Page MenuHomePhabricator
Files F35492128

0001-SECURITY-do-not-render-suppressed-usernames-at-Special-REL1-35.patch
RhinosF1 (Samuel)
Actions

Authored By
RhinosF1
Aug 26 2022, 9:49 PM
Size
3 KB
Referenced Files
None
Subscribers
None

0001-SECURITY-do-not-render-suppressed-usernames-at-Special-REL1-35.patch
View Options

From 9bf90df423bcdfc03a6be1edbe3041e8258bfda5 Mon Sep 17 00:00:00 2001
From: Alexander Vorwerk <zabe@avorwerk.net>
Date: Sat, 25 Jun 2022 18:02:00 +0200
Subject: [PATCH] SECURITY: do not render suppressed usernames at
Special:CheckUser
Bug: T311337
Change-Id: I86f6b0f940d9946878fb118a2f577b08bfad7e20
---
includes/specials/SpecialCheckUser.php | 78 ++++++++++++++++++++-----------
1 file changed, 51 insertions(+), 27 deletions(-)
diff --git a/includes/specials/SpecialCheckUser.php b/includes/specials/SpecialCheckUser.php
index 5c82287..23d5048 100644
--- a/includes/specials/SpecialCheckUser.php
+++ b/includes/specials/SpecialCheckUser.php
@@ -1948,33 +1948,7 @@ class SpecialCheckUser extends SpecialPage {
} else {
$line .= '<span>';
}
- $line .= Linker::userLink(
- $idforlinknfn, $row->cuc_user_text, $row->cuc_user_text ) . '</span>';
- $line .= Linker::userToolLinksRedContribs(
- $idforlink,
- $row->cuc_user_text,
- $user->getEditCount(),
- // don't render parentheses in HTML markup (CSS will provide)
- false
- );
- // Get block info
- if ( isset( $flagCache[$row->cuc_user_text] ) ) {
- $flags = $flagCache[$row->cuc_user_text];
- } else {
- $user = User::newFromName( $row->cuc_user_text, false );
- $ip = IPUtils::isIPAddress( $row->cuc_user_text ) ? $row->cuc_user_text : '';
- $flags = $this->userBlockFlags( $ip, $row->cuc_user, $user );
- $flagCache[$row->cuc_user_text] = $flags;
- }
- // Add any block information
- if ( count( $flags ) ) {
- $line .= ' ' . implode( ' ', $flags );
- }
- // Action text, hackish ...
- if ( $row->cuc_actiontext ) {
- $line .= ' ' . Linker::formatComment( $row->cuc_actiontext ) . ' ';
- }
- // Comment
+
if ( $row->cuc_type == RC_EDIT || $row->cuc_type == RC_NEW ) {
$revRecord = MediaWikiServices::getInstance()
->getRevisionLookup()
@@ -2007,6 +1981,56 @@ class SpecialCheckUser extends SpecialPage {
);
}
}
+
+ $hidden = !RevisionRecord::userCanBitfield(
+ $revRecord->getVisibility(),
+ RevisionRecord::DELETED_USER,
+ $this->getUser()
+ );
+ } else {
+ // To make phan happy
+ $revRecord = null;
+
+ $hidden = $user->isHidden() && !$this->getAuthority()->isAllowed( 'hideuser' );
+ }
+
+ if ( $hidden ) {
+ $line .= Html::element(
+ 'span',
+ [ 'class' => 'history-deleted' ],
+ $this->msg( 'rev-deleted-user' )->text()
+ );
+ } else {
+ $line .= Linker::userLink(
+ $idforlinknfn, $row->cuc_user_text, $row->cuc_user_text ) . '</span>';
+ $line .= Linker::userToolLinksRedContribs(
+ $idforlink,
+ $row->cuc_user_text,
+ $user->getEditCount(),
+ // don't render parentheses in HTML markup (CSS will provide)
+ false
+ );
+ }
+
+ // Get block info
+ if ( isset( $flagCache[$row->cuc_user_text] ) ) {
+ $flags = $flagCache[$row->cuc_user_text];
+ } else {
+ $user = User::newFromName( $row->cuc_user_text, false );
+ $ip = IPUtils::isIPAddress( $row->cuc_user_text ) ? $row->cuc_user_text : '';
+ $flags = $this->userBlockFlags( $ip, $row->cuc_user, $user );
+ $flagCache[$row->cuc_user_text] = $flags;
+ }
+ // Add any block information
+ if ( count( $flags ) ) {
+ $line .= ' ' . implode( ' ', $flags );
+ }
+ // Action text, hackish ...
+ if ( $row->cuc_actiontext ) {
+ $line .= ' ' . Linker::formatComment( $row->cuc_actiontext ) . ' ';
+ }
+ // Comment
+ if ( $row->cuc_type == RC_EDIT || $row->cuc_type == RC_NEW ) {
if ( RevisionRecord::userCanBitfield(
$revRecord->getVisibility(),
RevisionRecord::DELETED_COMMENT,
--
2.17.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9724027
Default Alt Text
0001-SECURITY-do-not-render-suppressed-usernames-at-Special-REL1-35.patch (3 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL