prop=revisions allows deleted text to be exposed through cache pollution
Closed, ResolvedPublic

Description

Patch that fixes the issue

If a privileged user diffs a hidden revision against another revision (hidden or not; or maybe even against emptiness), that diff maybe cached in Squid if an &smaxage parameter is passed, and subsequently served to non-privileged users.

I've attached a patch that fixes this by never exposing hidden content (the rest of the module does this too). I'm filing this in BZ because I'm unsure whether this warrants a security release or a hidden deployment or whatever.


Version: unspecified
Severity: normal

attachment proprevisionscachepollution.patch ignored as obsolete

bzimport added a subscriber: wikibugs-l.
bzimport set Reference to bz33117.
Catrope created this task.Via LegacyDec 14 2011, 4:38 PM
tstarling added a comment.Via ConduitDec 16 2011, 4:21 AM

Created attachment 9722
Slightly modified patch

Reproduced and tested. Maybe it would be better to deny access to deleted revisions, rather than allowing access to deleted revisions and denying everything else ;)

Attached: bug33117-v2.patch

tstarling added a comment.Via ConduitDec 16 2011, 4:54 AM

Roan, please review my patch and then if it's OK, reassign the bug to Sam Reed for release with 1.18.1.

RobLa-WMF added a comment.Via ConduitJan 3 2012, 10:09 PM

Pinging Roan...

Catrope added a comment.Via ConduitJan 4 2012, 1:40 PM

(In reply to comment #3)

Pinging Roan...

Whoops, I'm sorry. I should fix my BZ settings so I actually get bugmail for hidden bugs.

Catrope added a comment.Via ConduitJan 4 2012, 1:41 PM

Patch is OK. Thanks for catching that embarrassing mistake :)

Reedy added a comment.Via ConduitJan 11 2012, 9:58 PM

trunk in r108682
1.18wmf1 in r108683

Reedy added a comment.Via ConduitJan 11 2012, 10:00 PM

REL1_17 in r108686
REL1_18 in r108687

csteipp added a project: Security.Via WebMar 26 2015, 8:39 PM

Add Comment