dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SECURITY: Improve cross-domain-policy mangling
[lhc/web/wiklou.git] / includes / Title.php
diff --git a/includes/Title.php b/includes/Title.php
index ef806a5..b996def 100644 (file)
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -908,7 +908,9 @@ class Title implements LinkTarget {
         * @return string Content model id
         */
        public function getContentModel( $flags = 0 ) {
-               if ( !$this->mContentModel && $this->getArticleID( $flags ) ) {
+               if ( ( !$this->mContentModel || $flags === Title::GAID_FOR_UPDATE ) &&
+                       $this->getArticleID( $flags )
+               ) {
                        $linkCache = LinkCache::singleton();
                        $linkCache->addLinkObj( $this ); # in case we already had an article ID
                        $this->mContentModel = $linkCache->getGoodLinkFieldObj( $this, 'model' );
@@ -1713,9 +1715,9 @@ class Title implements LinkTarget {
 
                                if ( $url === false
                                        && $wgVariantArticlePath
+                                       && preg_match( '/^variant=([^&]*)$/', $query, $matches )
                                        && $wgContLang->getCode() === $this->getPageLanguage()->getCode()
                                        && $this->getPageLanguage()->hasVariants()
-                                       && preg_match( '/^variant=([^&]*)$/', $query, $matches )
                                ) {
                                        $variant = urldecode( $matches[1] );
                                        if ( $this->getPageLanguage()->hasVariant( $variant ) ) {
@@ -2122,9 +2124,7 @@ class Title implements LinkTarget {
                        }
                        if ( !$user->isAllowed( $right ) ) {
                                $errors[] = [ 'protectedpagetext', $right, $action ];
-                       } elseif ( $this->mCascadeRestriction &&
-                               !$user->isAllowedAny( 'editcascadeprotected', 'protect' ) )
-                       {
+                       } elseif ( $this->mCascadeRestriction && !$user->isAllowed( 'protect' ) ) {
                                $errors[] = [ 'protectedpagetext', 'protect', $action ];
                        }
                }
@@ -2165,9 +2165,7 @@ class Title implements LinkTarget {
                                        if ( $right == 'autoconfirmed' ) {
                                                $right = 'editsemiprotected';
                                        }
-                                       if ( $right != '' && !$user->isAllowed( $right ) &&
-                                               !$user->isAllowedAny( 'editcascadeprotected', 'protect' ) )
-                                       {
+                                       if ( $right != '' && !$user->isAllowedAll( 'protect', $right ) ) {
                                                $pages = '';
                                                foreach ( $cascadingSources as $page ) {
                                                        $pages .= '* [[:' . $page->getPrefixedText() . "]]\n";
@@ -2975,6 +2973,8 @@ class Title implements LinkTarget {
 
        /**
         * Purge expired restrictions from the page_restrictions table
+        *
+        * This will purge no more than $wgUpdateRowsPerQuery page_restrictions rows
         */
        static function purgeExpiredRestrictions() {
                if ( wfReadOnly() ) {
@@ -2985,11 +2985,24 @@ class Title implements LinkTarget {
                        wfGetDB( DB_MASTER ),
                        __METHOD__,
                        function ( IDatabase $dbw, $fname ) {
-                               $dbw->delete(
+                               $config = MediaWikiServices::getInstance()->getMainConfig();
+                               $ids = $dbw->selectFieldValues(
                                        'page_restrictions',
+                                       'pr_id',
                                        [ 'pr_expiry < ' . $dbw->addQuotes( $dbw->timestamp() ) ],
-                                       $fname
+                                       $fname,
+                                       [ 'LIMIT' => $config->get( 'UpdateRowsPerQuery' ) ] // T135470
                                );
+                               if ( $ids ) {
+                                       $dbw->delete( 'page_restrictions', [ 'pr_id' => $ids ], $fname );
+                               }
+                       }
+               ) );
+
+               DeferredUpdates::addUpdate( new AtomicSectionUpdate(
+                       wfGetDB( DB_MASTER ),
+                       __METHOD__,
+                       function ( IDatabase $dbw, $fname ) {
                                $dbw->delete(
                                        'protected_titles',
                                        [ 'pt_expiry < ' . $dbw->addQuotes( $dbw->timestamp() ) ],
Wiklou, le Wiki du Wiklou