https://bugzilla.wikimedia.org/show_bug.cgi?id=47617
Krinkle <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED CC| |[email protected] Resolution|FIXED |--- Target Milestone|--- |1.22.0 release --- Comment #4 from Krinkle <[email protected]> --- Quoted from commit message: > This is necessary, because if any protection could be > cascading, users could who cannot normally protect pages could > "protect" them by transcluding them on protected pages they are > allowed to edit. Please elaborate on this, especially with regards to the following part of the change: @@ function buildCleanupScript() { - global $wgRestrictionLevels, $wgOut; + global $wgRestrictionLevels, $wgCascadingRestrictionLevels, $wgOut; - - $cascadeableLevels = array(); - foreach ( $wgRestrictionLevels as $key ) { - if ( User::groupHasPermission( $key, 'protect' ) - || $key == 'protect' - ) { - $cascadeableLevels[] = $key; - } - } + + $cascadeableLevels = $wgCascadingRestrictionLevels; It now no longer verifies that the values in cascadeable levels are names of user groups that have the "protect" right. Doesn't that cause a situation exactly like the one you appear to be trying to prevent? Also, from looking at the code, contrary to the commit message it is not hardcoded to 'sysop'. On the contrary, it is dynamically constructed based on wgRestrictionLevels and filtered to only include groups that have the 'protect' right. If I'm reading the use case explained in this bug and in the commit message correctly, it seems that this is already possible without this change. Re-opening with 1.22 milestone to prevent forgetting about this before release. Feel free to re-close. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
