dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f6fd74d)
SECURITY: Fix revdel checks in LogPager
authorBrian Wolff <bawolff+wn@gmail.com>
Fri, 23 Feb 2018 21:52:25 +0000 (21:52 +0000)
committerBrian Wolff <bawolff+wn@gmail.com>
Mon, 5 Mar 2018 22:48:43 +0000 (22:48 +0000)
Follow-up to ce881e02e8d6 where the check for performer
restrictions and action restrictions was reversed.

Bug: T188145
Change-Id: I85a44f925212929ac87fb7a7e494023258f2d148

includes/logging/LogPager.php patch | blob | history

diff --git a/includes/logging/LogPager.php b/includes/logging/LogPager.php
index dc9af5a..d1acacf 100644 (file)
--- a/includes/logging/LogPager.php
+++ b/includes/logging/LogPager.php
@@ -424,9 +424,9 @@ class LogPager extends ReverseChronologicalPager {
                $this->actionRestrictionsEnforced = true;
                $user = $this->getUser();
                if ( !$user->isAllowed( 'deletedhistory' ) ) {
-                       $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0';
+                       $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0';
                } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
-                       $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) .
+                       $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) .
                                ' != ' . LogPage::SUPPRESSED_USER;
                }
        }
@@ -442,9 +442,9 @@ class LogPager extends ReverseChronologicalPager {
                $this->performerRestrictionsEnforced = true;
                $user = $this->getUser();
                if ( !$user->isAllowed( 'deletedhistory' ) ) {
-                       $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0';
+                       $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0';
                } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
-                       $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) .
+                       $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) .
                                ' != ' . LogPage::SUPPRESSED_ACTION;
                }
        }
Wiklou, le Wiki du Wiklou