From fcaac946016922bd04ee59a17e0fc11a4d2978cf Mon Sep 17 00:00:00 2001
From: Sohom <sohomdatta1+git@gmail.com>
Date: Fri, 13 Jan 2023 23:00:56 +0530
Subject: [PATCH] Prevent hidden users from being exposed via public interfaces

Bug: T326952
Change-Id: Ibe5f8e25dea155bbd811a65833394c0d4b906a34
---
 includes/Page/PageContentHandler.php | 24 ++++++++++++++++++++++--
 includes/Page/PageDisplayHandler.php | 14 ++++++++++++--
 2 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/includes/Page/PageContentHandler.php b/includes/Page/PageContentHandler.php
index e517b84d..d0cdad04 100644
--- a/includes/Page/PageContentHandler.php
+++ b/includes/Page/PageContentHandler.php
@@ -86,13 +86,23 @@ class PageContentHandler extends TextContentHandler {
 		$level = $content->getLevel();
 		$user = $level->getUser();
 
+		if ( $user ) {
+			if ( $user->isHidden() ) {
+				$userName = $this->msg( 'rev-deleted-user' )->inContentLanguage()->text();
+			} else {
+				$userName = $user->getName();
+			}
+		} else {
+			$userName = null;
+		}
+
 		return json_encode( [
 			'header' => $content->getHeader()->serialize(),
 			'body' => $content->getBody()->serialize(),
 			'footer' => $content->getFooter()->serialize(),
 			'level' => [
 				'level' => $level->getLevel(),
-				'user' => $user ? $user->getName() : null
+				'user' => $userName
 			]
 		] );
 	}
@@ -104,7 +114,17 @@ class PageContentHandler extends TextContentHandler {
 	private function serializeContentInWikitext( PageContent $content ) {
 		$level = $content->getLevel();
 		$user = $level->getUser();
-		$userName = $user ? $user->getName() : '';
+
+		if ( $user ) {
+			if ( $user->isHidden() ) {
+				$userName = $this->msg( 'rev-deleted-user' )->inContentLanguage()->text();
+			} else {
+				$userName = $user->getName();
+			}
+		} else {
+			$userName = null;
+		}
+
 		$text =
 			'<noinclude>' .
 				'<pagequality level="' . $level->getLevel() . '" user="' . $userName . '" />' .
diff --git a/includes/Page/PageDisplayHandler.php b/includes/Page/PageDisplayHandler.php
index 5c824720..c9f0dfc7 100644
--- a/includes/Page/PageDisplayHandler.php
+++ b/includes/Page/PageDisplayHandler.php
@@ -132,10 +132,20 @@ class PageDisplayHandler {
 	 */
 	public function getPageJsConfigVars( Title $title, PageContent $content ): array {
 		$indexFields = $this->getIndexFieldsForJS( $title );
+		$user = $content->getLevel()->getUser();
+
+		if ( $user ) {
+			if ( $user->isHidden() ) {
+				$userName = $this->msg( 'rev-deleted-user' )->inContentLanguage()->text();
+			} else {
+				$userName = $user->getName();
+			}
+		} else {
+			$userName = null;
+		}
 
 		$jsConfigVars = [
-			'prpPageQualityUser' =>
-				$content->getLevel()->getUser() ? $content->getLevel()->getUser()->getName() : null,
+			'prpPageQualityUser' => $userName,
 			'prpPageQuality' =>
 				$content->getLevel()->getLevel(),
 			'prpIndexFields' => $indexFields
-- 
2.39.0