r46807 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r46806‎ | r46807 | r46808 >
Date:18:54, 4 February 2009
Author:aaron
Status:deferred (Comments)
Tags:
Comment:
(bug 17342) Prevent deleted log item leaking (via slow brute-force)
Modified paths:
  • /trunk/phase3/includes/LogEventsList.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/LogEventsList.php
@@ -600,6 +600,8 @@
601601 $this->mConds[] = "NULL";
602602 } else {
603603 $this->mConds['log_user'] = $userid;
 604+ // Paranoia: avoid brute force searches (bug 17342)
 605+ $this->mConds[] = 'log_deleted & ' . LogPage::DELETED_USER . ' = 0';
604606 $this->user = $usertitle->getText();
605607 }
606608 }
@@ -640,6 +642,8 @@
641643 $this->mConds['log_namespace'] = $ns;
642644 $this->mConds['log_title'] = $title->getDBkey();
643645 }
 646+ // Paranoia: avoid brute force searches (bug 17342)
 647+ $this->mConds[] = 'log_deleted & ' . LogPage::DELETED_ACTION . ' = 0';
644648 }
645649
646650 public function getQueryInfo() {

Follow-up revisions

RevisionCommit summaryAuthorDate
r46842* API: Listing (semi-)deleted revisions and log entries (with rev_/log_delete...catrope11:44, 5 February 2009

Comments

#Comment by Catrope (talk | contribs)   11:18, 5 February 2009

LogPage::DELETED_ACTION should also be checked when the type= parameter is set; right now, the action can still be guessed by brute force

#Comment by Aaron Schulz (talk | contribs)   11:30, 5 February 2009

How does that matter?

#Comment by Catrope (talk | contribs)   11:32, 5 February 2009

I don't know, I just know the point of this fix was to stop Special:Log from exposing hidden information through brute force, and one of those leaks hasn't been fixed yet.

#Comment by Aaron Schulz (talk | contribs)   11:51, 5 February 2009

Discovering the type of action (delete/protect) isn't something we care about. DELETED_ACTION hides that action in order to hide any titles/parameters.

Status & tagging log