If a block log reason was rev-deleted, it is still visible for all admins in [[Special:Block]]
Closed, ResolvedPublic

Description

If a user is blocked with the "Hide username from edits and lists" option selected, and another administrator attempted to reblock the same user, then the block reason was shown to the second administrator even if they lacked the hideuser right.

This was fixed in the attached patch, to be included with the release of MediaWiki 1.19.2 and 1.18.5.

Administrators are advised to avoid placing private data in block reasons. If a block reason does contain private data, the user should be reblocked with a non-private block reason and the original log entry suppressed.


Version: 1.19.1
Severity: normal

bzimport added a subscriber: wikibugs-l.
bzimport set Reference to bz39823.
tstarling created this task.Via LegacyAug 31 2012, 1:55 AM
tstarling added a comment.Via ConduitAug 31 2012, 1:56 AM

Created attachment 11042
Patch for 1.18 branch

Attached: blockreason-1.18.patch

tstarling added a comment.Via ConduitAug 31 2012, 1:56 AM
  • Bug 35839 has been marked as a duplicate of this bug. ***
csteipp added a project: Security.Via WebMar 26 2015, 8:39 PM

Add Comment