# HG changeset patch # User Dan # Date 1260569507 18000 # Node ID e154e8176700a574bf51c8e3c5c9e63ff9eef4a2 # Parent 417e66a664d06d764f186ca66d929a5b90659f4c A couple fixes to permission out-of-scope errors. diff -r 417e66a664d0 -r e154e8176700 includes/paths.php --- a/includes/paths.php Fri Dec 11 17:10:44 2009 -0500 +++ b/includes/paths.php Fri Dec 11 17:11:47 2009 -0500 @@ -80,9 +80,9 @@ $session->register_acl_type('mod_misc', AUTH_DISALLOW, 'perm_mod_misc', Array(), 'All'); $session->register_acl_type('edit_cat', AUTH_WIKIMODE, 'perm_edit_cat', Array('read'), 'Article|User|Project|Template|File|Help|System|Category'); $session->register_acl_type('even_when_protected', AUTH_DISALLOW, 'perm_even_when_protected', Array('edit_page', 'rename', 'mod_comments', 'edit_cat'), 'Article|User|Project|Template|File|Help|System|Category'); - $session->register_acl_type('upload_files', AUTH_DISALLOW, 'perm_upload_files', Array('create_page'), 'Article|User|Project|Template|File|Help|System|Category|Special'); - $session->register_acl_type('upload_new_version', AUTH_WIKIMODE, 'perm_upload_new_version', Array('upload_files'), 'Article|User|Project|Template|File|Help|System|Category|Special'); - $session->register_acl_type('create_page', AUTH_WIKIMODE, 'perm_create_page', Array(), 'Article|User|Project|Template|File|Help|System|Category|Special'); + $session->register_acl_type('create_page', AUTH_WIKIMODE, 'perm_create_page', Array(), 'All'); + $session->register_acl_type('upload_files', AUTH_DISALLOW, 'perm_upload_files', Array('create_page'), 'All'); + $session->register_acl_type('upload_new_version', AUTH_WIKIMODE, 'perm_upload_new_version', Array('upload_files'), 'All'); $session->register_acl_type('html_in_pages', AUTH_DISALLOW, 'perm_html_in_pages', Array('edit_page'), 'Article|User|Project|Template|File|Help|System|Category|Admin'); $session->register_acl_type('php_in_pages', AUTH_DISALLOW, 'perm_php_in_pages', Array('edit_page', 'html_in_pages'), 'Article|User|Project|Template|File|Help|System|Category|Admin'); $session->register_acl_type('custom_user_title', AUTH_DISALLOW, 'perm_custom_user_title', Array(), 'User|Special'); diff -r 417e66a664d0 -r e154e8176700 includes/render.php --- a/includes/render.php Fri Dec 11 17:10:44 2009 -0500 +++ b/includes/render.php Fri Dec 11 17:11:47 2009 -0500 @@ -929,8 +929,8 @@ eval($cmd); } - $can_do_php = ( $session->get_permissions('php_in_pages') && !$strip_all_php ); - $can_do_html = $session->get_permissions('html_in_pages'); + $can_do_php = ( !$strip_all_php && $session->get_permissions('php_in_pages') ); + $can_do_html = $session->check_acl_scope('html_in_pages', $paths->namespace) && $session->get_permissions('html_in_pages'); if ( $can_do_html && !$can_do_php ) { diff -r 417e66a664d0 -r e154e8176700 includes/sessions.php --- a/includes/sessions.php Fri Dec 11 17:10:44 2009 -0500 +++ b/includes/sessions.php Fri Dec 11 17:11:47 2009 -0500 @@ -3372,6 +3372,7 @@ if ( !$this->check_acl_scope($deps[$i], $paths->namespace) ) { // Action $type depends on action $deps[$i] which cannot be satisfied because $deps[$i] is out of scope. + // echo '
' . enano_debug_print_backtrace(true) . ''; trigger_error("acl_check_deps: $type depends on {$deps[$i]} which is not within scope of $paths->namespace; this indicats a bug in ACL rule specification", E_USER_WARNING); return false; }