Visibility tweak on ar_deleted per bug 17792

author Aaron Schulz <aaron@users.mediawiki.org>

Fri, 20 Mar 2009 04:13:08 +0000 (04:13 +0000)

committer Aaron Schulz <aaron@users.mediawiki.org>

Fri, 20 Mar 2009 04:13:08 +0000 (04:13 +0000)
author Aaron Schulz <aaron@users.mediawiki.org>
Fri, 20 Mar 2009 04:13:08 +0000 (04:13 +0000)
committer Aaron Schulz <aaron@users.mediawiki.org>
Fri, 20 Mar 2009 04:13:08 +0000 (04:13 +0000)
diff --git a/includes/specials/SpecialDeletedContributions.php b/includes/specials/SpecialDeletedContributions.php

index f8e5392..ce80ede 100644 (file)
--- a/includes/specials/SpecialDeletedContributions.php
+++ b/includes/specials/SpecialDeletedContributions.php
@@ -26,9 +26,13 @@ class DeletedContribsPager extends IndexPager {
         }
  
         function getQueryInfo() {
+               global $wgUser;
                 list( $index, $userCond ) = $this->getUserCond();
                 $conds = array_merge( $userCond, $this->getNamespaceCond() );
-
+               // Paranoia: avoid brute force searches (bug 17792)
+               if( !$wgUser->isAllowed( 'hiderevision' ) ) {
+                       $conds[] = 'ar_deleted & ' . Revision::DELETED_USER . ' = 0';
+               }
                 return array(
                         'tables' => array( 'archive' ),
                         'fields' => array(
author	Aaron Schulz <aaron@users.mediawiki.org>
	Fri, 20 Mar 2009 04:13:08 +0000 (04:13 +0000)
committer	Aaron Schulz <aaron@users.mediawiki.org>
	Fri, 20 Mar 2009 04:13:08 +0000 (04:13 +0000)