From: Brian Wolff Date: Fri, 23 Feb 2018 21:52:25 +0000 (+0000) Subject: SECURITY: Fix revdel checks in LogPager X-Git-Tag: 1.31.0-rc.0~446 X-Git-Url: http://git.cyclocoop.org/%7B%24admin_url%7Dcompta/comptes/journal.php?a=commitdiff_plain;h=60aa9050066839a8981df87c47b920ca61d49590;p=lhc%2Fweb%2Fwiklou.git SECURITY: Fix revdel checks in LogPager Follow-up to ce881e02e8d6 where the check for performer restrictions and action restrictions was reversed. Bug: T188145 Change-Id: I85a44f925212929ac87fb7a7e494023258f2d148 --- diff --git a/includes/logging/LogPager.php b/includes/logging/LogPager.php index dc9af5adda..d1acacf1b4 100644 --- a/includes/logging/LogPager.php +++ b/includes/logging/LogPager.php @@ -424,9 +424,9 @@ class LogPager extends ReverseChronologicalPager { $this->actionRestrictionsEnforced = true; $user = $this->getUser(); if ( !$user->isAllowed( 'deletedhistory' ) ) { - $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0'; + $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0'; } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) { - $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) . + $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) . ' != ' . LogPage::SUPPRESSED_USER; } } @@ -442,9 +442,9 @@ class LogPager extends ReverseChronologicalPager { $this->performerRestrictionsEnforced = true; $user = $this->getUser(); if ( !$user->isAllowed( 'deletedhistory' ) ) { - $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0'; + $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0'; } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) { - $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) . + $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) . ' != ' . LogPage::SUPPRESSED_ACTION; } }