git.heureux-cyclage.org - lhc/web/wiklou.git/commit

author	Brad Jorsch <bjorsch@wikimedia.org>
	Tue, 14 Jan 2014 06:19:21 +0000 (22:19 -0800)
committer	csteipp <csteipp@wikimedia.org>
	Tue, 14 Jan 2014 06:20:09 +0000 (22:20 -0800)
commit	8bbf41ec84c8a72a640dd529048c90f038df2efb
tree	46486a06e6791af60c66fe7600334dd75c7af70e	tree \| snapshot
parent	b4260e2daa2c815d74d4ff1a6d65663e06bd5369	commit \| diff

SECURITY: Fix RevDel log entry information leaks

DELETED_ACTION is supposed to hide the target of the log entry. But a
few places weren't doing this properly.

This fixes:
* API list=logevents no longer returns the pageid when the target is
  hidden.
* Enhanced RecentChanges no longer includes the log target page in the
  CSS class. This should also make the CSS class actually useful.
* Watchlist no longer shows log entries with DELETED_ACTION unless the
  user has deletedhistory, and with SUPPRESSED_ACTION unless the user
  has suppressrevision.

Bug: 58699
Change-Id: I57f13bfc970a33ffd5a399ffb450d9ed0b77902f

includes/api/ApiQueryLogEvents.php		diff \| blob \| history
includes/changes/EnhancedChangesList.php		diff \| blob \| history
includes/specials/SpecialWatchlist.php		diff \| blob \| history