dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 53cc508)
API: Security update - deleted rev/rc/log entries are no longer shown.
authorYuri Astrakhan <yurik@users.mediawiki.org>
Sat, 2 Jun 2007 03:47:34 +0000 (03:47 +0000)
committerYuri Astrakhan <yurik@users.mediawiki.org>
Sat, 2 Jun 2007 03:47:34 +0000 (03:47 +0000)
includes/api/ApiQueryLogEvents.php patch | blob | history
includes/api/ApiQueryRecentChanges.php patch | blob | history
includes/api/ApiQueryUserContributions.php patch | blob | history
includes/api/ApiQueryWatchlist.php patch | blob | history

diff --git a/includes/api/ApiQueryLogEvents.php b/includes/api/ApiQueryLogEvents.php
index 35185b8..e260bba 100644 (file)
--- a/includes/api/ApiQueryLogEvents.php
+++ b/includes/api/ApiQueryLogEvents.php
@@ -65,6 +65,7 @@ class ApiQueryLogEvents extends ApiQueryBase {
                        'log_params'
                ));
 
+               $this->addWhereFld('log_deleted', 0);
                $this->addWhereFld('log_type', $type);
                $this->addWhereRange('log_timestamp', $dir, $start, $end);
                $this->addOption('LIMIT', $limit +1);
diff --git a/includes/api/ApiQueryRecentChanges.php b/includes/api/ApiQueryRecentChanges.php
index 5a9f973..5a89af8 100644 (file)
--- a/includes/api/ApiQueryRecentChanges.php
+++ b/includes/api/ApiQueryRecentChanges.php
@@ -51,6 +51,7 @@ class ApiQueryRecentChanges extends ApiQueryBase {
                $this->addTables('recentchanges');
                $this->addWhereRange('rc_timestamp', $dir, $start, $end);
                $this->addWhereFld('rc_namespace', $namespace);
+               $this->addWhereFld('rc_deleted', 0);
 
                if (!is_null($show)) {
                        $show = array_flip($show);
diff --git a/includes/api/ApiQueryUserContributions.php b/includes/api/ApiQueryUserContributions.php
index 67efebd..519e0e3 100644 (file)
--- a/includes/api/ApiQueryUserContributions.php
+++ b/includes/api/ApiQueryUserContributions.php
@@ -129,6 +129,8 @@ class ApiQueryContributions extends ApiQueryBase {
                list ($tbl_page, $tbl_revision) = $this->getDB()->tableNamesN('page', 'revision');
                $this->addTables("$tbl_revision LEFT OUTER JOIN $tbl_page ON page_id=rev_page");
                
+               $this->addWhereFld('rev_deleted', 0);
+               
                // We only want pages by the specified user.
                $this->addWhereFld('rev_user_text', $this->userTitle->getText());
 
diff --git a/includes/api/ApiQueryWatchlist.php b/includes/api/ApiQueryWatchlist.php
index 4b17e4e..6e42d48 100644 (file)
--- a/includes/api/ApiQueryWatchlist.php
+++ b/includes/api/ApiQueryWatchlist.php
@@ -125,8 +125,10 @@ class ApiQueryWatchlist extends ApiQueryGeneratorBase {
                        'wl_namespace = rc_namespace',
                        'wl_title = rc_title',
                        'rc_cur_id = page_id',
-                       'wl_user' => $userId
+                       'wl_user' => $userId,
+                       'rc_deleted' => 0,
                ));
+
                $this->addWhereRange('rc_timestamp', $dir, $start, $end);
                $this->addWhereFld('wl_namespace', $namespace);
                $this->addWhereIf('rc_this_oldid=page_latest', !$allrev);
Wiklou, le Wiki du Wiklou