PermissionManager: Differentiate between cascading protection of file content and file pages

This patch reworks RestrictionStore::getCascadeProtectionSourcesInternal
to return a third and fourth array:
* One for cascading restrictions originating from templatelinks
* Another for those originating from imagelinks

They are used in PermissionManager::checkCascadingSourcesRestrictions
to differentiate cascading protection of file content and file page,
but could also be used in the future by action=info and other callers.

Bug: T24521
Bug: T62109
Bug: T140010
Change-Id: Ia5863f418538106f4fd657c672298ff6ac835805

1 files changed, 5 insertions, 0 deletions

diff --git a/RELEASE-NOTES-1.44 b/RELEASE-NOTES-1.44
index 34367be36cf6..f9849fc57aa0 100644
--- a/RELEASE-NOTES-1.44
+++ b/RELEASE-NOTES-1.44
@@ -94,6 +94,10 @@ For notes on 1.43.x and older releases, see HISTORY.
   this permits authenticated cross-origin requests against the Action API,
   similar to how origin=* allows unauthenticated cross-origin requests.
   This feature is currently considered experimental.
+* (T24521, T62109) Embedding a file (e.g., [[File:MediaWiki.png]]) on a page
+  protected with cascading protection will no longer restrict edits to the
+  file description page, only file uploads. Transcluding a file description
+  page (e.g., {{:File:MediaWiki.png}}) will now restrict edits to the page.
 * …
 
 === New features for sysadmins in 1.44 ===
@@ -154,6 +158,7 @@ For notes on 1.43.x and older releases, see HISTORY.
 === Bug fixes in 1.44 ===
 
 * File reverts now check for 'reupload' or 'reupload-own' rights. (T304474)
+* File reverts now check for cascading edit protection. (T140010)
 * …
 
 === Action API changes in 1.44 ===