User "Krinkle" posted a comment on MediaWiki.r93813. Full URL: https://secure.wikimedia.org/wikipedia/mediawiki/wiki/Special:Code/MediaWiki/93813#c20659 Commit summary:
Don't show AFT if user is both logged out and on action=purge, because in that scenario there is no article being shown (instead, in such scenario the user sees a form with a button to clear the cache, which is then redirected back to the article (action=view). This bug was fairly rare though, since the MediaWiki interface doesn't contain any links to action=purge for logged-out users (or even logged-in users for that matter), but some gadgets and templates do link to it. Resolves bug 30100 - Hide AFT for anonymous users on purge action. Comment: It can't be replicated to ApiArticleFeedback.php as as the action is not a page or revision property, it's simply the current view of the article. Even if the API request would run in the same request context, it's still trivial to circumvent it by changing wgAction from the console or by going to a different url (eg. reading the article and rating the article there), so it's not like someone is able to rate an article that was otherwise not ratable (which is the purpose of the check in ApiArticleFeedback.php). For the same reason the original wgAction-check here wasn't in ApiArticleFeedback.php either. Thanks for the typo-catch, fixed in r94330. _______________________________________________ MediaWiki-CodeReview mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
