Page MenuHomePhabricator

T224240.patch

Authored By
Urbanecm
Jul 11 2019, 9:29 AM
Size
1 KB
Referenced Files
None
Subscribers
None

T224240.patch

From eae5e13e86335db307724cffe343dd7057d55cac Mon Sep 17 00:00:00 2001
From: Martin Urbanec <martin.urbanec@wikimedia.cz>
Date: Thu, 11 Jul 2019 11:26:22 +0200
Subject: [PATCH] SECURITY: Do not let users thank for a log if actor was
deleted
This prevents users to access information about the actor
by abusing uselang=qqx and the thank button.
Bug: T224240
Change-Id: I3f42d56874776cfa0c9d364217f43253efc14782
---
includes/ThanksHooks.php | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/includes/ThanksHooks.php b/includes/ThanksHooks.php
index 1e4d6ef..b371cd0 100644
--- a/includes/ThanksHooks.php
+++ b/includes/ThanksHooks.php
@@ -383,11 +383,12 @@ class ThanksHooks {
) {
global $wgUser;
- // Don't thank if anonymous or blocked
+ // Don't thank if anonymous or blocked or if user is deleted from the log entry
if (
$wgUser->isAnon()
|| self::isUserBlockedFromTitle( $wgUser, $entry->getTarget() )
|| $wgUser->isBlockedGlobally()
+ || $entry->isDeleted(LogPage::DELETED_USER)
) {
return;
}
--
2.17.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
7721197
Default Alt Text
T224240.patch (1 KB)

Event Timeline