X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FAjaxDispatcher.php;h=c9ca1283020bc0e585bdb6c3a2d1da4b23dafe76;hb=9b840c281cfae3c060941e45933e7798647064be;hp=5ee14a5007fafafcf486335242069e1da82fad7f;hpb=0fdb7455af6d5e42e88505911b1c912d2e55efc7;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/AjaxDispatcher.php b/includes/AjaxDispatcher.php
index 5ee14a5007..c9ca128302 100644
--- a/includes/AjaxDispatcher.php
+++ b/includes/AjaxDispatcher.php
@@ -1,33 +1,55 @@
 <?php
 /**
- * @defgroup Ajax Ajax
+ * Handle ajax requests and send them to the proper handler.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
  *
  * @file
  * @ingroup Ajax
- * Handle ajax requests and send them to the proper handler.
  */
 
-if ( !defined( 'MEDIAWIKI' ) ) {
-	die( 1 );
-}
-
-require_once( 'AjaxFunctions.php' );
+/**
+ * @defgroup Ajax Ajax
+ */
 
 /**
  * Object-Oriented Ajax functions.
  * @ingroup Ajax
  */
 class AjaxDispatcher {
-	/** The way the request was made, either a 'get' or a 'post' */
+	/**
+	 * The way the request was made, either a 'get' or a 'post'
+	 * @var string $mode
+	 */
 	private $mode;
 
-	/** Name of the requested handler */
+	/**
+	 * Name of the requested handler
+	 * @var string $func_name
+	 */
 	private $func_name;
 
-	/** Arguments passed */
+	/** Arguments passed
+	 * @var array $args
+	 */
 	private $args;
 
-	/** Load up our object with user supplied data */
+	/**
+	 * Load up our object with user supplied data
+	 */
 	function __construct() {
 		wfProfileIn( __METHOD__ );
 
@@ -41,7 +63,7 @@ class AjaxDispatcher {
 			$this->mode = "post";
 		}
 
-		switch( $this->mode ) {
+		switch ( $this->mode ) {
 			case 'get':
 				$this->func_name = isset( $_GET["rs"] ) ? $_GET["rs"] : '';
 				if ( ! empty( $_GET["rsargs"] ) ) {
@@ -68,13 +90,14 @@ class AjaxDispatcher {
 		wfProfileOut( __METHOD__ );
 	}
 
-	/** Pass the request to our internal function.
+	/**
+	 * Pass the request to our internal function.
 	 * BEWARE! Data are passed as they have been supplied by the user,
 	 * they should be carefully handled in the function processing the
 	 * request.
 	 */
 	function performAction() {
-		global $wgAjaxExportList, $wgOut;
+		global $wgAjaxExportList, $wgUser;
 
 		if ( empty( $this->mode ) ) {
 			return;
@@ -88,19 +111,18 @@ class AjaxDispatcher {
 			wfHttpError(
 				400,
 				'Bad Request',
-				"unknown function " . (string) $this->func_name
+				"unknown function " . $this->func_name
 			);
+		} elseif ( !User::isEveryoneAllowed( 'read' ) && !$wgUser->isAllowed( 'read' ) ) {
+			wfHttpError(
+				403,
+				'Forbidden',
+				'You are not allowed to view pages.' );
 		} else {
 			wfDebug( __METHOD__ . ' dispatching ' . $this->func_name . "\n" );
 
-			if ( strpos( $this->func_name, '::' ) !== false ) {
-				$func = explode( '::', $this->func_name, 2 );
-			} else {
-				$func = $this->func_name;
-			}
-
 			try {
-				$result = call_user_func_array( $func, $this->args );
+				$result = call_user_func_array( $this->func_name, $this->args );
 
 				if ( $result === false || $result === null ) {
 					wfDebug( __METHOD__ . ' ERROR while dispatching '
@@ -134,6 +156,5 @@ class AjaxDispatcher {
 		}
 
 		wfProfileOut( __METHOD__ );
-		$wgOut = null;
 	}
 }