From d1bf9187a8058328b7711f24ad26044d66b58c6b Mon Sep 17 00:00:00 2001 From: mglaser Date: Wed, 8 Jan 2014 13:01:30 +0100 Subject: [PATCH] SECURITY: Fix RevDel log entry information leaks DELETED_ACTION is supposed to hide the target of the log entry. But a few places weren't doing this properly. This fixes: * API list=logevents no longer returns the pageid when the target is hidden. * Enhanced RecentChanges no longer includes the log target page in the CSS class. This should also make the CSS class actually useful. * Watchlist no longer shows log entries with DELETED_ACTION unless the user has deletedhistory, and with SUPPRESSED_ACTION unless the user has suppressrevision. Bug: 58699 Change-Id: I5f03d38e46db3eb3decc9aee6a9de252f9a3de76 --- includes/api/ApiQueryLogEvents.php | 10 +++++++--- includes/changes/EnhancedChangesList.php | 5 ++--- includes/specials/SpecialWatchlist.php | 16 ++++++++++++++++ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/includes/api/ApiQueryLogEvents.php b/includes/api/ApiQueryLogEvents.php index 1a2719e..26774ef 100644 --- a/includes/api/ApiQueryLogEvents.php +++ b/includes/api/ApiQueryLogEvents.php @@ -294,18 +294,22 @@ class ApiQueryLogEvents extends ApiQueryBase { if ( $this->fld_ids ) { $vals['logid'] = intval( $row->log_id ); - $vals['pageid'] = intval( $row->page_id ); } if ( $this->fld_title || $this->fld_parsedcomment ) { $title = Title::makeTitle( $row->log_namespace, $row->log_title ); } - if ( $this->fld_title ) { + if ( $this->fld_title || $this->fld_ids ) { if ( LogEventsList::isDeleted( $row, LogPage::DELETED_ACTION ) ) { $vals['actionhidden'] = ''; } else { - ApiQueryBase::addTitleInfo( $vals, $title ); + if ( $this->fld_title ) { + ApiQueryBase::addTitleInfo( $vals, $title ); + } + if ( $this->fld_ids ) { + $vals['pageid'] = intval( $row->page_id ); + } } } diff --git a/includes/changes/EnhancedChangesList.php b/includes/changes/EnhancedChangesList.php index 433adb3..4c8aa45 100644 --- a/includes/changes/EnhancedChangesList.php +++ b/includes/changes/EnhancedChangesList.php @@ -200,7 +200,7 @@ class EnhancedChangesList extends ChangesList { if ( $block[0]->mAttribs['rc_log_type'] ) { # Log entry $classes[] = Sanitizer::escapeClass( 'mw-changeslist-log-' - . $block[0]->mAttribs['rc_log_type'] . '-' . $block[0]->mAttribs['rc_title'] ); + . $block[0]->mAttribs['rc_log_type'] ); } else { $classes[] = Sanitizer::escapeClass( 'mw-changeslist-ns' . $block[0]->mAttribs['rc_namespace'] . '-' . $block[0]->mAttribs['rc_title'] ); @@ -551,8 +551,7 @@ class EnhancedChangesList extends ChangesList { $classes = array( 'mw-enhanced-rc' ); if ( $logType ) { # Log entry - $classes[] = Sanitizer::escapeClass( 'mw-changeslist-log-' - . $logType . '-' . $rcObj->mAttribs['rc_title'] ); ++ $classes[] = Sanitizer::escapeClass( 'mw-changeslist-log-' . $logType ); } else { $classes[] = Sanitizer::escapeClass( 'mw-changeslist-ns' . $rcObj->mAttribs['rc_namespace'] . '-' . $rcObj->mAttribs['rc_title'] ); diff --git a/includes/specials/SpecialWatchlist.php b/includes/specials/SpecialWatchlist.php index 4afa279..55dc6ef 100644 --- a/includes/specials/SpecialWatchlist.php +++ b/includes/specials/SpecialWatchlist.php @@ -299,6 +299,22 @@ class SpecialWatchlist extends SpecialPage { } } + // Log entries with DELETED_ACTION must not show up unless the user has + // the necessary rights. + if ( !$user->isAllowed( 'deletedhistory' ) ) { + $bitmask = LogPage::DELETED_ACTION; + } elseif ( !$user->isAllowed( 'suppressrevision' ) ) { + $bitmask = LogPage::DELETED_ACTION | LogPage::DELETED_RESTRICTED; + } else { + $bitmask = 0; + } + if ( $bitmask ) { + $conds[] = $dbr->makeList( array( + 'rc_type != ' . RC_LOG, + $dbr->bitAnd( 'rc_deleted', $bitmask ) . " != $bitmask", + ), LIST_OR ); + } + ChangeTags::modifyDisplayQuery( $tables, $fields, $conds, $join_conds, $options, '' ); wfRunHooks( 'SpecialWatchlistQuery', array( &$conds, &$tables, &$join_conds, &$fields, $values ) ); -- 1.8.4.msysgit.0