https://bugzilla.wikimedia.org/show_bug.cgi?id=27722
Summary: filearchive api module doesn't respect revdelete
Product: MediaWiki
Version: 1.17
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: Normal
Component: API
AssignedTo: [email protected]
ReportedBy: [email protected]
CC: [email protected], [email protected],
[email protected], [email protected]
Similar to Bug 27715, the filearchive module doesn't respect rev delete.
This is not a major issue, since you need to be a sysop to use that module
whatsoever. However, if you had some of the sysop permissions split up, this
could leak data to people with deletedhistory rights. This might also be able
to leak some oversighted info to admins.
Easiest way to fix this would probably be to convert filearchive to use file
objects, and then just use the various permission related methods of File.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
