Page MenuHomePhabricator
Files F33942272

T120883.patch (v.8)
DannyS712
Actions

Authored By
DannyS712
Dec 10 2020, 11:15 PM
Size
6 KB
Referenced Files
F33945834: T120883.patch (v.9)
Dec 14 2020, 10:58 PM
Subscribers
None

T120883.patch (v.8)
View Options

From 0b6d8cea36fdf70ff24b03195da4f99cab9c7614 Mon Sep 17 00:00:00 2001
From: DannyS712 <dannys712.enwiki@gmail.com>
Date: Thu, 10 Dec 2020 18:13:56 -0500
Subject: [PATCH] SECURITY: Act like users don't exist if hidden from viewer
When viewing Special:Contributions for a hidden user and
a missing user, or the user page of a hidden user and a
missing user, if the viewer cannot see hidden users
the output should be the same for hidden users and
missing users.
To that end
* In OutputPage.php, only set the `wgRelevantUserName` javascript
variable if the user is not hidden, or the viewer can see hidden
users
* In Article.php, show the `userpage-userdoesnotexist-view` on user
pages of hidden users if the viewer cannot see hidden users
* In Skin.php, do not add user-specific sidebar links (contributions,
logs, mute, etc.) if the user is hidden and the viewer cannot see
hidden users
* In SpecialContributions.php, stop calling Skin::setRelevantUser
for non-existing users, so that callers of Skin::getRelevantUser
can ignore users that are hidden from the viewer without creating
divergent behavior
* In SpecialContributions.php, for users that do exist but are
hidden from the viewer, don't show `sp-contributions-footer`,
but do show `contributions-userdoesnotexist`
Bug: T120883
Change-Id: I83b723402f315447bc4b50992e28620e3daace8f
---
includes/OutputPage.php | 11 +++++++-
includes/page/Article.php | 9 ++++++
includes/skins/Skin.php | 14 ++++++++++
includes/specials/SpecialContributions.php | 32 ++++++++++++++++++++--
4 files changed, 62 insertions(+), 4 deletions(-)
diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index 03a2fd2fc6b..07c2091d46d 100644
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -3374,7 +3374,16 @@ class OutputPage extends ContextSource {
$vars['wgIsMainPage'] = true;
}
if ( $relevantUser ) {
- $vars['wgRelevantUserName'] = $relevantUser->getName();
+ if ( !$relevantUser->isHidden() ||
+ $services->getPermissionManager()->userHasRight(
+ $user,
+ 'hideuser'
+ )
+ ) {
+ // T120883 if the user is hidden and the viewer cannot see
+ // hidden users, pretend like it does not exist at all.
+ $vars['wgRelevantUserName'] = $relevantUser->getName();
+ }
}
// End of stable config vars
diff --git a/includes/page/Article.php b/includes/page/Article.php
index f130c45fa5e..8794c19dfea 100644
--- a/includes/page/Article.php
+++ b/includes/page/Article.php
@@ -1364,6 +1364,15 @@ class Article implements Page {
$ip = User::isIP( $rootPart );
$block = DatabaseBlock::newFromTarget( $user, $user );
+ if ( $user && $user->isLoggedIn() && $user->isHidden() ) {
+ // T120883 if the user is hidden and the viewer cannot see hidden
+ // users, pretend like it does not exist at all.
+ if ( !$services->getPermissionManager()
+ ->userHasRight( $this->getContext()->getUser(), 'hideuser' )
+ ) {
+ $user = false;
+ }
+ }
if ( !( $user && $user->isLoggedIn() ) && !$ip ) { # User does not exist
$outputPage->wrapWikiMsg( "<div class=\"mw-userpage-userdoesnotexist error\">\n\$1\n</div>",
[ 'userpage-userdoesnotexist-view', wfEscapeWikiText( $rootPart ) ] );
diff --git a/includes/skins/Skin.php b/includes/skins/Skin.php
index 77ee9888476..098daae3d42 100644
--- a/includes/skins/Skin.php
+++ b/includes/skins/Skin.php
@@ -1596,6 +1596,20 @@ abstract class Skin extends ContextSource {
