Page MenuHomePhabricator

Improve revision visibility after recent security patches
Open, Needs TriagePublicSecurity

Description

  • T274152 restricted /examine and /test to visible rows (rc_deleted=0). It should actually check the user's permissions; core should provide a method for that.
  • T71367 restricted page_recent_contributors to visible rows (rev_deleted=0). It should check the user's permissions, possibly after T233222 is done.

Event Timeline

Change 670785 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/extensions/AbuseFilter@master] Apply proper visibility checks for recentchanges queries

https://gerrit.wikimedia.org/r/670785

@sbassett Could you please make this public? Seems like I can't.

Change 670785 merged by jenkins-bot:
[mediawiki/extensions/AbuseFilter@master] Apply proper visibility checks for recentchanges queries

https://gerrit.wikimedia.org/r/670785

sbassett changed the visibility from "Custom Policy" to "Public (No Login Required)".Mar 18 2021, 3:11 PM
sbassett changed the edit policy from "Custom Policy" to "All Users".

@sbassett Could you please make this public? Seems like I can't.

Done. I guess some of these protected tasks have visibility permissions restricted to members of acl*security_team, at least initially?

Change 678662 had a related patch set uploaded (by Reedy; author: Daimona Eaytoy):

[mediawiki/extensions/AbuseFilter@REL1_35] Apply proper visibility checks for recentchanges queries

https://gerrit.wikimedia.org/r/678662

Change 678664 had a related patch set uploaded (by Reedy; author: Daimona Eaytoy):

[mediawiki/extensions/AbuseFilter@REL1_31] Apply proper visibility checks for recentchanges queries

https://gerrit.wikimedia.org/r/678664

Change 678664 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@REL1_31] Apply proper visibility checks for recentchanges queries

https://gerrit.wikimedia.org/r/678664

Change 678662 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@REL1_35] Apply proper visibility checks for recentchanges queries

https://gerrit.wikimedia.org/r/678662

Daimona removed Daimona as the assignee of this task.
Daimona updated the task description. (Show Details)

(Reopening since I missed the second bullet. That one is blocked on the subtask)