# HG changeset patch # User Dan # Date 1261107752 18000 # Node ID d42d46e13b36233c8119329c323fc85d5961691d # Parent 71cb87b7dc3f510c28ebdc1890e1bb8b44a1a072 Fixed php_in_pages out-of-scope error in Special:UploadFile; modified RenderMan::preprocess_text() to take a permissions object for any page diff -r 71cb87b7dc3f -r d42d46e13b36 includes/render.php --- a/includes/render.php Thu Dec 17 04:31:55 2009 -0500 +++ b/includes/render.php Thu Dec 17 22:42:32 2009 -0500 @@ -917,8 +917,9 @@ * @param bool $strip_all_php - if true, strips all PHP regardless of user permissions. Else, strips PHP only if user level < USER_LEVEL_ADMIN. Defaults to true. * @param bool $sqlescape - if true, sends text through $db->escape(). Otherwise returns unescaped text. Defaults to true. * @param bool $reduceheadings - if true, finds HTML headings and replaces them with wikitext. Else, does not touch headings. Defaults to true. + * @param Session_ACLPageInfo Optional permissions instance to check against, $session is used if not provided */ - public static function preprocess_text($text, $strip_all_php = true, $sqlescape = true, $reduceheadings = true) + public static function preprocess_text($text, $strip_all_php = true, $sqlescape = true, $reduceheadings = true, $perms = false) { global $db, $session, $paths, $template, $plugins; // Common objects $random_id = md5( time() . mt_rand() ); @@ -929,8 +930,18 @@ eval($cmd); } - $can_do_php = ( !$strip_all_php && $session->get_permissions('php_in_pages') ); - $can_do_html = $session->check_acl_scope('html_in_pages', $paths->namespace) && $session->get_permissions('html_in_pages'); + if ( !is_object($perms) ) + { + $namespace = $paths->namespace; + $perms =& $session; + } + else + { + $namespace = $perms->namespace; + } + + $can_do_php = ( !$strip_all_php && $perms->get_permissions('php_in_pages') ); + $can_do_html = $session->check_acl_scope('html_in_pages', $namespace) && $perms->get_permissions('html_in_pages'); if ( $can_do_html && !$can_do_php ) { diff -r 71cb87b7dc3f -r d42d46e13b36 plugins/SpecialUpdownload.php --- a/plugins/SpecialUpdownload.php Thu Dec 17 04:31:55 2009 -0500 +++ b/plugins/SpecialUpdownload.php Thu Dec 17 22:42:32 2009 -0500 @@ -108,7 +108,8 @@ $ext = substr($filename, strrpos($filename, '.'), strlen($filename)); $flen = filesize($file['tmp_name']); - $comments = ( isset($_POST['update']) ) ? $db->escape($_POST['comments']) : $db->escape(RenderMan::preprocess_text($_POST['comments'], false, false)); + $perms = $session->fetch_page_acl($filename, 'File'); + $comments = ( isset($_POST['update']) ) ? $db->escape($_POST['comments']) : $db->escape(RenderMan::preprocess_text($_POST['comments'], false, false, true, $perms)); $chartag = sha1(microtime()); $urln = str_replace(' ', '_', $filename);