Page MenuHomePhabricator

Clarify which methods on RevisionStore enforce audience checks when accessing content
Closed, ResolvedPublic

Description

(modified after investigation)

RevisionStore::getSlots() provides "raw" access to slot content without audience checks. This fact should be documented to avoid confusion, like the one that originally caused this ticket to be filed.

Original Description

This was discovered while fixing phan errors. Basically, the code is:

$slotContent = array_map( function ( SlotRecord $slot ) {
	return $slot->getContent( RevisionRecord::RAW );
}, $rev->getSlots()->getSlots() );

which seems to indicate that audience checks should be bypassed. However, SlotRecord::getContent doesn't accept any parameter to check permissions.

This "bug" was introduced with https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/418134/ one year ago.

Details

Related Gerrit Patches:

Event Timeline

Daimona created this task.Oct 10 2019, 12:30 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 10 2019, 12:30 PM

$rev->getSlots() returns raw slots, with no audience checks. So while the parameter in getContent( RevisionRecord::RAW ) is incorrect, the code still does the right thing.

The thing that could be improved here is the documentation of getSlots(). I'll make a patch.

Change 542101 had a related patch set uploaded (by Daniel Kinzler; owner: Daniel Kinzler):
[mediawiki/core@master] RevisionRecord documentation: getSlots() bypasses audience check.

https://gerrit.wikimedia.org/r/542101

daniel renamed this task from WikiPage::getDeletionUpdates pretends to get content with RevisionRecord::RAW but it actually doesn't to Carify which methods on RevisionStore enforce audience checks when accessing content.Oct 10 2019, 1:15 PM
daniel updated the task description. (Show Details)
Aklapper renamed this task from Carify which methods on RevisionStore enforce audience checks when accessing content to Clarify which methods on RevisionStore enforce audience checks when accessing content.Oct 10 2019, 3:24 PM
daniel claimed this task.Nov 20 2019, 3:15 PM
daniel triaged this task as Medium priority.

Change 542101 merged by jenkins-bot:
[mediawiki/core@master] RevisionRecord documentation: getSlots() bypasses audience check.

https://gerrit.wikimedia.org/r/542101

daniel closed this task as Resolved.Nov 26 2019, 7:36 PM