// Impose module restrictions.
// If the current user cannot read,
- // Remove all modules other than login & help
- global $wgUser, $wgWhitelistRead;
+ // Remove all modules other than login
+ global $wgUser;
if (!$wgUser->isAllowed('read')) {
self::$Modules = array(
'login' => self::$Modules['login'],
// Store Title object in various data structures
$title = Title :: makeTitle($row->page_namespace, $row->page_title);
- // skip any pages that user has no rights to read
- if ($title->userCanRead()) {
-
- $pageId = intval($row->page_id);
- $this->mAllPages[$row->page_namespace][$row->page_title] = $pageId;
- $this->mTitles[] = $title;
-
- if ($this->mResolveRedirects && $row->page_is_redirect == '1') {
- $this->mPendingRedirectIDs[$pageId] = $title;
- } else {
- $this->mGoodTitles[$pageId] = $title;
- }
-
- foreach ($this->mRequestedPageFields as $fieldName => & $fieldValues)
- $fieldValues[$pageId] = $row-> $fieldName;
+ $pageId = intval($row->page_id);
+ $this->mAllPages[$row->page_namespace][$row->page_title] = $pageId;
+ $this->mTitles[] = $title;
+
+ if ($this->mResolveRedirects && $row->page_is_redirect == '1') {
+ $this->mPendingRedirectIDs[$pageId] = $title;
+ } else {
+ $this->mGoodTitles[$pageId] = $title;
}
+
+ foreach ($this->mRequestedPageFields as $fieldName => & $fieldValues)
+ $fieldValues[$pageId] = $row-> $fieldName;
}
public function finishPageSetGeneration() {
// Validation
if ($titleObj->getNamespace() < 0)
$this->dieUsage("No support for special page $titleString has been implemented", 'unsupportednamespace');
- if (!$titleObj->userCanRead())
- $this->dieUsage("No read permission for $titleString", 'titleaccessdenied');
$linkBatch->addObj($titleObj);
}
// Report any missing titles
foreach ($pageSet->getMissingTitles() as $fakeId => $title) {
$vals = array();
- ApiQueryBase :: addTitleInfo($vals, $title, true);
+ ApiQueryBase :: addTitleInfo($vals, $title);
$vals['missing'] = '';
$pages[$fakeId] = $vals;
}
foreach ($pageSet->getGoodTitles() as $pageid => $title) {
$vals = array();
$vals['pageid'] = $pageid;
- ApiQueryBase :: addTitleInfo($vals, $title, true);
+ ApiQueryBase :: addTitleInfo($vals, $title);
$pages[$pageid] = $vals;
}
}
if (is_null($resultPageSet)) {
- $title = Title :: makeTitle($row->pl_namespace, $row->pl_title);
- if ($title->userCanRead()) {
- $vals = array();
- if ($fld_ids)
- $vals['fromid'] = intval($row->pl_from);
- if ($fld_title) {
- $vals['ns'] = intval($title->getNamespace());
- $vals['title'] = $title->getPrefixedText();
- }
- $data[] = $vals;
+ $vals = array();
+ if ($fld_ids)
+ $vals['fromid'] = intval($row->pl_from);
+ if ($fld_title) {
+ $title = Title :: makeTitle($row->pl_namespace, $row->pl_title);
+ $vals['ns'] = intval($title->getNamespace());
+ $vals['title'] = $title->getPrefixedText();
}
+ $data[] = $vals;
} else {
$pageids[] = $row->pl_from;
}
if (is_null($resultPageSet)) {
$title = Title :: makeTitle($row->page_namespace, $row->page_title);
- if ($title->userCanRead()) {
- $data[] = array(
- 'pageid' => intval($row->page_id),
- 'ns' => intval($title->getNamespace()),
- 'title' => $title->getPrefixedText());
- }
+ $data[] = array(
+ 'pageid' => intval($row->page_id),
+ 'ns' => intval($title->getNamespace()),
+ 'title' => $title->getPrefixedText());
} else {
$resultPageSet->processDbRow($row);
}
private function extractRowInfo($row) {
- $title = Title :: makeTitle($row->page_namespace, $row->page_title);
- if (!$title->userCanRead())
- return false;
-
$vals = array();
$vals['pageid'] = intval($row->page_id);
- ApiQueryBase :: addTitleInfo($vals, $title);
+ ApiQueryBase :: addTitleInfo($vals, Title :: makeTitle($row->page_namespace, $row->page_title));
return $vals;
}
$rootNs = intval($continueList[0]);
if (($rootNs !== 0 || $continueList[0] === '0') && !empty ($continueList[1])) {
$this->rootTitle = Title :: makeTitleSafe($rootNs, $continueList[1]);
- if ($this->rootTitle && $this->rootTitle->userCanRead()) {
+ if ($this->rootTitle) {
$step = intval($continueList[2]);
if ($step === 1 || $step === 2) {
$rootNs = intval($continueList[0]);
if (($rootNs !== 0 || $continueList[0] === '0') && !empty ($continueList[1])) {
$this->rootTitle = Title :: makeTitleSafe($rootNs, $continueList[1]);
- if ($this->rootTitle && $this->rootTitle->userCanRead()) {
+ if ($this->rootTitle) {
$contID = intval($continueList[2]);
if ($contID !== 0) {
return $res;
}
- public static function addTitleInfo(&$arr, $title, $includeRestricted=false, $prefix='') {
- if ($includeRestricted || $title->userCanRead()) {
- $arr[$prefix . 'ns'] = intval($title->getNamespace());
- $arr[$prefix . 'title'] = $title->getPrefixedText();
- }
- if (!$title->userCanRead())
- $arr[$prefix . 'inaccessible'] = "";
+ public static function addTitleInfo(&$arr, $title, $prefix='') {
+ $arr[$prefix . 'ns'] = intval($title->getNamespace());
+ $arr[$prefix . 'title'] = $title->getPrefixedText();
}
/**
}
$title = Title :: makeTitle(NS_CATEGORY, $row->cl_to);
- // do not check userCanRead() -- page content is already accessible,
- // and category is listed there.
