wikimedia/mediawiki-extensions-AbuseFilter
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter.git synced 2024-09-24 10:48:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: Remove private information from the API results

Browse source 
Later, we will add a new POST request which will allow retrieving
the private details; it will have a mandatory "reason" parameter,
and will result in a log entry in the private details access log,
just like the web interface.

Bug: T210329
Change-Id: Iaca492371f48fecf543268c179a651841ed12c3f
Signed-off-by: sbassett <sbassett@wikimedia.org>
This commit is contained in:
Huji Lee 2018-11-24 20:16:05 -05:00 committed by SBassett
parent 88ccbfcf48
commit b523194032
1 changed files with 0 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
includes/api/ApiQueryAbuseLog.php
View file

@ -56,7 +56,6 @@ class ApiQueryAbuseLog extends ApiQueryBase {
$fld_ids = isset( $prop['ids'] );
$fld_filter = isset( $prop['filter'] );
$fld_user = isset( $prop['user'] );
$fld_ip = isset( $prop['ip'] );
$fld_title = isset( $prop['title'] );
$fld_action = isset( $prop['action'] );
$fld_details = isset( $prop['details'] );
@ -67,9 +66,6 @@ class ApiQueryAbuseLog extends ApiQueryBase {
$isCentral = $this->getConfig()->get( 'AbuseFilterIsCentral' );
$fld_wiki = $isCentral && isset( $prop['wiki'] );
if ( $fld_ip ) {
$this->checkUserRightsAny( 'abusefilter-private' );
}
if ( $fld_details ) {
$this->checkUserRightsAny( 'abusefilter-log-detail' );
}
@ -99,7 +95,6 @@ class ApiQueryAbuseLog extends ApiQueryBase {
$this->addFields( 'afl_filter' );
$this->addFieldsIf( 'afl_id', $fld_ids );
$this->addFieldsIf( 'afl_user_text', $fld_user );
$this->addFieldsIf( 'afl_ip', $fld_ip );
$this->addFieldsIf( [ 'afl_namespace', 'afl_title' ], $fld_title );
$this->addFieldsIf( 'afl_action', $fld_action );
$this->addFieldsIf( 'afl_var_dump', $fld_details );
@ -199,9 +194,6 @@ class ApiQueryAbuseLog extends ApiQueryBase {
if ( $fld_user ) {
$entry['user'] = $row->afl_user_text;
}
if ( $fld_ip ) {
$entry['ip'] = $row->afl_ip;
}
if ( $fld_wiki ) {
$entry['wiki'] = $row->afl_wiki;
}
@ -292,7 +284,6 @@ class ApiQueryAbuseLog extends ApiQueryBase {
'ids',
'filter',
'user',
'ip',
'title',
'action',
'details',