Author: tderouin
Description:
Hi,
I've been able to reproduce this on MW 1.8.3. If your wiki configuration allows
regular users on a wiki to be able to rollback edits, they are able to rollback
edits on protected pages, even though they can't directly edit them.
I fixed this on our site by changing Article:rollback by adding:
if ( ! $this->mTitle->userCanEdit() ) { wfDebug( "$fname: user can't edit\n" ); $wgOut->readOnlyPage( $this->mArticle->getContent(), true ); wfProfileOut( $fname ); return; }
to the function rollback and changing in DifferenceEngine.php on line 150 from:
if ( $this->mNewRev->isCurrent() && $wgUser->isAllowed('rollback') ) {
to
if ( $this->mNewRev->isCurrent() && $wgUser->isAllowed('rollback') &&
$this->mTitle->userCanEdit()) {
Version: unspecified
Severity: normal