Page MenuHomePhabricator
Files F26616381

T207085.patch
Daimona
Actions

Authored By
Daimona
Oct 16 2018, 9:11 PM
Size
1 KB
Referenced Files
None
Subscribers
None

T207085.patch
View Options

From ebe6939b5a631a748fc2fc5803cae2e537a88ac8 Mon Sep 17 00:00:00 2001
From: Daimona Eaytoy <daimona.wiki@gmail.com>
Date: Tue, 16 Oct 2018 23:04:20 +0200
Subject: [PATCH] Remove info leak
Oversighted edits were entirely accessible to non-oversighters via
AbuseFilter/examine for RC, and via AbuseFilter/test.
Bug: T207085
Change-Id: Icfa48e366a7e5e3abd5d2155ecfddfc09b378088
---
includes/AbuseFilterChangesList.php | 5 +++++
includes/Views/AbuseFilterViewExamine.php | 8 ++++++++
2 files changed, 13 insertions(+)
diff --git a/includes/AbuseFilterChangesList.php b/includes/AbuseFilterChangesList.php
index 139e01ba..666ff79e 100644
--- a/includes/AbuseFilterChangesList.php
+++ b/includes/AbuseFilterChangesList.php
@@ -23,6 +23,11 @@ class AbuseFilterChangesList extends OldChangesList {
* @suppress PhanUndeclaredProperty for $rc->filterResult, which isn't a big deal
*/
public function insertExtra( &$s, &$rc, &$classes ) {
+ if ( (int)$rc->mAttribs['rc_deleted'] !== 0 ) {
+ $s .= ' ' . $this->msg( 'abusefilter-log-hidden-implicit' )->parse();
+ return;
+ }
+
$examineParams = [];
if ( $this->testFilter ) {
$examineParams['testfilter'] = $this->testFilter;
diff --git a/includes/Views/AbuseFilterViewExamine.php b/includes/Views/AbuseFilterViewExamine.php
index aec63b2c..e4a603b0 100644
--- a/includes/Views/AbuseFilterViewExamine.php
+++ b/includes/Views/AbuseFilterViewExamine.php
@@ -112,6 +112,14 @@ class AbuseFilterViewExamine extends AbuseFilterView {
return;
}
+ if ( $row->rc_this_oldid ) {
+ $revision = Revision::newFromId( $row->rc_this_oldid );
+ if ( $revision && !$revision->userCan( Revision::SUPPRESSED_ALL, $this->getUser() ) ) {
+ $out->addWikiMsg( 'abusefilter-log-details-hidden-implicit' );
+ return;
+ }
+ }
+
self::$examineType = 'rc';
self::$examineId = $rcid;
--
2.18.0.windows.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
6548943
Default Alt Text
T207085.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits