Page MenuHomePhabricator
Create Task
Maniphest T10759

Disallow rollback when the user is unable to edit the page
Closed, ResolvedPublic
Actions

Description

Author: tderouin

Description:
Hi,

I've been able to reproduce this on MW 1.8.3. If your wiki configuration allows
regular users on a wiki to be able to rollback edits, they are able to rollback
edits on protected pages, even though they can't directly edit them.

I fixed this on our site by changing Article:rollback by adding:

if ( ! $this->mTitle->userCanEdit() ) {
    wfDebug( "$fname: user can't edit\n" );
    $wgOut->readOnlyPage( $this->mArticle->getContent(), true );
    wfProfileOut( $fname );
    return;
}

to the function rollback and changing in DifferenceEngine.php on line 150 from:

if ( $this->mNewRev->isCurrent() && $wgUser->isAllowed('rollback') ) {

to

if ( $this->mNewRev->isCurrent() && $wgUser->isAllowed('rollback') &&
$this->mTitle->userCanEdit()) {

Version: unspecified
Severity: normal

Details

Reference
bz8759

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:31 PM
bzimport added a project: MediaWiki-Page-editing.
bzimport set Reference to bz8759.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Jan 24 2007, 8:40 PM
werdna added a comment.Sep 10 2007, 7:48 AM

Fixed in r25719, with a different patch.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL