From 78d8e3a50ad2046c843bee9abfb06509d4d2786c Mon Sep 17 00:00:00 2001 From: Roan Kattouw Date: Fri, 10 Dec 2010 11:33:51 +0000 Subject: [PATCH] Followup r78117: information was still leaked through the caption of the Edit tab (which is "Create" for nonexistent pages) for users who had edit but not read rights. This may seem like a ridiculous case, but since we automatically disallow edit if you can't read, it's easy to forget to disallow editing as well as reading. Fixed this by not showing the edit tab at all if the user can't read (which makes sense since it's also hidden if the user is explicitly forbidden from editing). --- includes/SkinTemplate.php | 2 +- skins/Vector.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/includes/SkinTemplate.php b/includes/SkinTemplate.php index 7821a58a00..6ec0d2082c 100644 --- a/includes/SkinTemplate.php +++ b/includes/SkinTemplate.php @@ -754,7 +754,7 @@ class SkinTemplate extends Skin { ); wfProfileIn( __METHOD__ . '-edit' ); - if ( $this->mTitle->quickUserCan( 'edit' ) && ( $this->mTitle->exists() || $this->mTitle->quickUserCan( 'create' ) ) ) { + if ( $userCanRead && $this->mTitle->quickUserCan( 'edit' ) && ( $this->mTitle->exists() || $this->mTitle->quickUserCan( 'create' ) ) ) { $istalk = $this->mTitle->isTalkPage(); $istalkclass = $istalk?' istalk':''; $content_actions['edit'] = array( diff --git a/skins/Vector.php b/skins/Vector.php index 27fb9e858f..77acefe2c9 100644 --- a/skins/Vector.php +++ b/skins/Vector.php @@ -115,8 +115,8 @@ class SkinVector extends SkinTemplate { // Checks if user can... if ( - // edit the current page - $this->mTitle->quickUserCan( 'edit' ) && + // read and edit the current page + $userCanRead && $this->mTitle->quickUserCan( 'edit' ) && ( // if it exists $this->mTitle->exists() || -- 2.20.1