activated; when $wgUseVFormCreateAccount is true, the redesign of
Special:UserLogin/signup is activated.
* $wgVectorUseIconWatch is now enabled by default.
+* $wgCascadingRestrictionLevels was added.
=== New features in 1.22 ===
* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and attributes.
* mediawiki.log: Added log.warn wrapper (uses console.warn and console.trace).
* mediawiki.log: Implemented log.deprecate. This method defines a property and
uses ES5 getter/setter to emit a warning when they are used.
+* $wgCascadingRestrictionLevels was added, allowing one to specify restriction levels
+ which can be cascading (previously 'sysop' was hard-coded as the only one).
=== Bug fixes in 1.22 ===
* Disable Special:PasswordReset when $wgEnableEmail. Previously one could still
*/
$wgRestrictionLevels = array( '', 'autoconfirmed', 'sysop' );
+/**
+ * Restriction levels that can be used with cascading protection
+ *
+ * A page can only be protected with cascading protection if the
+ * requested restriction level is included in this array.
+ *
+ * This is intended to prevent abuse - if any protection could be
+ * cascading, users could who cannot normally protect pages could
+ * "protect" them by transcluding them on protected pages they are
+ * allowed to edit.
+ *
+ * 'sysop' is quietly rewritten to 'protect' for backwards compatibility.
+ */
+$wgCascadingRestrictionLevels = array( 'sysop' );
+
/**
* Set the minimum permissions required to edit pages in each
* namespace. If you list more than one permission, a user must
}
function buildCleanupScript() {
- global $wgRestrictionLevels, $wgOut;
+ global $wgRestrictionLevels, $wgCascadingRestrictionLevels, $wgOut;
- $cascadeableLevels = array();
- foreach ( $wgRestrictionLevels as $key ) {
- if ( User::groupHasPermission( $key, 'protect' )
- || $key == 'protect'
- ) {
- $cascadeableLevels[] = $key;
- }
- }
+ $cascadeableLevels = $wgCascadingRestrictionLevels;
$options = array(
'tableId' => 'mwProtectSet',
'labelText' => wfMessage( 'protect-unchain-permissions' )->plain(),
* @return Status
*/
public function doUpdateRestrictions( array $limit, array $expiry, &$cascade, $reason, User $user ) {
- global $wgContLang;
+ global $wgContLang, $wgCascadingRestrictionLevels;
if ( wfReadOnly() ) {
return Status::newFatal( 'readonlytext', wfReadOnlyReason() );
return Status::newGood();
}
- // Only restrictions with the 'protect' right can cascade...
- // Otherwise, people who cannot normally protect can "protect" pages via transclusion
+ // Only certain restrictions can cascade... Otherwise, users who cannot normally protect pages
+ // could "protect" them by transcluding them on protected pages they are allowed to edit.
$editrestriction = isset( $limit['edit'] ) ? array( $limit['edit'] ) : $this->mTitle->getRestrictions( 'edit' );
+ $cascadingRestrictionLevels = $wgCascadingRestrictionLevels;
+ if ( in_array( 'sysop', $cascadingRestrictionLevels ) ) {
+ $cascadingRestrictionLevels[] = 'protect'; // backwards compatibility
+ }
+
// The schema allows multiple restrictions
- if ( !in_array( 'protect', $editrestriction ) && !in_array( 'sysop', $editrestriction ) ) {
+ if ( !array_intersect( $editrestriction, $cascadingRestrictionLevels ) ) {
$cascade = false;
}