Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "Enforce concealment of hidden RelevantUser at Skin level"

Browse source
This commit is contained in:
jenkins-bot 2021-03-08 17:10:15 +00:00 committed by Gerrit Code Review
commit c58f3ba2e9
4 changed files with 41 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
includes/OutputPage.php
View file

@ -3278,7 +3278,6 @@ class OutputPage extends ContextSource {
// Get the relevant title so that AJAX features can use the correct page name // Get the relevant title so that AJAX features can use the correct page name
// when making API requests from certain special pages (T36972). // when making API requests from certain special pages (T36972).
$relevantTitle = $sk->getRelevantTitle(); $relevantTitle = $sk->getRelevantTitle();
$relevantUser = $sk->getRelevantUser();
if ( $ns === NS_SPECIAL ) { if ( $ns === NS_SPECIAL ) {
list( $canonicalSpecialPageName, /*...*/ ) = list( $canonicalSpecialPageName, /*...*/ ) =
@ -3379,11 +3378,9 @@ class OutputPage extends ContextSource {
if ( $title->isMainPage() ) { if ( $title->isMainPage() ) {
$vars['wgIsMainPage'] = true; $vars['wgIsMainPage'] = true;
} }
if ( $relevantUser && ( !$relevantUser->isHidden() ||
$this->getAuthority()->isAllowed( 'hideuser' ) ) $relevantUser = $sk->getRelevantUser();
) { if ( $relevantUser ) {
// T120883 if the user is hidden and the viewer cannot see
// hidden users, pretend like it does not exist at all.
$vars['wgRelevantUserName'] = $relevantUser->getName(); $vars['wgRelevantUserName'] = $relevantUser->getName();
} }
// End of stable config vars // End of stable config vars

51
includes/skins/Skin.php
View file

@ -52,6 +52,10 @@ abstract class Skin extends ContextSource {
*/ */
protected $options = []; protected $options = [];
protected $mRelevantTitle = null; protected $mRelevantTitle = null;
/**
* @var User|null
*/
protected $mRelevantUser = null; protected $mRelevantUser = null;
/** /**
@ -415,7 +419,7 @@ abstract class Skin extends ContextSource {
* @see self::getRelevantUser() * @see self::getRelevantUser()
* @param User $u * @param User $u
*/ */
public function setRelevantUser( $u ) { public function setRelevantUser( User $u ) {
$this->mRelevantUser = $u; $this->mRelevantUser = $u;
} }
@ -425,31 +429,40 @@ abstract class Skin extends ContextSource {
* Special:Contributions mark the user which they are relevant to so that * Special:Contributions mark the user which they are relevant to so that
* things like the toolbox can display the information they usually are only * things like the toolbox can display the information they usually are only
* able to display on a user's userpage and talkpage. * able to display on a user's userpage and talkpage.
* @return User *
* @return User|null Null if there's no relevant user or the viewer cannot view it.
*/ */
public function getRelevantUser() { public function getRelevantUser() {
if ( isset( $this->mRelevantUser ) ) { if ( $this->mRelevantUser === null ) {
return $this->mRelevantUser; $title = $this->getRelevantTitle();
} if ( $title->hasSubjectNamespace( NS_USER ) ) {
$title = $this->getRelevantTitle(); $rootUser = $title->getRootText();
if ( $title->hasSubjectNamespace( NS_USER ) ) { if ( User::isIP( $rootUser ) ) {
$rootUser = $title->getRootText(); $this->mRelevantUser = User::newFromName( $rootUser, false );
if ( User::isIP( $rootUser ) ) { } else {
$this->mRelevantUser = User::newFromName( $rootUser, false ); $user = User::newFromName( $rootUser, false );
} else {
$user = User::newFromName( $rootUser, false );
if ( $user ) { if ( $user ) {
$user->load( User::READ_NORMAL ); $user->load( User::READ_NORMAL );
$this->mRelevantUser = $user->isRegistered() ? $user : null;
if ( $user->isRegistered() ) {
$this->mRelevantUser = $user;
} }
} }
} }
return $this->mRelevantUser;
} }
return null;
$pm = MediaWikiServices::getInstance()->getPermissionManager();
// The relevant user should only be set if it exists. However, if it exists but is hidden,
// and the viewer cannot see hidden users, this exposes the fact that the user exists;
// pretend like the user does not exist in such cases, by setting it to null. T120883
if ( $this->mRelevantUser
&& $this->mRelevantUser->isRegistered()
&& $this->mRelevantUser->isHidden()
&& !$pm->userHasRight( $this->getUser(), 'hideuser' )
) {
return null;
}
return $this->mRelevantUser;
} }
/** /**

4
includes/specials/SpecialListFiles.php
View file

@ -123,7 +123,9 @@ class SpecialListFiles extends IncludableSpecialPage {
$out->addParserOutputContent( $pager->getBodyOutput() ); $out->addParserOutputContent( $pager->getBodyOutput() );
} else { } else {
$user = $pager->getRelevantUser(); $user = $pager->getRelevantUser();
$this->getSkin()->setRelevantUser( $user ); if ( $user ) {
$this->getSkin()->setRelevantUser( $user );
}
$pager->getForm(); $pager->getForm();
$out->addParserOutputContent( $pager->getFullOutput() ); $out->addParserOutputContent( $pager->getFullOutput() );
} }

4
includes/specials/SpecialLog.php
View file

@ -256,7 +256,9 @@ class SpecialLog extends SpecialPage {
# Set relevant user # Set relevant user
if ( $pager->getPerformer() ) { if ( $pager->getPerformer() ) {
$performerUser = User::newFromName( $pager->getPerformer(), false ); $performerUser = User::newFromName( $pager->getPerformer(), false );
$this->getSkin()->setRelevantUser( $performerUser ); if ( $performerUser ) {
$this->getSkin()->setRelevantUser( $performerUser );
}
} }
# Show form options # Show form options