https://bugzilla.wikimedia.org/show_bug.cgi?id=17963
Summary: SkinTemplate.php's buildContentActionUrls() ignores
protection for article and talk pages
Product: MediaWiki
Version: 1.15-svn
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: Normal
Component: Page protection
AssignedTo: wikibugs-l@lists.wikimedia.org
ReportedBy: jida...@jidanni.org
SkinTemplate.php's buildContentActionUrls ignores protection for
article and talk pages.
It should be updated to deal with today's $wgNamespaceProtection etc.
You see, users are given (red)links to go edit Article and Talk pages
that they cannot possibly edit.
Users should not be even given any link at all, for pages that don't
exist and they have no rights to create.
In SkinTemplate.php let's take a look at this part of function
buildContentActionUrls:
if( $this->iscontent ) {
$subjpage = $this->mTitle->getSubjectPage();
$talkpage = $this->mTitle->getTalkPage();
$nskey = $this->mTitle->getNamespaceKey();
$content_actions[$nskey] = $this->tabAction(
$subjpage,$nskey,!$this->mTitle->isTalkPage() &&
!$prevent_active_tabs,'',true);
$content_actions['talk'] = $this->tabAction($talkpage,'talk',
$this->mTitle->isTalkPage() && !$prevent_active_tabs,'',true);
if($this->mTitle->quickUserCan('edit')&&($this->mTitle->exists()||$this->mTitle->quickUserCan('create'))){
Well, the two $content_actions unfortunately come BEFORE the
quickUserCan tests.
This means the user could get (red)links to pages he cannot possibly create.
Also he will get redlinks to pages he cannot possibly edit, if they
already exist.
Case in point: In LocalSettings.php we set
$wgNamespaceProtection[NS_CATEGORY]=$wgNamespaceProtection[NS_CATEGORY_TALK]=array('editinterface');}
So, e.g., browsing a category page (with members, but no content), he
sees two redlinks, one to the category page itself, and one to the
category page's talk page (which doesn't exist.)
Well, he shouldn't see any link at all to the talk page.
And he should see a blue link to the category page itself.
And if he browses to a URL which doesn't exist, no talk page too, and he has no
rights... he should see no tabs at all.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
