Page MenuHomePhabricator
Create Task
Maniphest T132926

Admins can get around oversight (suppression) of file revisions
Closed, ResolvedPublic
Actions

Assigned To
Bawolff
Authored By
Bawolff
Apr 18 2016, 4:09 PM
Tags
Referenced Files
F3889623: Do not allow undeleting a revdel'd file as the top file revision.
Apr 18 2016, 4:49 PM
Subscribers
aaron
Aklapper
Bawolff
dpatrick
gerritbot
Jdforrester-WMF
JEumerus
View All 9 Subscribers

Description

Admins (More generally, users with undelete rights) can remove the revision deletion status of a file revision (Including if the file is suppressed), even if they don't have suppressrevision or deleterevision rights. Admins are not supposed to be able to do this.

Basically, when doing Special:Undelete, if the file version you're undeleting would be the newest version of the image (So it would be the main image associated with the file page), then the fa_deleted field is totally ignored during the undeletion process.

Steps to reproduce:

  • Find some file version that's suppressed. (this works both for "deleted" suppressed files, and files that are not "deleted" but just "suppressed")
  • If there is currently an image for the associated page, "delete" (that is, normal ?action=delete, not revdel) the image, so that there is no image when browsing to File:<filename>
  • Special:Undelete the specific revision you want to remove suppresion from (and only that revision)
  • Image should now be publicly viewable, despite the fact that admins aren't supposed to be able to view it.

Details

SubjectRepoBranchLines +/-
SECURITY: Do not allow undeleting a revdel'd file if its top filemediawiki/coreREL1_27+3 -2
SECURITY: Do not allow undeleting a revdel'd file if its top filemediawiki/coremaster+3 -2
SECURITY: Do not allow undeleting a revdel'd file if its top filemediawiki/coreREL1_26+3 -2
Do not allow undeleting a revdel'd file if its top filemediawiki/corefundraising/REL1_27+3 -2
SECURITY: Do not allow undeleting a revdel'd file if its top filemediawiki/coreREL1_23+3 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

Bawolff created this task.Apr 18 2016, 4:09 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 18 2016, 4:09 PM
Bawolff added projects: MediaWiki-Revision-deletion, MediaWiki-File-management, MediaWiki-Page-deletion, Vuln-Infoleak.Apr 18 2016, 4:10 PM
Restricted Application added projects: Multimedia, Commons. · View Herald TranscriptApr 18 2016, 4:10 PM
Bawolff added a project: Patch-For-Review.Apr 18 2016, 4:49 PM

Do not allow undeleting a revdel'd file as the top file revision.1 KBDownload

csteipp added a subscriber: aaron.Apr 19 2016, 9:38 PM
csteipp triaged this task as High priority.Apr 19 2016, 9:40 PM
Jdforrester-WMF moved this task from Untriaged to Needs code review on the Multimedia board.Jul 7 2016, 2:04 PM
dpatrick subscribed.Jul 7 2016, 7:04 PM

@aaron, would you review Brian's patch here?

aaron added a comment.Jul 7 2016, 9:18 PM

Yeah, that check was backwards. The cleanupBatch field is already updated at the end of each loop iteration.

The patch looks all good to me.

Bawolff added a parent task: T133070: MediaWiki 1.27.1 security release.Jul 7 2016, 9:22 PM
Jdforrester-WMF subscribed.Jul 7 2016, 11:45 PM
Bawolff moved this task from Backlog / Other to Patch pending deployment on the acl*security board.Jul 10 2016, 5:13 PM
Jdforrester-WMF assigned this task to Bawolff.Jul 12 2016, 11:08 PM
Bawolff mentioned this in T133070: MediaWiki 1.27.1 security release.Jul 18 2016, 9:37 AM
dpatrick closed this task as Resolved.Jul 18 2016, 10:37 PM

22:34 dapatrick: Deployed patch for T132926 to wmf.10

dpatrick added a subscriber: Staypos.Aug 22 2016, 11:32 PM
demon changed the visibility from "Custom Policy" to "Public (No Login Required)".Aug 23 2016, 1:24 AM
demon changed Security from Software security bug to None.
Restricted Application added subscribers: JEumerus, Matanya. · View Herald TranscriptAug 23 2016, 1:24 AM
gerritbot subscribed.Aug 23 2016, 1:43 AM

Change 306117 merged by jenkins-bot:
SECURITY: Do not allow undeleting a revdel'd file if its top file

https://gerrit.wikimedia.org/r/306117

gerritbot added a comment.Aug 23 2016, 1:56 AM

Change 306131 had a related patch set uploaded (by Ejegg):
Do not allow undeleting a revdel'd file if its top file

https://gerrit.wikimedia.org/r/306131

ReleaseTaggerBot added a project: MW-1.23-release.Aug 23 2016, 2:00 AM
gerritbot added a comment.Aug 23 2016, 2:02 AM

Change 306108 merged by jenkins-bot:
SECURITY: Do not allow undeleting a revdel'd file if its top file

https://gerrit.wikimedia.org/r/306108

gerritbot added a comment.Aug 23 2016, 2:46 AM

Change 306131 merged by jenkins-bot:
Do not allow undeleting a revdel'd file if its top file

https://gerrit.wikimedia.org/r/306131

ReleaseTaggerBot added a project: MW-1.26-release.Aug 23 2016, 3:00 AM
gerritbot added a comment.Aug 23 2016, 3:05 AM

Change 306089 merged by jenkins-bot:
SECURITY: Do not allow undeleting a revdel'd file if its top file

https://gerrit.wikimedia.org/r/306089

gerritbot added a comment.Aug 23 2016, 3:46 AM

Change 306098 merged by jenkins-bot:
SECURITY: Do not allow undeleting a revdel'd file if its top file

https://gerrit.wikimedia.org/r/306098

ReleaseTaggerBot added projects: MW-1.28-release (WMF-deploy-2016-08-23_(1.28.0-wmf.16)), MW-1.28-release-notes, MW-1.27-release-notes.Aug 23 2016, 4:00 AM
Kghbln mentioned this in T151805: Security issues publicly announced, fixed but not released?.Nov 28 2016, 8:43 PM
sbassett moved this task from Patch pending deployment to Done on the acl*security board.Sep 26 2019, 2:37 PM
chasemp added a project: Security.Feb 10 2020, 10:55 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:15 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits