Florianschmidtwelzow has uploaded a new change for review.
https://gerrit.wikimedia.org/r/264699
Change subject: Special:Redirect: Don't redirect to a log entry, where the user
can't see any information
......................................................................
Special:Redirect: Don't redirect to a log entry, where the user can't see any
information
That would be pretty useless, the user should at least see one of
the possible information.
Bug: T71107
Change-Id: I7259afbc58f3aeba23d6a7ddbc99a0afc22d5dce
---
M includes/specials/SpecialRedirect.php
M languages/i18n/en.json
M languages/i18n/qqq.json
3 files changed, 41 insertions(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/99/264699/1
diff --git a/includes/specials/SpecialRedirect.php
b/includes/specials/SpecialRedirect.php
index 328aa11..212bfa9 100644
--- a/includes/specials/SpecialRedirect.php
+++ b/includes/specials/SpecialRedirect.php
@@ -39,6 +39,15 @@
protected $mType;
/**
+ * A custom error message key, which can be set in one of the
+ * dispatch* functions to allow them to set a more detailed/better
+ * error message in case of a failure.
+ *
+ * @var string $mErrorMsgKey
+ */
+ protected $mErrorMsgKey;
+
+ /**
* The identifier/value for the redirect (which id, which file)
*
* @var string $mValue
@@ -177,6 +186,7 @@
$logparams = array(
'log_id',
+ 'log_deleted',
'log_timestamp',
'log_type',
'log_user_text',
@@ -211,7 +221,13 @@
}
}
- array_shift( $logparams );
+ // database fields, which aren't needed for further processing
of the results
+ // (e.g. not appended to the url or used to compare two log
entries)
+ $unnededParams = array(
+ 'log_id',
+ 'log_deleted',
+ );
+ $logparams = array_diff( $logparams, $unnededParams );
// Stores all the rows with the same values in each column
// as $rowMain
@@ -227,6 +243,21 @@
}
$logsSameTimestamps = $matchedRows;
}
+
+ // check, if the user is allowed to see any information of this
log entry
+ if (
+ !LogEventsList::userCanBitfield(
+ $matchedRows[0]->log_deleted,
+ LogPage::DELETED_ACTION,
+ $this->getUser()
+ )
+ ) {
+ // if not, show an error message, that the user doesn't
have the permission
+ // to view this log entry.
+ $this->mErrorMsgKey = 'logentry-suppressed';
+ return null;
+ }
+
$query = array( 'title' => 'Special:Log', 'limit' => count(
$matchedRows ) );
// A map of database field names from table 'logging' to the
values of $logparams
@@ -283,8 +314,13 @@
}
if ( !is_null( $this->mValue ) ) {
$this->getOutput()->setStatusCode( 404 );
- // Message: redirect-not-exists
- $msg = $this->getMessagePrefix() . '-not-exists';
+ // if $mErrorMsgKey was set, use this message instead
of the default one
+ if ( isset( $this->mErrorMsgKey ) ) {
+ $msg = $this->mErrorMsgKey;
+ } else {
+ // Message: redirect-not-exists
+ $msg = $this->getMessagePrefix() .
'-not-exists';
+ }
return Status::newFatal( $msg );
}
diff --git a/languages/i18n/en.json b/languages/i18n/en.json
index f1c354a..25e49a0 100644
--- a/languages/i18n/en.json
+++ b/languages/i18n/en.json
@@ -3729,6 +3729,7 @@
"logentry-suppress-revision": "$1 secretly {{GENDER:$2|changed}}
visibility of {{PLURAL:$5|a revision|$5 revisions}} on page $3: $4",
"logentry-suppress-event-legacy": "$1 secretly {{GENDER:$2|changed}}
visibility of log events on $3",
"logentry-suppress-revision-legacy": "$1 secretly {{GENDER:$2|changed}}
visibility of revisions on page $3",
+ "logentry-suppressed": "The logentry with this ID was suppressed and
you don't have the permission to view any information of it.",
"revdelete-content-hid": "content hidden",
"revdelete-summary-hid": "edit summary hidden",
"revdelete-uname-hid": "username hidden",
diff --git a/languages/i18n/qqq.json b/languages/i18n/qqq.json
index 06f4fe6..df30c8a 100644
--- a/languages/i18n/qqq.json
+++ b/languages/i18n/qqq.json
@@ -3904,6 +3904,7 @@
"logentry-suppress-revision": "{{Logentry}}\n{{Logentryparam}}\n* $5 -
the number of affected revisions of the page $3.",
"logentry-suppress-event-legacy": "{{Logentry}}\n$3 is the name of the
log page inside parenthesis",
"logentry-suppress-revision-legacy": "{{Logentry}}",
+ "logentry-suppressed": "Used on [[Special:Redirect]] as an error
message, if an user wants to get redirected to a suppressed revision, without
the permission to view any information of the log entry.",
"revdelete-content-hid": "Used on\n*
{{msg-mw|logentry-delete-event}}\n* {{msg-mw|logentry-delete-revision}}\n*
{{msg-mw|logentry-suppress-event}}\n* {{msg-mw|logentry-suppress-event}}",
"revdelete-summary-hid": "Used on\n*
{{msg-mw|logentry-delete-event}}\n* {{msg-mw|logentry-delete-revision}}\n*
{{msg-mw|logentry-suppress-event}}\n* {{msg-mw|logentry-suppress-event}}",
"revdelete-uname-hid": "Used on\n* {{msg-mw|logentry-delete-event}}\n*
{{msg-mw|logentry-delete-revision}}\n* {{msg-mw|logentry-suppress-event}}\n*
{{msg-mw|logentry-suppress-event}}",
--
To view, visit https://gerrit.wikimedia.org/r/264699
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I7259afbc58f3aeba23d6a7ddbc99a0afc22d5dce
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Florianschmidtwelzow <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
