[Special:Connect/Debug] Added stricter check for editing Facebook application settings on Special:Connect/Debug

garbear · garbear · commit bcbdd9f5ba6e · 2012-02-23T03:35:22.000-08:00
diff --git a/Facebook/FacebookApplication.php b/Facebook/FacebookApplication.php
@@ -55,13 +55,13 @@ function __construct() {
 	 * or developer of the app and must also be an administrator of the wiki.
 	 */
 	function canEdit($fbUser = NULL) {
-		global $facebook;
+		global $facebook, $wgUser;
 		if ( !( $fbUser instanceof FacebookUser ) ) {
 			$fbUser = new FacebookUser();
 		}
 		
 		// First, check MediaWiki permissions. Then check with Facebook
-		if ( !$fbUser->getMWUser()->getId() )
+		if ( $fbUser->getMWUser()->getId() == 0 || $fbUser->getMWUser()->getId() != $wgUser->getId() )
 			return false;
 		
 		// If $wgFbUserRightsFromGroups is set, this should trigger a group check
