[Bug 42814] New: Abusefilter API does not check for abusefilter-view-private userright

bugzilla-daemon Thu, 06 Dec 2012 20:53:37 -0800

https://bugzilla.wikimedia.org/show_bug.cgi?id=42814


       Web browser: ---
            Bug ID: 42814
           Summary: Abusefilter API does not check for
                    abusefilter-view-private userright
           Product: MediaWiki extensions
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: Unprioritized
         Component: AbuseFilter
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected], [email protected]
    Classification: Unclassified
   Mobile Platform: ---

506 is a hidden filter on enwiki, which means I (not a sysop or EFM) cannot see
https://en.wikipedia.org/wiki/Special:AbuseFilter/506. However, I can still see
https://en.wikipedia.org/w/api.php?action=query&list=abuselog&aflfilter=506,
which is basically the same content.

I'm marking this as major since it's another data leak.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 42814] New: Abusefilter API does not check for abusefilter-view-private userright

Reply via email to