Page MenuHomePhabricator
Files F36196874

0001-Prevent-hidden-users-from-being-exposed-via-public-i.patch
Soda (Sohom Datta)
Actions

Authored By
Soda
Jan 13 2023, 5:59 PM
Size
2 KB
Referenced Files
None
Subscribers
None

0001-Prevent-hidden-users-from-being-exposed-via-public-i.patch
View Options

From fcaac946016922bd04ee59a17e0fc11a4d2978cf Mon Sep 17 00:00:00 2001
From: Sohom <sohomdatta1+git@gmail.com>
Date: Fri, 13 Jan 2023 23:00:56 +0530
Subject: [PATCH] Prevent hidden users from being exposed via public interfaces
Bug: T326952
Change-Id: Ibe5f8e25dea155bbd811a65833394c0d4b906a34
---
includes/Page/PageContentHandler.php | 24 ++++++++++++++++++++++--
includes/Page/PageDisplayHandler.php | 14 ++++++++++++--
2 files changed, 34 insertions(+), 4 deletions(-)
diff --git a/includes/Page/PageContentHandler.php b/includes/Page/PageContentHandler.php
index e517b84d..d0cdad04 100644
--- a/includes/Page/PageContentHandler.php
+++ b/includes/Page/PageContentHandler.php
@@ -86,13 +86,23 @@ class PageContentHandler extends TextContentHandler {
$level = $content->getLevel();
$user = $level->getUser();
+ if ( $user ) {
+ if ( $user->isHidden() ) {
+ $userName = $this->msg( 'rev-deleted-user' )->inContentLanguage()->text();
+ } else {
+ $userName = $user->getName();
+ }
+ } else {
+ $userName = null;
+ }
+
return json_encode( [
'header' => $content->getHeader()->serialize(),
'body' => $content->getBody()->serialize(),
'footer' => $content->getFooter()->serialize(),
'level' => [
'level' => $level->getLevel(),
- 'user' => $user ? $user->getName() : null
+ 'user' => $userName
]
] );
}
@@ -104,7 +114,17 @@ class PageContentHandler extends TextContentHandler {
private function serializeContentInWikitext( PageContent $content ) {
$level = $content->getLevel();
$user = $level->getUser();
- $userName = $user ? $user->getName() : '';
+
+ if ( $user ) {
+ if ( $user->isHidden() ) {
+ $userName = $this->msg( 'rev-deleted-user' )->inContentLanguage()->text();
+ } else {
+ $userName = $user->getName();
+ }
+ } else {
+ $userName = null;
+ }
+
$text =
'<noinclude>' .
'<pagequality level="' . $level->getLevel() . '" user="' . $userName . '" />' .
diff --git a/includes/Page/PageDisplayHandler.php b/includes/Page/PageDisplayHandler.php
index 5c824720..c9f0dfc7 100644
--- a/includes/Page/PageDisplayHandler.php
+++ b/includes/Page/PageDisplayHandler.php
@@ -132,10 +132,20 @@ class PageDisplayHandler {
*/
public function getPageJsConfigVars( Title $title, PageContent $content ): array {
$indexFields = $this->getIndexFieldsForJS( $title );
+ $user = $content->getLevel()->getUser();
+
+ if ( $user ) {
+ if ( $user->isHidden() ) {
+ $userName = $this->msg( 'rev-deleted-user' )->inContentLanguage()->text();
+ } else {
+ $userName = $user->getName();
+ }
+ } else {
+ $userName = null;
+ }
$jsConfigVars = [
- 'prpPageQualityUser' =>
- $content->getLevel()->getUser() ? $content->getLevel()->getUser()->getName() : null,
+ 'prpPageQualityUser' => $userName,
'prpPageQuality' =>
$content->getLevel()->getLevel(),
'prpIndexFields' => $indexFields
--
2.39.0

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
10212032
Default Alt Text
0001-Prevent-hidden-users-from-being-exposed-via-public-i.patch (2 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits