Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Paste
P7921
Fix for T212118 (PS1)
Active
Public
Actions
Authored by
LucasWerkmeister
on Dec 17 2018, 1:04 PM.
Edit Paste
Archive Paste
View Raw File
Subscribe
Mute Notifications
Award Token
Flag For Later
Tags
acl*security
MediaWiki-Recent-changes
MediaWiki-Action-API
Referenced Files
F27611604: Fix for T212118
Dec 17 2018, 1:04 PM
2018-12-17 13:04:59 (UTC+0)
Subscribers
Anomie
Krinkle
•
Ladsgroup
From 0cd5bf5623c40bf22be7b2309be504ee118b9674 Mon Sep 17 00:00:00 2001
From: Lucas Werkmeister <mail@lucaswerkmeister.de>
Date: Mon, 17 Dec 2018 14:02:39 +0100
Subject: [PATCH] Fix cache mode for (un)patrolled recent changes query
Restricting the list of recent changes to patrolled, not patrolled,
autopatrolled, not autopatrolled, or unpatrolled recent changes requires
special permissions (as does displaying that status in the properties of
returned entries), but we only set the cache mode to private in the
first two cases.
Bug: T212118
Change-Id: I4c3fe6e47f80ebf97fa37875c704328d08772d26
---
includes/api/ApiQueryRecentChanges.php | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)
diff --git a/includes/api/ApiQueryRecentChanges.php b/includes/api/ApiQueryRecentChanges.php
index 7c6b4634e5..1c79af1802 100644
--- a/includes/api/ApiQueryRecentChanges.php
+++ b/includes/api/ApiQueryRecentChanges.php
@@ -214,12 +214,7 @@ public function run( $resultPageSet = null ) {
}
// Check permissions
- if ( isset( $show['patrolled'] )
- || isset( $show['!patrolled'] )
- || isset( $show['unpatrolled'] )
- || isset( $show['autopatrolled'] )
- || isset( $show['!autopatrolled'] )
- ) {
+ if ( $this->includesPatrollingFlags( $show ) ) {
if ( !$user->useRCPatrol() && !$user->useNPPatrol() ) {
$this->dieWithError( 'apierror-permissiondenied-patrolflag', 'permissiondenied' );
}
@@ -642,12 +637,22 @@ public function extractRowInfo( $row ) {
return $vals;
}
+ /**
+ * @param array $flagsArray flipped array (string flags are keys)
+ * @return bool
+ */
+ private function includesPatrollingFlags( array $flagsArray ) {
+ return isset( $flagsArray['patrolled'] ) ||
+ isset( $flagsArray['!patrolled'] ) ||
+ isset( $flagsArray['unpatrolled'] ) ||
+ isset( $flagsArray['autopatrolled'] ) ||
+ isset( $flagsArray['!autopatrolled'] );
+ }
+
public function getCacheMode( $params ) {
if ( isset( $params['show'] ) ) {
- foreach ( $params['show'] as $show ) {
- if ( $show === 'patrolled' || $show === '!patrolled' ) {
- return 'private';
- }
+ if ( $this->includesPatrollingFlags( array_flip( $params['show'] ) ) ) {
+ return 'private';
}
}
if ( isset( $params['token'] ) ) {
--
2.19.1
Event Timeline
LucasWerkmeister
created this paste.
Dec 17 2018, 1:04 PM
2018-12-17 13:04:59 (UTC+0)
LucasWerkmeister
mentioned this in
T212118: API responses for unpatrolled or (not) autopatrolled recent changes require privileges but may be cached publicly
.
LucasWerkmeister
changed the title of this paste from
Fix for T212118
to
Fix for T212118 (PS1)
.
Dec 31 2018, 12:41 PM
2018-12-31 12:41:13 (UTC+0)
LucasWerkmeister
changed the visibility from "Subscribers" to "Public (No Login Required)".
Jun 12 2019, 9:55 AM
2019-06-12 09:55:41 (UTC+0)
Log In to Comment