Page MenuHomePhabricator
Files F36421450

T327613-NewImpact-revdeleted-edits.patch
Tgr (Gergő Tisza)
Actions

Authored By
Tgr
Jan 23 2023, 5:34 AM
Size
1 KB
Referenced Files
None
Subscribers
None

T327613-NewImpact-revdeleted-edits.patch
View Options

From 5bcd927c16f74cbbaad93fefde2f91322f8766a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gerg=C5=91=20Tisza?= <tgr.huwiki@gmail.com>
Date: Sun, 22 Jan 2023 21:24:48 -0800
Subject: [PATCH] SECURITY: Do not include edits with revdeleted user in
NewImpact
Bug: T327613
Change-Id: Iec1296761526992422b701474db2f85e3d13e40d
---
includes/UserImpact/ComputedUserImpactLookup.php | 2 ++
1 file changed, 2 insertions(+)
diff --git includes/UserImpact/ComputedUserImpactLookup.php includes/UserImpact/ComputedUserImpactLookup.php
index dc3950f8..7a696a97 100644
--- includes/UserImpact/ComputedUserImpactLookup.php
+++ includes/UserImpact/ComputedUserImpactLookup.php
@@ -13,6 +13,7 @@ use MediaWiki\Config\ServiceOptions;
use MediaWiki\Extension\PageViewInfo\PageViewService;
use MediaWiki\Extension\Thanks\ThanksQueryHelper;
use MediaWiki\MainConfigNames;
+use MediaWiki\Revision\RevisionRecord;
use MediaWiki\Storage\NameTableAccessException;
use MediaWiki\Storage\NameTableStore;
use MediaWiki\User\UserFactory;
@@ -230,6 +231,7 @@ class ComputedUserImpactLookup implements UserImpactLookup {
$queryBuilder->fields( [ 'page_namespace', 'page_title', 'rev_timestamp' ] );
$queryBuilder->where( [ 'rev_actor' => $user->getActorId() ] );
+ $queryBuilder->where( $db->bitAnd( 'rev_deleted', RevisionRecord::DELETED_USER ) . ' = 0' );
// hopefully able to use the rev_actor_timestamp index for an efficient query
$queryBuilder->orderBy( 'rev_timestamp', 'DESC' );
$queryBuilder->limit( self::MAX_EDITS );
--
2.34.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
10399388
Default Alt Text
T327613-NewImpact-revdeleted-edits.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits