I just noticed a discrepancy in ApiQueryRecentChanges.php. Since the unpatrolled flag is equivalent to !patrolled (I think? they both add rc_patrolled = 0 to the query AFAICT), filtering for such entries requires appropriate permissions:
// Check permissions if ( isset( $show['patrolled'] ) || isset( $show['!patrolled'] ) || isset( $show['unpatrolled'] ) || isset( $show['autopatrolled'] ) || isset( $show['!autopatrolled'] ) ) { if ( !$user->useRCPatrol() && !$user->useNPPatrol() ) { $this->dieWithError( 'apierror-permissiondenied-patrolflag', 'permissiondenied' ); } }
However, we fail to set the cache mode to private in this case:
public function getCacheMode( $params ) { if ( isset( $params['show'] ) ) { foreach ( $params['show'] as $show ) { if ( $show === 'patrolled' || $show === '!patrolled' ) { return 'private'; } } } // unrelated... }
It looks like this has been missing since the flag was introduced in I356a8625c7, hence CCing @Krinkle and @Anomie.
Likewise, the autopatrol flag added in If64ba8b845 is also missing, CC @Ladsgroup.