foreach ( LanguageConverter::$languagesWithVariants as $langCode ) {
$defOpt[$langCode == $wgContLang->getCode() ? 'variant' : "variant-$langCode"] = $langCode;
}
- $namespaces = MediaWikiServices::getInstance()->getSearchEngineConfig()->searchableNamespaces();
- foreach ( $namespaces as $nsnum => $nsname ) {
- $defOpt['searchNs' . $nsnum] = !empty( $wgNamespacesToBeSearchedDefault[$nsnum] );
+
+ // NOTE: don't use SearchEngineConfig::getSearchableNamespaces here,
+ // since extensions may change the set of searchable namespaces depending
+ // on user groups/permissions.
+ foreach ( $wgNamespacesToBeSearchedDefault as $nsnum => $val ) {
+ $defOpt['searchNs' . $nsnum] = (boolean)$val;
}
$defOpt['skin'] = Skin::normalizeKey( $wgDefaultSkin );
Hooks::run( 'UserGetRights', [ $this, &$this->mRights ] );
// Force reindexation of rights when a hook has unset one of them
$this->mRights = array_values( array_unique( $this->mRights ) );
+
+ // If block disables login, we should also remove any
+ // extra rights blocked users might have, in case the
+ // blocked user has a pre-existing session (T129738).
+ // This is checked here for cases where people only call
+ // $user->isAllowed(). It is also checked in Title::checkUserBlock()
+ // to give a better error message in the common case.
+ $config = RequestContext::getMain()->getConfig();
+ if (
+ $this->isLoggedIn() &&
+ $config->get( 'BlockDisablesLogin' ) &&
+ $this->isBlocked()
+ ) {
+ $anon = new User;
+ $this->mRights = array_intersect( $this->mRights, $anon->getRights() );
+ }
}
return $this->mRights;
}
* login credentials aren't being hijacked with a foreign form
* submission.
*
+ * The $salt for 'edit' and 'csrf' tokens is the default (empty string).
+ *
* @since 1.19
* @param string|array $salt Array of Strings Optional function-specific data for hashing
* @param WebRequest|null $request WebRequest object to use or null to use $wgRequest