Page MenuHomePhabricator

prop=revisions allows deleted text to be exposed through cache pollution
Closed, ResolvedPublic


Patch that fixes the issue

If a privileged user diffs a hidden revision against another revision (hidden or not; or maybe even against emptiness), that diff maybe cached in Squid if an &smaxage parameter is passed, and subsequently served to non-privileged users.

I've attached a patch that fixes this by never exposing hidden content (the rest of the module does this too). I'm filing this in BZ because I'm unsure whether this warrants a security release or a hidden deployment or whatever.

Version: unspecified
Severity: normal

attachment proprevisionscachepollution.patch ignored as obsolete


TitleReferenceAuthorSource BranchDest Branch
builds-builder: bump to 0.0.92-20240219153535-48c88c91repos/cloud/toolforge/toolforge-deploy!200project_1317_bot_df3177307bed93c3f34e421e26c86e38bump_builds-buildermain
[builds-builder] meaningful error message when user exceeds harbor quotarepos/cloud/toolforge/builds-builder!33raymond-ndibehandle_harbor_quota_error_on_exportmain
Customize query in GitLab

Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 12:01 AM
bzimport set Reference to bz33117.
bzimport added a subscriber: Unknown Object (MLST).

Created attachment 9722
Slightly modified patch

Reproduced and tested. Maybe it would be better to deny access to deleted revisions, rather than allowing access to deleted revisions and denying everything else ;)


Roan, please review my patch and then if it's OK, reassign the bug to Sam Reed for release with 1.18.1.

(In reply to comment #3)

Pinging Roan...

Whoops, I'm sorry. I should fix my BZ settings so I actually get bugmail for hidden bugs.

Patch is OK. Thanks for catching that embarrassing mistake :)

trunk in r108682
1.18wmf1 in r108683

REL1_17 in r108686
REL1_18 in r108687