* @return void
*/
private function performRequest() {
- global $wgServer, $wgUsePathInfo;
+ global $wgServer, $wgUsePathInfo, $wgTitle;
wfProfileIn( __METHOD__ );
$output->setPrintable();
}
- $pageView = false; // was an article or special page viewed?
-
- wfRunHooks( 'BeforeInitialize',
- array( &$title, null, &$output, &$user, $request, $this ) );
+ $unused = null; // To pass it by reference
+ wfRunHooks( 'BeforeInitialize', array( &$title, &$unused, &$output, &$user, $request, $this ) );
// Invalid titles. Bug 21776: The interwikis must redirect even if the page name is empty.
if ( is_null( $title ) || ( $title->getDBkey() == '' && $title->getInterwiki() == '' ) ||
$title->isSpecial( 'Badtitle' ) )
{
$this->context->setTitle( SpecialPage::getTitleFor( 'Badtitle' ) );
+ wfProfileOut( __METHOD__ );
throw new ErrorPageError( 'badtitle', 'badtitletext' );
- // If the user is not logged in, the Namespace:title of the article must be in
- // the Read array in order for the user to see it. (We have to check here to
- // catch special pages etc. We check again in Article::view())
- } elseif ( !$title->userCanRead() ) {
- throw new PermissionsError( 'read' );
+ }
+
+ // Check user's permissions to read this page.
+ // We have to check here to catch special pages etc.
+ // We will check again in Article::view().
+ $permErrors = $title->getUserPermissionsErrors( 'read', $user );
+ if ( count( $permErrors ) ) {
+ // Bug 32276: allowing the skin to generate output with $wgTitle or
+ // $this->context->title set to the input title would allow anonymous users to
+ // determine whether a page exists, potentially leaking private data. In fact, the
+ // curid and oldid request parameters would allow page titles to be enumerated even
+ // when they are not guessable. So we reset the title to Special:Badtitle before the
+ // permissions error is displayed.
+ //
+ // The skin mostly uses $this->context->getTitle() these days, but some extensions
+ // still use $wgTitle.
+
+ $badTitle = SpecialPage::getTitleFor( 'Badtitle' );
+ $this->context->setTitle( $badTitle );
+ $wgTitle = $badTitle;
+
+ wfProfileOut( __METHOD__ );
+ throw new PermissionsError( 'read', $permErrors );
+ }
+
+ $pageView = false; // was an article or special page viewed?
+
// Interwiki redirects
- } elseif ( $title->getInterwiki() != '' ) {
+ if ( $title->getInterwiki() != '' ) {
$rdfrom = $request->getVal( 'rdfrom' );
if ( $rdfrom ) {
$url = $title->getFullURL( 'rdfrom=' . urlencode( $rdfrom ) );
* @return Article object
*/
public static function articleFromTitle( $title, IContextSource $context ) {
+ wfDeprecated( __METHOD__, '1.18' );
return Article::newFromTitle( $title, $context );
}
* @param $article Article
*/
private function performAction( Page $article ) {
- global $wgSquidMaxage, $wgUseExternalEditor;
+ global $wgSquidMaxage;
wfProfileIn( __METHOD__ );
// Continue...
case 'edit':
if ( wfRunHooks( 'CustomEditor', array( $article, $user ) ) ) {
- $internal = $request->getVal( 'internaledit' );
- $external = $request->getVal( 'externaledit' );
- $section = $request->getVal( 'section' );
- $oldid = $request->getVal( 'oldid' );
- if ( !$wgUseExternalEditor || $act == 'submit' || $internal ||
- $section || $oldid ||
- ( !$user->getOption( 'externaleditor' ) && !$external ) )
+ if ( ExternalEdit::useExternalEngine( $this->context, 'edit' )
+ && $act == 'edit' && !$request->getVal( 'section' )
+ && !$request->getVal( 'oldid' ) )
{
+ $extedit = new ExternalEdit( $this->context );
+ $extedit->execute();
+ } else {
$editor = new EditPage( $article );
- $editor->submit();
- } elseif ( $wgUseExternalEditor
- && ( $external || $user->getOption( 'externaleditor' ) ) )
- {
- $mode = $request->getVal( 'mode' );
- $extedit = new ExternalEdit( $article->getTitle(), $mode );
- $extedit->edit();
+ $editor->edit();
}
}
break;
# Set title from request parameters
$wgTitle = $this->getTitle();
$action = $this->getAction();
- $user = $this->context->getUser();
# Send Ajax requests to the Ajax dispatcher.
if ( $wgUseAjax && $action == 'ajax' ) {
return;
}
- if ( $wgUseFileCache && $wgTitle->getNamespace() >= 0 ) {
+ if ( $wgUseFileCache && $this->getTitle()->getNamespace() >= 0 ) {
wfProfileIn( 'main-try-filecache' );
if ( HTMLFileCache::useFileCache( $this->context ) ) {
/* Try low-level file cache hit */
- $cache = HTMLFileCache::newFromTitle( $wgTitle, $action );
+ $cache = HTMLFileCache::newFromTitle( $this->getTitle(), $action );
if ( $cache->isCacheGood( /* Assume up to date */ ) ) {
/* Check incoming headers to see if client has this cached */
$timestamp = $cache->cacheTimestamp();
$cache->loadFromFileCache( $this->context );
}
# Do any stats increment/watchlist stuff
- $article = WikiPage::factory( $wgTitle );
- $article->doViewUpdates( $user );
+ $page = WikiPage::factory( $this->getTitle() );
+ $page->doViewUpdates( $this->context->getUser() );
# Tell OutputPage that output is taken care of
$this->context->getOutput()->disable();
wfProfileOut( 'main-try-filecache' );
dépôts / lhc / web / wiklou.git / blobdiff