[Bug 27722] New: filearchive api module doesn't respect revdelete

bugzilla-daemon Fri, 25 Feb 2011 13:18:21 -0800

https://bugzilla.wikimedia.org/show_bug.cgi?id=27722


           Summary: filearchive api module doesn't respect revdelete
           Product: MediaWiki
           Version: 1.17
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: Normal
         Component: API
        AssignedTo: roan.katt...@gmail.com
        ReportedBy: bawolff...@gmail.com
                CC: bryan.tongm...@gmail.com, s...@reedyboy.net,
                    vasi...@gmail.com, soxre...@gmail.com


Similar to Bug 27715, the filearchive module doesn't respect rev delete.

This is not a major issue, since you need to be a sysop to use that module
whatsoever. However, if you had some of the sysop permissions split up, this
could leak data to people with deletedhistory rights. This might also be able
to leak some oversighted info to admins.

Easiest way to fix this would probably be to convert filearchive to use file
objects, and then just use the various permission related methods of File.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 27722] New: filearchive api module doesn't respect revdelete

Reply via email to