From b62ec76ae2d4faafbc66c482bd25bb347cb3a94a Mon Sep 17 00:00:00 2001
From: Andrew Garrett <werdna@users.mediawiki.org>
Date: Mon, 10 Sep 2007 06:27:36 +0000
Subject: [PATCH] * Ensure, on the server side, that cascading protection
 cannot be applied to anything but full protection, so as to prevent people
 from using semi-cascade-protected pages to protect arbitrary pages. * Fix a
 bug in the previous javascript implementation of this behaviour (protection
 is per-right, not per-group!)

---
 includes/ProtectionForm.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/includes/ProtectionForm.php b/includes/ProtectionForm.php
index c249ec1291..475b2f9a33 100644
--- a/includes/ProtectionForm.php
+++ b/includes/ProtectionForm.php
@@ -185,6 +185,16 @@ class ProtectionForm {
 
 		}
 
+		# They shouldn't be able to do this anyway, but just to make sure, ensure that cascading restrictions aren't being applied
+		#  to a semi-protected page.
+		global $wgGroupPermissions;
+
+		$edit_restriction = $this->mRestrictions['edit'];
+
+		if ($this->mCascade && ($edit_restriction != 'protect') && 
+			!(isset($wgGroupPermissions[$edit_restriction]['protect']) && $wgGroupPermissions[$edit_restriction]['protect'] ) )
+			$this->mCascade = false;
+
 		$ok = $this->mArticle->updateRestrictions( $this->mRestrictions, $this->mReason, $this->mCascade, $expiry );
 		if( !$ok ) {
 			throw new FatalError( "Unknown error at restriction save time." );
@@ -359,7 +369,7 @@ class ProtectionForm {
 		$script = 'var wgCascadeableLevels=';
 		$CascadeableLevels = array();
 		foreach( $wgRestrictionLevels as $key ) {
-			if ( isset($wgGroupPermissions[$key]['protect']) && $wgGroupPermissions[$key]['protect'] ) {
+			if ( (isset($wgGroupPermissions[$key]['protect']) && $wgGroupPermissions[$key]['protect']) || $key == 'protect' ) {
 				$CascadeableLevels[]="'" . wfEscapeJsString($key) . "'";
 			}
 		}
-- 
2.20.1