SECURITY: Make 'newbie' limit in $wgRateLimits really override 'user' limit

[lhc/web/wiklou.git] / includes / user / User.php

diff --git a/includes/user/User.php b/includes/user/User.php
index ea395f4..aa21184 100644 (file)
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -2108,10 +2108,6 @@ class User implements IDBAccessObject, UserIdentity {
                        if ( isset( $limits['user'] ) ) {
                                $userLimit = $limits['user'];
                        }
-                       // limits for newbie logged-in users
-                       if ( $isNewbie && isset( $limits['newbie'] ) ) {
-                               $keys[$cache->makeKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
-                       }
                }
 
                // limits for anons and for newbie logged-in users
@@ -2143,6 +2139,11 @@ class User implements IDBAccessObject, UserIdentity {
                        }
                }
 
+               // limits for newbie logged-in users (override all the normal user limits)
+               if ( $id !== 0 && $isNewbie && isset( $limits['newbie'] ) ) {
+                       $userLimit = $limits['newbie'];
+               }
+
                // Set the user limit key
                if ( $userLimit !== false ) {
                        list( $max, $period ) = $userLimit;