[MediaWiki-commits] [Gerrit] mediawiki/core[master]: Ensure users are able to edit the page after changing the co...
jenkins-bot has submitted this change and it was merged.
Change subject: Ensure users are able to edit the page after changing the
content model
..
Ensure users are able to edit the page after changing the content model
It is possible for page restrictions to be dependent upon the content
model a page. The best example of this is user JavaScript and CSS
subpages. This adds a Title::setContentModel() function which allows
mocking a Title's content model for the purpose of permission checks.
EditPage and Special:ChangeContentModel were updated to ensure the user
can edit the page with the newly proposed content model before making
the change.
Title::$mContentModel was made private to make sure nothing else mucks
around with it. There were no uses outside of Title anyways.
Bug: T145316
Change-Id: I28c46f408cadf65ed1868401cd00dc15e5acd2fe
---
M includes/EditPage.php
M includes/Title.php
M includes/specials/SpecialChangeContentModel.php
3 files changed, 54 insertions(+), 10 deletions(-)
Approvals:
Aaron Schulz: Looks good to me, approved
Legoktm: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/EditPage.php b/includes/EditPage.php
index 7e4e411..41b9865 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -1838,8 +1838,17 @@
} elseif ( !$wgUser->isAllowed( 'editcontentmodel' ) ) {
$status->setResult( false,
self::AS_NO_CHANGE_CONTENT_MODEL );
return $status;
-
}
+ // Make sure the user can edit the page under the new
content model too
+ $titleWithNewContentModel = clone $this->mTitle;
+ $titleWithNewContentModel->setContentModel(
$this->contentModel );
+ if ( !$titleWithNewContentModel->userCan(
'editcontentmodel', $wgUser )
+ || !$titleWithNewContentModel->userCan( 'edit',
$wgUser )
+ ) {
+ $status->setResult( false,
self::AS_NO_CHANGE_CONTENT_MODEL );
+ return $status;
+ }
+
$changingContentModel = true;
$oldContentModel = $this->mTitle->getContentModel();
}
diff --git a/includes/Title.php b/includes/Title.php
index 3475b26..16c715d 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -91,7 +91,13 @@
* @var bool|string ID of the page's content model, i.e. one of the
* CONTENT_MODEL_XXX constants
*/
- public $mContentModel = false;
+ private $mContentModel = false;
+
+ /**
+* @var bool If a content model was forced via setContentModel()
+* this will be true to avoid having other code paths reset it
+*/
+ private $mForcedContentModel = false;
/** @var int Estimated number of revisions; null of not loaded */
private $mEstimateRevisions;
@@ -467,9 +473,9 @@
if ( isset( $row->page_latest ) ) {
$this->mLatestID = (int)$row->page_latest;
}
- if ( isset( $row->page_content_model ) ) {
+ if ( !$this->mForcedContentModel && isset(
$row->page_content_model ) ) {
$this->mContentModel = strval(
$row->page_content_model );
- } else {
+ } elseif ( !$this->mForcedContentModel ) {
$this->mContentModel = false; # initialized
lazily in getContentModel()
}
if ( isset( $row->page_lang ) ) {
@@ -483,7 +489,9 @@
$this->mLength = 0;
$this->mRedirect = false;
$this->mLatestID = 0;
- $this->mContentModel = false; # initialized lazily in
getContentModel()
+ if ( !$this->mForcedContentModel ) {
+ $this->mContentModel = false; # initialized
lazily in getContentModel()
+ }
}
}
@@ -921,8 +929,9 @@
* @return string Content model id
*/
public function getContentModel( $flags = 0 ) {
- if ( ( !$this->mContentModel || $flags ===
Title::GAID_FOR_UPDATE ) &&
- $this->getArticleID( $flags )
+ if ( !$this->mForcedContentModel
+ && ( !$this->mContentModel || $flags ===
Title::GAID_FOR_UPDATE )
+ && $this->getArticleID( $flags )
) {
$linkCache = LinkCache::singleton();
$linkCache->addLinkObj( $this ); # in case we already
had an article ID
@@ -947,6 +956,22 @@
}
[MediaWiki-commits] [Gerrit] mediawiki/core[master]: Ensure users are able to edit the page after changing the co...
