Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F3889623
Do not allow undeleting a revdel'd file as the top file revision.
No One
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
Bawolff
Apr 18 2016, 4:48 PM
2016-04-18 16:48:32 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
Do not allow undeleting a revdel'd file as the top file revision.
View Options
From f12dff9190354a6f33a9048b4b20adc5ff69654f Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Mon, 18 Apr 2016 12:45:56 -0400
Subject: [PATCH] [SECURITY] Do not allow undeleting a revdel'd file if its top
file
This prevents admins being able to view suppressed files, by simply
deleting them, and then undeleting only the file revision that they
want to view.
This dates back to r43288. Unclear if it was intentional.
Bug: T132926
Change-Id: Ib767de853a37099305db20529378fa756ee1bdfe
---
includes/filerepo/file/LocalFile.php | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/includes/filerepo/file/LocalFile.php b/includes/filerepo/file/LocalFile.php
index aa278aa..9e1d364 100644
--- a/includes/filerepo/file/LocalFile.php
+++ b/includes/filerepo/file/LocalFile.php
@@ -2516,8 +2516,9 @@ class LocalFileRestoreBatch {
// The live (current) version cannot be hidden!
if ( !$this->unsuppress && $row->fa_deleted ) {
- $storeBatch[] = [ $deletedUrl, 'public', $destRel ];
- $this->cleanupBatch[] = $row->fa_storage_key;
+ $status->fatal( 'undeleterevdel' );
+ $this->file->unlock();
+ return $status;
}
} else {
$archiveName = $row->fa_archive_name;
--
2.0.1
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3665358
Default Alt Text
Do not allow undeleting a revdel'd file as the top file revision. (1 KB)
Attached To
Mode
T132926: Admins can get around oversight (suppression) of file revisions
Attached
Detach File
Event Timeline
Log In to Comment