dépôts
/
lhc
/
web
/
wiklou.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
81e7adc
)
rev_deleted security improvements as well as fix for rawpages
author
Aaron Schulz
<aaron@users.mediawiki.org>
Mon, 22 Sep 2008 14:37:05 +0000
(14:37 +0000)
committer
Aaron Schulz
<aaron@users.mediawiki.org>
Mon, 22 Sep 2008 14:37:05 +0000
(14:37 +0000)
includes/Linker.php
patch
|
blob
|
history
includes/Revision.php
patch
|
blob
|
history
includes/api/ApiParse.php
patch
|
blob
|
history
includes/diff/DifferenceEngine.php
patch
|
blob
|
history
includes/specials/SpecialUndelete.php
patch
|
blob
|
history
diff --git
a/includes/Linker.php
b/includes/Linker.php
index
54f5633
..
8e87fbf
100644
(file)
--- a/
includes/Linker.php
+++ b/
includes/Linker.php
@@
-1113,7
+1113,7
@@
class Linker {
if( $rev->isDeleted( Revision::DELETED_USER ) && $isPublic ) {
$link = wfMsgHtml( 'rev-deleted-user' );
} else if( $rev->userCan( Revision::DELETED_USER ) ) {
if( $rev->isDeleted( Revision::DELETED_USER ) && $isPublic ) {
$link = wfMsgHtml( 'rev-deleted-user' );
} else if( $rev->userCan( Revision::DELETED_USER ) ) {
- $link = $this->userLink( $rev->get
RawUser(), $rev->getRawUserText(
) );
+ $link = $this->userLink( $rev->get
User(false), $rev->getUserText(false
) );
} else {
$link = wfMsgHtml( 'rev-deleted-user' );
}
} else {
$link = wfMsgHtml( 'rev-deleted-user' );
}
@@
-1133,8
+1133,8
@@
class Linker {
if( $rev->isDeleted( Revision::DELETED_USER ) && $isPublic ) {
$link = wfMsgHtml( 'rev-deleted-user' );
} else if( $rev->userCan( Revision::DELETED_USER ) ) {
if( $rev->isDeleted( Revision::DELETED_USER ) && $isPublic ) {
$link = wfMsgHtml( 'rev-deleted-user' );
} else if( $rev->userCan( Revision::DELETED_USER ) ) {
- $link = $this->userLink( $rev->get
RawUser(), $rev->getRawUserText(
) ) .
- ' ' . $this->userToolLinks( $rev->get
RawUser(), $rev->getRawUserText(
) );
+ $link = $this->userLink( $rev->get
User(false), $rev->getUserText(false
) ) .
+ ' ' . $this->userToolLinks( $rev->get
User(false), $rev->getUserText(false
) );
} else {
$link = wfMsgHtml( 'rev-deleted-user' );
}
} else {
$link = wfMsgHtml( 'rev-deleted-user' );
}
@@
-1340,7
+1340,7
@@
class Linker {
if( $rev->isDeleted( Revision::DELETED_COMMENT ) && $isPublic ) {
$block = " <span class=\"comment\">" . wfMsgHtml( 'rev-deleted-comment' ) . "</span>";
} else if( $rev->userCan( Revision::DELETED_COMMENT ) ) {
if( $rev->isDeleted( Revision::DELETED_COMMENT ) && $isPublic ) {
$block = " <span class=\"comment\">" . wfMsgHtml( 'rev-deleted-comment' ) . "</span>";
} else if( $rev->userCan( Revision::DELETED_COMMENT ) ) {
- $block = $this->commentBlock( $rev->get
RawComment(
), $rev->getTitle(), $local );
+ $block = $this->commentBlock( $rev->get
Comment(false
), $rev->getTitle(), $local );
} else {
$block = " <span class=\"comment\">" . wfMsgHtml( 'rev-deleted-comment' ) . "</span>";
}
} else {
$block = " <span class=\"comment\">" . wfMsgHtml( 'rev-deleted-comment' ) . "</span>";
}
diff --git
a/includes/Revision.php
b/includes/Revision.php
index
79aa20f
..
