[Mediawiki-l] User Page Editing patch - anon user test deleted
Joshua Yeidel
yeidel at wsu.edu
Thu Sep 1 22:38:51 UTC 2005
MW folk,
A few days ago I posted a patch to Title::userCan() to prevent users from
editing any user page but their own.
I found a small(?) bug in the code and fixed it as documented on meta:
code:
<http://meta.wikimedia.org/w/index.php?title=User:Yeidel#User_Pages_Editable
_Only_By_User>
talk:
<http://meta.wikimedia.org/wiki/User_talk:Yeidel#User_Page_Editing_--_Anon_U
ser_Test_Removed>
I removed from the User Page Editing patch the line
+ && $wgUser->getID() != 0 #not anonymous user
The intention was to protect the following "$wgUser->getName()" from being
undefined if the test were run for anonymous users. However, that's not
really a problem, since $wgUser->getName() returns the IP number for
anonymous users.
In our environment, this line has no impact, since anonymous users are not
permitted to edit anything.
In an environment where anon users can edit, this line would cause the
disqualifying test not to be applied to anon users; thus an anon user could
edit any user page.
It was just a mistake that proved to be harmless in our environment, but
could be a problem if the code were imported into another environment.
More information about the MediaWiki-l
mailing list