevision' ) && $wgUser->isAllowed( 'hiderevision' ) ) {
 			$suppress = "<tr id=\"wpDeleteSuppressRow\" name=\"wpDeleteSuppressRow\"><td></td><td>";
 			$suppress .= Xml::checkLabel( wfMsg( 'revdelete-suppress' ), 'wpSuppress', 'wpSuppress', false, array( 'tabindex' => '2' ) );
 			$suppress .= "</td></tr>";
diff --git a/includes/FileDeleteForm.php b/includes/FileDeleteForm.php
index 3e194b76de..2debd4cc46 100644
--- a/includes/FileDeleteForm.php
+++ b/includes/FileDeleteForm.php
@@ -45,7 +45,8 @@ class FileDeleteForm {
 		$this->oldimage = $wgRequest->getText( 'oldimage', false );
 		$token = $wgRequest->getText( 'wpEditToken' );
 		# Flag to hide all contents of the archived revisions
-		$suppress = $wgRequest->getVal( 'wpSuppress' ) && $wgUser->isAllowed('hiderevision');
+		$suppress = $wgRequest->getVal( 'wpSuppress' ) && $wgUser->isAllowed('deleterevision') 
+			&& $wgUser->isAllowed('hiderevision');
 
 		if( $this->oldimage && !self::isValidOldSpec($this->oldimage) ) {
 			$wgOut->showUnexpectedValueError( 'oldimage', htmlspecialchars( $this->oldimage ) );
@@ -126,7 +127,7 @@ class FileDeleteForm {
 		global $wgOut, $wgUser, $wgRequest, $wgContLang;
 		$align = $wgContLang->isRtl() ? 'left' : 'right';
 
-		if( $wgUser->isAllowed( 'hiderevision' ) ) {
+		if( $wgUser->isAllowed( 'deleterevision' ) && $wgUser->isAllowed( 'hiderevision' ) ) {
 			$suppress = "<tr id=\"wpDeleteSuppressRow\" name=\"wpDeleteSuppressRow\"><td></td><td>";
 			$suppress .= Xml::checkLabel( wfMsg( 'revdelete-suppress' ), 'wpSuppress', 'wpSuppress', false, array( 'tabindex' => '2' ) );
 			$suppress .= "</td></tr>";
-- 
2.20.1