(bug 33392) Fix issue where users without permission to add restricted actions could nonetheless remove them. Patch by Nikola Kovacs, with modifications for code style.

https://mediawiki.org/wiki/Special:Code/MediaWiki/110906
2024-11-27 23:40:19 +00:00 · 2012-02-08 01:02:11 +00:00 · 2012-02-08 01:02:11 +00:00 · e2479d45da · 2012-03-12 20:46:25 +00:00
parent d92ef3225e
commit e2479d45da
1 changed files with 12 additions and 5 deletions
--- a/Views/AbuseFilterViewEdit.php
+++ b/Views/AbuseFilterViewEdit.php
@ -53,6 +53,7 @@ class AbuseFilterViewEdit extends AbuseFilterView {
 				array( $newRow->mOriginalRow, $newRow->mOriginalActions )
 			);

+			$origActions = $newRow->mOriginalActions;
 			unset( $newRow->mOriginalRow );
 			unset( $newRow->mOriginalActions );

@ -64,12 +65,18 @@ class AbuseFilterViewEdit extends AbuseFilterView {

 			// Check for restricted actions
 			global $wgAbuseFilterRestrictedActions;
+			$allActions = array_keys( array_merge(
+						array_filter( $actions ),
+						array_filter( $origActions )
+					) );
+
 			if (
-				array_intersect(
-					$wgAbuseFilterRestrictedActions,
-					array_keys( array_filter( $actions ) ) )
-				&& !$user->isAllowed( 'abusefilter-modify-restricted' ) )
-			{
+				count( array_intersect(
+						$wgAbuseFilterRestrictedActions,
+						$allActions
+				) )
+				&& !$user->isAllowed( 'abusefilter-modify-restricted' )
+			) {
 				$out->addHTML(
 					$this->buildFilterEditor(
 						wfMsgExt( 'abusefilter-edit-restricted', 'parse' ),