From ce881e02e8d69839c0edfdd11fdec570a46ab506 Mon Sep 17 00:00:00 2001 From: cenarium Date: Mon, 25 Jan 2016 22:35:22 +0100 Subject: [PATCH] logging: Abstract LogPager enforcing of action and performer restrictions This avoids duplicating the code in the future, such as proposed for I3ea2c050b6dd6c (T16711). Change-Id: Ic53b074f542014f156b006864d91a138ba5fb22b --- includes/logging/LogPager.php | 59 +++++++++++++++++++++++++---------- 1 file changed, 43 insertions(+), 16 deletions(-) diff --git a/includes/logging/LogPager.php b/includes/logging/LogPager.php index df432e1517..05e55de75d 100644 --- a/includes/logging/LogPager.php +++ b/includes/logging/LogPager.php @@ -45,6 +45,12 @@ class LogPager extends ReverseChronologicalPager { /** @var string */ private $action = ''; + /** @var bool */ + private $performerRestrictionsEnforced = false; + + /** @var bool */ + private $actionRestrictionsEnforced = false; + /** @var LogEventsList */ public $mLogEventsList; @@ -177,14 +183,7 @@ class LogPager extends ReverseChronologicalPager { } else { $this->mConds['log_user'] = $userid; } - // Paranoia: avoid brute force searches (T19342) - $user = $this->getUser(); - if ( !$user->isAllowed( 'deletedhistory' ) ) { - $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0'; - } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) { - $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) . - ' != ' . LogPage::SUPPRESSED_USER; - } + $this->enforcePerformerRestrictions(); $this->performer = $name; } @@ -252,14 +251,7 @@ class LogPager extends ReverseChronologicalPager { } else { $this->mConds['log_title'] = $title->getDBkey(); } - // Paranoia: avoid brute force searches (T19342) - $user = $this->getUser(); - if ( !$user->isAllowed( 'deletedhistory' ) ) { - $this->mConds[] = $db->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0'; - } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) { - $this->mConds[] = $db->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) . - ' != ' . LogPage::SUPPRESSED_ACTION; - } + $this->enforceActionRestrictions(); } /** @@ -420,4 +412,39 @@ class LogPager extends ReverseChronologicalPager { parent::doQuery(); $this->mDb->setBigSelects( 'default' ); } + + /** + * Paranoia: avoid brute force searches (T19342) + */ + private function enforceActionRestrictions() { + if ( $this->actionRestrictionsEnforced ) { + return; + } + $this->actionRestrictionsEnforced = true; + $user = $this->getUser(); + if ( !$user->isAllowed( 'deletedhistory' ) ) { + $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::DELETED_USER ) . ' = 0'; + } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) { + $this->mConds[] = $this->mDb->bitAnd( 'log_deleted', LogPage::SUPPRESSED_USER ) . + ' != ' . LogPage::SUPPRESSED_USER; + } + } + + /** + * Paranoia: avoid brute force searches (T19342) + */ + private function enforcePerformerRestrictions() { + // Same as enforceActionRestrictions(), except for _USER instead of _ACTION bits. + if ( $this->performerRestrictionsEnforced ) { + return; + } + $this->performerRestrictionsEnforced = true; + $user = $this->getUser(); + if ( !$user->isAllowed( 'deletedhistory' ) ) { + $this->mConds[] = $db->bitAnd( 'log_deleted', LogPage::DELETED_ACTION ) . ' = 0'; + } elseif ( !$user->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) { + $this->mConds[] = $db->bitAnd( 'log_deleted', LogPage::SUPPRESSED_ACTION ) . + ' != ' . LogPage::SUPPRESSED_ACTION; + } + } } -- 2.20.1