Maniphest T19832

When blocked, action=delete returns "unknownerror" instead of "permissiondenied"
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Anomie
	Mar 7 2009, 4:08 AM

Description

Add a reset() in Title::getUserPermissionsErrors, so callers can use current() to get the first error.

If a blocked user with the "delete" right tries to delete a page using the API action=delete, the response is "unknownerror" rather than the expected "permissiondenied". The problem is that the API code uses PHP's current() to try to retrieve one error from the returned error array, but $title->getUserPermissionsErrors() leaves the array's internal position in the past-the-end state so current() returns false. FWIW, this seems to have been broken in r36692.

While the API could be changed all over the place to use reset() instead of current(), it seems easier to just add the reset in getUserPermissionsErrors(); the attached patch does just that.

Version: 1.15.x
Severity: normal

Attached:

diff278 BDownload

Details

Reference: bz17832

Event Timeline

• bzimport raised the priority of this task from to Medium.Nov 21 2014, 10:36 PM

• bzimport added a project: MediaWiki-Action-API.

• bzimport set Reference to bz17832.

Anomie created this task.Mar 7 2009, 4:08 AM

(In reply to comment #0)

While the API could be changed all over the place to use reset() instead of
current(), it seems easier to just add the reset in getUserPermissionsErrors();
the attached patch does just that.

Did the former in r48122: the calling code should not make any assumptions about where the array pointer in the returned array is. Using current() makes that assumption, while using reset() doesn't.

Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:43 PM

When blocked, action=delete returns "unknownerror" instead of "permissiondenied"Closed, ResolvedPublicActions

Description

Details

Event Timeline

When blocked, action=delete returns "unknownerror" instead of "permissiondenied"
Closed, ResolvedPublic
Actions