SECURITY: Fix RevDel log entry information leaks

DELETED_ACTION is supposed to hide the target of the log entry. But a
few places weren't doing this properly.

This fixes:
* API list=logevents no longer returns the pageid when the target is
  hidden.
* Enhanced RecentChanges no longer includes the log target page in the
  CSS class. This should also make the CSS class actually useful.
* Watchlist no longer shows log entries with DELETED_ACTION unless the
  user has deletedhistory, and with SUPPRESSED_ACTION unless the user
  has suppressrevision.

Bug: 58699
Change-Id: I57f13bfc970a33ffd5a399ffb450d9ed0b77902f

diff --git a/includes/api/ApiQueryLogEvents.php b/includes/api/ApiQueryLogEvents.php
index 356fa3e..e4ce256 100644 (file)
--- a/includes/api/ApiQueryLogEvents.php
+++ b/includes/api/ApiQueryLogEvents.php
@@ -299,18 +299,22 @@ class ApiQueryLogEvents extends ApiQueryBase {
 
                if ( $this->fld_ids ) {
                        $vals['logid'] = intval( $row->log_id );
-                       $vals['pageid'] = intval( $row->page_id );
                }
 
                if ( $this->fld_title || $this->fld_parsedcomment ) {
                        $title = Title::makeTitle( $row->log_namespace, $row->log_title );
                }
 
-               if ( $this->fld_title ) {
+               if ( $this->fld_title || $this->fld_ids ) {
                        if ( LogEventsList::isDeleted( $row, LogPage::DELETED_ACTION ) ) {
                                $vals['actionhidden'] = '';
                        } else {
-                               ApiQueryBase::addTitleInfo( $vals, $title );
+                               if ( $this->fld_title ) {
+                                       ApiQueryBase::addTitleInfo( $vals, $title );
+                               }
+                               if ( $this->fld_ids ) {
+                                       $vals['pageid'] = intval( $row->page_id );
+                               }
                        }
                }
 

diff --git a/includes/changes/EnhancedChangesList.php b/includes/changes/EnhancedChangesList.php
index 42b112c..cc299a9 100644 (file)
--- a/includes/changes/EnhancedChangesList.php
+++ b/includes/changes/EnhancedChangesList.php
@@ -223,7 +223,7 @@ class EnhancedChangesList extends ChangesList {
                if ( $block[0]->mAttribs['rc_log_type'] ) {
                        # Log entry
                        $classes[] = Sanitizer::escapeClass( 'mw-changeslist-log-'
-                               . $block[0]->mAttribs['rc_log_type'] . '-' . $block[0]->mAttribs['rc_title'] );
+                               . $block[0]->mAttribs['rc_log_type'] );
                } else {
                        $classes[] = Sanitizer::escapeClass( 'mw-changeslist-ns'
                                . $block[0]->mAttribs['rc_namespace'] . '-' . $block[0]->mAttribs['rc_title'] );
@@ -589,8 +589,7 @@ class EnhancedChangesList extends ChangesList {
                $classes = array( 'mw-enhanced-rc' );
                if ( $logType ) {
                        # Log entry
-                       $classes[] = Sanitizer::escapeClass( 'mw-changeslist-log-'
-                               . $logType . '-' . $rcObj->mAttribs['rc_title'] );
+                       $classes[] = Sanitizer::escapeClass( 'mw-changeslist-log-' . $logType );
                } else {
                        $classes[] = Sanitizer::escapeClass( 'mw-changeslist-ns' .
                                $rcObj->mAttribs['rc_namespace'] . '-' . $rcObj->mAttribs['rc_title'] );

diff --git a/includes/specials/SpecialWatchlist.php b/includes/specials/SpecialWatchlist.php
index c947c78..2c2a824 100644 (file)
--- a/includes/specials/SpecialWatchlist.php
+++ b/includes/specials/SpecialWatchlist.php
@@ -300,6 +300,23 @@ class SpecialWatchlist extends SpecialRecentChanges {
                        }
                }
 
+               // Log entries with DELETED_ACTION must not show up unless the user has
+               // the necessary rights.
+               if ( !$user->isAllowed( 'deletedhistory' ) ) {
+                       $bitmask = LogPage::DELETED_ACTION;
+               } elseif ( !$user->isAllowed( 'suppressrevision' ) ) {
+                       $bitmask = LogPage::DELETED_ACTION | LogPage::DELETED_RESTRICTED;
+               } else {
+                       $bitmask = 0;
+               }
+               if ( $bitmask ) {
+                       $conds[] = $dbr->makeList( array(
+                               'rc_type != ' . RC_LOG,
+                               $dbr->bitAnd( 'rc_deleted', $bitmask ) . " != $bitmask",
+                       ), LIST_OR );
+               }
+
+
                ChangeTags::modifyDisplayQuery( $tables, $fields, $conds, $join_conds, $options, '' );
                wfRunHooks( 'SpecialWatchlistQuery', array( &$conds, &$tables, &$join_conds, &$fields, $opts ) );