r46842 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r46841‎ \| r46842 \| r46843 >
Date:	11:44, 5 February 2009
Author:	catrope
Status:	deferred (Comments)
Tags:
Comment:	* API: Listing (semi-)deleted revisions and log entries (with rev_/log_deleted != 0) as well in prop=revisions and list=logevents, with commenthidden/userhidden/actionhidden/texthidden flags where appropriate * Still honors the paranoia checks added in r46807 * Use $index consistently in ApiQueryLogEvents * Some whitespace consistency
Modified paths:	/trunk/phase3/RELEASE-NOTES (modified) (history) /trunk/phase3/includes/api/ApiPageSet.php (modified) (history) /trunk/phase3/includes/api/ApiQueryLogEvents.php (modified) (history) /trunk/phase3/includes/api/ApiQueryRevisions.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/api/ApiQueryLogEvents.php
—	—	@@ -65,12 +65,13 @@
66	66	array( 'log_namespace=page_namespace',
67	67	'log_title=page_title'))));
68	68	$this->addWhere('user_id=log_user');
69		~~- $this->addOption('USE INDEX', array('logging' => 'times')); // default, may change~~
	69	+ $index = 'times'; // default, may change
70	70
71	71	$this->addFields(array (
72	72	'log_type',
73	73	'log_action',
74	74	'log_timestamp',
	75	+ 'log_deleted',
75	76	));
76	77
77	78	$this->addFieldsIf('log_id', $this->fld_ids);
—	—	@@ -81,12 +82,10 @@
82	83	$this->addFieldsIf('log_title', $this->fld_title);
83	84	$this->addFieldsIf('log_comment', $this->fld_comment);
84	85	$this->addFieldsIf('log_params', $this->fld_details);
85		-
86		~~- $this->addWhereFld('log_deleted', 0);~~
87	86
88	87	if( !is_null($params['type']) ) {
89	88	$this->addWhereFld('log_type', $params['type']);
90		~~- $this->addOption('USE INDEX', array('logging' => array('type_time')));~~
	89	+ $index = 'type_time';
91	90	}
92	91
93	92	$this->addWhereRange('log_timestamp', $params['dir'], $params['start'], $params['end']);
—	—	@@ -118,8 +117,14 @@
119	118	if ( $index ) {
120	119	$this->addOption( 'USE INDEX', array( 'logging' => $index ) );
121	120	}
	121	+ // Paranoia: avoid brute force searches (bug 17342)
	122	+ if (!is_null($title) \|\| !is_null($params['type'])) {
	123	+ $this->addWhere('log_deleted & ' . LogPage::DELETED_ACTION . ' = 0');
	124	+ }
	125	+ if (!is_null($user)) {
	126	+ $this->addWhere('log_deleted & ' . LogPage::DELETED_USER . ' = 0');
	127	+ }
122	128
123		-
124	129	$data = array ();
125	130	$count = 0;
126	131	$res = $this->select(__METHOD__);
—	—	@@ -196,26 +201,42 @@
197	202	}
198	203
199	204	if ($this->fld_type) {
200		~~- $vals['type'] = $row->log_type;~~
201		~~- $vals['action'] = $row->log_action;~~
	205	+ if (LogEventsList::isDeleted($row, LogPage::DELETED_ACTION)) {
	206	+ $vals['actionhidden'] = '';
	207	+ } else {
	208	+ $vals['type'] = $row->log_type;
	209	+ $vals['action'] = $row->log_action;
	210	+ }
202	211	}
203	212
204	213	if ($this->fld_details && $row->log_params !== '') {
205		~~- self::addLogParams($this->getResult(), $vals,~~
206		~~- $row->log_params, $row->log_type,~~
207		~~- $row->log_timestamp);~~
	214	+ if (LogEventsList::isDeleted($row, LogPage::DELETED_ACTION)) {
	215	+ $vals['actionhidden'] = '';
	216	+ } else {
	217	+ self::addLogParams($this->getResult(), $vals,
	218	+ $row->log_params, $row->log_type,
	219	+ $row->log_timestamp);
	220	+ }
208	221	}
209	222
210	223	if ($this->fld_user) {
211		~~- $vals['user'] = $row->user_name;~~
212		~~- if(!$row->log_user)~~
213		~~- $vals['anon'] = '';~~
	224	+ if (LogEventsList::isDeleted($row, LogPage::DELETED_USER)) {
	225	+ $vals['userhidden'] = '';
	226	+ } else {
	227	+ $vals['user'] = $row->user_name;
	228	+ if(!$row->log_user)
	229	+ $vals['anon'] = '';
	230	+ }
214	231	}
215	232	if ($this->fld_timestamp) {
216	233	$vals['timestamp'] = wfTimestamp(TS_ISO_8601, $row->log_timestamp);
217	234	}
218	235	if ($this->fld_comment && isset($row->log_comment)) {
219		~~- $vals['comment'] = $row->log_comment;~~
	236	+ if (LogEventsList::isDeleted($row, LogPage::DELETED_COMMENT)) {
	237	+ $vals['commenthidden'] = '';
	238	+ } else {
	239	+ $vals['comment'] = $row->log_comment;
	240	+ }
220	241	}
221	242
222	243	return $vals;
Index: trunk/phase3/includes/api/ApiPageSet.php
—	—	@@ -457,9 +457,9 @@
458	458	$pageids = array();
459	459	$remaining = array_flip($revids);
460	460
461		~~- $tables = array('revision','page');~~
462		~~- $fields = array('rev_id','rev_page');~~
