[Bug 42814] Abusefilter API does not check for abusefilter-view-private userright

bugzilla-daemon Thu, 06 Dec 2012 21:30:09 -0800

https://bugzilla.wikimedia.org/show_bug.cgi?id=42814


MZMcBride <[email protected]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |easy

--- Comment #1 from MZMcBride <[email protected]> ---
I believe this just needs an additional security check in
extensions/AbuseFilter/api/ApiQueryAbuseLog.php. It looks like there are
already some permissions checks in place, but none for the "filter" prop. I'm
marking this bug with the "easy" keyword as I don't believe adding a check
should be very difficult.

https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/extensions/AbuseFilter.git;a=blob;f=api/ApiQueryAbuseLog.php;h=543d55f7af0b0327f2348073d5b188653898887d;hb=d6444fae14963204962c9b7d6df36ce6eaa2bd0f

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 42814] Abusefilter API does not check for abusefilter-view-private userright

Reply via email to