$vals = array();
- ApiQueryBase :: addTitleInfo($vals, $title, true);
+ ApiQueryBase :: addTitleInfo($vals, $title);
if ($fld_sortkey)
$vals['sortkey'] = $row->cl_sortkey;
$titles = array();
while ($row = $db->fetchObject($res)) {
- $title = Title :: makeTitle(NS_CATEGORY, $row->cl_to);
- if($title->userCanRead())
- $titles[] = $title;
+ $titles[] = Title :: makeTitle(NS_CATEGORY, $row->cl_to);
}
$resultPageSet->populateFromTitles($titles);
}
$lastSortKey = $row->cl_sortkey; // detect duplicate sortkeys
if (is_null($resultPageSet)) {
- $title = Title :: makeTitle($row->page_namespace, $row->page_title);
- if ($title->userCanRead()) {
- $vals = array();
- if ($fld_ids)
- $vals['pageid'] = intval($row->page_id);
- if ($fld_title) {
- $vals['ns'] = intval($title->getNamespace());
- $vals['title'] = $title->getPrefixedText();
- }
- if ($fld_sortkey)
- $vals['sortkey'] = $row->cl_sortkey;
- $data[] = $vals;
+ $vals = array();
+ if ($fld_ids)
+ $vals['pageid'] = intval($row->page_id);
+ if ($fld_title) {
+ $title = Title :: makeTitle($row->page_namespace, $row->page_title);
+ $vals['ns'] = intval($title->getNamespace());
+ $vals['title'] = $title->getPrefixedText();
}
+ if ($fld_sortkey)
+ $vals['sortkey'] = $row->cl_sortkey;
+ $data[] = $vals;
} else {
$resultPageSet->processDbRow($row);
}
}
if (is_null($resultPageSet)) {
- $title = Title :: makeTitle($row->page_namespace, $row->page_title);
- if ($title->userCanRead()) {
- $vals = array();
- if ($fld_ids)
- $vals['pageid'] = intval($row->page_id);
- if ($fld_title) {
- $vals['ns'] = intval($title->getNamespace());
- $vals['title'] = $title->getPrefixedText();
- }
- if ($fld_url)
- $vals['url'] = $row->el_to;
- $data[] = $vals;
+ $vals = array();
+ if ($fld_ids)
+ $vals['pageid'] = intval($row->page_id);
+ if ($fld_title) {
+ $title = Title :: makeTitle($row->page_namespace, $row->page_title);
+ $vals['ns'] = intval($title->getNamespace());
+ $vals['title'] = $title->getPrefixedText();
}
+ if ($fld_url)
+ $vals['url'] = $row->el_to;
+ $data[] = $vals;
} else {
$resultPageSet->processDbRow($row);
}
}
public function getVersion() {
- return __CLASS__ . ': $Id:$';
+ return __CLASS__ . ': $Id$';
}
}
?>
$lastId = $row->il_from;
}
- $title = Title :: makeTitle(NS_IMAGE, $row->il_to);
- // do not check userCanRead() -- page content is already accessible,
- // and images are listed there.
