RevisionRecord documentation: getSlots() bypasses audience check.
Bug: T235168 Change-Id: I768a64bf20a3501089ec84de96c9e79c9673dd21
This commit is contained in:
daniel
Mobrovac
parent
b860f171ed
commit
bae2d82f70
2 changed files with 14 additions and 2 deletions
|
|
@ -185,7 +185,7 @@ abstract class RevisionRecord {
|
|||
*
|
||||
* @throws RevisionAccessException if the slot does not exist or slot data
|
||||
* could not be lazy-loaded.
|
||||
* @return SlotRecord The slot meta-data. If access to the slot content is forbidden,
|
||||
* @return SlotRecord The slot meta-data. If access to the slot's content is forbidden,
|
||||
* calling getContent() on the SlotRecord will throw an exception.
|
||||
*/
|
||||
public function getSlot( $role, $audience = self::FOR_PUBLIC, User $user = null ) {
|
||||
|
|
@ -222,6 +222,12 @@ abstract class RevisionRecord {
|
|||
/**
|
||||
* Returns the slots defined for this revision.
|
||||
*
|
||||
* @note This provides access to slot content with no audience checks applied.
|
||||
* Calling getContent() on the RevisionSlots object returned here, or on any
|
||||
* SlotRecord it returns from getSlot(), will not fail due to access restrictions.
|
||||
* If audience checks are desired, use getSlot( $role, $audience, $user )
|
||||
* or getContent( $role, $audience, $user ) instead.
|
||||
*
|
||||
* @return RevisionSlots
|
||||
*/
|
||||
public function getSlots() {
|
||||
|
|
|
|||
|
|
@ -29,6 +29,10 @@ use Wikimedia\Assert\Assert;
|
|||
/**
|
||||
* Value object representing the set of slots belonging to a revision.
|
||||
*
|
||||
* @note RevisionSlots provides "raw" access to the slots and does not apply audience checks.
|
||||
* If audience checks are desired, use RevisionRecord::getSlot() or RevisionRecord::getContent()
|
||||
* instead.
|
||||
*
|
||||
* @since 1.31
|
||||
* @since 1.32 Renamed from MediaWiki\Storage\RevisionSlots
|
||||
*/
|
||||
|
|
@ -82,10 +86,12 @@ class RevisionSlots {
|
|||
* Note that for mutable Content objects, each call to this method will return a
|
||||
* fresh clone.
|
||||
*
|
||||
* @see SlotRecord::getContent()
|
||||
*
|
||||
* @param string $role The role name of the desired slot
|
||||
*
|
||||
* @throws RevisionAccessException if the slot does not exist or slot data
|
||||
* could not be lazy-loaded.
|
||||
* could not be lazy-loaded. See SlotRecord::getContent() for details.
|
||||
* @return Content
|
||||
*/
|
||||
public function getContent( $role ) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue