Page MenuHomePhabricator
Files F36817245

T328643-2.patch
Tgr (Gergő Tisza)
Actions

Authored By
Tgr
Feb 9 2023, 9:19 AM
Size
4 KB
Referenced Files
None
Subscribers
None

T328643-2.patch
View Options

From d2f0c2601a9b65ed6e3984224e728a71361637e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gerg=C5=91=20Tisza?= <tgr.huwiki@gmail.com>
Date: Fri, 3 Feb 2023 11:00:08 -0800
Subject: [PATCH] SECURITY: Do not expose user timezones
Drop UserTimeCorrection from whereever it is easy to drop
without making this patch large. Make sure it does not contain
any user data elsewhere. Bump cache version just in case this
patch needs to be removed.
Bug: T328643
Change-Id: I72ab6d5bbbce5f1f44adc5ee855121b88a04694e
---
.../UserImpact/ComputedUserImpactLookup.php | 2 +-
includes/UserImpact/UserImpact.php | 19 +------------------
2 files changed, 2 insertions(+), 19 deletions(-)
diff --git includes/UserImpact/ComputedUserImpactLookup.php includes/UserImpact/ComputedUserImpactLookup.php
index f4735c8d..f054e401 100644
--- includes/UserImpact/ComputedUserImpactLookup.php
+++ includes/UserImpact/ComputedUserImpactLookup.php
@@ -229,7 +229,7 @@ class ComputedUserImpactLookup implements UserImpactLookup {
$queryBuilder->caller( __METHOD__ );
$userTimeCorrection = new UserTimeCorrection(
- $this->userOptionsLookup->getOption( $user, 'timecorrection' ),
+ UserTimeCorrection::SYSTEM,
// Make the time correction object testing friendly - otherwise it would contain a
// current-time DateTime object.
new DateTime( '@' . ConvertibleTimestamp::time() ),
diff --git includes/UserImpact/UserImpact.php includes/UserImpact/UserImpact.php
index a602d780..81da69cd 100644
--- includes/UserImpact/UserImpact.php
+++ includes/UserImpact/UserImpact.php
@@ -22,7 +22,7 @@ use Wikimedia\Timestamp\ConvertibleTimestamp;
class UserImpact implements JsonSerializable {
/** Cache version, to be increased when breaking backwards compatibility. */
- public const VERSION = 5;
+ public const VERSION = 6;
/** @var UserIdentity */
private $user;
@@ -36,9 +36,6 @@ class UserImpact implements JsonSerializable {
/** @var int[] */
private $editCountByDay;
- /** @var UserTimeCorrection */
- private $timeZone;
-
/** @var int */
private $newcomerTaskEditCount;
@@ -80,7 +77,6 @@ class UserImpact implements JsonSerializable {
$this->receivedThanksCount = $receivedThanksCount;
$this->editCountByNamespace = $editCountByNamespace;
$this->editCountByDay = $editCountByDay;
- $this->timeZone = $timeZone;
$this->newcomerTaskEditCount = $newcomerTaskEditCount;
$this->lastEditTimestamp = $lastEditTimestamp;
$this->generatedAt = ConvertibleTimestamp::time();
@@ -133,14 +129,6 @@ class UserImpact implements JsonSerializable {
return $this->editCountByDay;
}
- /**
- * The timezone used to define what a day means, typically the timezone of the user.
- * @return UserTimeCorrection
- */
- public function getTimeZone(): UserTimeCorrection {
- return $this->timeZone;
- }
-
/**
* Number of edits the user made which have the newcomer task tag.
* Might exclude edits made a long time ago or many edits ago.
@@ -238,10 +226,6 @@ class UserImpact implements JsonSerializable {
$this->receivedThanksCount = $json['receivedThanksCount'];
$this->editCountByNamespace = $json['editCountByNamespace'];
$this->editCountByDay = $json['editCountByDay'];
- // Make the time correction object testing friendly - otherwise it would contain a
- // current-time DateTime object.
- $date = new DateTime( '@' . ConvertibleTimestamp::time() );
- $this->timeZone = new UserTimeCorrection( $json['timeZone'][0], $date, $json['timeZone'][1] );
$this->newcomerTaskEditCount = $json['newcomerTaskEditCount'];
$this->lastEditTimestamp = $json['lastEditTimestamp'];
$this->generatedAt = $json['generatedAt'];
@@ -271,7 +255,6 @@ class UserImpact implements JsonSerializable {
'receivedThanksCount' => $this->receivedThanksCount,
'editCountByNamespace' => $this->editCountByNamespace,
'editCountByDay' => $this->editCountByDay,
- 'timeZone' => [ $this->timeZone->toString(), $this->timeZone->getTimeOffset() ],
'newcomerTaskEditCount' => $this->newcomerTaskEditCount,
'lastEditTimestamp' => $this->lastEditTimestamp,
'generatedAt' => $this->generatedAt,
--
2.34.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
10706811
Default Alt Text
T328643-2.patch (4 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits