includes/logging/LogPager.php currently contains checks in enforceActionRestrictions() and enforcePerformerRestrictions() that - when the user searching log events holds deletedhistory rights (but not suppression rights) - do not correctly filter out suppressed titles/performers from log results (reproduction steps below).

In the case of (e.g.) enforceActionRestrictions(), this appears to be because it adds an SQL condition to check whether the bitwise AND of the log_deleted column and LogPage::SUPPRESSED_ACTION is not equal to LogPage::SUPPRESSED_USER, when (to enforce the action restriction) it should be checking that the bitAnd() result is not equal to LogPage::SUPPRESSED_ACTION. (For enforcePerformerRestrictions(), it appears to be the same, but with LogPage::SUPPRESSED_ACTION & LogPage::SUPPRESSED_USER swapped around.)

Looking at 60aa90500668 & T188145, it seems like the LogPage::SUPPRESSED_USER on line 430 (as of that commit) should have been swapped with the LogPage::SUPPRESSED_ACTION on line 449 - it seems like that may have been inadvertently missed when that commit was made. I believe that swapping these two statements (on what are currently lines 526 & 543 of LogPager.php) would rectify this issue.

Steps to reproduce - suppressed performer

1. Create a user account with the name Suppressible user name.
2. While logged into that account, create a page with any title.
3. Log out of that account and log into an account with suppressor rights.
4. Delete the created page with the "Suppress data from administrators as well as others" box checked.
5. Navigate to Special:Log?user=Suppressible_user_name, select all the log entries that appear, and click "Change visibility of selected log entries". Set the option labelled "Editor's username/IP address" to "Hidden" & set the option labelled "Suppress data from administrators as well as others" to "Suppress", and click "Apply to selected revisions".
6. Log out of the account with suppressor rights, and log into an account with deletedhistory rights.
7. Navigate to Special:Log?user=Suppressible_user_name.
   • MediaWiki returns log entries performed by this user that their username has been suppressed from, thus revealing the username that was suppressed from the returned log entries/revealing the user that performed these actions to a user who does not hold suppression rights.
     
   • When logged-out (or logged into an account that does not hold deletedhistory rights), MediaWiki correctly filters out the log events with the log-suppressed performer.
     

Steps to reproduce - suppressed target

1. While logged in as any user, create a page with the name Test page name 1.
2. Log into an account with suppressor rights.
3. Delete Test_page_name_1 with the "Suppress data from administrators as well as others" box checked.
4. Navigate to Special:Log?page=Test_page_name_1, select the checkbox next to the creation log entry for Test page name 1, and click "Change visibility of selected log entries". Check the boxes labelled "Hide target and parameters" & "Suppress data from administrators as well as others", and click "Apply to selected revision".
5. Log out of the account with suppressor rights, and log into an account with deletedhistory rights.
6. Navigate to Special:Log?page=Test_page_name_1.
   • MediaWiki returns log events relating to this title that the title has been suppressed from, thus revealing the title that was suppressed from the returned log entries to a user who does not hold suppression rights.
     
   • When logged-out (or logged into an account that does not hold deletedhistory rights), MediaWiki correctly filters out the log events with the log-suppressed title.