CVE-2025-61639
Why:
* ManualLogEntry::getRecentChange creates the RecentChange object
for the ManualLogEntry instance.
** This does not currently include the deleted flags set in the
ManualLogEntry
** Without this, the RecentChange that is created will not be
marked as deleted and published as public.
* Therefore, this means that any code which hides a log entry
from the creation of the entry will cause a unintentionally
public recent change entry.
** The AbuseFilter extension attempts to suppress the log entry
for the block on it's creation, which therefore hits this
security bug.
What:
* Update RecentChange::newLogEntry to accept a $deleted field
which is set by default as 0 which is used as the value of
rc_deleted.
* Update ManualLogEntry::getRecentChange to pass the value of
ManualLogEntry::getDeleted to RecentChange::newLogEntry.
* Test that this fix worked.
Bug: T280413
Change-Id: I681a49ac7d7b22ffe259b976ad5315490dda467b
49907788ab