Page MenuHomePhabricator
Files F110631

0001-SECURITY-RevDel-Check-all-revisions-for-suppression-.patch
No One
Actions

Authored By
Anomie
Apr 9 2015, 6:06 PM
Size
2 KB
Referenced Files
None
Subscribers
None

0001-SECURITY-RevDel-Check-all-revisions-for-suppression-.patch
View Options

From ec7c260a222e40904a3101ea0d295862b1370992 Mon Sep 17 00:00:00 2001
From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Thu, 9 Apr 2015 13:59:16 -0400
Subject: [PATCH] SECURITY: RevDel: Check all revisions for suppression, not
just the first
If any of the revisions in the list are deleted, do not allow changing
the permissions without suppressrevision.
Bug: T95589
Change-Id: Ia8a3ef13b73925d14a79775a50d46b939c01664f
---
includes/revisiondelete/RevDelList.php | 19 +++++++++++++++++++
includes/specials/SpecialRevisiondelete.php | 3 +--
2 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/includes/revisiondelete/RevDelList.php b/includes/revisiondelete/RevDelList.php
index 840fd77..c31c42b 100644
--- a/includes/revisiondelete/RevDelList.php
+++ b/includes/revisiondelete/RevDelList.php
@@ -74,6 +74,25 @@ abstract class RevDelList extends RevisionListBase {
}
/**
+ * Indicate whether any item in this list is suppressed
+ * @since 1.25
+ * @return bool
+ */
+ public function areAnySuppressed() {
+ $bit = $this->getSuppressBit();
+
+ // @codingStandardsIgnoreStart Generic.CodeAnalysis.ForLoopWithTestFunctionCall.NotAllowed
+ for ( $this->reset(); $this->current(); $this->next() ) {
+ // @codingStandardsIgnoreEnd
+ $item = $this->current();
+ if ( $item->getBits() & $bit ) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
* Set the visibility for the revisions in this list. Logging and
* transactions are done here.
*
diff --git a/includes/specials/SpecialRevisiondelete.php b/includes/specials/SpecialRevisiondelete.php
index e0a964e..71680a3 100644
--- a/includes/specials/SpecialRevisiondelete.php
+++ b/includes/specials/SpecialRevisiondelete.php
@@ -171,11 +171,10 @@ class SpecialRevisionDelete extends UnlistedSpecialPage {
$this->typeLabels = self::$UILabels[$this->typeName];
$list = $this->getList();
$list->reset();
- $bitfield = $list->current()->getBits();
$this->mIsAllowed = $user->isAllowed( RevisionDeleter::getRestriction( $this->typeName ) );
$canViewSuppressedOnly = $this->getUser()->isAllowed( 'viewsuppressed' ) &&
!$this->getUser()->isAllowed( 'suppressrevision' );
- $pageIsSuppressed = $bitfield & Revision::DELETED_RESTRICTED;
+ $pageIsSuppressed = $list->areAnySuppressed();
$this->mIsAllowed = $this->mIsAllowed && !( $canViewSuppressedOnly && $pageIsSuppressed );
$this->otherReason = $request->getVal( 'wpReason' );
--
2.1.4

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
107357
Default Alt Text
0001-SECURITY-RevDel-Check-all-revisions-for-suppression-.patch (2 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits