This is a task to collect all instances where we could show some AbuseLog or related item to privileged admin, whereas we currently don't. Showing too much information has been the cause of several info leaks in the past (e.g. T207085), so care should be taken.
Description
Description
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | Daimona | T273970 Adjust visibility of AbuseLog entries and related items | |||
Duplicate | Daimona | T233324 Allow privileged users to see deleted edits on Special:AbuseLog | |||
Resolved | Daimona | T262035 Results on /test not shown for deleted edits, but it's shown when examining them | |||
Resolved | BUG REPORT | Daimona | T261532 AbuseLog excludes revisions with any type of rev-del from non-oversighters | ||
Duplicate | None | T268208 Special:AbuseLog missing filter details line if revision is revision deleted | |||
Resolved | Security | Daimona | T274158 Improve revision visibility after recent security patches | ||
Resolved | Daimona | T71367 page_recent_contributors leaks revdeleted user names (CVE-2021-31545) | |||
Resolved | Security | Daimona | T274152 Special:AbuseFilter/examine reveals suppressed usernames (CVE-2021-31549) |
Event Timeline
Comment Actions
r721375 should have fixed this once and for all. (The code can still be improved, e.g. moved to a service, but that wouldn't be a user-facing change).