From 82f745e310ee426db35d457ff851da70d5961630 Mon Sep 17 00:00:00 2001 From: csteipp Date: Tue, 24 Sep 2013 08:36:46 -0700 Subject: [PATCH] SECURITY: Don't show deleted usernames Remove the username and javascript links Bug: 54294 --- CleanChanges_body.php | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/CleanChanges_body.php b/CleanChanges_body.php index 5f339cc..d5ef60a 100644 --- a/CleanChanges_body.php +++ b/CleanChanges_body.php @@ -156,13 +156,24 @@ class NCL extends EnhancedChangesList { $rc->_reqOldId = array( 'oldid' => $rc->getAttribute( 'rc_this_oldid' ) ); $this->makeLinks( $rc ); - $stuff = $this->userToolLinks( $rc->getAttribute( 'rc_user' ), - $rc->getAttribute( 'rc_user_text' ) ); - self::$userinfo += $stuff[1]; - - $rc->_user = Linker::userLink( $rc->getAttribute( 'rc_user' ), - $rc->getAttribute( 'rc_user_text' ) ); - $rc->_userInfo = $stuff[0]; + // Make user links + if ( $this->isDeleted( $rc, Revision::DELETED_USER ) ) { + $rc->_user = ' ' . $this->msg( 'rev-deleted-user' )->escaped() . ''; + $rc->_userInfo = ''; + self::$userinfo += array(); + } else { + $rc->_user = Linker::userLink( + $rc->getAttribute( 'rc_user' ), + $rc->getAttribute( 'rc_user_text' ) + ); + $stuff = $this->userToolLinks( + $rc->getAttribute( 'rc_user' ), + $rc->getAttribute( 'rc_user_text' ) + ); + // TODO: userToolLinks can return '' + self::$userinfo += $stuff[1]; + $rc->_userInfo = $stuff[0]; + } if ( !$this->isLog( $rc ) ) { $rc->_comment = $this->getComment( $rc ); @@ -444,6 +455,11 @@ class NCL extends EnhancedChangesList { /** * Enhanced user tool links, with javascript functionality. + * @param int $userId user id, 0 for anons + * @param string $userText username + * @return array|string Either an array of html and array of messages, or '' + * [0]: html span and links to user tools + * [1]: array of escaped message strings */ public function userToolLinks( $userId, $userText ) { global $wgDisableAnonTalk; -- 1.8.1.4