jenkins-bot has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/266397 )
Change subject: logging: Abstract LogPager enforcing of action and performer restrictions ...................................................................... logging: Abstract LogPager enforcing of action and performer restrictions This avoids duplicating the code in the future, such as proposed for I3ea2c050b6dd6c (T16711). Change-Id: Ic53b074f542014f156b006864d91a138ba5fb22b --- M includes/logging/LogPager.php 1 file changed, 43 insertions(+), 16 deletions(-) Approvals: Krinkle: Looks good to me, approved jenkins-bot: Verified diff --git a/includes/logging/LogPager.php b/includes/logging/LogPager.php index df432e1..05e55de 100644 --- a/includes/logging/LogPager.php +++ b/includes/logging/LogPager.php @@ -45,6 +45,12 @@ /** @var string */ private $action = ''; + /** @var bool */ + private $performerRestrictionsEnforced = false; + + /** @var bool */ + private $actionRestrictionsEnforced = false; + /** @var LogEventsList */ public $mLogEventsList; @@ -177,14 +183,7 @@ } else { $this->mConds['log_user'] = $userid; } - // Paranoia: avoid brute force searches (T19342) - $user = $this->getUser(); - if ( !$user->isAllowed( 'deletedhistory' ) ) { - $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0'; - } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) { - $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) . - ' != ' . LogPage::SUPPRESSED_USER; - } + $this->enforcePerformerRestrictions(); $this->performer = $name; } @@ -252,14 +251,7 @@ } else { $this->mConds['log_title'] = $title->getDBkey(); } - // Paranoia: avoid brute force searches (T19342) - $user = $this->getUser(); - if ( !$user->isAllowed( 'deletedhistory' ) ) { - $this->mConds[] = $db->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0'; - } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) { - $this->mConds[] = $db->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) . - ' != ' . LogPage::SUPPRESSED_ACTION; - } + $this->enforceActionRestrictions(); } /** @@ -420,4 +412,39 @@ parent::doQuery(); $this->mDb->setBigSelects( 'default' ); } + + /** + * Paranoia: avoid brute force searches (T19342) + */ + private function enforceActionRestrictions() { + if ( $this->actionRestrictionsEnforced ) { + return; + } + $this->actionRestrictionsEnforced = true; + $user = $this->getUser(); + if ( !$user->isAllowed( 'deletedhistory' ) ) { + $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0'; + } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) { + $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) . + ' != ' . LogPage::SUPPRESSED_USER; + } + } + + /** + * Paranoia: avoid brute force searches (T19342) + */ + private function enforcePerformerRestrictions() { + // Same as enforceActionRestrictions(), except for _USER instead of _ACTION bits. + if ( $this->performerRestrictionsEnforced ) { + return; + } + $this->performerRestrictionsEnforced = true; + $user = $this->getUser(); + if ( !$user->isAllowed( 'deletedhistory' ) ) { + $this->mConds[] = $db->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0'; + } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) { + $this->mConds[] = $db->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) . + ' != ' . LogPage::SUPPRESSED_ACTION; + } + } } -- To view, visit https://gerrit.wikimedia.org/r/266397 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ic53b074f542014f156b006864d91a138ba5fb22b Gerrit-PatchSet: 4 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Cenarium <cenarium.sy...@gmail.com> Gerrit-Reviewer: Aaron Schulz <asch...@wikimedia.org> Gerrit-Reviewer: Cenarium <cenarium.sy...@gmail.com> Gerrit-Reviewer: Krinkle <krinklem...@gmail.com> Gerrit-Reviewer: Luke081515 <luke081...@web.de> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits