[MediaWiki-commits] [Gerrit] SECURITY: Do not show log action if revdeleted - change (mediawiki/core)

Mglaser (Code Review) Wed, 26 Nov 2014 17:39:36 -0800

Mglaser has submitted this change and it was merged.

Change subject: SECURITY: Do not show log action if revdeleted
......................................................................



SECURITY: Do not show log action if revdeleted

Also do not include revdeleted entries in search results when
filtering by action if user cannot view that info.

Bug: 72222
Change-Id: I9f331c421c55323018765456d6a99229e1fff592
---
M includes/api/ApiQueryLogEvents.php
1 file changed, 6 insertions(+), 4 deletions(-)

Approvals:
  Mglaser: Looks good to me, approved



diff --git a/includes/api/ApiQueryLogEvents.php 
b/includes/api/ApiQueryLogEvents.php
index 9c73b3b..0057e72 100644
--- a/includes/api/ApiQueryLogEvents.php
+++ b/includes/api/ApiQueryLogEvents.php
@@ -158,7 +158,7 @@
                $this->addOption( 'USE INDEX', $index );
 
                // Paranoia: avoid brute force searches (bug 17342)
-               if ( !is_null( $title ) ) {
+               if ( !is_null( $title ) || !is_null( $params['action'] ) ) {
                        $this->addWhere( $db->bitAnd( 'log_deleted', 
LogPage::DELETED_ACTION ) . ' = 0' );
                }
                if ( !is_null( $user ) ) {
@@ -279,10 +279,13 @@
                        $title = Title::makeTitle( $row->log_namespace, 
$row->log_title );
                }
 
-               if ( $this->fld_title || $this->fld_ids ) {
+               if ( $this->fld_title || $this->fld_ids || $this->fld_type ) {
                        if ( LogEventsList::isDeleted( $row, 
LogPage::DELETED_ACTION ) ) {
                                $vals['actionhidden'] = '';
                        } else {
+                               if ( $this->fld_type ) {
+                                       $vals['action'] = $row->log_action;
+                               }
                                if ( $this->fld_title ) {
                                        ApiQueryBase::addTitleInfo( $vals, 
$title );
                                }
@@ -292,9 +295,8 @@
                        }
                }
 
-               if ( $this->fld_type || $this->fld_action ) {
+               if ( $this->fld_type ) {
                        $vals['type'] = $row->log_type;
-                       $vals['action'] = $row->log_action;
                }
 
                if ( $this->fld_details && $row->log_params !== '' ) {

-- 
To view, visit https://gerrit.wikimedia.org/r/176207
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I9f331c421c55323018765456d6a99229e1fff592
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_19
Gerrit-Owner: Mglaser <[email protected]>
Gerrit-Reviewer: Anomie <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
Gerrit-Reviewer: Mglaser <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Do not show log action if revdeleted - change (mediawiki/core)

Reply via email to