From: Brion Vibber <brion@users.mediawiki.org>
Date: Tue, 11 May 2004 09:47:41 +0000 (+0000)
Subject: Whitelist and diff fixes:
X-Git-Tag: 1.3.0beta1~90
X-Git-Url: http://git.cyclocoop.org/?a=commitdiff_plain;h=34ceac3add7ed7e79bd1767316b05cbb6922f892;p=lhc%2Fweb%2Fwiklou.git

Whitelist and diff fixes:
* Enforce whitelist on oldid and diff specifiers (bug 950911)
* Show the titles given for oldid and diff if they differ (UI change related to bug 622636)
* Use canonical text form in $wgWhitelistRead
---

diff --git a/includes/Article.php b/includes/Article.php
index 5d493bff39..0ac58b9eef 100644
--- a/includes/Article.php
+++ b/includes/Article.php
@@ -219,12 +219,20 @@ class Article {
 			$this->mTitle->mRestrictionsLoaded = true;
 			wfFreeResult( $res );
 		} else { # oldid set, retrieve historical version
-			$sql = "SELECT old_text,old_timestamp,old_user,old_flags FROM old " .
+			$sql = "SELECT old_namespace,old_title,old_text,old_timestamp,old_user,old_flags FROM old " .
 			  "WHERE old_id={$oldid}";
 			$res = wfQuery( $sql, DB_READ, $fname );
-			if ( 0 == wfNumRows( $res ) ) { return; }
+			if ( 0 == wfNumRows( $res ) ) {
+				return;
+			}
 
 			$s = wfFetchObject( $res );
+			if( $this->mTitle->getNamespace() != $s->old_namespace ||
+				$this->mTitle->getDBkey() != $s->old_title ) {
+				$oldTitle = Title::makeTitle( $s->old_namesapce, $s->old_title );
+				$this->mTitle = $oldTitle;
+				$wgTitle = $oldTitle;
+			}
 			$this->mContent = Article::getRevisionText( $s );
 			$this->mUser = $s->old_user;
 			$this->mCounter = 0;
@@ -484,6 +492,14 @@ class Article {
 		}
 
 		$text = $this->getContent( false ); # May change mTitle by following a redirect
+		
+		# Another whitelist check in case oldid or redirects are altering the title
+		if ( !$this->mTitle->userCanRead() ) {
+			$wgOut->loginToUse();
+			$wgOut->output();
+			exit;
+		}
+		
 		$wgOut->setPageTitle( $this->mTitle->getPrefixedText() );
 
 		# We're looking at an old revision
diff --git a/includes/DifferenceEngine.php b/includes/DifferenceEngine.php
index c576af1583..4ba5b7713d 100644
--- a/includes/DifferenceEngine.php
+++ b/includes/DifferenceEngine.php
@@ -7,6 +7,7 @@ class DifferenceEngine {
 	/* private */ var $mOldtext, $mNewtext;
 	/* private */ var $mOldUser, $mNewUser;
 	/* private */ var $mOldComment, $mNewComment;
+	/* private */ var $mOldPage, $mNewPage;
 	
 	function DifferenceEngine( $old, $new )
 	{
@@ -29,9 +30,23 @@ class DifferenceEngine {
 			return;
 		}
 		$wgOut->suppressQuickbar();
+		
+		$oldTitle = $this->mOldPage->getPrefixedText();
+		$newTitle = $this->mNewPage->getPrefixedText();
+		if( $oldTitle == $newTitle ) {
+			$wgOut->setPageTitle( $newTitle );
+		} else {
+			$wgOut->setPageTitle( $oldTitle . ", " . $newTitle );
+		}
 		$wgOut->setSubtitle( wfMsg( "difference" ) );
 		$wgOut->setRobotpolicy( "noindex,follow" );
 		
+		if ( !( $this->mOldPage->userCanRead() && $this->mNewPage->userCanRead() ) ) {
+			$wgOut->loginToUse();
+			$wgOut->output();
+			exit;
+		}
+
 		$sk = $wgUser->getSkin();
 		$talk = $wgLang->getNsText( NS_TALK );
 		$contribs = wfMsg( "contribslink" );
@@ -110,11 +125,12 @@ cellpadding='0' cellspacing='4px' class='diff'><tr>
 			if ( 0 == wfNumRows( $res ) ) { return false; }
 
 			$s = wfFetchObject( $res );
+			$this->mNewPage = &$wgTitle;
 			$this->mNewtext = $s->cur_text;
 			$this->mNewUser = $s->cur_user_text;
 			$this->mNewComment = $s->cur_comment;
 		} else {
-			$sql = "SELECT old_timestamp,old_text,old_flags,old_user_text,old_comment FROM old WHERE " .
+			$sql = "SELECT old_namespace,old_title,old_timestamp,old_text,old_flags,old_user_text,old_comment FROM old WHERE " .
 			  "old_id={$this->mNewid}";
 
