From: Aaron Schulz <aaron@users.mediawiki.org>
Date: Wed, 4 Feb 2009 18:54:59 +0000 (+0000)
Subject: (bug 17342) Prevent deleted log item leaking (via slow brute-force)
X-Git-Tag: 1.31.0-rc.0~43050
X-Git-Url: https://git.cyclocoop.org/%7B%24admin_url%7Dmembres/fiche.php?a=commitdiff_plain;h=b3614f4a87266ef1dc48b8e3b93bc30b83154a52;p=lhc%2Fweb%2Fwiklou.git

(bug 17342) Prevent deleted log item leaking (via slow brute-force)
---

diff --git a/includes/LogEventsList.php b/includes/LogEventsList.php
index 1bf4ec0909..b3f93fa737 100644
--- a/includes/LogEventsList.php
+++ b/includes/LogEventsList.php
@@ -600,6 +600,8 @@ class LogPager extends ReverseChronologicalPager {
 			$this->mConds[] = "NULL";
 		} else {
 			$this->mConds['log_user'] = $userid;
+			// Paranoia: avoid brute force searches (bug 17342)
+			$this->mConds[] = 'log_deleted & ' . LogPage::DELETED_USER . ' = 0';
 			$this->user = $usertitle->getText();
 		}
 	}
@@ -640,6 +642,8 @@ class LogPager extends ReverseChronologicalPager {
 			$this->mConds['log_namespace'] = $ns;
 			$this->mConds['log_title'] = $title->getDBkey();
 		}
+		// Paranoia: avoid brute force searches (bug 17342)
+		$this->mConds[] = 'log_deleted & ' . LogPage::DELETED_ACTION . ' = 0';
 	}
 
 	public function getQueryInfo() {