API: Requesting a token you aren't allowed to request no longer dies with an error...

[lhc/web/wiklou.git] / includes / User.php

diff --git a/includes/User.php b/includes/User.php
index 837d758..1804127 100644 (file)
--- a/includes/User.php
+++ b/includes/User.php
@@ -1,7 +1,7 @@
 <?php
 /**
  * See user.txt
- *
+ * @file
  */
 
 # Number of characters in user_token field
@@ -15,7 +15,7 @@ define( 'EDIT_TOKEN_SUFFIX', '+\\' );
 
 /**
  * Thrown by User::setPassword() on error
- * @addtogroup Exception
+ * @ingroup Exception
  */
 class PasswordError extends MWException {
        // NOP
@@ -1138,13 +1138,14 @@ class User {
                $keys = array();
                $id = $this->getId();
                $ip = wfGetIP();
+               $userLimit = false;
 
                if( isset( $limits['anon'] ) && $id == 0 ) {
                        $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
                }
 
                if( isset( $limits['user'] ) && $id != 0 ) {
-                       $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['user'];
+                       $userLimit = $limits['user'];
                }
                if( $this->isNewbie() ) {
                        if( isset( $limits['newbie'] ) && $id != 0 ) {
@@ -1159,6 +1160,20 @@ class User {
                                $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
                        }
                }
+               // Check for group-specific permissions
+               // If more than one group applies, use the group with the highest limit
+               foreach ( $this->getGroups() as $group ) {
+                       if ( isset( $limits[$group] ) ) {
+                               if ( $userLimit === false || $limits[$group] > $userLimit ) {
+                                       $userLimit = $limits[$group];
+                               }
+                       }
+               }
+               // Set the user limit key
+               if ( $userLimit !== false ) {
+                       wfDebug( __METHOD__.": effective user limit: $userLimit\n" );
+                       $keys[ wfMemcKey( 'limiter', $action, 'user', $id ) ] = $userLimit;
+               }
 
                $triggered = false;
                foreach( $keys as $key => $limit ) {
@@ -1715,9 +1730,16 @@ class User {
                }
                // Filter out any newlines that may have passed through input validation.
                // Newlines are used to separate items in the options blob.
-               $val = str_replace( "\r\n", "\n", $val );
-               $val = str_replace( "\r", "\n", $val );
-               $val = str_replace( "\n", " ", $val );
+               if( $val ) {
+                       $val = str_replace( "\r\n", "\n", $val );
+                       $val = str_replace( "\r", "\n", $val );
+                       $val = str_replace( "\n", " ", $val );
+               }
+               // Explicitly NULL values should refer to defaults
+               global $wgDefaultUserOptions;
+               if( is_null($val) && isset($wgDefaultUserOptions[$oname]) ) {
+                       $val = $wgDefaultUserOptions[$oname];
+               }
                $this->mOptions[$oname] = $val;
        }
 
@@ -1725,6 +1747,8 @@ class User {
                if ( is_null( $this->mRights ) ) {
                        $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
                        wfRunHooks( 'UserGetRights', array( $this, &$this->mRights ) );
+                       // Force reindexation of rights when a hook has unset one of them
+                       $this->mRights = array_values( $this->mRights );
                }
                return $this->mRights;
        }