From: Brion Vibber Date: Sat, 25 Jun 2005 06:24:46 +0000 (+0000) Subject: * (bug 996) Replace $wgWhitelistEdit with 'edit' permission; fixup UPGRADE documentat... X-Git-Tag: 1.5.0beta1~43 X-Git-Url: http://git.cyclocoop.org/?a=commitdiff_plain;h=a2a28a34c1fc1a7227897db800557c70f08a8872;p=lhc%2Fweb%2Fwiklou.git * (bug 996) Replace $wgWhitelistEdit with 'edit' permission; fixup UPGRADE documentation about edit and read whitelists. Patch by robla: http://bugzilla.wikimedia.org/attachment.cgi?id=645&action=view plus doc fixes --- diff --git a/RELEASE-NOTES b/RELEASE-NOTES index ab0a0f2229..adcdcde1c1 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -332,6 +332,9 @@ Various bugfixes, small features, and a few experimental things: * (bug 2504) Updated the Finnish translation * (bug 2506) Updated the Nynorsk translation * Everything given to setSubtitle() is now parsed for the full wikisyntax +* (bug 996) Replace $wgWhitelistEdit with 'edit' permission; fixup UPGRADE + documentation about edit and read whitelists. + === Caveats === diff --git a/UPGRADE b/UPGRADE index 2c56689232..f0bafb2f5d 100644 --- a/UPGRADE +++ b/UPGRADE @@ -48,9 +48,20 @@ key in $wgGroupPermissions. To emulate the old effect of setting: set: $wgGroupPermissions['*']['createaccount'] = false; -If $wgWhitelistRead is set, things need to be funked around. This needs work. +$wgWhitelistEdit has been replaced by the 'edit' permission key. +To emulate the old effect of setting: + $wgWhitelistEdit = true; +set: + $wgGroupPermissions['*']['edit'] = false; + +If $wgWhitelistRead is set, you must also disable the 'read' permission +for it to take affect on anonymous users: + $wgWhitelistRead = array( "Main Page", "Special:Userlogin" ); + $wgGroupPermissions['*']['read'] = false; -bla bla bla +Note that you can disable/enable several other permissions by modifying +this configuration array in your LocalSettings.php; see DefaultSettings.php +for the complete default permission set. === Web installer === diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 8496ae34c9..402b7d0e12 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -654,7 +654,6 @@ $wgHitcounterUpdateFreq = 1; # It's not 100% safe, there could be security hole using that one. Use at your # own risks. -$wgWhitelistEdit = false; # true = user must login to edit. $wgWhitelistRead = false; # Pages anonymous user may see, like: = array ( "Main Page", "Special:Userlogin", "Wikipedia:Help"); $wgAllowAnonymousMinor = false; # Allow anonymous users to mark changes as 'minor' @@ -675,14 +674,18 @@ $wgAutoblockExpiry = 86400; # Number of seconds before autoblock entries expire * logged-in users are all implicitly in the 'user' group. These will be * combined with the permissions of all groups that a given user is listed * in in the user_groups table. + * + * This replaces wgWhitelistAccount and wgWhitelistEdit */ $wgGroupPermissions = array(); $wgGroupPermissions['*' ]['createaccount'] = true; $wgGroupPermissions['*' ]['read'] = true; +$wgGroupPermissions['*' ]['edit'] = true; $wgGroupPermissions['user' ]['move'] = true; $wgGroupPermissions['user' ]['read'] = true; +$wgGroupPermissions['user' ]['edit'] = true; $wgGroupPermissions['user' ]['upload'] = true; $wgGroupPermissions['bot' ]['bot'] = true; @@ -1160,8 +1163,8 @@ $wgGoToEdit = false; $wgUserHtml = true; /** Allow raw, unchecked HTML in ... sections. - * THIS IS VERY DANGEROUS on a publically editable site, so you can't enable it - * unless you've restricted editing to trusted users only with $wgWhitelistEdit. + * THIS IS VERY DANGEROUS on a publically editable site, so USE wgGroupPermissions + * TO RESTRICT EDITING to only those that you trust */ $wgRawHtml = false; diff --git a/includes/EditPage.php b/includes/EditPage.php index 13b4615d71..d6f3c50ff5 100644 --- a/includes/EditPage.php +++ b/includes/EditPage.php @@ -135,7 +135,7 @@ class EditPage { * This is the function that gets called for "action=edit". */ function edit() { - global $wgOut, $wgUser, $wgWhitelistEdit, $wgRequest; + global $wgOut, $wgUser, $wgRequest; // this is not an article $wgOut->setArticleFlag(false); @@ -156,9 +156,14 @@ class EditPage { $this->blockedIPpage(); return; } - if ( $wgUser->isAnon() && $wgWhitelistEdit ) { - $this->userNotLoggedInPage(); - return; + if ( !$wgUser->isAllowed('edit') ) { + if ( $wgUser->isAnon() ) { + $this->userNotLoggedInPage(); + return; + } else { + $wgOut->readOnlyPage( $this->mArticle->getContent( true ), true ); + return; + } } if ( wfReadOnly() ) { if( $this->save || $this->preview ) { @@ -282,7 +287,6 @@ class EditPage { global $wgOut, $wgUser; global $wgLang, $wgContLang, $wgParser, $wgTitle; global $wgAllowAnonymousMinor; - global $wgWhitelistEdit; global $wgSpamRegex, $wgFilterCallback; $sk = $wgUser->getSkin(); @@ -323,10 +327,18 @@ class EditPage { $this->blockedIPpage(); return; } - if ( $wgUser->isAnon() && $wgWhitelistEdit ) { + + if ( !$wgUser->isAllowed('edit') ) { + if ( $wgUser->isAnon() ) { $this->userNotLoggedInPage(); return; } + else { + $wgOut->readOnlyPage(); + return; + } + } + if ( wfReadOnly() ) { $wgOut->readOnlyPage(); return; diff --git a/includes/Parser.php b/includes/Parser.php index 1921d6c7bf..f63ca03eb6 100644 --- a/includes/Parser.php +++ b/includes/Parser.php @@ -346,8 +346,8 @@ class Parser #$text = str_replace( $uniq_prefix, wfHtmlEscapeFirst( $uniq_prefix ), $text ); # html - global $wgRawHtml, $wgWhitelistEdit; - if( $wgRawHtml && $wgWhitelistEdit ) { + global $wgRawHtml; + if( $wgRawHtml ) { $text = Parser::extractTags('html', $text, $html_content, $uniq_prefix); foreach( $html_content as $marker => $content ) { if ($render ) {