r37839 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r37838‎ \| r37839 \| r37840 >
Date:	07:50, 19 July 2008
Author:	brion
Status:	old
Tags:
Comment:	Security fix for API blocks query -- ipb_anon field wasn't being loaded when querying for usernames but not flags, but this field is needed to tell whether a given row is an autoblock and needs the IP suppressed.
Modified paths:	/trunk/phase3/includes/api/ApiQueryBlocks.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/api/ApiQueryBlocks.php
—	—	@@ -72,6 +72,8 @@
73	73	$this->addFields('ipb_id');
74	74	if($fld_user)
75	75	$this->addFields(array('ipb_address', 'ipb_user'));
	76	+ if($fld_user \|\| $fld_flags)
	77	+ $this->addFields('ipb_auto');
76	78	if($fld_by)
77	79	{
78	80	$this->addTables('user');
—	—	@@ -87,7 +89,7 @@
88	90	if($fld_range)
89	91	$this->addFields(array('ipb_range_start', 'ipb_range_end'));
90	92	if($fld_flags)
91		~~- $this->addFields(array('ipb_auto', 'ipb_anon_only', 'ipb_create_account', 'ipb_enable_autoblock', 'ipb_block_email', 'ipb_deleted'));~~
	93	+ $this->addFields(array('ipb_anon_only', 'ipb_create_account', 'ipb_enable_autoblock', 'ipb_block_email', 'ipb_deleted'));
92	94
93	95	$this->addOption('LIMIT', $params['limit'] + 1);
94	96	$this->addWhereRange('ipb_timestamp', $params['dir'], $params['start'], $params['end']);

Follow-up revisions

Revision	Commit summary	Author	Date
r37892	Cleanup from r37839: just put ipb_auto in the relevant arrays. We have those ...	catrope	21:37, 21 July 2008

Status & tagging log

15:29, 12 September 2011 Meno25 (talk | contribs) changed the status of r37839 [removed: ok added: old]