Page MenuHomePhabricator
Create Task
Maniphest T398253

Partial backport of DatabaseBlockStore::insertBlockWithParams() to REL1_43
Open, LowPublic
Actions

Description

rMWc2f4d23ffe70: block: DatabaseBlock constructor caller migration added a DatabaseBlockStore::insertBlockWithParams() for T382106: BlockTarget class/T385966: Remove global service container access from Block class hierarchy in #mw-rel-1.44.

It's resulted in some extra changes be needed for security patch backports in MW-1.43-release (and MW-1.42-release but that's basically EOL) in T397595: CVE-2025-6927: Autoblocks from global account suppressions are publicly visible/T391343: CVE-2025-6589: With MultiBlocks enabled and a user who is suppressed via a MultiBlock, a user without 'hideuser' can see the hidden username in the BlockList.

The original commit isn't a clean cherry pick to REL1_43, and I definitely don't think the whole commit needs to come with it... But if we could have a shim to give us DatabaseBlockStore::insertBlockWithParams() would likely be helpful longer term in terms of backports down the line...

Related Objects

Event Timeline

Reedy created this task.Jun 30 2025, 10:18 PM
Restricted Application added projects: Community-Tech, Trust and Safety Product Team. · View Herald TranscriptJun 30 2025, 10:18 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Reedy renamed this task from Partial backport DatabaseBlockStore::insertBlockWithParams() to Partial backport DatabaseBlockStore::insertBlockWithParams() to REL1_43.Jun 30 2025, 10:18 PM
Reedy renamed this task from Partial backport DatabaseBlockStore::insertBlockWithParams() to REL1_43 to Partial backport of DatabaseBlockStore::insertBlockWithParams() to REL1_43.
Reedy triaged this task as Low priority.
Reedy moved this task from Blocker to Not a blocker on the MW-1.43-release board.Jul 1 2025, 12:57 PM
Dreamy_Jazz edited projects, added Product Safety and Integrity; removed Trust and Safety Product Team.Tue, Feb 24, 2:51 PM
Dreamy_Jazz moved this task from Inbox to Triaged (backlog) on the Product Safety and Integrity board.Tue, Feb 24, 2:55 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits