Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F14033514
T188145-v2.patch
No One
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Authored By
Bawolff
Feb 26 2018, 4:26 PM
2018-02-26 16:26:32 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
T188145-v2.patch
View Options
From b97c95e7d37b9e766b302ce50420ad63460ac5c7 Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Fri, 23 Feb 2018 21:52:25 +0000
Subject: [PATCH] SECURITY: Fix revdel checks in LogPager
Follow-up to ce881e02e8d6 where the check for performer
restrictions and action restrictions was reversed.
Bug: T188145
Change-Id: I85a44f925212929ac87fb7a7e494023258f2d148
---
includes/logging/LogPager.php | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/includes/logging/LogPager.php b/includes/logging/LogPager.php
index 5404f35..104f98d 100644
--- a/includes/logging/LogPager.php
+++ b/includes/logging/LogPager.php
@@ -423,9 +423,9 @@ class LogPager extends ReverseChronologicalPager {
$this->actionRestrictionsEnforced = true;
$user = $this->getUser();
if ( !$user->isAllowed( 'deletedhistory' ) ) {
- $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0';
+ $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0';
} elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
- $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) .
+ $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) .
' != ' . LogPage::SUPPRESSED_USER;
}
}
@@ -441,9 +441,9 @@ class LogPager extends ReverseChronologicalPager {
$this->performerRestrictionsEnforced = true;
$user = $this->getUser();
if ( !$user->isAllowed( 'deletedhistory' ) ) {
- $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0';
+ $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0';
} elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
- $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) .
+ $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) .
' != ' . LogPage::SUPPRESSED_ACTION;
}
}
--
2.8.1
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
5570082
Default Alt Text
T188145-v2.patch (1 KB)
Attached To
Mode
T188145: Special:Log implements revdel restrictions incorrectly when filtering on log type or log author
Attached
Detach File
Event Timeline
Log In to Comment