[MediaWiki-commits] [Gerrit] SECURITY: Do not show log action if revdeleted - change (mediawiki/core)

Mglaser (Code Review) Wed, 26 Nov 2014 17:29:12 -0800

Mglaser has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/176208


Change subject: SECURITY: Do not show log action if revdeleted
......................................................................

SECURITY: Do not show log action if revdeleted

Also do not include revdeleted entries in search results when
filtering by action if user cannot view that info.

Bug: 72222
Change-Id: I9f331c421c55323018765456d6a99229e1fff592
---
M includes/api/ApiQueryLogEvents.php
1 file changed, 6 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/08/176208/1

diff --git a/includes/api/ApiQueryLogEvents.php 
b/includes/api/ApiQueryLogEvents.php
index 26774ef..0e8c5e6 100644
--- a/includes/api/ApiQueryLogEvents.php
+++ b/includes/api/ApiQueryLogEvents.php
@@ -157,7 +157,7 @@
                $this->addOption( 'USE INDEX', $index );
 
                // Paranoia: avoid brute force searches (bug 17342)
-               if ( !is_null( $title ) ) {
+               if ( !is_null( $title ) || !is_null( $params['action'] ) ) {
                        $this->addWhere( $db->bitAnd( 'log_deleted', 
LogPage::DELETED_ACTION ) . ' = 0' );
                }
                if ( !is_null( $user ) ) {
@@ -300,10 +300,13 @@
                        $title = Title::makeTitle( $row->log_namespace, 
$row->log_title );
                }
 
-               if ( $this->fld_title || $this->fld_ids ) {
+               if ( $this->fld_title || $this->fld_ids || $this->fld_type ) {
                        if ( LogEventsList::isDeleted( $row, 
LogPage::DELETED_ACTION ) ) {
                                $vals['actionhidden'] = '';
                        } else {
+                               if ( $this->fld_type ) {
+                                       $vals['action'] = $row->log_action;
+                               }
                                if ( $this->fld_title ) {
                                        ApiQueryBase::addTitleInfo( $vals, 
$title );
                                }
@@ -313,9 +316,8 @@
                        }
                }
 
-               if ( $this->fld_type || $this->fld_action ) {
+               if ( $this->fld_type ) {
                        $vals['type'] = $row->log_type;
-                       $vals['action'] = $row->log_action;
                }
 
                if ( $this->fld_details && $row->log_params !== '' ) {

-- 
To view, visit https://gerrit.wikimedia.org/r/176208
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I9f331c421c55323018765456d6a99229e1fff592
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_22
Gerrit-Owner: Mglaser <gla...@hallowelt.biz>
Gerrit-Reviewer: CSteipp <cste...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Do not show log action if revdeleted - change (mediawiki/core)

Reply via email to