-
$vals = array();
- ApiQueryBase :: addTitleInfo($vals, $title, true);
+ ApiQueryBase :: addTitleInfo($vals, Title :: makeTitle(NS_IMAGE, $row->il_to));
$data[] = $vals;
}
$lastId = $row->pl_from;
}
- $title = Title :: makeTitle($row->pl_namespace, $row->pl_title);
$vals = array();
- ApiQueryBase :: addTitleInfo($vals, $title, true);
+ ApiQueryBase :: addTitleInfo($vals, Title :: makeTitle($row->pl_namespace, $row->pl_title));
$data[] = $vals;
}
$titles = array();
while ($row = $db->fetchObject($res)) {
- $title = Title :: makeTitle($row->pl_namespace, $row->pl_title);
- if($title->userCanRead())
- $titles[] = $title;
+ $titles[] = Title :: makeTitle($row->pl_namespace, $row->pl_title);
}
$resultPageSet->populateFromTitles($titles);
}
}
private function extractRowInfo($row) {
- $title = Title :: makeTitle($row->log_namespace, $row->log_title);
- if (!$title->userCanRead())
- return false;
-
$vals = array();
$vals['pageid'] = intval($row->page_id);
+ $title = Title :: makeTitle($row->log_namespace, $row->log_title);
ApiQueryBase :: addTitleInfo($vals, $title);
$vals['type'] = $row->log_type;
$vals['action'] = $row->log_action;
if (isset ($params[0])) {
$title = Title :: newFromText($params[0]);
if ($title) {
- ApiQueryBase :: addTitleInfo($vals, $title, false, "new_");
+ ApiQueryBase :: addTitleInfo($vals, $title, "new_");
$params = null;
}
}
$result->addValue('query', $this->getModuleName(), $data);
}
- /**
- * Security overview: As implemented, any change to a restricted page (userCanRead() == false)
- * is hidden from the client, except when a page is being moved to a non-restricted name,
- * or when a non-restricted becomes restricted. When shown, all other fields are shown as well.
- */
private function extractRowInfo($row) {
- $title = Title :: makeTitle($row->rc_namespace, $row->rc_title);
$movedToTitle = false;
if (!empty($row->rc_moved_to_title))
$movedToTitle = Title :: makeTitle($row->rc_moved_to_ns, $row->rc_moved_to_title);
- // If either this is an edit of a restricted page,
- // or a move where both to and from names are restricted, skip
- if (!$title->userCanRead() && (!$movedToTitle ||
- ($movedToTitle && !$movedToTitle->userCanRead())))
- return false;
-
+ $title = Title :: makeTitle($row->rc_namespace, $row->rc_title);
$vals = array ();
$vals['type'] = intval($row->rc_type);
if ($this->fld_title) {
ApiQueryBase :: addTitleInfo($vals, $title);
if ($movedToTitle)
- ApiQueryBase :: addTitleInfo($vals, $movedToTitle, false, "new_");
+ ApiQueryBase :: addTitleInfo($vals, $movedToTitle, "new_");
}
if ($this->fld_ids) {
$this->fld_user = true;
}
if (isset ($prop['content'])) {
+
+ // For each page we will request, the user must have read rights for that page
+ foreach ($pageSet->getGoodTitles() as $title) {
+ if( !$title->userCanRead() )
+ $this->dieUsage(
+ 'The current user is not allowed to read ' . $title->getPrefixedText(),
+ 'accessdenied');
+ }
+
$this->addTables('text');
$this->addWhere('rev_text_id=old_id');
$this->addFields('old_id');
// There is only one ID, use it
$this->addWhereFld('rev_page', current(array_keys($pageSet->getGoodTitles())));
-
+
if(!is_null($user)) {
$this->addWhereFld('rev_user_text', $user);
} elseif (!is_null( $excludeuser)) {
*/
private function extractRowInfo($row) {
- $title = Title :: makeTitle($row->page_namespace, $row->page_title);
- if (!$title->userCanRead())
- return false;
-
$vals = array();
if ($this->fld_ids) {
}
if ($this->fld_title)
- ApiQueryBase :: addTitleInfo($vals, $title);
+ ApiQueryBase :: addTitleInfo($vals,
+ Title :: makeTitle($row->page_namespace, $row->page_title));
if ($this->fld_timestamp)
$vals['timestamp'] = wfTimestamp(TS_ISO_8601, $row->rev_timestamp);
if ($vals)
$data[] = $vals;
} else {
- $title = Title :: makeTitle($row->rc_namespace, $row->rc_title);
- // skip any pages that user has no rights to read
- if ($title->userCanRead()) {
- if ($allrev) {
- $data[] = intval($row->rc_this_oldid);
- } else {
- $data[] = intval($row->rc_cur_id);
- }
+ if ($allrev) {
+ $data[] = intval($row->rc_this_oldid);
+ } else {
+ $data[] = intval($row->rc_cur_id);
}
}
}
private function extractRowInfo($row) {
- $title = Title :: makeTitle($row->rc_namespace, $row->rc_title);
- if (!$title->userCanRead())
- return false;
-
$vals = array ();
if ($this->fld_ids) {
}
if ($this->fld_title)
- ApiQueryBase :: addTitleInfo($vals, $title);
+ ApiQueryBase :: addTitleInfo($vals, Title :: makeTitle($row->rc_namespace, $row->rc_title));
if ($this->fld_user) {
$vals['user'] = $row->rc_user_text;