in it's fallback chain when trying to work out where to write the cache.
* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion
syntax's link parameter.
+* (T108138) SECURITY: Sysops can undelete pages, although the page is protected against
+ it.
=== Action API changes in 1.29 ===
* Submitting sensitive authentication request parameters to action=login,
) {
$errors[] = [ 'delete-toobig', $wgLang->formatNum( $wgDeleteRevisionsLimit ) ];
}
+ } elseif ( $action === 'undelete' ) {
+ if ( count( $this->getUserPermissionsErrorsInternal( 'edit', $user, $rigor, true ) ) ) {
+ // Undeleting implies editing
+ $errors[] = [ 'undelete-cantedit' ];
+ }
+ if ( !$this->exists()
+ && count( $this->getUserPermissionsErrorsInternal( 'create', $user, $rigor, true ) )
+ ) {
+ // Undeleting where nothing currently exists implies creating
+ $errors[] = [ 'undelete-cantcreate' ];
+ }
}
return $errors;
}
$this->useTransactionalTimeLimit();
$params = $this->extractRequestParams();
- $this->checkUserRightsAny( 'undelete' );
$user = $this->getUser();
if ( $user->isBlocked() ) {
$this->dieWithError( [ 'apierror-invalidtitle', wfEscapeWikiText( $params['title'] ) ] );
}
+ if ( !$titleObj->userCan( 'undelete', $user, 'secure' ) ) {
+ $this->dieWithError( 'permdenied-undelete' );
+ }
+
// Check if user can add tags
if ( !is_null( $params['tags'] ) ) {
$ableToTag = ChangeTags::canAddTagsAccompanyingChange( $params['tags'], $user );
"rawhtml-notallowed": "<html> tags cannot be used outside of normal pages.",
"gotointerwiki": "Leaving {{SITENAME}}",
"gotointerwiki-invalid": "The specified title was invalid.",
- "gotointerwiki-external": "You are about to leave {{SITENAME}} to visit [[$2]] which is a separate website.\n\n[$1 Click here to continue on to $1]."
+ "gotointerwiki-external": "You are about to leave {{SITENAME}} to visit [[$2]] which is a separate website.\n\n[$1 Click here to continue on to $1].",
+ "undelete-cantedit": "You cannot undelete this page as you are not allowed to edit this page.",
+ "undelete-cantcreate": "You cannot undelete this page as there is no existing page with this name and you are not allowed to create this page."
}
"rawhtml-notallowed": "Error message given when $wgRawHtml = true; is set and a user uses an <html> tag in a system message or somewhere other than a normal page.",
"gotointerwiki": "{{doc-special|GoToInterwiki}}\n\nSpecial:GoToInterwiki is a warning page displayed before redirecting users to external interwiki links. Its triggered by people going to something like [[Special:Search/google:foo]].",
"gotointerwiki-invalid": "Message shown on Special:GoToInterwiki if given an invalid title.",
- "gotointerwiki-external": "Message shown on Special:GoToInterwiki if given a external interwiki link (e.g. [[Special:GoToInterwiki/Google:Foo]]). $1 is the full url the user is trying to get to. $2 is the text of the interwiki link (e.g. \"Google:foo\")."
+ "gotointerwiki-external": "Message shown on Special:GoToInterwiki if given a external interwiki link (e.g. [[Special:GoToInterwiki/Google:Foo]]). $1 is the full url the user is trying to get to. $2 is the text of the interwiki link (e.g. \"Google:foo\").",
+ "undelete-cantedit": "Shown if the user tries to undelete a page that they cannot edit",
+ "undelete-cantcreate": "Shown if the user tries to undelete a page which currently does not exist, and they are not allowed to create it. This could for example happen on a wiki with custom protection levels where the page name has been create-protected and the user has the right to undelete but not the right to edit protected pages."
}