From b3614f4a87266ef1dc48b8e3b93bc30b83154a52 Mon Sep 17 00:00:00 2001
From: Aaron Schulz <aaron@users.mediawiki.org>
Date: Wed, 4 Feb 2009 18:54:59 +0000
Subject: [PATCH] (bug 17342) Prevent deleted log item leaking (via slow
 brute-force)

---
 includes/LogEventsList.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/includes/LogEventsList.php b/includes/LogEventsList.php
index 1bf4ec0909..b3f93fa737 100644
--- a/includes/LogEventsList.php
+++ b/includes/LogEventsList.php
@@ -600,6 +600,8 @@ class LogPager extends ReverseChronologicalPager {
 			$this->mConds[] = "NULL";
 		} else {
 			$this->mConds['log_user'] = $userid;
+			// Paranoia: avoid brute force searches (bug 17342)
+			$this->mConds[] = 'log_deleted & ' . LogPage::DELETED_USER . ' = 0';
 			$this->user = $usertitle->getText();
 		}
 	}
@@ -640,6 +642,8 @@ class LogPager extends ReverseChronologicalPager {
 			$this->mConds['log_namespace'] = $ns;
 			$this->mConds['log_title'] = $title->getDBkey();
 		}
+		// Paranoia: avoid brute force searches (bug 17342)
+		$this->mConds[] = 'log_deleted & ' . LogPage::DELETED_ACTION . ' = 0';
 	}
 
 	public function getQueryInfo() {
-- 
2.20.1