https://bugzilla.wikimedia.org/show_bug.cgi?id=27722
Summary: filearchive api module doesn't respect revdelete Product: MediaWiki Version: 1.17 Platform: All OS/Version: All Status: NEW Severity: major Priority: Normal Component: API AssignedTo: roan.katt...@gmail.com ReportedBy: bawolff...@gmail.com CC: bryan.tongm...@gmail.com, s...@reedyboy.net, vasi...@gmail.com, soxre...@gmail.com Similar to Bug 27715, the filearchive module doesn't respect rev delete. This is not a major issue, since you need to be a sysop to use that module whatsoever. However, if you had some of the sysop permissions split up, this could leak data to people with deletedhistory rights. This might also be able to leak some oversighted info to admins. Easiest way to fix this would probably be to convert filearchive to use file objects, and then just use the various permission related methods of File. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l