SECURITY: Do not allow undeleting a revdel'd file if its top file

This prevents admins being able to view suppressed files, by simply
deleting them, and then undeleting only the file revision that they
want to view.

This dates back to r43288. Unclear if it was intentional.

Bug: T132926
Change-Id: Ib767de853a37099305db20529378fa756ee1bdfe

diff --git a/includes/filerepo/file/LocalFile.php b/includes/filerepo/file/LocalFile.php
index 91d628c..7e6e651 100644 (file)
--- a/includes/filerepo/file/LocalFile.php
+++ b/includes/filerepo/file/LocalFile.php
@@ -2596,8 +2596,9 @@ class LocalFileRestoreBatch {
 
                                // The live (current) version cannot be hidden!
                                if ( !$this->unsuppress && $row->fa_deleted ) {
-                                       $storeBatch[] = [ $deletedUrl, 'public', $destRel ];
-                                       $this->cleanupBatch[] = $row->fa_storage_key;
+                                       $status->fatal( 'undeleterevdel' );
+                                       $this->file->unlock();
+                                       return $status;
                                }
                        } else {
                                $archiveName = $row->fa_archive_name;