Page MenuHomePhabricator
Authored By
kostajh
Feb 9 2023, 11:31 AM
Size
4 KB
Referenced Files
None
Subscribers
None

T328643-2.patch

From a21d274d9f256aa0d253203c9740656b0febed6d Mon Sep 17 00:00:00 2001
From: Kosta Harlan <kharlan@wikimedia.org>
Date: Thu, 9 Feb 2023 12:26:42 +0100
Subject: [PATCH] SECURITY: Do not expose user timezones
Drop UserTimeCorrection from wherever it is easy to drop
without making this patch large. Make sure it does not contain
any user data elsewhere. Bump cache version just in case this
patch needs to be removed.
Bug: T328643
Change-Id: I72ab6d5bbbce5f1f44adc5ee855121b88a04694e
---
.../UserImpact/ComputedUserImpactLookup.php | 2 +-
includes/UserImpact/UserImpact.php | 20 +------------------
2 files changed, 2 insertions(+), 20 deletions(-)
diff --git a/includes/UserImpact/ComputedUserImpactLookup.php b/includes/UserImpact/ComputedUserImpactLookup.php
index f4735c8d..f054e401 100644
--- a/includes/UserImpact/ComputedUserImpactLookup.php
+++ b/includes/UserImpact/ComputedUserImpactLookup.php
@@ -229,7 +229,7 @@ class ComputedUserImpactLookup implements UserImpactLookup {
$queryBuilder->caller( __METHOD__ );
$userTimeCorrection = new UserTimeCorrection(
- $this->userOptionsLookup->getOption( $user, 'timecorrection' ),
+ UserTimeCorrection::SYSTEM,
// Make the time correction object testing friendly - otherwise it would contain a
// current-time DateTime object.
new DateTime( '@' . ConvertibleTimestamp::time() ),
diff --git a/includes/UserImpact/UserImpact.php b/includes/UserImpact/UserImpact.php
index a602d780..1d6b3b87 100644
--- a/includes/UserImpact/UserImpact.php
+++ b/includes/UserImpact/UserImpact.php
@@ -2,7 +2,6 @@
namespace GrowthExperiments\UserImpact;
-use DateTime;
use JsonSerializable;
use LogicException;
use MediaWiki\User\UserIdentity;
@@ -22,7 +21,7 @@ use Wikimedia\Timestamp\ConvertibleTimestamp;
class UserImpact implements JsonSerializable {
/** Cache version, to be increased when breaking backwards compatibility. */
- public const VERSION = 5;
+ public const VERSION = 6;
/** @var UserIdentity */
private $user;
@@ -36,9 +35,6 @@ class UserImpact implements JsonSerializable {
/** @var int[] */
private $editCountByDay;
- /** @var UserTimeCorrection */
- private $timeZone;
-
/** @var int */
private $newcomerTaskEditCount;
@@ -80,7 +76,6 @@ class UserImpact implements JsonSerializable {
$this->receivedThanksCount = $receivedThanksCount;
$this->editCountByNamespace = $editCountByNamespace;
$this->editCountByDay = $editCountByDay;
- $this->timeZone = $timeZone;
$this->newcomerTaskEditCount = $newcomerTaskEditCount;
$this->lastEditTimestamp = $lastEditTimestamp;
$this->generatedAt = ConvertibleTimestamp::time();
@@ -133,14 +128,6 @@ class UserImpact implements JsonSerializable {
return $this->editCountByDay;
}
- /**
- * The timezone used to define what a day means, typically the timezone of the user.
- * @return UserTimeCorrection
- */
- public function getTimeZone(): UserTimeCorrection {
- return $this->timeZone;
- }
-
/**
* Number of edits the user made which have the newcomer task tag.
* Might exclude edits made a long time ago or many edits ago.
@@ -238,10 +225,6 @@ class UserImpact implements JsonSerializable {
$this->receivedThanksCount = $json['receivedThanksCount'];
$this->editCountByNamespace = $json['editCountByNamespace'];
$this->editCountByDay = $json['editCountByDay'];
- // Make the time correction object testing friendly - otherwise it would contain a
- // current-time DateTime object.
- $date = new DateTime( '@' . ConvertibleTimestamp::time() );
- $this->timeZone = new UserTimeCorrection( $json['timeZone'][0], $date, $json['timeZone'][1] );
$this->newcomerTaskEditCount = $json['newcomerTaskEditCount'];
$this->lastEditTimestamp = $json['lastEditTimestamp'];
$this->generatedAt = $json['generatedAt'];
@@ -271,7 +254,6 @@ class UserImpact implements JsonSerializable {
'receivedThanksCount' => $this->receivedThanksCount,
'editCountByNamespace' => $this->editCountByNamespace,
'editCountByDay' => $this->editCountByDay,
- 'timeZone' => [ $this->timeZone->toString(), $this->timeZone->getTimeOffset() ],
'newcomerTaskEditCount' => $this->newcomerTaskEditCount,
'lastEditTimestamp' => $this->lastEditTimestamp,
'generatedAt' => $this->generatedAt,
--
2.39.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
10706971
Default Alt Text
T328643-2.patch (4 KB)

Event Timeline