8d12006
100644
(file)
--- a/
includes/Revision.php
+++ b/
includes/Revision.php
@@
-430,8
+430,10
@@
class Revision {
* Fetch revision's user id if it's available to all users
* @return int
*/
* Fetch revision's user id if it's available to all users
* @return int
*/
- public function getUser() {
- if( $this->isDeleted( self::DELETED_USER ) ) {
+ public function getUser( $isPublic = true ) {
+ if( $isPublic && $this->isDeleted( self::DELETED_USER ) ) {
+ return 0;
+ } else if( !$this->userCan( self::DELETED_USER ) ) {
return 0;
} else {
return $this->mUser;
return 0;
} else {
return $this->mUser;
@@
-450,8
+452,10
@@
class Revision {
* Fetch revision's username if it's available to all users
* @return string
*/
* Fetch revision's username if it's available to all users
* @return string
*/
- public function getUserText() {
- if( $this->isDeleted( self::DELETED_USER ) ) {
+ public function getUserText( $isPublic = true ) {
+ if( $isPublic && $this->isDeleted( self::DELETED_USER ) ) {
+ return "";
+ } else if( !$this->userCan( self::DELETED_USER ) ) {
return "";
} else {
return $this->mUserText;
return "";
} else {
return $this->mUserText;
@@
-470,8
+474,10
@@
class Revision {
* Fetch revision comment if it's available to all users
* @return string
*/
* Fetch revision comment if it's available to all users
* @return string
*/
- function getComment() {
- if( $this->isDeleted( self::DELETED_COMMENT ) ) {
+ function getComment( $isPublic = true ) {
+ if( $isPublic && $this->isDeleted( self::DELETED_COMMENT ) ) {
+ return "";
+ } else if( !$this->userCan( self::DELETED_COMMENT ) ) {
return "";
} else {
return $this->mComment;
return "";
} else {
return $this->mComment;
diff --git
a/includes/api/ApiParse.php
b/includes/api/ApiParse.php
index
71cf0f9
..
7151300
100644
(file)
--- a/
includes/api/ApiParse.php
+++ b/
includes/api/ApiParse.php
@@
-63,7
+63,7
@@
class ApiParse extends ApiBase {
$this->dieUsage("There is no revision ID $oldid", 'missingrev');
if(!$rev->userCan(Revision::DELETED_TEXT))
$this->dieUsage("You don't have permission to view deleted revisions", 'permissiondenied');
$this->dieUsage("There is no revision ID $oldid", 'missingrev');
if(!$rev->userCan(Revision::DELETED_TEXT))
$this->dieUsage("You don't have permission to view deleted revisions", 'permissiondenied');
- $text = $rev->get
RawText(
);
+ $text = $rev->get
Text(false
);
$titleObj = $rev->getTitle();
$p_result = $wgParser->parse($text, $titleObj, $popts);
}
$titleObj = $rev->getTitle();
$p_result = $wgParser->parse($text, $titleObj, $popts);
}
diff --git
a/includes/diff/DifferenceEngine.php
b/includes/diff/DifferenceEngine.php
index
958af1b
..
a185b0a
100644
(file)
--- a/
includes/diff/DifferenceEngine.php
+++ b/
includes/diff/DifferenceEngine.php
@@
-176,7
+176,7
@@
CONTROL;
$change = RecentChange::newFromConds(
array(
// Add redundant user,timestamp condition so we can use the existing index
$change = RecentChange::newFromConds(
array(
// Add redundant user,timestamp condition so we can use the existing index
- 'rc_user_text' => $this->mNewRev->get
RawUserText(
),
+ 'rc_user_text' => $this->mNewRev->get
UserText(false
),
'rc_timestamp' => $db->timestamp( $this->mNewRev->getTimestamp() ),
'rc_this_oldid' => $this->mNewid,
'rc_last_oldid' => $this->mOldid,
'rc_timestamp' => $db->timestamp( $this->mNewRev->getTimestamp() ),
'rc_this_oldid' => $this->mNewid,
'rc_last_oldid' => $this->mOldid,
diff --git
a/includes/specials/SpecialUndelete.php
b/includes/specials/SpecialUndelete.php
index
effa45c
..
c802fd7
100644
(file)
--- a/
includes/specials/SpecialUndelete.php
+++ b/
includes/specials/SpecialUndelete.php
@@
-1223,8
+1223,8
@@
class UndeleteForm {
if( !$file->userCan(File::DELETED_USER) ) {
return '<span class="history-deleted">' . wfMsgHtml( 'rev-deleted-user' ) . '</span>';
} else {
if( !$file->userCan(File::DELETED_USER) ) {
return '<span class="history-deleted">' . wfMsgHtml( 'rev-deleted-user' ) . '</span>';
} else {
- $link = $sk->userLink( $file->get
RawUser(), $file->getRawUserText(
) ) .
- $sk->userToolLinks( $file->get
RawUser(), $file->getRawUserText(
) );
+ $link = $sk->userLink( $file->get
User(false), $file->getUserText(false
) ) .
+ $sk->userToolLinks( $file->get
User(false), $file->getUserText(false
) );
if( $file->isDeleted(File::DELETED_USER) )
$link = '<span class="history-deleted">' . $link . '</span>';
return $link;
if( $file->isDeleted(File::DELETED_USER) )
$link = '<span class="history-deleted">' . $link . '</span>';
return $link;