Page MenuHomePhabricator
Files F12634

bug58699_122.patch
Public
Actions

Authored By
bzimport
Nov 22 2014, 2:36 AM
Size
4 KB
Referenced Files
None
Subscribers
None

bug58699_122.patch
View Options

From d1bf9187a8058328b7711f24ad26044d66b58c6b Mon Sep 17 00:00:00 2001
From: mglaser <glaser@hallowelt.biz>
Date: Wed, 8 Jan 2014 13:01:30 +0100
Subject: [PATCH] SECURITY: Fix RevDel log entry information leaks
DELETED_ACTION is supposed to hide the target of the log entry. But a
few places weren't doing this properly.
This fixes:
* API list=logevents no longer returns the pageid when the target is
hidden.
* Enhanced RecentChanges no longer includes the log target page in the
CSS class. This should also make the CSS class actually useful.
* Watchlist no longer shows log entries with DELETED_ACTION unless the
user has deletedhistory, and with SUPPRESSED_ACTION unless the user
has suppressrevision.
Bug: 58699
Change-Id: I5f03d38e46db3eb3decc9aee6a9de252f9a3de76
---
includes/api/ApiQueryLogEvents.php | 10 +++++++---
includes/changes/EnhancedChangesList.php | 5 ++---
includes/specials/SpecialWatchlist.php | 16 ++++++++++++++++
3 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/includes/api/ApiQueryLogEvents.php b/includes/api/ApiQueryLogEvents.php
index 1a2719e..26774ef 100644
--- a/includes/api/ApiQueryLogEvents.php
+++ b/includes/api/ApiQueryLogEvents.php
@@ -294,18 +294,22 @@ class ApiQueryLogEvents extends ApiQueryBase {
if ( $this->fld_ids ) {
$vals['logid'] = intval( $row->log_id );
- $vals['pageid'] = intval( $row->page_id );
}
if ( $this->fld_title || $this->fld_parsedcomment ) {
$title = Title::makeTitle( $row->log_namespace, $row->log_title );
}
- if ( $this->fld_title ) {
+ if ( $this->fld_title || $this->fld_ids ) {
if ( LogEventsList::isDeleted( $row, LogPage::DELETED_ACTION ) ) {
$vals['actionhidden'] = '';
} else {
- ApiQueryBase::addTitleInfo( $vals, $title );
+ if ( $this->fld_title ) {
+ ApiQueryBase::addTitleInfo( $vals, $title );
+ }
+ if ( $this->fld_ids ) {
+ $vals['pageid'] = intval( $row->page_id );
+ }
}
}
diff --git a/includes/changes/EnhancedChangesList.php b/includes/changes/EnhancedChangesList.php
index 433adb3..4c8aa45 100644
--- a/includes/changes/EnhancedChangesList.php
+++ b/includes/changes/EnhancedChangesList.php
@@ -200,7 +200,7 @@ class EnhancedChangesList extends ChangesList {
if ( $block[0]->mAttribs['rc_log_type'] ) {
# Log entry
$classes[] = Sanitizer::escapeClass( 'mw-changeslist-log-'
- . $block[0]->mAttribs['rc_log_type'] . '-' . $block[0]->mAttribs['rc_title'] );
+ . $block[0]->mAttribs['rc_log_type'] );
} else {
$classes[] = Sanitizer::escapeClass( 'mw-changeslist-ns'
. $block[0]->mAttribs['rc_namespace'] . '-' . $block[0]->mAttribs['rc_title'] );
@@ -551,8 +551,7 @@ class EnhancedChangesList extends ChangesList {
$classes = array( 'mw-enhanced-rc' );
if ( $logType ) {
# Log entry
- $classes[] = Sanitizer::escapeClass( 'mw-changeslist-log-'
- . $logType . '-' . $rcObj->mAttribs['rc_title'] );
++ $classes[] = Sanitizer::escapeClass( 'mw-changeslist-log-' . $logType );
} else {
$classes[] = Sanitizer::escapeClass( 'mw-changeslist-ns' .
$rcObj->mAttribs['rc_namespace'] . '-' . $rcObj->mAttribs['rc_title'] );
diff --git a/includes/specials/SpecialWatchlist.php b/includes/specials/SpecialWatchlist.php
index 4afa279..55dc6ef 100644
--- a/includes/specials/SpecialWatchlist.php
+++ b/includes/specials/SpecialWatchlist.php
@@ -299,6 +299,22 @@ class SpecialWatchlist extends SpecialPage {
}
}
+ // Log entries with DELETED_ACTION must not show up unless the user has
+ // the necessary rights.
+ if ( !$user->isAllowed( 'deletedhistory' ) ) {
+ $bitmask = LogPage::DELETED_ACTION;
+ } elseif ( !$user->isAllowed( 'suppressrevision' ) ) {
+ $bitmask = LogPage::DELETED_ACTION | LogPage::DELETED_RESTRICTED;
+ } else {
+ $bitmask = 0;
+ }
+ if ( $bitmask ) {
+ $conds[] = $dbr->makeList( array(
+ 'rc_type != ' . RC_LOG,
+ $dbr->bitAnd( 'rc_deleted', $bitmask ) . " != $bitmask",
+ ), LIST_OR );
+ }
+
ChangeTags::modifyDisplayQuery( $tables, $fields, $conds, $join_conds, $options, '' );
wfRunHooks( 'SpecialWatchlistQuery', array( &$conds, &$tables, &$join_conds, &$fields, $values ) );
--
1.8.4.msysgit.0

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
12080
Default Alt Text
bug58699_122.patch (4 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits