jenkins-bot has submitted this change and it was merged.
Change subject: Prevent watchlist from becoming public
......................................................................
Prevent watchlist from becoming public
This is a very artificial constraint and can
be deleted at any moment.
Bug: T93161
Change-Id: I752a47340befeea08fcea33adf554543099f65c6
---
M includes/api/ApiEditList.php
1 file changed, 12 insertions(+), 3 deletions(-)
Approvals:
Jdlrobson: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/api/ApiEditList.php b/includes/api/ApiEditList.php
index b630c4b..6af5668 100644
--- a/includes/api/ApiEditList.php
+++ b/includes/api/ApiEditList.php
@@ -223,9 +223,11 @@
* Given an info object, update it with arguments from params, and
return JSON str if changed
* @param stdClass $v
* @param Array $params
+ * @param bool $isWatchlist
* @return string JSON encoded info object in case it changed, or NULL
if update is not needed
+ * @throws \UsageException
*/
- private function updateInfo( stdClass $v, array $params ) {
+ private function updateInfo( stdClass $v, array $params, $isWatchlist )
{
$updated = false;
//
@@ -247,6 +249,13 @@
$updated = true;
}
if ( $params['perm'] !== null && $v->perm !== $params['perm'] )
{
+ if ( $isWatchlist && $params['perm'] !== 'private' ) {
+ // Per team discussion, introducing artificial
limitation for now
+ // until we establish that making watchlist
public would cause no harm.
+ // This check can be deleted at any time since
all other API code supports it.
+ $this->dieUsage( 'Making watchlist public is
not supported for security reasons',
+ 'publicwatchlist' );
+ }
$v->perm = $params['perm'];
$updated = true;
}
@@ -289,7 +298,7 @@
*/
private function createRow( DatabaseBase $dbw, User $user, array
$params, &$isWatchlist ) {
$label = $isWatchlist ? '' : $params['label'];
- $info = $this->updateInfo( new stdClass(), $params );
+ $info = $this->updateInfo( new stdClass(), $params,
$isWatchlist );
$createRow = !$isWatchlist || $info;
if ( $createRow ) {
@@ -348,7 +357,7 @@
$update['gl_label'] = $params['label'];
}
$info = self::parseListInfo( $row->gl_info, $row->gl_id, true );
- $json = $this->updateInfo( $info, $params );
+ $json = $this->updateInfo( $info, $params, $row->gl_label ===
'' );
if ( $json ) {
$update['gl_info'] = $json;
}
--
To view, visit https://gerrit.wikimedia.org/r/197824
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I752a47340befeea08fcea33adf554543099f65c6
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Gather
Gerrit-Branch: master
Gerrit-Owner: Yurik <[email protected]>
Gerrit-Reviewer: Jdlrobson <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
