(bug 17342) Prevent deleted log item leaking (via slow brute-force)

author Aaron Schulz <aaron@users.mediawiki.org>

Wed, 4 Feb 2009 18:54:59 +0000 (18:54 +0000)

committer Aaron Schulz <aaron@users.mediawiki.org>

Wed, 4 Feb 2009 18:54:59 +0000 (18:54 +0000)
author Aaron Schulz <aaron@users.mediawiki.org>
Wed, 4 Feb 2009 18:54:59 +0000 (18:54 +0000)
committer Aaron Schulz <aaron@users.mediawiki.org>
Wed, 4 Feb 2009 18:54:59 +0000 (18:54 +0000)
diff --git a/includes/LogEventsList.php b/includes/LogEventsList.php

index 1bf4ec0..b3f93fa 100644 (file)
--- a/includes/LogEventsList.php
+++ b/includes/LogEventsList.php
@@ -600,6 +600,8 @@ class LogPager extends ReverseChronologicalPager {
                         $this->mConds[] = "NULL";
                 } else {
                         $this->mConds['log_user'] = $userid;
+                       // Paranoia: avoid brute force searches (bug 17342)
+                       $this->mConds[] = 'log_deleted & ' . LogPage::DELETED_USER . ' = 0';
                         $this->user = $usertitle->getText();
                 }
         }
@@ -640,6 +642,8 @@ class LogPager extends ReverseChronologicalPager {
                         $this->mConds['log_namespace'] = $ns;
                         $this->mConds['log_title'] = $title->getDBkey();
                 }
+               // Paranoia: avoid brute force searches (bug 17342)
+               $this->mConds[] = 'log_deleted & ' . LogPage::DELETED_ACTION . ' = 0';
         }
  
         public function getQueryInfo() {
author	Aaron Schulz <aaron@users.mediawiki.org>
	Wed, 4 Feb 2009 18:54:59 +0000 (18:54 +0000)
committer	Aaron Schulz <aaron@users.mediawiki.org>
	Wed, 4 Feb 2009 18:54:59 +0000 (18:54 +0000)