r9632 - Code Review

From MediaWiki.org

Jump to: navigation, search
Repository:MediaWiki
Revision:r9631 | r9632 (on ViewVC) | r9633 >
Date:06:24, 25 June 2005
Author:vibber
Status:ok
Tags:
Comment:* (bug 996) Replace $wgWhitelistEdit with 'edit' permission; fixup UPGRADE documentation about edit and read whitelists.
Patch by robla: http://bugzilla.wikimedia.org/attachment.cgi?id=645&action=view
plus doc fixes
Modified paths:

Diff [purge]

Index: trunk/phase3/UPGRADE
===================================================================
--- trunk/phase3/UPGRADE	(revision 9631)
+++ trunk/phase3/UPGRADE	(revision 9632)
@@ -48,11 +48,22 @@
 set:
   $wgGroupPermissions['*']['createaccount'] = false;
 
-If $wgWhitelistRead is set, things need to be funked around. This needs work.
+$wgWhitelistEdit has been replaced by the 'edit' permission key.
+To emulate the old effect of setting:
+  $wgWhitelistEdit = true;
+set:
+  $wgGroupPermissions['*']['edit'] = false;
 
-bla bla bla
+If $wgWhitelistRead is set, you must also disable the 'read' permission
+for it to take affect on anonymous users:
+  $wgWhitelistRead = array( "Main Page", "Special:Userlogin" );
+  $wgGroupPermissions['*']['read'] = false;
 
+Note that you can disable/enable several other permissions by modifying
+this configuration array in your LocalSettings.php; see DefaultSettings.php
+for the complete default permission set.
 
+
 === Web installer ===
 
 You can use the web-based installer wizard if you first remove the
Index: trunk/phase3/includes/Parser.php
===================================================================
--- trunk/phase3/includes/Parser.php	(revision 9631)
+++ trunk/phase3/includes/Parser.php	(revision 9632)
@@ -346,8 +346,8 @@
 		#$text = str_replace( $uniq_prefix, wfHtmlEscapeFirst( $uniq_prefix ), $text );
 
 		# html
-		global $wgRawHtml, $wgWhitelistEdit;
-		if( $wgRawHtml && $wgWhitelistEdit ) {
+		global $wgRawHtml;
+		if( $wgRawHtml ) {
 			$text = Parser::extractTags('html', $text, $html_content, $uniq_prefix);
 			foreach( $html_content as $marker => $content ) {
 				if ($render ) {
Index: trunk/phase3/includes/EditPage.php
===================================================================
--- trunk/phase3/includes/EditPage.php	(revision 9631)
+++ trunk/phase3/includes/EditPage.php	(revision 9632)
@@ -135,7 +135,7 @@
 	 * This is the function that gets called for "action=edit".
 	 */
 	function edit() {
-		global $wgOut, $wgUser, $wgWhitelistEdit, $wgRequest;
+		global $wgOut, $wgUser, $wgRequest;
 		// this is not an article
 		$wgOut->setArticleFlag(false);
 
@@ -156,9 +156,14 @@
 			$this->blockedIPpage();
 			return;
 		}
-		if ( $wgUser->isAnon() && $wgWhitelistEdit ) {
-			$this->userNotLoggedInPage();
-			return;
+		if ( !$wgUser->isAllowed('edit') ) {
+			if ( $wgUser->isAnon() ) {
+				$this->userNotLoggedInPage();
+				return;
+			} else {
+				$wgOut->readOnlyPage( $this->mArticle->getContent( true ), true );
+				return;
+			}
 		}
 		if ( wfReadOnly() ) {
 			if( $this->save || $this->preview ) {
@@ -282,7 +287,6 @@
 		global $wgOut, $wgUser;
 		global $wgLang, $wgContLang, $wgParser, $wgTitle;
 		global $wgAllowAnonymousMinor;
-		global $wgWhitelistEdit;
 		global $wgSpamRegex, $wgFilterCallback;
 
 		$sk = $wgUser->getSkin();
@@ -323,10 +327,18 @@
 				$this->blockedIPpage();
 				return;
 			}
-			if ( $wgUser->isAnon() && $wgWhitelistEdit ) {
+
+			if ( !$wgUser->isAllowed('edit') ) {
+				if ( $wgUser->isAnon() ) {
 				$this->userNotLoggedInPage();
 				return;
 			}
+				else {
+					$wgOut->readOnlyPage();
+					return;
+				}
+			}
+
 			if ( wfReadOnly() ) {
 				$wgOut->readOnlyPage();
 				return;
Index: trunk/phase3/includes/DefaultSettings.php
===================================================================
--- trunk/phase3/includes/DefaultSettings.php	(revision 9631)
+++ trunk/phase3/includes/DefaultSettings.php	(revision 9632)
@@ -654,7 +654,6 @@
 #  It's not 100% safe, there could be security hole using that one. Use at your
 # own risks.
 
-$wgWhitelistEdit = false;   # true = user must login to edit.
 $wgWhitelistRead = false;	# Pages anonymous user may see, like: = array ( "Main Page", "Special:Userlogin", "Wikipedia:Help");
 
 $wgAllowAnonymousMinor = false; # Allow anonymous users to mark changes as 'minor'
@@ -675,14 +674,18 @@
  * logged-in users are all implicitly in the 'user' group. These will be
  * combined with the permissions of all groups that a given user is listed
  * in in the user_groups table.
+ *
+ * This replaces wgWhitelistAccount and wgWhitelistEdit
  */
 $wgGroupPermissions = array();
 
 $wgGroupPermissions['*'    ]['createaccount']   = true;
 $wgGroupPermissions['*'    ]['read']            = true;
+$wgGroupPermissions['*'    ]['edit']            = true;
 
 $wgGroupPermissions['user' ]['move']            = true;
 $wgGroupPermissions['user' ]['read']            = true;
+$wgGroupPermissions['user' ]['edit']            = true;
 $wgGroupPermissions['user' ]['upload']          = true;
 
 $wgGroupPermissions['bot'  ]['bot']             = true;
@@ -1160,8 +1163,8 @@
 $wgUserHtml = true;
 
 /** Allow raw, unchecked HTML in <html>...</html> sections.
- * THIS IS VERY DANGEROUS on a publically editable site, so you can't enable it
- * unless you've restricted editing to trusted users only with $wgWhitelistEdit.
+ * THIS IS VERY DANGEROUS on a publically editable site, so USE wgGroupPermissions
+ * TO RESTRICT EDITING to only those that you trust
  */
 $wgRawHtml = false;
 
Index: trunk/phase3/RELEASE-NOTES
===================================================================
--- trunk/phase3/RELEASE-NOTES	(revision 9631)
+++ trunk/phase3/RELEASE-NOTES	(revision 9632)
@@ -332,7 +332,10 @@
 * (bug 2504) Updated the Finnish translation
 * (bug 2506) Updated the Nynorsk translation
 * Everything given to setSubtitle() is now parsed for the full wikisyntax
+* (bug 996) Replace $wgWhitelistEdit with 'edit' permission; fixup UPGRADE
+  documentation about edit and read whitelists.
 
+
 === Caveats ===
 
 Some output, particularly involving user-supplied inline HTML, may not

Status & tagging log

  • 14:05, 18 June 2009 ^demon (Talk | contribs) changed the status of r9632 [removed: new added: ok]
Views
Toolbox