Change Details

Tested on a local instance running CheckUser and other extensions. Followed the following steps: * Gave myself suppressor rights * Suppressed a test edit so that the edit had the following restrictions: {F35274252} * Removed suppressor rights from myself * Ran a check on the IP used (in this case a localhost IP as I'm running a local instance) * Scrolled down to the edit and saw: {F35274253} The edit summary is correctly suppressed, but not the username. A CU could be running a check on a wide range or IP from running a check on a different account. They can then, without knowing the username, see the suppressed performer username. To fix Lines 1931 down in SpecialCheckUser.php need to work out if the username / performer is suppressed for that edit. This also affects Special:Investigate as shown below (same edit used): {F35274293} {F35274292} Summary: - For edits -- SpecialCheckUser - awaiting deployment -- SpecialInvestigate - not fixed -- CU API - not fixed - logged actions can not be fixed fully without a schema change

Tested on a local instance running CheckUser and other extensions. Followed the following steps: * Gave myself suppressor rights * Suppressed a test edit so that the edit had the following restrictions: {F35274252} * Removed suppressor rights from myself * Ran a check on the IP used (in this case a localhost IP as I'm running a local instance) * Scrolled down to the edit and saw: {F35274253} The edit summary is correctly suppressed, but not the username. A CU could be running a check on a wide range or IP from running a check on a different account. They can then, without knowing the username, see the suppressed performer username. To fix Lines 1931 down in SpecialCheckUser.php need to work out if the username / performer is suppressed for that edit. This also affects Special:Investigate as shown below (same edit used): {F35274293} {F35274292} Summary: - For edits -- SpecialCheckUser - awaiting deployment -- SpecialInvestigate - not fixed -- CU API - not fixed - logged actions can not be fixed fully without a schema change -- [] Schema change to store the log ID - https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/856930

Tested on a local instance running CheckUser and other extensions. Followed the following steps: * Gave myself suppressor rights * Suppressed a test edit so that the edit had the following restrictions: {F35274252} * Removed suppressor rights from myself * Ran a check on the IP used (in this case a localhost IP as I'm running a local instance) * Scrolled down to the edit and saw: {F35274253} The edit summary is correctly suppressed, but not the username. A CU could be running a check on a wide range or IP from running a check on a different account. They can then, without knowing the username, see the suppressed performer username. To fix Lines 1931 down in SpecialCheckUser.php need to work out if the username / performer is suppressed for that edit. This also affects Special:Investigate as shown below (same edit used): {F35274293} {F35274292} Summary: - For edits -- SpecialCheckUser - awaiting deployment -- SpecialInvestigate - not fixed -- CU API - not fixed - logged actions can not be fixed fully without a schema change -- [] Schema change to store the log ID - https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/856930