From 8bbf41ec84c8a72a640dd529048c90f038df2efb Mon Sep 17 00:00:00 2001 From: Brad Jorsch Date: Mon, 13 Jan 2014 22:19:21 -0800 Subject: [PATCH] SECURITY: Fix RevDel log entry information leaks DELETED_ACTION is supposed to hide the target of the log entry. But a few places weren't doing this properly. This fixes: * API list=logevents no longer returns the pageid when the target is hidden. * Enhanced RecentChanges no longer includes the log target page in the CSS class. This should also make the CSS class actually useful. * Watchlist no longer shows log entries with DELETED_ACTION unless the user has deletedhistory, and with SUPPRESSED_ACTION unless the user has suppressrevision. Bug: 58699 Change-Id: I57f13bfc970a33ffd5a399ffb450d9ed0b77902f --- includes/api/ApiQueryLogEvents.php | 10 +++++++--- includes/changes/EnhancedChangesList.php | 5 ++--- includes/specials/SpecialWatchlist.php | 17 +++++++++++++++++ 3 files changed, 26 insertions(+), 6 deletions(-) diff --git a/includes/api/ApiQueryLogEvents.php b/includes/api/ApiQueryLogEvents.php index 356fa3eff7..e4ce256504 100644 --- a/includes/api/ApiQueryLogEvents.php +++ b/includes/api/ApiQueryLogEvents.php @@ -299,18 +299,22 @@ class ApiQueryLogEvents extends ApiQueryBase { if ( $this->fld_ids ) { $vals['logid'] = intval( $row->log_id ); - $vals['pageid'] = intval( $row->page_id ); } if ( $this->fld_title || $this->fld_parsedcomment ) { $title = Title::makeTitle( $row->log_namespace, $row->log_title ); } - if ( $this->fld_title ) { + if ( $this->fld_title || $this->fld_ids ) { if ( LogEventsList::isDeleted( $row, LogPage::DELETED_ACTION ) ) { $vals['actionhidden'] = ''; } else { - ApiQueryBase::addTitleInfo( $vals, $title ); + if ( $this->fld_title ) { + ApiQueryBase::addTitleInfo( $vals, $title ); + } + if ( $this->fld_ids ) { + $vals['pageid'] = intval( $row->page_id ); + } } } diff --git a/includes/changes/EnhancedChangesList.php b/includes/changes/EnhancedChangesList.php index 42b112c176..cc299a9b0f 100644 --- a/includes/changes/EnhancedChangesList.php +++ b/includes/changes/EnhancedChangesList.php @@ -223,7 +223,7 @@ class EnhancedChangesList extends ChangesList { if ( $block[0]->mAttribs['rc_log_type'] ) { # Log entry $classes[] = Sanitizer::escapeClass( 'mw-changeslist-log-' - . $block[0]->mAttribs['rc_log_type'] . '-' . $block[0]->mAttribs['rc_title'] ); + . $block[0]->mAttribs['rc_log_type'] ); } else { $classes[] = Sanitizer::escapeClass( 'mw-changeslist-ns' . $block[0]->mAttribs['rc_namespace'] . '-' . $block[0]->mAttribs['rc_title'] ); @@ -589,8 +589,7 @@ class EnhancedChangesList extends ChangesList { $classes = array( 'mw-enhanced-rc' ); if ( $logType ) { # Log entry - $classes[] = Sanitizer::escapeClass( 'mw-changeslist-log-' - . $logType . '-' . $rcObj->mAttribs['rc_title'] ); + $classes[] = Sanitizer::escapeClass( 'mw-changeslist-log-' . $logType ); } else { $classes[] = Sanitizer::escapeClass( 'mw-changeslist-ns' . $rcObj->mAttribs['rc_namespace'] . '-' . $rcObj->mAttribs['rc_title'] ); diff --git a/includes/specials/SpecialWatchlist.php b/includes/specials/SpecialWatchlist.php index c947c7836c..2c2a824d3f 100644 --- a/includes/specials/SpecialWatchlist.php +++ b/includes/specials/SpecialWatchlist.php @@ -300,6 +300,23 @@ class SpecialWatchlist extends SpecialRecentChanges { } } + // Log entries with DELETED_ACTION must not show up unless the user has + // the necessary rights. + if ( !$user->isAllowed( 'deletedhistory' ) ) { + $bitmask = LogPage::DELETED_ACTION; + } elseif ( !$user->isAllowed( 'suppressrevision' ) ) { + $bitmask = LogPage::DELETED_ACTION | LogPage::DELETED_RESTRICTED; + } else { + $bitmask = 0; + } + if ( $bitmask ) { + $conds[] = $dbr->makeList( array( + 'rc_type != ' . RC_LOG, + $dbr->bitAnd( 'rc_deleted', $bitmask ) . " != $bitmask", + ), LIST_OR ); + } + + ChangeTags::modifyDisplayQuery( $tables, $fields, $conds, $join_conds, $options, '' ); wfRunHooks( 'SpecialWatchlistQuery', array( &$conds, &$tables, &$join_conds, &$fields, $opts ) ); -- 2.20.1