From 17a9beebd642747072e9e60135d23f6a3cabeedd Mon Sep 17 00:00:00 2001 From: Alexandre Emsenhuber Date: Thu, 19 Jun 2008 20:40:41 +0000 Subject: [PATCH] Note that restrictions are rights, not groups. So now, cascading protection will be allowed if all groups that have the right being check have the 'protect' right too. --- includes/Article.php | 85 ++++++++++++++++++++----------------- includes/ProtectionForm.php | 26 ++++++------ includes/Title.php | 17 +++----- 3 files changed, 65 insertions(+), 63 deletions(-) diff --git a/includes/Article.php b/includes/Article.php index bce69c8f3e..c49a794648 100644 --- a/includes/Article.php +++ b/includes/Article.php @@ -16,26 +16,26 @@ class Article { /**@{{ * @private */ - var $mComment; //!< - var $mContent; //!< - var $mContentLoaded; //!< - var $mCounter; //!< - var $mForUpdate; //!< - var $mGoodAdjustment; //!< - var $mLatest; //!< - var $mMinorEdit; //!< - var $mOldId; //!< - var $mRedirectedFrom; //!< - var $mRedirectUrl; //!< - var $mRevIdFetched; //!< - var $mRevision; //!< - var $mTimestamp; //!< - var $mTitle; //!< - var $mTotalAdjustment; //!< - var $mTouched; //!< - var $mUser; //!< - var $mUserText; //!< - var $mRedirectTarget; //!< + var $mComment; //!< + var $mContent; //!< + var $mContentLoaded; //!< + var $mCounter; //!< + var $mForUpdate; //!< + var $mGoodAdjustment; //!< + var $mLatest; //!< + var $mMinorEdit; //!< + var $mOldId; //!< + var $mRedirectedFrom; //!< + var $mRedirectUrl; //!< + var $mRevIdFetched; //!< + var $mRevision; //!< + var $mTimestamp; //!< + var $mTitle; //!< + var $mTotalAdjustment; //!< + var $mTouched; //!< + var $mUser; //!< + var $mUserText; //!< + var $mRedirectTarget; //!< var $mIsRedirect; /**@}}*/ @@ -543,9 +543,9 @@ class Article { */ function isRedirect( $text = false ) { if ( $text === false ) { - if ( $this->mDataLoaded ) + if ( $this->mDataLoaded ) return $this->mIsRedirect; - + // Apparently loadPageData was never called $this->loadContent(); $titleObj = Title::newFromRedirect( $this->fetchContent() ); @@ -924,14 +924,14 @@ class Article { $this->viewUpdates(); wfProfileOut( __METHOD__ ); } - + protected function viewRedirect( $target, $overwriteSubtitle = true, $forceKnown = false ) { global $wgParser, $wgOut, $wgContLang, $wgStylePath, $wgUser; - + # Display redirect $imageDir = $wgContLang->isRTL() ? 'rtl' : 'ltr'; $imageUrl = $wgStylePath.'/common/images/redirect' . $imageDir . '.png'; - + if( $overwriteSubtitle ) { $wgOut->setSubtitle( wfMsgHtml( 'redirectpagesub' ) ); } @@ -943,7 +943,7 @@ class Article { $wgOut->addHTML( '#REDIRECT ' . ''.$link.'' ); - + } function addTrackbacks() { @@ -1451,7 +1451,7 @@ class Article { # Update page $ok = $this->updateRevisionOn( $dbw, $revision, $lastRevision ); - + wfRunHooks( 'NewRevisionFromEditComplete', array($this, $revision, $baseRevId) ); if( !$ok ) { @@ -1523,7 +1523,7 @@ class Article { # Update the page record with revision data $this->updateRevisionOn( $dbw, $revision, 0 ); - + wfRunHooks( 'NewRevisionFromEditComplete', array($this, $revision, false) ); if( !( $flags & EDIT_SUPPRESS_RC ) ) { @@ -1835,11 +1835,18 @@ class Article { } $comment = $wgContLang->ucfirst( wfMsgForContent( $comment_type, $this->mTitle->getPrefixedText() ) ); + # Check if all groups that have required right to edit also can protect pages + # Otherwise, people who cannot normally protect can "protect" pages via transclusion foreach( $limit as $action => $restrictions ) { - # Check if the group level required to edit also can protect pages - # Otherwise, people who cannot normally protect can "protect" pages via transclusion - $cascade = ( $cascade && isset($wgGroupPermissions[$restrictions]['protect']) && - $wgGroupPermissions[$restrictions]['protect'] ); + # 'sysop' is checked as 'protect', so it is always allowed + if ($cascade && ( $restrictions != 'sysop' ) ){ + foreach( $wgGroupPermissions as $group => $rights ){ + if( isset( $rights[$restrictions] ) && $rights[$restrictions] && !( isset( $rights['protect'] ) && $rights['protect'] ) ){ + $cascade = false; + break( 2 ); + } + } + } } $cascade_description = ''; @@ -1881,9 +1888,9 @@ class Article { 'page_latest' => $nullRevId ), array( /* WHERE */ 'page_id' => $id - ), 'Article::protect' + ), __METHOD__ ); - + wfRunHooks( 'NewRevisionFromEditComplete', array($this, $nullRevision, false) ); wfRunHooks( 'ArticleProtectComplete', array( &$this, &$wgUser, $limit, $reason ) ); @@ -2244,7 +2251,7 @@ class Article { function doDelete( $reason, $suppress = false ) { global $wgOut, $wgUser; wfDebug( __METHOD__."