Page MenuHomePhabricator

Do not allow undeleting a revdel'd file as the top file revision.

Authored By
Bawolff
Apr 18 2016, 4:48 PM
Size
1 KB
Referenced Files
None
Subscribers
None

Do not allow undeleting a revdel'd file as the top file revision.

From f12dff9190354a6f33a9048b4b20adc5ff69654f Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Mon, 18 Apr 2016 12:45:56 -0400
Subject: [PATCH] [SECURITY] Do not allow undeleting a revdel'd file if its top
file
This prevents admins being able to view suppressed files, by simply
deleting them, and then undeleting only the file revision that they
want to view.
This dates back to r43288. Unclear if it was intentional.
Bug: T132926
Change-Id: Ib767de853a37099305db20529378fa756ee1bdfe
---
includes/filerepo/file/LocalFile.php | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/includes/filerepo/file/LocalFile.php b/includes/filerepo/file/LocalFile.php
index aa278aa..9e1d364 100644
--- a/includes/filerepo/file/LocalFile.php
+++ b/includes/filerepo/file/LocalFile.php
@@ -2516,8 +2516,9 @@ class LocalFileRestoreBatch {
// The live (current) version cannot be hidden!
if ( !$this->unsuppress && $row->fa_deleted ) {
- $storeBatch[] = [ $deletedUrl, 'public', $destRel ];
- $this->cleanupBatch[] = $row->fa_storage_key;
+ $status->fatal( 'undeleterevdel' );
+ $this->file->unlock();
+ return $status;
}
} else {
$archiveName = $row->fa_archive_name;
--
2.0.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3665358
Default Alt Text
Do not allow undeleting a revdel'd file as the top file revision. (1 KB)

Event Timeline