If a user does not have the rights to see the reason provided for a log entry, then it is not hidden in the response from the API.
Note: The reason associated with a log action was already not properly hidden before T341827 (so that refactor is not to blame), but this issue has been made more frequent by T361263.
For example:
The hidden state of the log entry | The log comment shown in the results |
---|---|
Steps to reproduce
- Perform a log action
- Load Special:RevisionDelete for the log
- Hide the Edit summary for that log action with the suppression option also checked
- Log into an account with the checkuser group but not suppressor
- Open Special:ApiSandbox and select action as query, list as checkuser, and then curequest as actions
- Enter the username that performed the log action in step 2 as the target and run the check
- Search for the log action in the results list