[Bug 29807] New: Special:PasswordReset listed on Special:SpecialPages when Authplugin allowPasswordChange() is false

bugzilla-daemon Sun, 10 Jul 2011 16:56:58 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=29807


       Web browser: ---
             Bug #: 29807
           Summary: Special:PasswordReset listed on Special:SpecialPages
                    when Authplugin allowPasswordChange() is false
           Product: MediaWiki
           Version: 1.19-svn
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: Special pages
        AssignedTo: [email protected]
        ReportedBy: [email protected]
    Classification: Unclassified


Created attachment 8770
  --> https://bugzilla.wikimedia.org/attachment.cgi?id=8770
Patch includes/specials/SpecialPasswordReset.php

This check is currently done in userCanExecute, but that function performs
other unrelated checks and throws an exception when any occurs.

SpecialPageFactory would call userCanExecute before listing the page, but
PasswordReset is (rightfully) not "restricted".  Even if SpecialPageFactory was
modified to call userCanExecute in all cases, the current implementation in
PasswordReset (and possibly other special pages) will throw an exception.

Therefore, I have implemented the fix by copying the appropriate checks into an
isListed override with return false used instead of exceptions.

Patch attached.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 29807] New: Special:PasswordReset listed on Special:SpecialPages when Authplugin allowPasswordChange() is false

Reply via email to