Summary: filearchive api module doesn't respect revdelete
           Product: MediaWiki
           Version: 1.17
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: Normal
         Component: API

Similar to Bug 27715, the filearchive module doesn't respect rev delete.

This is not a major issue, since you need to be a sysop to use that module
whatsoever. However, if you had some of the sysop permissions split up, this
could leak data to people with deletedhistory rights. This might also be able
to leak some oversighted info to admins.

Easiest way to fix this would probably be to convert filearchive to use file
objects, and then just use the various permission related methods of File.

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Wikibugs-l mailing list

Reply via email to