* (bug 9670) Follow redirects when render edit section links to transcluded
templates.
* (bug 6204) Fix incorrect unindentation with $wgMaxTocLevel
-* (bug 3431) Special:Search: dont show 'next link' when there is nothing else
+* (bug 3431) Suppress "next page" link in Special:Search at end of results
+* Don't show unblock form if the user doesn't have permission to use it
+ (cosmetic change, no vulnerabilities existed)
== Maintenance script changes since 1.10 ==
$ipu = new IPUnblockForm( $ip, $id, $reason );
- if ( "success" == $action ) {
- $ipu->showList( $wgOut->parse( wfMsg( 'unblocked', $successip ) ) );
- } else if ( "submit" == $action && $wgRequest->wasPosted() &&
- $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
- if ( ! $wgUser->isAllowed('block') ) {
+ if( $action == 'unblock' ) {
+ # Check permissions
+ if( !$wgUser->isAllowed( 'block' ) ) {
$wgOut->permissionRequired( 'block' );
return;
}
- # Can't unblock when the database is locked
+ # Check for database lock
if( wfReadOnly() ) {
$wgOut->readOnlyPage();
return;
}
- $ipu->doSubmit();
- } else if ( "unblock" == $action ) {
- # Can't unblock when the database is locked
+ # Show unblock form
+ $ipu->showForm( '' );
+ } elseif( $action == 'submit' && $wgRequest->wasPosted()
+ && $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
+ # Check permissions
+ if( !$wgUser->isAllowed( 'block' ) ) {
+ $wgOut->permissionRequired( 'block' );
+ return;
+ }
+ # Check for database lock
if( wfReadOnly() ) {
$wgOut->readOnlyPage();
return;
}
- $ipu->showForm( "" );
+ # Remove blocks and redirect user to success page
+ $ipu->doSubmit();
+ } elseif( $action == 'success' ) {
+ # Inform the user of a successful unblock
+ # (No need to check permissions or locks here,
+ # if something was done, then it's too late!)
+ $ipu->showList( $wgOut->parse( wfMsg( 'unblocked', $successip ) ) );
} else {
- $ipu->showList( "" );
+ # Just show the block list
+ $ipu->showList( '' );
}
+
}
/**