Legoktm has uploaded a new change for review.
https://gerrit.wikimedia.org/r/309815
Change subject: Ensure users are able to edit the page after changing the
content model
..
Ensure users are able to edit the page after changing the content model
It is possible for page restrictions to be dependent upon the content
model a page. The best example of this is user JavaScript and CSS
subpages. This adds a Title::setContentModel() function which allows
mocking a Title's content model for the purpose of permission checks.
EditPage and Special:ChangeContentModel were updated to ensure the user
can edit the page with the newly proposed content model before making
the change.
Bug: T145316
Change-Id: I28c46f408cadf65ed1868401cd00dc15e5acd2fe
---
M includes/EditPage.php
M includes/Title.php
M includes/specials/SpecialChangeContentModel.php
3 files changed, 35 insertions(+), 4 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/15/309815/1
diff --git a/includes/EditPage.php b/includes/EditPage.php
index 7e4e411..dce6c44 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -1838,8 +1838,16 @@
} elseif ( !$wgUser->isAllowed( 'editcontentmodel' ) ) {
$status->setResult( false,
self::AS_NO_CHANGE_CONTENT_MODEL );
return $status;
-
}
+ // Make sure the user can edit the page under the new
content
+ // model too.
+ $titleWithNewContentModel = clone $this->mTitle;
+ $titleWithNewContentModel->setContentModel(
$this->contentModel );
+ if ( !$titleWithNewContentModel->userCan( 'edit',
$wgUser ) ) {
+ $status->setResult( false,
self::AS_NO_CHANGE_CONTENT_MODEL );
+ return $status;
+ }
+
$changingContentModel = true;
$oldContentModel = $this->mTitle->getContentModel();
}
diff --git a/includes/Title.php b/includes/Title.php
index 3475b26..333dd53 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -947,6 +947,21 @@
}
/**
+* Set a proposed content model for the page for permissions
+* checking. This does not actually change the content model
+* of a title!
+*
+* Additionally, you should make sure you've checked
+* ContentHandler::canBeUsedOn() first.
+*
+* @since 1.28
+* @param string $model CONTENT_MODEL_XXX constant
+*/
+ public function setContentModel( $model ) {
+ $this->mContentModel = $model;
+ }
+
+ /**
* Get the namespace text
*
* @return string Namespace text
diff --git a/includes/specials/SpecialChangeContentModel.php
b/includes/specials/SpecialChangeContentModel.php
index b37c475..6e252cc 100644
--- a/includes/specials/SpecialChangeContentModel.php
+++ b/includes/specials/SpecialChangeContentModel.php
@@ -156,10 +156,18 @@
}
$this->title = Title::newFromText( $data['pagetitle'] );
+ $titleWithNewContentModel = clone $this->title;
+ $titleWithNewContentModel->setContentModel( $data['model'] );
$user = $this->getUser();
- // Check permissions and make sure the user has permission to
edit the specific page
- $errors = $this->title->getUserPermissionsErrors(
'editcontentmodel', $user );
- $errors = wfMergeErrorArrays( $errors,
$this->title->getUserPermissionsErrors( 'edit', $user ) );
+ // Check permissions and make sure the user has permission to:
+ $errors = wfMergeErrorArrays(
+ // edit the contentmodel of the page
+ $this->title->getUserPermissionsErrors(
'editcontentmodel', $user ),
+ // edit the page under the old content model
+ $this->title->getUserPermissionsErrors( 'edit', $user ),
+ // edit the page under the new content model
+ $titleWithNewContentModel->getUserPermissionsErrors(
'edit', $user )
+ );
if ( $errors ) {
$out = $this->getOutput();
$wikitext = $out->formatPermissionsErrorMessage(
$errors );
--
To view, visit https://gerrit.wikimedia.org/r/309815
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I28c46f408cadf65ed1868401cd00dc15e5acd2fe
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Legoktm
___
MediaWiki-commits
