dépôts
/
lhc
/
web
/
wiklou.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
SECURITY: rate-limit and prevent blocked users from changing email
[lhc/web/wiklou.git]
/
includes
/
api
/
ApiUndelete.php
diff --git
a/includes/api/ApiUndelete.php
b/includes/api/ApiUndelete.php
index
07a6aae
..
ba9be81
100644
(file)
--- a/
includes/api/ApiUndelete.php
+++ b/
includes/api/ApiUndelete.php
@@
-31,7
+31,8
@@
class ApiUndelete extends ApiBase {
$params = $this->extractRequestParams();
$user = $this->getUser();
$params = $this->extractRequestParams();
$user = $this->getUser();
- if ( $user->isBlocked() ) {
+ $block = $user->getBlock();
+ if ( $block && $block->isSitewide() ) {
$this->dieBlocked( $user->getBlock() );
}
$this->dieBlocked( $user->getBlock() );
}
@@
-40,7
+41,7
@@
class ApiUndelete extends ApiBase {
$this->dieWithError( [ 'apierror-invalidtitle', wfEscapeWikiText( $params['title'] ) ] );
}
$this->dieWithError( [ 'apierror-invalidtitle', wfEscapeWikiText( $params['title'] ) ] );
}
- if ( !$t
itleObj->userCan( 'undelete', $user, 'secure'
) ) {
+ if ( !$t
his->getPermissionManager()->userCan( 'undelete', $this->getUser(), $titleObj
) ) {
$this->dieWithError( 'permdenied-undelete' );
}
$this->dieWithError( 'permdenied-undelete' );
}