Page MenuHomePhabricator
Authored By
Melos
Nov 15 2018, 5:23 PM
Size
1 KB
Referenced Files
None
Subscribers
None

T209585.patch

From b2c65f3a66e8946b2cf42b19887e1f3b05193840 Mon Sep 17 00:00:00 2001
From: Melos <webmelos@gmail.com>
Date: Thu, 15 Nov 2018 18:18:29 +0100
Subject: [PATCH] SECURITY: Don't allow blocked users to view check user logs
Bug: T209585
---
includes/specials/SpecialCheckUserLog.php | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/includes/specials/SpecialCheckUserLog.php b/includes/specials/SpecialCheckUserLog.php
index 81be07f..d9e97d1 100644
--- a/includes/specials/SpecialCheckUserLog.php
+++ b/includes/specials/SpecialCheckUserLog.php
@@ -14,6 +14,12 @@ class SpecialCheckUserLog extends SpecialPage {
$this->setHeaders();
$this->checkPermissions();
+ // Blocked users are not allowed to run checkuser queries (bug T157883)
+ $block = $this->getUser()->getBlock();
+ if ( $block && $block->isSitewide() ) {
+ throw new UserBlockedError( $block );
+ }
+
$out = $this->getOutput();
$request = $this->getRequest();
$this->target = trim( $request->getVal( 'cuSearch', $par ) );
--
2.14.1.windows.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
6698893
Default Alt Text
T209585.patch (1 KB)

Event Timeline