Add $wgCascadingRestrictionLevels
A page can only be protected with cascading protection if the requested restriction level is included in this array. This replaces previously hard-coded values of 'sysop' and 'protect'. This is necessary, because if any protection could be cascading, users could who cannot normally protect pages could "protect" them by transcluding them on protected pages they are allowed to edit. Bug: 47617 Change-Id: I5f8bcc899b46d466161894606cd27bf3b8624bd0
This commit is contained in:
MatmaRex
parent
181e0f3ff7
commit
1cbaa92158
4 changed files with 29 additions and 13 deletions
|
|
@ -15,6 +15,7 @@ production.
|
|||
activated; when $wgUseVFormCreateAccount is true, the redesign of
|
||||
Special:UserLogin/signup is activated.
|
||||
* $wgVectorUseIconWatch is now enabled by default.
|
||||
* $wgCascadingRestrictionLevels was added.
|
||||
|
||||
=== New features in 1.22 ===
|
||||
* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and attributes.
|
||||
|
|
@ -67,6 +68,8 @@ production.
|
|||
* mediawiki.log: Added log.warn wrapper (uses console.warn and console.trace).
|
||||
* mediawiki.log: Implemented log.deprecate. This method defines a property and
|
||||
uses ES5 getter/setter to emit a warning when they are used.
|
||||
* $wgCascadingRestrictionLevels was added, allowing one to specify restriction levels
|
||||
which can be cascading (previously 'sysop' was hard-coded as the only one).
|
||||
|
||||
=== Bug fixes in 1.22 ===
|
||||
* Disable Special:PasswordReset when $wgEnableEmail. Previously one could still
|
||||
|
|
|
|||
|
|
@ -4044,6 +4044,21 @@ $wgRestrictionTypes = array( 'create', 'edit', 'move', 'upload' );
|
|||
*/
|
||||
$wgRestrictionLevels = array( '', 'autoconfirmed', 'sysop' );
|
||||
|
||||
/**
|
||||
* Restriction levels that can be used with cascading protection
|
||||
*
|
||||
* A page can only be protected with cascading protection if the
|
||||
* requested restriction level is included in this array.
|
||||
*
|
||||
* This is intended to prevent abuse - if any protection could be
|
||||
* cascading, users could who cannot normally protect pages could
|
||||
* "protect" them by transcluding them on protected pages they are
|
||||
* allowed to edit.
|
||||
*
|
||||
* 'sysop' is quietly rewritten to 'protect' for backwards compatibility.
|
||||
*/
|
||||
$wgCascadingRestrictionLevels = array( 'sysop' );
|
||||
|
||||
/**
|
||||
* Set the minimum permissions required to edit pages in each
|
||||
* namespace. If you list more than one permission, a user must
|
||||
|
|
|
|||
|
|
@ -614,16 +614,9 @@ class ProtectionForm {
|
|||
}
|
||||
|
||||
function buildCleanupScript() {
|
||||
global $wgRestrictionLevels, $wgOut;
|
||||
global $wgRestrictionLevels, $wgCascadingRestrictionLevels, $wgOut;
|
||||
|
||||
$cascadeableLevels = array();
|
||||
foreach ( $wgRestrictionLevels as $key ) {
|
||||
if ( User::groupHasPermission( $key, 'protect' )
|
||||
|| $key == 'protect'
|
||||
) {
|
||||
$cascadeableLevels[] = $key;
|
||||
}
|
||||
}
|
||||
$cascadeableLevels = $wgCascadingRestrictionLevels;
|
||||
$options = array(
|
||||
'tableId' => 'mwProtectSet',
|
||||
'labelText' => wfMessage( 'protect-unchain-permissions' )->plain(),
|
||||
|
|
|
|||
|
|
@ -2221,7 +2221,7 @@ class WikiPage implements Page, IDBAccessObject {
|
|||
* @return Status
|
||||
*/
|
||||
public function doUpdateRestrictions( array $limit, array $expiry, &$cascade, $reason, User $user ) {
|
||||
global $wgContLang;
|
||||
global $wgContLang, $wgCascadingRestrictionLevels;
|
||||
|
||||
if ( wfReadOnly() ) {
|
||||
return Status::newFatal( 'readonlytext', wfReadOnlyReason() );
|
||||
|
|
@ -2344,12 +2344,17 @@ class WikiPage implements Page, IDBAccessObject {
|
|||
return Status::newGood();
|
||||
}
|
||||
|
||||
// Only restrictions with the 'protect' right can cascade...
|
||||
// Otherwise, people who cannot normally protect can "protect" pages via transclusion
|
||||
// Only certain restrictions can cascade... Otherwise, users who cannot normally protect pages
|
||||
// could "protect" them by transcluding them on protected pages they are allowed to edit.
|
||||
$editrestriction = isset( $limit['edit'] ) ? array( $limit['edit'] ) : $this->mTitle->getRestrictions( 'edit' );
|
||||
|
||||
$cascadingRestrictionLevels = $wgCascadingRestrictionLevels;
|
||||
if ( in_array( 'sysop', $cascadingRestrictionLevels ) ) {
|
||||
$cascadingRestrictionLevels[] = 'protect'; // backwards compatibility
|
||||
}
|
||||
|
||||
// The schema allows multiple restrictions
|
||||
if ( !in_array( 'protect', $editrestriction ) && !in_array( 'sysop', $editrestriction ) ) {
|
||||
if ( !array_intersect( $editrestriction, $cascadingRestrictionLevels ) ) {
|
||||
$cascade = false;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue