rev_deleted security improvements as well as fix for rawpages
This commit is contained in:
Aaron Schulz
parent
81e7adc6ad
commit
804deee936
5 changed files with 20 additions and 14 deletions
|
|
@ -1113,7 +1113,7 @@ class Linker {
|
|||
if( $rev->isDeleted( Revision::DELETED_USER ) && $isPublic ) {
|
||||
$link = wfMsgHtml( 'rev-deleted-user' );
|
||||
} else if( $rev->userCan( Revision::DELETED_USER ) ) {
|
||||
$link = $this->userLink( $rev->getRawUser(), $rev->getRawUserText() );
|
||||
$link = $this->userLink( $rev->getUser(false), $rev->getUserText(false) );
|
||||
} else {
|
||||
$link = wfMsgHtml( 'rev-deleted-user' );
|
||||
}
|
||||
|
|
@ -1133,8 +1133,8 @@ class Linker {
|
|||
if( $rev->isDeleted( Revision::DELETED_USER ) && $isPublic ) {
|
||||
$link = wfMsgHtml( 'rev-deleted-user' );
|
||||
} else if( $rev->userCan( Revision::DELETED_USER ) ) {
|
||||
$link = $this->userLink( $rev->getRawUser(), $rev->getRawUserText() ) .
|
||||
' ' . $this->userToolLinks( $rev->getRawUser(), $rev->getRawUserText() );
|
||||
$link = $this->userLink( $rev->getUser(false), $rev->getUserText(false) ) .
|
||||
' ' . $this->userToolLinks( $rev->getUser(false), $rev->getUserText(false) );
|
||||
} else {
|
||||
$link = wfMsgHtml( 'rev-deleted-user' );
|
||||
}
|
||||
|
|
@ -1340,7 +1340,7 @@ class Linker {
|
|||
if( $rev->isDeleted( Revision::DELETED_COMMENT ) && $isPublic ) {
|
||||
$block = " <span class=\"comment\">" . wfMsgHtml( 'rev-deleted-comment' ) . "</span>";
|
||||
} else if( $rev->userCan( Revision::DELETED_COMMENT ) ) {
|
||||
$block = $this->commentBlock( $rev->getRawComment(), $rev->getTitle(), $local );
|
||||
$block = $this->commentBlock( $rev->getComment(false), $rev->getTitle(), $local );
|
||||
} else {
|
||||
$block = " <span class=\"comment\">" . wfMsgHtml( 'rev-deleted-comment' ) . "</span>";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -430,8 +430,10 @@ class Revision {
|
|||
* Fetch revision's user id if it's available to all users
|
||||
* @return int
|
||||
*/
|
||||
public function getUser() {
|
||||
if( $this->isDeleted( self::DELETED_USER ) ) {
|
||||
public function getUser( $isPublic = true ) {
|
||||
if( $isPublic && $this->isDeleted( self::DELETED_USER ) ) {
|
||||
return 0;
|
||||
} else if( !$this->userCan( self::DELETED_USER ) ) {
|
||||
return 0;
|
||||
} else {
|
||||
return $this->mUser;
|
||||
|
|
@ -450,8 +452,10 @@ class Revision {
|
|||
* Fetch revision's username if it's available to all users
|
||||
* @return string
|
||||
*/
|
||||
public function getUserText() {
|
||||
if( $this->isDeleted( self::DELETED_USER ) ) {
|
||||
public function getUserText( $isPublic = true ) {
|
||||
if( $isPublic && $this->isDeleted( self::DELETED_USER ) ) {
|
||||
return "";
|
||||
} else if( !$this->userCan( self::DELETED_USER ) ) {
|
||||
return "";
|
||||
} else {
|
||||
return $this->mUserText;
|
||||
|
|
@ -470,8 +474,10 @@ class Revision {
|
|||
* Fetch revision comment if it's available to all users
|
||||
* @return string
|
||||
*/
|
||||
function getComment() {
|
||||
if( $this->isDeleted( self::DELETED_COMMENT ) ) {
|
||||
function getComment( $isPublic = true ) {
|
||||
if( $isPublic && $this->isDeleted( self::DELETED_COMMENT ) ) {
|
||||
return "";
|
||||
} else if( !$this->userCan( self::DELETED_COMMENT ) ) {
|
||||
return "";
|
||||
} else {
|
||||
return $this->mComment;
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ class ApiParse extends ApiBase {
|
|||
$this->dieUsage("There is no revision ID $oldid", 'missingrev');
|
||||
if(!$rev->userCan(Revision::DELETED_TEXT))
|
||||
$this->dieUsage("You don't have permission to view deleted revisions", 'permissiondenied');
|
||||
$text = $rev->getRawText();
|
||||
$text = $rev->getText(false);
|
||||
$titleObj = $rev->getTitle();
|
||||
$p_result = $wgParser->parse($text, $titleObj, $popts);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -176,7 +176,7 @@ CONTROL;
|
|||
$change = RecentChange::newFromConds(
|
||||
array(
|
||||
// Add redundant user,timestamp condition so we can use the existing index
|
||||
'rc_user_text' => $this->mNewRev->getRawUserText(),
|
||||
'rc_user_text' => $this->mNewRev->getUserText(false),
|
||||
'rc_timestamp' => $db->timestamp( $this->mNewRev->getTimestamp() ),
|
||||
'rc_this_oldid' => $this->mNewid,
|
||||
'rc_last_oldid' => $this->mOldid,
|
||||
|
|
|
|||
|
|
@ -1223,8 +1223,8 @@ class UndeleteForm {
|
|||
if( !$file->userCan(File::DELETED_USER) ) {
|
||||
return '<span class="history-deleted">' . wfMsgHtml( 'rev-deleted-user' ) . '</span>';
|
||||
} else {
|
||||
$link = $sk->userLink( $file->getRawUser(), $file->getRawUserText() ) .
|
||||
$sk->userToolLinks( $file->getRawUser(), $file->getRawUserText() );
|
||||
$link = $sk->userLink( $file->getUser(false), $file->getUserText(false) ) .
|
||||
$sk->userToolLinks( $file->getUser(false), $file->getUserText(false) );
|
||||
if( $file->isDeleted(File::DELETED_USER) )
|
||||
$link = '<span class="history-deleted">' . $link . '</span>';
|
||||
return $link;
|
||||
|
|
|
|||
Loading…
Reference in a new issue