From 692c3a1808db9cbad79f287582a3e44f2ae05cfe Mon Sep 17 00:00:00 2001 From: Yuri Astrakhan Date: Sat, 2 Jun 2007 03:47:34 +0000 Subject: [PATCH] API: Security update - deleted rev/rc/log entries are no longer shown. --- includes/api/ApiQueryLogEvents.php | 1 + includes/api/ApiQueryRecentChanges.php | 1 + includes/api/ApiQueryUserContributions.php | 2 ++ includes/api/ApiQueryWatchlist.php | 4 +++- 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/includes/api/ApiQueryLogEvents.php b/includes/api/ApiQueryLogEvents.php index 35185b8327..e260bba70a 100644 --- a/includes/api/ApiQueryLogEvents.php +++ b/includes/api/ApiQueryLogEvents.php @@ -65,6 +65,7 @@ class ApiQueryLogEvents extends ApiQueryBase { 'log_params' )); + $this->addWhereFld('log_deleted', 0); $this->addWhereFld('log_type', $type); $this->addWhereRange('log_timestamp', $dir, $start, $end); $this->addOption('LIMIT', $limit +1); diff --git a/includes/api/ApiQueryRecentChanges.php b/includes/api/ApiQueryRecentChanges.php index 5a9f973f08..5a89af87d0 100644 --- a/includes/api/ApiQueryRecentChanges.php +++ b/includes/api/ApiQueryRecentChanges.php @@ -51,6 +51,7 @@ class ApiQueryRecentChanges extends ApiQueryBase { $this->addTables('recentchanges'); $this->addWhereRange('rc_timestamp', $dir, $start, $end); $this->addWhereFld('rc_namespace', $namespace); + $this->addWhereFld('rc_deleted', 0); if (!is_null($show)) { $show = array_flip($show); diff --git a/includes/api/ApiQueryUserContributions.php b/includes/api/ApiQueryUserContributions.php index 67efebdf87..519e0e3b64 100644 --- a/includes/api/ApiQueryUserContributions.php +++ b/includes/api/ApiQueryUserContributions.php @@ -129,6 +129,8 @@ class ApiQueryContributions extends ApiQueryBase { list ($tbl_page, $tbl_revision) = $this->getDB()->tableNamesN('page', 'revision'); $this->addTables("$tbl_revision LEFT OUTER JOIN $tbl_page ON page_id=rev_page"); + $this->addWhereFld('rev_deleted', 0); + // We only want pages by the specified user. $this->addWhereFld('rev_user_text', $this->userTitle->getText()); diff --git a/includes/api/ApiQueryWatchlist.php b/includes/api/ApiQueryWatchlist.php index 4b17e4e324..6e42d48a2e 100644 --- a/includes/api/ApiQueryWatchlist.php +++ b/includes/api/ApiQueryWatchlist.php @@ -125,8 +125,10 @@ class ApiQueryWatchlist extends ApiQueryGeneratorBase { 'wl_namespace = rc_namespace', 'wl_title = rc_title', 'rc_cur_id = page_id', - 'wl_user' => $userId + 'wl_user' => $userId, + 'rc_deleted' => 0, )); + $this->addWhereRange('rc_timestamp', $dir, $start, $end); $this->addWhereFld('wl_namespace', $namespace); $this->addWhereIf('rc_this_oldid=page_latest', !$allrev); -- 2.20.1