From: Rob Church <robchurch@users.mediawiki.org>
Date: Sun, 6 May 2007 01:04:52 +0000 (+0000)
Subject: * Don't show unblock form if the user doesn't have permission to use it (cosmetic... 
X-Git-Tag: 1.31.0-rc.0~53062
X-Git-Url: https://git.cyclocoop.org/?a=commitdiff_plain;h=b5d8fddc68a25240db8c0d6f442ff007df2f8909;p=lhc%2Fweb%2Fwiklou.git

* Don't show unblock form if the user doesn't have permission to use it (cosmetic change, no vulnerabilities existed)...introduces some minor code duplication which is, I think, the best approach given the convoluted state of that conditional block (we should split unblock off into a new special page)
* Tweak release notes
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 0f9d412e8d..5faa96a6fb 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -32,7 +32,9 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * (bug 9670) Follow redirects when render edit section links to transcluded
   templates.
 * (bug 6204) Fix incorrect unindentation with $wgMaxTocLevel
-* (bug 3431) Special:Search: dont show 'next link' when there is nothing else
+* (bug 3431) Suppress "next page" link in Special:Search at end of results
+* Don't show unblock form if the user doesn't have permission to use it
+  (cosmetic change, no vulnerabilities existed)
 
 == Maintenance script changes since 1.10 ==
 
diff --git a/includes/SpecialIpblocklist.php b/includes/SpecialIpblocklist.php
index 8cb5729e79..a2a5999b5c 100644
--- a/includes/SpecialIpblocklist.php
+++ b/includes/SpecialIpblocklist.php
@@ -18,30 +18,43 @@ function wfSpecialIpblocklist() {
 
 	$ipu = new IPUnblockForm( $ip, $id, $reason );
 
-	if ( "success" == $action ) {
-		$ipu->showList( $wgOut->parse( wfMsg( 'unblocked', $successip ) ) );
-	} else if ( "submit" == $action && $wgRequest->wasPosted() &&
-		$wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
-		if ( ! $wgUser->isAllowed('block') ) {
+	if( $action == 'unblock' ) {
+		# Check permissions
+		if( !$wgUser->isAllowed( 'block' ) ) {
 			$wgOut->permissionRequired( 'block' );
 			return;
 		}
-		# Can't unblock when the database is locked
+		# Check for database lock
 		if( wfReadOnly() ) {
 			$wgOut->readOnlyPage();
 			return;
 		}
-		$ipu->doSubmit();
-	} else if ( "unblock" == $action ) {
-		# Can't unblock when the database is locked
+		# Show unblock form
+		$ipu->showForm( '' );
+	} elseif( $action == 'submit' && $wgRequest->wasPosted()
+		&& $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
+		# Check permissions
+		if( !$wgUser->isAllowed( 'block' ) ) {
+			$wgOut->permissionRequired( 'block' );
+			return;
+		}
+		# Check for database lock
 		if( wfReadOnly() ) {
 			$wgOut->readOnlyPage();
 			return;
 		}
-		$ipu->showForm( "" );
+		# Remove blocks and redirect user to success page
+		$ipu->doSubmit();
+	} elseif( $action == 'success' ) {
+		# Inform the user of a successful unblock
+		# (No need to check permissions or locks here,
+		# if something was done, then it's too late!)
+		$ipu->showList( $wgOut->parse( wfMsg( 'unblocked', $successip ) ) );
 	} else {
-		$ipu->showList( "" );
+		# Just show the block list
+		$ipu->showList( '' );
 	}
+
 }
 
 /**