Can we/is it possible to livehack out the access to the details that the "abusefilter-private" right in abuse filter gives out if its accidently enabled for user groups (eg: bug 29910 comment #3)
Version: unspecified
Severity: normal
Can we/is it possible to livehack out the access to the details that the "abusefilter-private" right in abuse filter gives out if its accidently enabled for user groups (eg: bug 29910 comment #3)
Version: unspecified
Severity: normal
(In reply to comment #0)
Can we/is it possible to livehack out the access to the details that the
"abusefilter-private" right in abuse filter gives out if its accidently enabled
for user groups (eg: bug 29910 comment #3)
Quite easily
Replace line 325 of SpecialAbuseLog with return false;, and on line 57 of ApiQueryAbuseLog, comment out && !$wgUser->isAllowed( 'abusefilter-private' )
reopening, reedy is correct. It was more of a "if it is possible -> then we should do this, if not kill the bug" type bug.
Actually do we have any other rights that shouldn't be given ever? if we have a couple we could probably do a ext that is loaded last that kills them off.
(In reply to comment #4)
reopening, reedy is correct. It was more of a "if it is possible -> then we
should do this, if not kill the bug" type bug.Actually do we have any other rights that shouldn't be given ever? if we have a
couple we could probably do a ext that is loaded last that kills them off.
If they're more than broken, we should just kill it
<logmsgbot> !log reedy synchronized wmf-config/abusefilter.php 'bug 29922 Remove abusefilter-private right so it cannot be accidentally granted'
<morebots> Logged the message, Master