Page MenuHomePhabricator

0001-SECURITY-Act-like-users-don-t-exist-if-hidden-from-v.patch

Authored By
Zabe
Jun 22 2021, 10:16 AM
Size
1 KB
Referenced Files
None
Subscribers
None

0001-SECURITY-Act-like-users-don-t-exist-if-hidden-from-v.patch

From 06317dc9888f809ea332067aca3953ba7201b848 Mon Sep 17 00:00:00 2001
From: Alexander Vorwerk <alec@vc-celle.de>
Date: Sun, 20 Jun 2021 18:38:02 +0200
Subject: [PATCH] SECURITY: Act like users don't exist if hidden from viewer
Bug: T285190
Change-Id: I4e4dbcad61e1d4f6fd8b038bf63d19c69081a8ec
---
includes/specials/SpecialGlobalGroupMembership.php | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/includes/specials/SpecialGlobalGroupMembership.php b/includes/specials/SpecialGlobalGroupMembership.php
index 3cb2a0d5..6b4d9023 100644
--- a/includes/specials/SpecialGlobalGroupMembership.php
+++ b/includes/specials/SpecialGlobalGroupMembership.php
@@ -105,7 +105,11 @@ class SpecialGlobalGroupMembership extends UserrightsPage {
} else {
$user = CentralAuthGroupMembershipProxy::newFromName( $username );
- if ( !$user ) {
+ // If the user exists, but is hidden from the viewer, pretend that it does not exist. - T285190
+ $globalUser = CentralAuthUser::getMasterInstanceByName( $username );
+ if ( !$user || ( ( $globalUser->isOversighted() || $globalUser->isHidden() ) &&
+ !$this->getContext()->getAuthority()->isAllowed( 'centralauth-oversight' ) )
+ ) {
return Status::newFatal( 'nosuchusershort', $username );
}
}
--
2.26.1.windows.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9108036
Default Alt Text
0001-SECURITY-Act-like-users-don-t-exist-if-hidden-from-v.patch (1 KB)

Event Timeline