Author: alan.harder
Description:
In 1.5.7 and current CVS it appears that $wgOnlySysopsCanPatrol is not defined
anywhere by default. Also, the logic in the places that determine if the user
can patrol doesn't seem to work as intended:
$wgUser->isAllowed('patrol') || !$wgOnlySysopsCanPatrolThis expression is always true if $wgOnlySysopsCanPatrol is unset/false.. thus
the remaining part of the "if" expression (not shown here) controls whether a
user can patrol, and isAllowed('patrol') has no effect.. end result: all logged
in users can patrol.
Also, one place in DifferenceEngine.php checks rollback right instead of patrol.
- MediaWiki: 1.5.7
- PHP: 4.4.2-1 (apache2handler)
- MySQL: 4.1.15-Debian_1-log
See attached patch for our fix (patch for CVS).. with the setting in
$wgGroupPermissions I didn't see the need for this global, so I removed it.
Also didn't see a need for the extra isLoggedIn check each time.. just checking
isAllowed seems sufficient.
Without this global I didn't know what to put for the 3rd parameter to
MarkPatrolled and MarkPatrolledComplete hooks, so I changed those to false.
Version: 1.6.x
Severity: normal
URL: http://codex.gallery2.org/