Spotted during code review for T69793 - https://gerrit.wikimedia.org/r/#/c/145014/ .
In T223654#5194172, @suffusion_of_yellow wrote:
@Daimona: I can't see T71367, but are you sure it's the same? To be clear, there are really three ways page_recent_contributors (and, I just realized, page_first_contributor) can reveal a hidden username:
- Alice edits logged out, contacts oversight. Oversight does its thing. Later, Bob sees the struck out entry, goes to /examine and finds the IP. No abuse filters are ever tripped on the page.
- Alice edits logged out, conatcts oversight. Oversight does its thing. Later, Bob sees the struck out entry, tries to replace the page with "[expletive redacted]", then goes to his abuse log entry and finds the IP.
- Alice edits logged out, contacts oversight. Meanwhile, Vance, who knows nothing of these goings-on, tries to replace the page with "[expletive redacted]". Too late, oversight does its thing. Later, Bob notices the struck-out entry, goes to the abuse log for the page, finds Vance's entry, and recovers the IP from the log.
(3), indeed, sounds like a PITA to fix, since the username is already baked into the log, but it's not going to be exploitable in most cases. Plus, oversighters can suppress Vance's entry as well, if they remember to look for it. However, couldn't (1) and (2) be fixed by checking rev_deleted in getLastPageAuthors(), etc.?