r48666 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r48665‎ \| r48666 \| r48667 >
Date:	02:12, 22 March 2009
Author:	werdna
Status:	ok
Tags:
Comment:	Prevent leaking of filters through diffs
Modified paths:	/trunk/extensions/AbuseFilter/AbuseFilter.class.php (modified) (history) /trunk/extensions/AbuseFilter/Views/AbuseFilterViewDiff.php (modified) (history)

Diff [purge]

Index: trunk/extensions/AbuseFilter/Views/AbuseFilterViewDiff.php
—	—	@@ -52,6 +52,13 @@
53	53	static $dependentSpecs = array( 'prev', 'next' );
54	54	static $cache = array();
55	55
	56	+ global $wgUser;
	57	+
	58	+ if ( AbuseFilter::filterHidden( $this->mFilter ) &&
	59	+ !$wgUser->isAllowed( 'abusefilter-modify' ) ) {
	60	+ return null;
	61	+ }
	62	+
56	63	if ( isset( $cache[$spec] ) )
57	64	return $cache[$spec];
58	65
Index: trunk/extensions/AbuseFilter/AbuseFilter.class.php
—	—	@@ -425,12 +425,13 @@
426	426	$curCount = $wgMemc->get( $countKey );
427	427	$curTotal = $wgMemc->get( $totalKey );
428	428
429		~~- $wgMemc->set( $totalKey, $curTotal + $time, 3600 );~~
430		-
431		~~- if ($curCount)~~
	429	+ if ($curCount) {
	430	+ $wgMemc->set( $totalKey, $curTotal + $time, 3600 );
432	431	$wgMemc->incr( $countKey );
433		~~- else~~
	432	+ } else {
434	433	$wgMemc->set( $countKey, 1, 3600 );
	434	+ $wgMemc->set( $totalKey, $time, 3600 );
	435	+ }
435	436	}
436	437
437	438	public static function getFilterProfile( $filter ) {
—	—	@@ -1259,7 +1260,9 @@
1260	1261	} else {
1261	1262	return null;
1262	1263	}
1263		~~- $vars->setVar( 'context', 'generated' );~~
	1264	+ if ($vars)
	1265	+ $vars->setVar( 'context', 'generated' );
	1266	+
1264	1267	return $vars;
1265	1268	}
1266	1269

18:03, 9 December 2011 Aaron Schulz (talk | contribs) changed the tags for r48666 [removed: ok]
21:12, 24 March 2009 Brion VIBBER (talk | contribs) changed the status of r48666 [removed: new added: ok]
05:36, 22 March 2009 Aaron Schulz (talk | contribs) changed the tags for r48666 [added: ok]