463		~~- $where = array('rev_deleted' => 0, 'rev_id' => $revids,'rev_page = page_id');~~
	461	+ $tables = array('revision', 'page');
	462	+ $fields = array('rev_id', 'rev_page');
	463	+ $where = array('rev_id' => $revids, 'rev_page = page_id');
464	464
465	465	// Get pageIDs data from the `page` table
466	466	$this->profileDBIn();
Index: trunk/phase3/includes/api/ApiQueryRevisions.php
—	—	@@ -101,8 +101,8 @@
102	102	$this->dieUsage('titles, pageids or a generator was used to supply multiple pages, but the limit, startid, endid, dirNewer, user, excludeuser, start and end parameters may only be used on a single page.', 'multpages');
103	103
104	104	$this->addTables('revision');
105		~~- $this->addFields( Revision::selectFields() );~~
106		~~- $this->addTables( 'page' );~~
	105	+ $this->addFields(Revision::selectFields());
	106	+ $this->addTables('page');
107	107	$this->addWhere('page_id = rev_page');
108	108
109	109	$prop = array_flip($params['prop']);
—	—	@@ -134,7 +134,7 @@
135	135	$this->addTables('text');
136	136	$this->addWhere('rev_text_id=old_id');
137	137	$this->addFields('old_id');
138		~~- $this->addFields( Revision::selectTextFields() );~~
	138	+ $this->addFields(Revision::selectTextFields());
139	139
140	140	$this->fld_content = true;
141	141
—	—	@@ -190,10 +190,14 @@
191	191
192	192	if(!is_null($params['user'])) {
193	193	$this->addWhereFld('rev_user_text', $params['user']);
194		~~- } elseif (!is_null( $params['excludeuser'])) {~~
	194	+ } elseif (!is_null($params['excludeuser'])) {
195	195	$this->addWhere('rev_user_text != ' .
196	196	$this->getDB()->addQuotes($params['excludeuser']));
197	197	}
	198	+ if(!is_null($params['user']) \|\| !is_null($params['excludeuser'])) {
	199	+ // Paranoia: avoid brute force searches (bug 17342)
	200	+ $this->addWhere('rev_deleted & ' . Revision::DELETED_USER . ' = 0');
	201	+ }
198	202	}
199	203	elseif ($revCount > 0) {
200	204	$max = $this->getMain()->canApiHighLimits() ? $botMax : $userMax;
—	—	@@ -280,9 +284,13 @@
281	285	$vals['minor'] = '';
282	286
283	287	if ($this->fld_user) {
284		~~- $vals['user'] = $revision->getUserText();~~
285		~~- if (!$revision->getUser())~~
286		~~- $vals['anon'] = '';~~
	288	+ if ($revision->isDeleted(Revision::DELETED_USER)) {
	289	+ $vals['userhidden'] = '';
	290	+ } else {
	291	+ $vals['user'] = $revision->getUserText();
	292	+ if (!$revision->getUser())
	293	+ $vals['anon'] = '';
	294	+ }
287	295	}
288	296
289	297	if ($this->fld_timestamp) {
—	—	@@ -294,9 +302,13 @@
295	303	}
296	304
297	305	if ($this->fld_comment) {
298		~~- $comment = $revision->getComment();~~
299		~~- if (strval($comment) !== '')~~
300		~~- $vals['comment'] = $comment;~~
	306	+ if ($revision->isDeleted(Revision::DELETED_COMMENT)) {
	307	+ $vals['commenthidden'] = '';
	308	+ } else {
	309	+ $comment = $revision->getComment();
	310	+ if (strval($comment) !== '')
	311	+ $vals['comment'] = $comment;
	312	+ }
301	313	}
302	314
303	315	if(!is_null($this->token) \|\| ($this->fld_content && $this->expandTemplates))
—	—	@@ -314,8 +326,8 @@
315	327	$vals[$t . 'token'] = $val;
316	328	}
317	329	}
318		-
319		~~- if ($this->fld_content) {~~
	330	+
	331	+ if ($this->fld_content && !$revision->isDeleted(Revision::DELETED_TEXT)) {
320	332	global $wgParser;
321	333	$text = $revision->getText();
322	334	# Expand templates after getting section content because
—	—	@@ -341,6 +353,8 @@
342	354	$text = $wgParser->preprocess( $text, $title, new ParserOptions() );
343	355	}
344	356	ApiResult :: setContent($vals, $text);
	357	+ } else if ($this->fld_content) {
	358	+ $vals['texthidden'] = '';
345	359	}
346	360	return $vals;
347	361	}
Index: trunk/phase3/RELEASE-NOTES
—	—	@@ -163,6 +163,8 @@
164	164	* (bug 17007) Added action=import
165	165	* BREAKING CHANGE: Removed rctitles parameter from list=recentchanges because of
166	166	performance concerns
	167	+* Listing (semi-)deleted revisions and log entries as well in prop=revisions and
	168	+ list=logevents
167	169
168	170	=== Languages updated in 1.15 ===
169	171

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r46807	(bug 17342) Prevent deleted log item leaking (via slow brute-force)	aaron	18:54, 4 February 2009

Comments

#Comment by Aaron Schulz (talk | contribs) 14:43, 6 February 2009

Tweaks in r46917

Status & tagging log

00:20, 14 September 2011 Meno25 (talk | contribs) changed the status of r46842 [removed: old added: deferred]