}
$user = $this->getRelevantUser();
+ // The relevant user should only be set if it exists. However, if it exists but is hidden,
+ // and the viewer cannot see hidden users, this exposes the fact that the user exists;
+ // pretend like the user does not exist in such cases, by setting $user to null, which
+ // is what getRelevantUser returns if there is no user set (though it is documented as
+ // always returning a User...) See T120883
+ if ( $user && $user->isRegistered() && $user->isHidden() ) {
+ if ( !MediaWikiServices::getInstance()
+ ->getPermissionManager()
+ ->userHasRight( $this->getUser(), 'hideuser' )
+ ) {
+ $user = null;
+ }
+ }
+
if ( $user ) {
$rootUser = $user->getName();
diff --git a/includes/specials/SpecialContributions.php b/includes/specials/SpecialContributions.php
index 960f2b1abc5..cc964a3300b 100644
--- a/includes/specials/SpecialContributions.php
+++ b/includes/specials/SpecialContributions.php
@@ -181,7 +181,15 @@ class SpecialContributions extends IncludableSpecialPage {
# For IP ranges, we want the contributionsSub, but not the skin-dependent
# links under 'Tools', which may include irrelevant links like 'Logs'.
if ( !IPUtils::isValidRange( $target ) ) {
- $this->getSkin()->setRelevantUser( $userObj );
+ // Don't add non-existent users, because hidden users
+ // that we add here will be removed later to pretend
+ // that they don't exist, and if users that actually don't
+ // exist are added here and then not removed, it exposes
+ // which users exist and are hidden vs. which actually don't
+ // exist. But, do set the relevant user for single IPs.
+ if ( User::isIP( $target ) || $userObj->isRegistered() ) {
+ $this->getSkin()->setRelevantUser( $userObj );
+ }
}
}
@@ -361,7 +369,16 @@ class SpecialContributions extends IncludableSpecialPage {
// No message for non-existing users
$message = '';
} else {
- $message = 'sp-contributions-footer';
+ // User is registered, but make sure that the viewer can see them, to avoid
+ // having different behavior for missing and hidden users; see T120883
+ if ( $userObj->isHidden() &&
+ !$this->permissionManager->userHasRight( $this->getUser(), 'hideuser' )
+ ) {
+ $message = '';
+ } else {
+ // Not hidden, or hidden but the viewer can still see it
+ $message = 'sp-contributions-footer';
+ }
}
if ( $message && !$this->including() && !$this->msg( $message, $target )->isDisabled() ) {
@@ -380,7 +397,16 @@ class SpecialContributions extends IncludableSpecialPage {
* Could be combined.
*/
protected function contributionsSub( $userObj ) {
- if ( $userObj->isAnon() ) {
+ $isAnon = $userObj->isAnon();
+ if ( !$isAnon && $userObj->isHidden() ) {
+ // T120883 if the user is hidden and the viewer cannot see hidden
+ // users, pretend like it does not exist at all.
+ if ( !$this->permissionManager->userHasRight( $this->getUser(), 'hideuser' ) ) {
+ $isAnon = true;
+ }
+ }
+
+ if ( $isAnon ) {
// Show a warning message that the user being searched for doesn't exist.
// User::isIP returns true for IP address and usemod IPs like '123.123.123.xxx',
// but returns false for IP ranges. We don't want to suggest either of these are
--
2.28.0.windows.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
8800595
Default Alt Text
T120883.patch (v.8) (6 KB)

Event Timeline

DannyS712 updated the name for this file from "T120883-8.patch" to "T120883.patch (v.8)".Dec 10 2020, 11:15 PM
DannyS712 added a comment.Dec 14 2020, 10:58 PM

Superseded by F33945834

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits