From ab8e5f76b2d80dc4fda6729ed5a0a88e7634158c Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Fri, 23 Feb 2018 21:52:25 +0000
Subject: [PATCH] SECURITY: Fix revdel checks in LogPager

Mostly a follow-up to ce881e02e8d6 where the check for performer
restrictions and action restrictions was reversed. Additionally
this adds filtering for DELETED_ACTION when filtering by
log_type or log_action.

Bug: T188145
Change-Id: I85a44f925212929ac87fb7a7e494023258f2d148
---
 includes/logging/LogPager.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/includes/logging/LogPager.php b/includes/logging/LogPager.php
index 5404f35..cf03a67 100644
--- a/includes/logging/LogPager.php
+++ b/includes/logging/LogPager.php
@@ -156,6 +156,7 @@ class LogPager extends ReverseChronologicalPager {
 			if ( count( $types ) == 1 ) {
 				$this->typeCGI = $types[0];
 			}
+			$this->enforceActionRestrictions();
 		}
 	}
 
@@ -275,6 +276,9 @@ class LogPager extends ReverseChronologicalPager {
 				// add condition to query
 				$this->mConds['log_action'] = $actions[$type][$action];
 				$this->action = $action;
+				// This should already happen from log_type filtering
+				// but just in case.
+				$this->enforceActionRestrictions();
 			}
 		}
 	}
@@ -423,9 +427,9 @@ class LogPager extends ReverseChronologicalPager {
 		$this->actionRestrictionsEnforced = true;
 		$user = $this->getUser();
 		if ( !$user->isAllowed( 'deletedhistory' ) ) {
-			$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0';
+			$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0';
 		} elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
-			$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) .
+			$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) .
 				' != ' . LogPage::SUPPRESSED_USER;
 		}
 	}
@@ -441,9 +445,9 @@ class LogPager extends ReverseChronologicalPager {
 		$this->performerRestrictionsEnforced = true;
 		$user = $this->getUser();
 		if ( !$user->isAllowed( 'deletedhistory' ) ) {
-			$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0';
+			$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0';
 		} elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
-			$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) .
+			$this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) .
 				' != ' . LogPage::SUPPRESSED_ACTION;
 		}
 	}
-- 
2.8.1