Tested on a local instance running CheckUser and other extensions.
Followed the following steps:
- Gave myself suppressor rights
- Suppressed a test edit so that the edit had the following restrictions:
- Removed suppressor rights from myself
- Ran a check on the IP used (in this case a localhost IP as I'm running a local instance)
- Scrolled down to the edit and saw:
The edit summary is correctly suppressed, but not the username. A CU could be running a check on a wide range or IP from running a check on a different account. They can then, without knowing the username, see the suppressed performer username.
To fix Lines 1931 down in SpecialCheckUser.php need to work out if the username / performer is suppressed for that edit.
This also affects Special:Investigate as shown below (same edit used):
Summary: