(bug 35839) Check permisions for revdel blocks

If a block includes the "Hide username" to revdel the username, check
that the user has permission to 'hideuser' before showing the reason
for the block.

Other metadata about the block (expiration, limits) will still be visible
to admins.

Change-Id: I50a49ea6876b99a944d27f7c34910f0aa47556c3

diff --git a/includes/specials/SpecialBlock.php b/includes/specials/SpecialBlock.php
index b6484ce..504839a 100644 (file)
--- a/includes/specials/SpecialBlock.php
+++ b/includes/specials/SpecialBlock.php
@@ -258,7 +258,13 @@ class SpecialBlock extends FormSpecialPage {
                                $fields['DisableUTEdit']['default'] = $block->prevents( 'editownusertalk' );
                        }
 
-                       $fields['Reason']['default'] = $block->mReason;
+                       // If the username was hidden (ipb_deleted == 1), don't show the reason
+                       // unless this user also has rights to hideuser: Bug 35839
+                       if ( !$block->mHideName || $this->getUser()->isAllowed( 'hideuser' ) ) {
+                               $fields['Reason']['default'] = $block->mReason;
+                       } else {
+                               $fields['Reason']['default'] = '';
+                       }
 
                        if( $this->getRequest()->wasPosted() ){
                                # Ok, so we got a POST submission asking us to reblock a user.  So show the