Matmarex has uploaded a new change for review.
https://gerrit.wikimedia.org/r/60695
Change subject: (bug 47617) Add $wgCascadingRestrictionLevels
......................................................................
(bug 47617) Add $wgCascadingRestrictionLevels
A page can only be protected with cascading protection if the
requested restriction level is included in this array.
This replaces previously hard-coded values of 'sysop' and 'protect'.
This is necessary, because if any protection could be
cascading, users could who cannot normally protect pages could
"protect" them by transcluding them on protected pages they are
allowed to edit.
Change-Id: I5f8bcc899b46d466161894606cd27bf3b8624bd0
---
M includes/DefaultSettings.php
M includes/WikiPage.php
2 files changed, 19 insertions(+), 4 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/95/60695/1
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index c198081..b58aab7 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -4044,6 +4044,21 @@
$wgRestrictionLevels = array( '', 'autoconfirmed', 'sysop' );
/**
+ * Restriction levels that can be used with cascading protection
+ *
+ * A page can only be protected with cascading protection if the
+ * requested restriction level is included in this array.
+ *
+ * This is intended to prevent abuse - if any protection could be
+ * cascading, users could who cannot normally protect pages could
+ * "protect" them by transcluding them on protected pages they are
+ * allowed to edit.
+ *
+ * Includes both 'sysop' and 'protect' for backwards compatibility.
+ */
+$wgCascadingRestrictionLevels = array( 'protect', 'sysop' );
+
+/**
* Set the minimum permissions required to edit pages in each
* namespace. If you list more than one permission, a user must
* have all of them to edit pages in that namespace.
diff --git a/includes/WikiPage.php b/includes/WikiPage.php
index 39a71ad..5674be8 100644
--- a/includes/WikiPage.php
+++ b/includes/WikiPage.php
@@ -2228,7 +2228,7 @@
* @return Status
*/
public function doUpdateRestrictions( array $limit, array $expiry,
&$cascade, $reason, User $user ) {
- global $wgContLang;
+ global $wgContLang, $wgCascadingRestrictionLevels;
if ( wfReadOnly() ) {
return Status::newFatal( 'readonlytext',
wfReadOnlyReason() );
@@ -2351,12 +2351,12 @@
return Status::newGood();
}
- // Only restrictions with the 'protect' right can
cascade...
- // Otherwise, people who cannot normally protect can
"protect" pages via transclusion
+ // Only certain restrictions can cascade... Otherwise,
users who cannot normally protect pages
+ // could "protect" them by transcluding them on
protected pages they are allowed to edit.
$editrestriction = isset( $limit['edit'] ) ? array(
$limit['edit'] ) : $this->mTitle->getRestrictions( 'edit' );
// The schema allows multiple restrictions
- if ( !in_array( 'protect', $editrestriction ) &&
!in_array( 'sysop', $editrestriction ) ) {
+ if ( array_intersect( $editrestriction,
$wgCascadingRestrictionLevels ) !== $editrestriction ) {
$cascade = false;
}
--
To view, visit https://gerrit.wikimedia.org/r/60695
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I5f8bcc899b46d466161894606cd27bf3b8624bd0
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Matmarex <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
