prop=revisions allows deleted text to be exposed through cache pollution
Closed, ResolvedPublic


Patch that fixes the issue

If a privileged user diffs a hidden revision against another revision (hidden or not; or maybe even against emptiness), that diff maybe cached in Squid if an &smaxage parameter is passed, and subsequently served to non-privileged users.

I've attached a patch that fixes this by never exposing hidden content (the rest of the module does this too). I'm filing this in BZ because I'm unsure whether this warrants a security release or a hidden deployment or whatever.

Version: unspecified
Severity: normal

attachment proprevisionscachepollution.patch ignored as obsolete


bzimport set Reference to bz33117.
bzimport added a subscriber: Unknown Object (MLST).
Catrope created this task.Dec 14 2011, 4:38 PM

Created attachment 9722
Slightly modified patch

Reproduced and tested. Maybe it would be better to deny access to deleted revisions, rather than allowing access to deleted revisions and denying everything else ;)

Attached: bug33117-v2.patch

Roan, please review my patch and then if it's OK, reassign the bug to Sam Reed for release with 1.18.1.

Pinging Roan...

(In reply to comment #3)

Pinging Roan...

Whoops, I'm sorry. I should fix my BZ settings so I actually get bugmail for hidden bugs.

Patch is OK. Thanks for catching that embarrassing mistake :)

Reedy added a comment.Jan 11 2012, 9:58 PM

trunk in r108682
1.18wmf1 in r108683

REL1_17 in r108686
REL1_18 in r108687

Add Comment