\n" ); - + $id = $this->getId(); if (wfRunHooks('ArticleDelete', array(&$this, &$wgUser, &$reason))) { @@ -2516,14 +2523,14 @@ class Article { if( empty( $summary ) ){ $summary = wfMsgForContent( 'revertpage' ); } - + # Allow the custom summary to use the same args as the default message $args = array( $target->getUserText(), $from, $s->rev_id, $wgLang->timeanddate(wfTimestamp(TS_MW, $s->rev_timestamp), true), $current->getId(), $wgLang->timeanddate($current->getTimestamp()) ); - $summary = wfMsgReplaceArgs( $summary, $args ); + $summary = wfMsgReplaceArgs( $summary, $args ); # Save $flags = EDIT_UPDATE; @@ -2611,7 +2618,7 @@ class Article { . $wgUser->getSkin()->userToolLinks( $target->getUser(), $target->getUserText() ); $wgOut->addHtml( wfMsgExt( 'rollback-success', array( 'parse', 'replaceafter' ), $old, $new ) ); $wgOut->returnToMain( false, $this->mTitle ); - + if( !$wgRequest->getBool( 'hidediff', false ) ) { $de = new DifferenceEngine( $this->mTitle, $current->getId(), 'next', false, true ); $de->showDiff( '', '' ); @@ -2983,7 +2990,7 @@ class Article { $revision->insertOn( $dbw ); $this->updateRevisionOn( $dbw, $revision ); $dbw->commit(); - + wfRunHooks( 'NewRevisionFromEditComplete', array($this, $revision, false) ); wfProfileOut( __METHOD__ ); diff --git a/includes/ProtectionForm.php b/includes/ProtectionForm.php index 931c9e9ee8..e22da0b2cc 100644 --- a/includes/ProtectionForm.php +++ b/includes/ProtectionForm.php @@ -91,8 +91,7 @@ class ProtectionForm { global $wgRequest, $wgOut; if( $wgRequest->wasPosted() ) { if( $this->save() ) { - $article = new Article( $this->mTitle ); - $q = $article->isRedirect() ? 'redirect=no' : ''; + $q = $this->mArticle->isRedirect() ? 'redirect=no' : ''; $wgOut->redirect( $this->mTitle->getFullUrl( $q ) ); } } else { @@ -190,17 +189,10 @@ class ProtectionForm { } - # They shouldn't be able to do this anyway, but just to make sure, ensure that cascading restrictions aren't being applied - # to a semi-protected page. - global $wgGroupPermissions; + # NOTE : verification of cascading protection in semi-protection mode + # is in Article::updateRestriction() - $edit_restriction = $this->mRestrictions['edit']; - - if ($this->mCascade && ($edit_restriction != 'protect') && - !(isset($wgGroupPermissions[$edit_restriction]['protect']) && $wgGroupPermissions[$edit_restriction]['protect'] ) ) - $this->mCascade = false; - - if ($this->mTitle->exists()) { + if( $this->mTitle->exists() ){ $ok = $this->mArticle->updateRestrictions( $this->mRestrictions, $this->mReason, $this->mCascade, $expiry ); } else { $ok = $this->mTitle->updateTitleProtection( $this->mRestrictions['create'], $this->mReason, $expiry ); @@ -379,7 +371,15 @@ class ProtectionForm { $script = 'var wgCascadeableLevels='; $CascadeableLevels = array(); foreach( $wgRestrictionLevels as $key ) { - if ( (isset($wgGroupPermissions[$key]['protect']) && $wgGroupPermissions[$key]['protect']) || $key == 'protect' ) { + $canCascade = true; + $check = $key == 'sysop' ? 'protect' : $key; + foreach( $wgGroupPermissions as $group => $rights ){ + if( isset( $rights[$check] ) && $rights[$check] && !( isset( $rights['protect'] ) && $rights['protect'] ) ){ + $canCascade = false; + break; + } + } + if( $key != '' && $canCascade ) { $CascadeableLevels[] = "'" . Xml::escapeJsString( $key ) . "'"; } } diff --git a/includes/Title.php b/includes/Title.php index dad2bc45cc..616cc3d965 100644 --- a/includes/Title.php +++ b/includes/Title.php @@ -1219,15 +1219,10 @@ class Title { $right = 'protect'; } if( '' != $right && !$user->isAllowed( $right ) ) { - //Users with 'editprotected' permission can edit protected pages - if( $action=='edit' && $user->isAllowed( 'editprotected' ) ) { - //Users with 'editprotected' permission cannot edit protected pages - //with cascading option turned on. - if($this->mCascadeRestriction) { - $errors[] = array( 'protectedpagetext', $right ); - } else { - //Nothing, user can edit! - } + // Users with 'editprotected' permission can edit protected + // pages if protection is not with cascading option turned on. + if( $action=='edit' && $user->isAllowed( 'editprotected' ) && !$this->areRestrictionsCascading() ) { + // Nothing, user can edit! } else { $errors[] = array( 'protectedpagetext', $right ); } @@ -1626,7 +1621,7 @@ class Title { wfProfileIn( __METHOD__ ); - $dbr = wfGetDb( DB_SLAVE ); + $dbr = wfGetDB( DB_SLAVE ); if ( $this->getNamespace() == NS_IMAGE ) { $tables = array ('imagelinks', 'page_restrictions'); @@ -1927,7 +1922,7 @@ class Title { if ($this->mLatestID !== false) return $this->mLatestID; - $db = ($flags & GAID_FOR_UPDATE) ? wfGetDB(DB_MASTER) : wfGetDB(DB_SLAVE); + $db = ($flags & GAID_FOR_UPDATE) ? wfGetDB( DB_MASTER ) : wfGetDB( DB_SLAVE ); return $this->mLatestID = $db->selectField( 'revision', "max(rev_id)", array('rev_page' => $this->getArticleID($flags)), -- 2.20.1