dépôts
/
lhc
/
web
/
wiklou.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
SECURITY: Add permission check for suppressed account
[lhc/web/wiklou.git]
/
includes
/
specials
/
SpecialRedirect.php
diff --git
a/includes/specials/SpecialRedirect.php
b/includes/specials/SpecialRedirect.php
index
49f1b3c
..
50867dd
100644
(file)
--- a/
includes/specials/SpecialRedirect.php
+++ b/
includes/specials/SpecialRedirect.php
@@
-21,6
+21,8
@@
* @ingroup SpecialPage
*/
* @ingroup SpecialPage
*/
+use MediaWiki\MediaWikiServices;
+
/**
* A special page that redirects to: the user for a numeric user id,
* the file for a given filename, or the page for a given revision id.
/**
* A special page that redirects to: the user for a numeric user id,
* the file for a given filename, or the page for a given revision id.
@@
-81,6
+83,11
@@
class SpecialRedirect extends FormSpecialPage {
// Message: redirect-not-exists
return Status::newFatal( $this->getMessagePrefix() . '-not-exists' );
}
// Message: redirect-not-exists
return Status::newFatal( $this->getMessagePrefix() . '-not-exists' );
}
+ if ( $user->isHidden() && !MediaWikiServices::getInstance()->getPermissionManager()
+ ->userHasRight( $this->getUser(), 'hideuser' )
+ ) {
+ throw new PermissionsError( null, [ 'badaccess-group0' ] );
+ }
$userpage = Title::makeTitle( NS_USER, $username );
return Status::newGood( $userpage->getFullURL( '', false, PROTO_CURRENT ) );
$userpage = Title::makeTitle( NS_USER, $username );
return Status::newGood( $userpage->getFullURL( '', false, PROTO_CURRENT ) );
@@
-101,7
+108,7
@@
class SpecialRedirect extends FormSpecialPage {
} catch ( MalformedTitleException $e ) {
return Status::newFatal( $e->getMessageObject() );
}
} catch ( MalformedTitleException $e ) {
return Status::newFatal( $e->getMessageObject() );
}
- $file =
wfF
indFile( $title );
+ $file =
MediaWikiServices::getInstance()->getRepoGroup()->f
indFile( $title );
if ( !$file || !$file->exists() ) {
// Message: redirect-not-exists
if ( !$file || !$file->exists() ) {
// Message: redirect-not-exists