(bug 38082) Check read permissions in ApiFeedContribs

Before showing the contents of a title in the generated feed, check
that the calling user has permissions to read the specific title.

Change-Id: Iba16a5489d80cd4f0958ad6bbcf2e1a948e97f93

diff --git a/includes/api/ApiFeedContributions.php b/includes/api/ApiFeedContributions.php
index a11563b..f2a7748 100644 (file)
--- a/includes/api/ApiFeedContributions.php
+++ b/includes/api/ApiFeedContributions.php
@@ -93,7 +93,7 @@ class ApiFeedContributions extends ApiBase {
 
        protected function feedItem( $row ) {
                $title = Title::makeTitle( intval( $row->page_namespace ), $row->page_title );
-               if ( $title ) {
+               if( $title && $title->userCan( 'read' ) ) {
                        $date = $row->rev_timestamp;
                        $comments = $title->getTalkPage()->getFullURL();
                        $revision = Revision::newFromRow( $row );
@@ -106,9 +106,8 @@ class ApiFeedContributions extends ApiBase {
                                $this->feedItemAuthor( $revision ),
                                $comments
                        );
-               } else {
-                       return null;
                }
+               return null;
        }
 
        /**