From 60aa9050066839a8981df87c47b920ca61d49590 Mon Sep 17 00:00:00 2001 From: Brian Wolff Date: Fri, 23 Feb 2018 21:52:25 +0000 Subject: [PATCH] SECURITY: Fix revdel checks in LogPager Follow-up to ce881e02e8d6 where the check for performer restrictions and action restrictions was reversed. Bug: T188145 Change-Id: I85a44f925212929ac87fb7a7e494023258f2d148 --- includes/logging/LogPager.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/includes/logging/LogPager.php b/includes/logging/LogPager.php index dc9af5adda..d1acacf1b4 100644 --- a/includes/logging/LogPager.php +++ b/includes/logging/LogPager.php @@ -424,9 +424,9 @@ class LogPager extends ReverseChronologicalPager { $this->actionRestrictionsEnforced = true; $user = $this->getUser(); if ( !$user->isAllowed( 'deletedhistory' ) ) { - $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0'; + $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0'; } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) { - $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) . + $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) . ' != ' . LogPage::SUPPRESSED_USER; } } @@ -442,9 +442,9 @@ class LogPager extends ReverseChronologicalPager { $this->performerRestrictionsEnforced = true; $user = $this->getUser(); if ( !$user->isAllowed( 'deletedhistory' ) ) { - $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0'; + $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0'; } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) { - $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) . + $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) . ' != ' . LogPage::SUPPRESSED_ACTION; } } -- 2.20.1