Page MenuHomePhabricator
Files F36153615

01-T311337-rev4.patch
Zabe
Actions

Authored By
Zabe
Jan 12 2023, 8:36 AM
Size
4 KB
Referenced Files
None
Subscribers
None

01-T311337-rev4.patch
View Options

From 2bb5982c0d12e8447f8477fcf91b1949a71caef1 Mon Sep 17 00:00:00 2001
From: Alexander Vorwerk <zabe@avorwerk.net>
Date: Tue, 23 Aug 2022 16:18:58 +0200
Subject: [PATCH] SECURITY: do not render suppressed usernames at
Special:CheckUser
Bug: T311337
Change-Id: I3a23f71a4ee20b612afbf96a91d8dc70518052be
---
.../Pagers/AbstractCheckUserPager.php | 2 +-
.../Pagers/CheckUserGetEditsPager.php | 48 ++++++++++++++-----
2 files changed, 37 insertions(+), 13 deletions(-)
diff --git a/src/CheckUser/Pagers/AbstractCheckUserPager.php b/src/CheckUser/Pagers/AbstractCheckUserPager.php
index c3b4e491..de7446df 100644
--- a/src/CheckUser/Pagers/AbstractCheckUserPager.php
+++ b/src/CheckUser/Pagers/AbstractCheckUserPager.php
@@ -98,7 +98,7 @@ abstract class AbstractCheckUserPager extends RangeChronologicalPager {
protected $templateParser;
/** @var UserFactory */
- private $userFactory;
+ protected $userFactory;
/**
* @param FormOptions $opts
diff --git a/src/CheckUser/Pagers/CheckUserGetEditsPager.php b/src/CheckUser/Pagers/CheckUserGetEditsPager.php
index 91ceac18..d030c16c 100644
--- a/src/CheckUser/Pagers/CheckUserGetEditsPager.php
+++ b/src/CheckUser/Pagers/CheckUserGetEditsPager.php
@@ -18,6 +18,7 @@ use MediaWiki\CheckUser\TokenQueryManager;
use MediaWiki\CommentFormatter\CommentFormatter;
use MediaWiki\Linker\LinkRenderer;
use MediaWiki\Logger\LoggerFactory;
+use MediaWiki\Revision\RevisionRecord;
use MediaWiki\Revision\RevisionStore;
use MediaWiki\SpecialPage\SpecialPageFactory;
use MediaWiki\User\UserEditTracker;
@@ -49,6 +50,9 @@ class CheckUserGetEditsPager extends AbstractCheckUserPager {
/** @var array */
protected $formattedRevisionComments = [];
+ /** @var array */
+ protected $usernameVisibility = [];
+
/** @var LoggerInterface */
private $logger;
@@ -148,19 +152,33 @@ class CheckUserGetEditsPager extends AbstractCheckUserPager {
$this->getLanguage()->userTime( wfTimestamp( TS_MW, $row->cuc_timestamp ), $this->getUser() );
// Userlinks
$user = new UserIdentityValue( $row->cuc_user ?? 0, $row->cuc_user_text );
- if ( !IPUtils::isIPAddress( $user ) && !$user->isRegistered() ) {
- $templateParams['userLinkClass'] = 'mw-checkuser-nonexistent-user';
+ if ( $row->cuc_type == RC_EDIT || $row->cuc_type == RC_NEW ) {
+ $hidden = !$this->usernameVisibility[$row->cuc_this_oldid];
+ } else {
+ $hidden = $this->userFactory->newFromUserIdentity( $user )->isHidden()
+ && !$this->getAuthority()->isAllowed( 'hideuser' );
+ }
+ if ( $hidden ) {
+ $templateParams['userLink'] = Html::element(
+ 'span',
+ [ 'class' => 'history-deleted' ],
+ $this->msg( 'rev-deleted-user' )->text()
+ );
+ } else {
+ if ( !IPUtils::isIPAddress( $user ) && !$user->isRegistered() ) {
+ $templateParams['userLinkClass'] = 'mw-checkuser-nonexistent-user';
+ }
+ $templateParams['userLink'] = Linker::userLink( $user->getId(), $row->cuc_user_text, $row->cuc_user_text );
+ $templateParams['userToolLinks'] = Linker::userToolLinksRedContribs(
+ $user->getId(),
+ $row->cuc_user_text,
+ $this->userEditTracker->getUserEditCount( $user ),
+ // don't render parentheses in HTML markup (CSS will provide)
+ false
+ );
+ // Add any block information
+ $templateParams['flags'] = $this->flagCache[$row->cuc_user_text];
}
- $templateParams['userLink'] = Linker::userLink( $user->getId(), $row->cuc_user_text, $row->cuc_user_text );
- $templateParams['userToolLinks'] = Linker::userToolLinksRedContribs(
- $user->getId(),
- $row->cuc_user_text,
- $this->userEditTracker->getUserEditCount( $user ),
- // don't render parentheses in HTML markup (CSS will provide)
- false
- );
- // Add any block information
- $templateParams['flags'] = $this->flagCache[$row->cuc_user_text];
// Action text, hackish ...
$templateParams['actionText'] = $this->commentFormatter->format( $row->cuc_actiontext );
// Comment
@@ -397,6 +415,12 @@ class CheckUserGetEditsPager extends AbstractCheckUserPager {
$missingRevisions[$row->cuc_this_oldid] = '';
} else {
$revisions[$row->cuc_this_oldid] = $revRecord;
+
+ $this->usernameVisibility[$row->cuc_this_oldid] = RevisionRecord::userCanBitfield(
+ $revRecord->getVisibility(),
+ RevisionRecord::DELETED_USER,
+ $this->getAuthority()
+ );
}
}
}
--
2.17.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
10179706
Default Alt Text
01-T311337-rev4.patch (4 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL