Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Paste
P7944
Fix for T212118 (PS2)
Active
Public
Actions
Authored by
LucasWerkmeister
on Dec 31 2018, 12:41 PM.
Edit Paste
Archive Paste
View Raw File
Subscribe
Mute Notifications
Award Token
Flag For Later
Tags
acl*security
MediaWiki-Recent-changes
MediaWiki-Action-API
Referenced Files
F27763665: Fix for T212118 (PS2)
Dec 31 2018, 12:41 PM
2018-12-31 12:41:31 (UTC+0)
Subscribers
Anomie
Krinkle
Ladsgroup
From e7ce9090b580ecc9b9a4d84dc5dbfa072683fe65 Mon Sep 17 00:00:00 2001
From: Lucas Werkmeister <mail@lucaswerkmeister.de>
Date: Mon, 17 Dec 2018 14:02:39 +0100
Subject: [PATCH] Fix cache mode for (un)patrolled recent changes query
Restricting the list of recent changes to patrolled, not patrolled,
autopatrolled, not autopatrolled, or unpatrolled recent changes requires
special permissions (as does displaying that status in the properties of
returned entries), but we only set the cache mode to private in the
first two cases.
Bug: T212118
Change-Id: I4c3fe6e47f80ebf97fa37875c704328d08772d26
---
includes/api/ApiQueryRecentChanges.php | 28 ++++++++++++++++----------
1 file changed, 17 insertions(+), 11 deletions(-)
diff --git a/includes/api/ApiQueryRecentChanges.php b/includes/api/ApiQueryRecentChanges.php
index 7c6b4634e5..2ceeb3d604 100644
--- a/includes/api/ApiQueryRecentChanges.php
+++ b/includes/api/ApiQueryRecentChanges.php
@@ -214,12 +214,7 @@ public function run( $resultPageSet = null ) {
}
// Check permissions
- if ( isset( $show['patrolled'] )
- || isset( $show['!patrolled'] )
- || isset( $show['unpatrolled'] )
- || isset( $show['autopatrolled'] )
- || isset( $show['!autopatrolled'] )
- ) {
+ if ( $this->includesPatrollingFlags( $show ) ) {
if ( !$user->useRCPatrol() && !$user->useNPPatrol() ) {
$this->dieWithError( 'apierror-permissiondenied-patrolflag', 'permissiondenied' );
}
@@ -642,12 +637,23 @@ public function extractRowInfo( $row ) {
return $vals;
}
+ /**
+ * @param array $flagsArray flipped array (string flags are keys)
+ * @return bool
+ */
+ private function includesPatrollingFlags( array $flagsArray ) {
+ return isset( $flagsArray['patrolled'] ) ||
+ isset( $flagsArray['!patrolled'] ) ||
+ isset( $flagsArray['unpatrolled'] ) ||
+ isset( $flagsArray['autopatrolled'] ) ||
+ isset( $flagsArray['!autopatrolled'] );
+ }
+
public function getCacheMode( $params ) {
- if ( isset( $params['show'] ) ) {
- foreach ( $params['show'] as $show ) {
- if ( $show === 'patrolled' || $show === '!patrolled' ) {
- return 'private';
- }
+ if ( isset( $params['show'] ) &&
+ $this->includesPatrollingFlags( array_flip( $params['show'] ) )
+ ) {
+ return 'private';
}
}
if ( isset( $params['token'] ) ) {
--
2.19.1
Event Timeline
LucasWerkmeister
created this paste.
Dec 31 2018, 12:41 PM
2018-12-31 12:41:31 (UTC+0)
LucasWerkmeister
mentioned this in
T212118: API responses for unpatrolled or (not) autopatrolled recent changes require privileges but may be cached publicly
.
LucasWerkmeister
changed the visibility from "Subscribers" to "Public (No Login Required)".
Jun 12 2019, 9:56 AM
2019-06-12 09:56:15 (UTC+0)
Log In to Comment