From b97c95e7d37b9e766b302ce50420ad63460ac5c7 Mon Sep 17 00:00:00 2001 From: Brian Wolff Date: Fri, 23 Feb 2018 21:52:25 +0000 Subject: [PATCH] SECURITY: Fix revdel checks in LogPager Follow-up to ce881e02e8d6 where the check for performer restrictions and action restrictions was reversed. Bug: T188145 Change-Id: I85a44f925212929ac87fb7a7e494023258f2d148 --- includes/logging/LogPager.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/includes/logging/LogPager.php b/includes/logging/LogPager.php index 5404f35..104f98d 100644 --- a/includes/logging/LogPager.php +++ b/includes/logging/LogPager.php @@ -423,9 +423,9 @@ class LogPager extends ReverseChronologicalPager { $this->actionRestrictionsEnforced = true; $user = $this->getUser(); if ( !$user->isAllowed( 'deletedhistory' ) ) { - $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0'; + $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0'; } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) { - $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) . + $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) . ' != ' . LogPage::SUPPRESSED_USER; } } @@ -441,9 +441,9 @@ class LogPager extends ReverseChronologicalPager { $this->performerRestrictionsEnforced = true; $user = $this->getUser(); if ( !$user->isAllowed( 'deletedhistory' ) ) { - $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0'; + $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0'; } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) { - $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) . + $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) . ' != ' . LogPage::SUPPRESSED_ACTION; } } -- 2.8.1