 			$res = wfQuery( $sql, DB_READ, $fname );
@@ -124,25 +140,27 @@ cellpadding='0' cellspacing='4px' class='diff'><tr>
 			$this->mNewtext = Article::getRevisionText( $s );
 
 			$t = $wgLang->timeanddate( $s->old_timestamp, true );
+			$this->mNewPage = Title::MakeTitle( $s->old_namespace, $s->old_title );
 			$this->mNewtitle = wfMsg( "revisionasof", $t );
 			$this->mNewUser = $s->old_user_text;
 			$this->mNewComment = $s->old_comment;
 		}
 		if ( 0 == $this->mOldid ) {
-			$sql = "SELECT old_timestamp,old_text,old_flags,old_user_text,old_comment " .
+			$sql = "SELECT old_namespace,old_title,old_timestamp,old_text,old_flags,old_user_text,old_comment " .
 			  "FROM old USE INDEX (name_title_timestamp) WHERE " .
-			  "old_namespace=" . $wgTitle->getNamespace() . " AND " .
-			  "old_title='" . wfStrencode( $wgTitle->getDBkey() ) .
+			  "old_namespace=" . $this->mNewPage->getNamespace() . " AND " .
+			  "old_title='" . wfStrencode( $this->mNewPage->getDBkey() ) .
 			  "' ORDER BY inverse_timestamp LIMIT 1";
 			$res = wfQuery( $sql, DB_READ, $fname );
 		} else {
-			$sql = "SELECT old_timestamp,old_text,old_flags,old_user_text,old_comment FROM old WHERE " .
+			$sql = "SELECT old_namespace,old_title,old_timestamp,old_text,old_flags,old_user_text,old_comment FROM old WHERE " .
 			  "old_id={$this->mOldid}";
 			$res = wfQuery( $sql, DB_READ, $fname );
 		}
 		if ( 0 == wfNumRows( $res ) ) { return false; }
 
 		$s = wfFetchObject( $res );
+		$this->mOldPage = Title::MakeTitle( $s->old_namespace, $s->old_title );
 		$this->mOldtext = Article::getRevisionText( $s );
 
 		$t = $wgLang->timeanddate( $s->old_timestamp, true );
diff --git a/includes/Title.php b/includes/Title.php
index 7f1c63d8a4..255cc157bc 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -508,7 +508,24 @@ class Title {
 		}
 		return true;
 	}
-
+	
+	function userCanRead() {
+		global $wgUser;
+		global $wgWhitelistRead;
+		
+		if( 0 != $wgUser->getID() ) return true;
+		if( !is_array( $wgWhitelistRead ) ) return true;
+		
+		$name = $this->getPrefixedText();
+		if( in_array( $name, $wgWhitelistRead ) ) return true;
+		
+		# Compatibility with old settings
+		if( $this->getNamespace() == NS_ARTICLE ) {
+			if( in_array( ":" . $name, $wgWhitelistRead ) ) return true;
+		}
+		return false;
+	}
+	
 	function isCssJsSubpage() {
 		return ( Namespace::getUser() == $this->mNamespace and preg_match("/\\.(css|js)$/", $this->mTextform ) );
 	}
@@ -1122,5 +1139,6 @@ class Title {
 		Article::onArticleCreate( $this );
 		return true;
 	}
+	
 }
 ?>
diff --git a/index.php b/index.php
index eb59c3d5d2..5cea9833d0 100644
--- a/index.php
+++ b/index.php
@@ -46,14 +46,13 @@ if ( "" == $title && "delete" != $action ) {
 }
 wfProfileOut( "main-misc-setup" );
 
-# If the user is not logged in, the Namespace:title of the article must be in the Read array in
-#  order for the user to see it.
-if ( !$wgUser->getID() && is_array( $wgWhitelistRead ) && $wgTitle) {
-	if ( !in_array( $wgLang->getNsText( $wgTitle->getNamespace() ) . ":" . $wgTitle->getDBkey(), $wgWhitelistRead ) ) {
-		$wgOut->loginToUse();
-		$wgOut->output();
-		exit;
-	}
+# If the user is not logged in, the Namespace:title of the article must be in
+# the Read array in order for the user to see it. (We have to check here to
+# catch special pages etc. We check again in Article::view())
+if ( !$wgTitle->userCanRead() ) {
+	$wgOut->loginToUse();
+	$wgOut->output();
+	exit;
 }
 
 if ( $search = $wgRequest->getText( 'search' ) ) {