diff options
Diffstat (limited to 'includes/AjaxDispatcher.php')
| -rw-r--r-- | includes/AjaxDispatcher.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/includes/AjaxDispatcher.php b/includes/AjaxDispatcher.php index e36787fd..f7583188 100644 --- a/includes/AjaxDispatcher.php +++ b/includes/AjaxDispatcher.php @@ -74,7 +74,7 @@ class AjaxDispatcher { * request. */ function performAction() { - global $wgAjaxExportList, $wgOut; + global $wgAjaxExportList, $wgOut, $wgUser; if ( empty( $this->mode ) ) { return; @@ -90,6 +90,13 @@ class AjaxDispatcher { 'Bad Request', "unknown function " . (string) $this->func_name ); + } elseif ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) + && !$wgUser->isAllowed( 'read' ) ) + { + wfHttpError( + 403, + 'Forbidden', + 'You must log in to view pages.' ); } else { wfDebug( __METHOD__ . ' dispatching ' . $this->func_name . "\n" ); |