Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SECURITY: Fix revdel checks in LogPager

Browse source 
Follow-up to ce881e02e8 where the check for performer
restrictions and action restrictions was reversed.

Bug: T188145
Change-Id: I85a44f925212929ac87fb7a7e494023258f2d148
This commit is contained in:
Brian Wolff 2018-02-23 21:52:25 +00:00
parent f6fd74d4b0
commit 60aa905006
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
includes/logging/LogPager.php
View file

@ -424,9 +424,9 @@ class LogPager extends ReverseChronologicalPager {
$this->actionRestrictionsEnforced = true;
$user = $this->getUser();
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0';
$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0';
} elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) .
$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) .
' != ' . LogPage::SUPPRESSED_USER;
}
}
@ -442,9 +442,9 @@ class LogPager extends ReverseChronologicalPager {
$this->performerRestrictionsEnforced = true;
$user = $this->getUser();
if ( !$user->isAllowed( 'deletedhistory' ) ) {
$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0';
$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0';
} elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) .
$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) .
' != ' . LogPage::SUPPRESSED_ACTION;
}
}