Page MenuHomePhabricator
Files F16434

bug72222b-REL1_19.patch
Mglaser (mglaser)
Actions

Authored By
Mglaser
Nov 26 2014, 6:05 PM
Size
1 KB
Referenced Files
None
Subscribers
None

bug72222b-REL1_19.patch
View Options

From 06798f3f5f9d3c7a206830dffcbdf3b2beec38e5 Mon Sep 17 00:00:00 2001
From: csteipp <csteipp@wikimedia.org>
Date: Wed, 29 Oct 2014 08:41:20 -0700
Subject: [PATCH] SECURITY: Do not show log action if revdeleted
Also do not include revdeleted entries in search results when
filtering by action if user cannot view that info.
Bug: 72222
Change-Id: I9f331c421c55323018765456d6a99229e1fff592
---
includes/api/ApiQueryLogEvents.php | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/includes/api/ApiQueryLogEvents.php b/includes/api/ApiQueryLogEvents.php
index 9c73b3b..3aa0f79 100644
--- a/includes/api/ApiQueryLogEvents.php
+++ b/includes/api/ApiQueryLogEvents.php
@@ -158,7 +158,7 @@ class ApiQueryLogEvents extends ApiQueryBase {
$this->addOption( 'USE INDEX', $index );
// Paranoia: avoid brute force searches (bug 17342)
- if ( !is_null( $title ) ) {
+ if ( !is_null( $title ) || !is_null( $params['action'] ) ) {
$this->addWhere( $db->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0' );
}
if ( !is_null( $user ) ) {
@@ -279,7 +279,9 @@ class ApiQueryLogEvents extends ApiQueryBase {
$title = Title::makeTitle( $row->log_namespace, $row->log_title );
}
- if ( $this->fld_title || $this->fld_ids ) {
+ if ( $this->fld_title || $this->fld_ids || $this->fld_type
+ || $this->fld_details && $row->log_params !== ''
+ ) {
if ( LogEventsList::isDeleted( $row, LogPage::DELETED_ACTION ) ) {
$vals['actionhidden'] = '';
} else {
@@ -292,7 +294,7 @@ class ApiQueryLogEvents extends ApiQueryBase {
}
}
- if ( $this->fld_type || $this->fld_action ) {
+ if ( $this->fld_type ) {
$vals['type'] = $row->log_type;
$vals['action'] = $row->log_action;
}
--
1.9.2.msysgit.0

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
15796
Default Alt Text
bug72222b-REL1_19.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL