From a59b53f718a041581dab9f957180f9a8cf54a962 Mon Sep 17 00:00:00 2001
From: Alexander Vorwerk <alec@vc-celle.de>
Date: Sun, 20 Jun 2021 18:38:02 +0200
Subject: [PATCH] SECURITY: Act like users don't exist if hidden from viewer

Bug: T285190
Change-Id: I4e4dbcad61e1d4f6fd8b038bf63d19c69081a8ec
---
 includes/specials/SpecialGlobalGroupMembership.php | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/includes/specials/SpecialGlobalGroupMembership.php b/includes/specials/SpecialGlobalGroupMembership.php
index 3cb2a0d5..d7102d37 100644
--- a/includes/specials/SpecialGlobalGroupMembership.php
+++ b/includes/specials/SpecialGlobalGroupMembership.php
@@ -98,14 +98,24 @@ class SpecialGlobalGroupMembership extends UserrightsPage {
 		if ( $username[0] == '#' ) {
 			$id = intval( substr( $username, 1 ) );
 			$user = CentralAuthGroupMembershipProxy::newFromId( $id );
+			$globalUser = CentralAuthUser::newMasterInstanceFromId( $id );
 
-			if ( !$user ) {
+			// If the user exists, but is hidden from the viewer, pretend that it does
+			// not exist. - T285190/T260863
+			if ( !$user || ( ( $globalUser->isOversighted() || $globalUser->isHidden() ) &&
+				!$this->getContext()->getAuthority()->isAllowed( 'centralauth-oversight' ) )
+			) {
 				return Status::newFatal( 'noname', $id );
 			}
 		} else {
 			$user = CentralAuthGroupMembershipProxy::newFromName( $username );
 
-			if ( !$user ) {
+			// If the user exists, but is hidden from the viewer, pretend that it does
+			// not exist. - T285190
+			$globalUser = CentralAuthUser::getMasterInstanceByName( $username );
+			if ( !$user || ( ( $globalUser->isOversighted() || $globalUser->isHidden() ) &&
+				!$this->getContext()->getAuthority()->isAllowed( 'centralauth-oversight' ) )
+			) {
 				return Status::newFatal( 'nosuchusershort', $username );
 			}
 		}
-- 
2.26.1.windows.1