Mglaser has uploaded a new change for review. https://gerrit.wikimedia.org/r/176209
Change subject: SECURITY: Do not show log action if revdeleted ...................................................................... SECURITY: Do not show log action if revdeleted Also do not include revdeleted entries in search results when filtering by action if user cannot view that info. Bug: 72222 Change-Id: I9f331c421c55323018765456d6a99229e1fff592 --- M includes/api/ApiQueryLogEvents.php 1 file changed, 11 insertions(+), 5 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/09/176209/1 diff --git a/includes/api/ApiQueryLogEvents.php b/includes/api/ApiQueryLogEvents.php index ee7fbc0..64f933f 100644 --- a/includes/api/ApiQueryLogEvents.php +++ b/includes/api/ApiQueryLogEvents.php @@ -192,7 +192,8 @@ } // Paranoia: avoid brute force searches (bug 17342) - if ( !is_null( $title ) || !is_null( $user ) ) { + $hideActions = $params['namespace'] !== null || !is_null( $title ) || !is_null( $params['action'] ); + if ( $hideActions || !is_null( $user ) ) { if ( !$this->getUser()->isAllowed( 'deletedhistory' ) ) { $titleBits = LogPage::DELETED_ACTION; $userBits = LogPage::DELETED_USER; @@ -203,7 +204,7 @@ $titleBits = 0; $userBits = 0; } - if ( !is_null( $title ) && $titleBits ) { + if ( $hideActions && $titleBits ) { $this->addWhere( $db->bitAnd( 'log_deleted', $titleBits ) . " != $titleBits" ); } if ( !is_null( $user ) && $userBits ) { @@ -353,12 +354,18 @@ $title = Title::makeTitle( $row->log_namespace, $row->log_title ); } - if ( $this->fld_title || $this->fld_ids || $this->fld_details && $row->log_params !== '' ) { + if ( $this->fld_title || $this->fld_ids || $this->fld_type + || $this->fld_details && $row->log_params !== '' + ) { if ( LogEventsList::isDeleted( $row, LogPage::DELETED_ACTION ) ) { $vals['actionhidden'] = ''; $anyHidden = true; } if ( LogEventsList::userCan( $row, LogPage::DELETED_ACTION, $user ) ) { + + if ( $this->fld_type ) { + $vals['action'] = $row->log_action; + } if ( $this->fld_title ) { ApiQueryBase::addTitleInfo( $vals, $title ); } @@ -379,9 +386,8 @@ } } - if ( $this->fld_type || $this->fld_action ) { + if ( $this->fld_type ) { $vals['type'] = $row->log_type; - $vals['action'] = $row->log_action; } if ( $this->fld_user || $this->fld_userid ) { -- To view, visit https://gerrit.wikimedia.org/r/176209 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I9f331c421c55323018765456d6a99229e1fff592 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_23 Gerrit-Owner: Mglaser <gla...@hallowelt.biz> Gerrit-Reviewer: CSteipp <cste...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits