Last modified: 2012-06-05 01:38:36 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T26186, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 24186 - "Examine" page is visible to users without abusefilter-log-detail right
"Examine" page is visible to users without abusefilter-log-detail right
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
AbuseFilter (Other open bugs)
unspecified
All All
: Low normal with 1 vote (vote)
: ---
Assigned To: Nobody - You can work on this!
: patch, patch-need-review
: 24841 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-06-30 13:57 UTC by lampak
Modified: 2012-06-05 01:38 UTC (History)
9 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
patch (7.56 KB, patch)
2010-07-01 00:57 UTC, lampak 		Details
patch no. 2 (7.55 KB, patch)
2010-07-01 09:33 UTC, lampak 		Details
patch no. 3 (7.67 KB, patch)
2010-07-01 11:07 UTC, lampak 		Details
patch no. 3 with extra modifications from previous patches (706 bytes, patch)
2010-07-01 11:15 UTC, lampak 		Details
patch no. 3a with extra modifications from previous patches (7.66 KB, patch)
2010-07-01 11:22 UTC, lampak 		Details
patch no. 3a (700 bytes, patch)
2010-07-01 11:24 UTC, lampak 		Details
Show Obsolete (4) Add an attachment (proposed patch, testcase, etc.)

Description lampak 2010-06-30 13:57:18 UTC 
You may enter the "examine" page of AbuseFilter even when you can't see "datails" - see http://pl.wikipedia.org/wiki/Specjalna:Filtr_nadu%C5%BCy%C4%87/examine/log/2970 for example. You need to type the URL manually but still. 

Both pages seem to display mostly the same information so IMHO they should be equally protected.
Comment 1 Leinad 2010-06-30 21:51:28 UTC 
It looks that "examine" function is available with permission "abusefilter-view", but the link to the "examine" is not visible in [[Special:AbuseLog]] when permission "abusefilter-log-detail" is false.
Comment 2 lampak 2010-06-30 22:31:58 UTC 
So probably the most sensible solution would be to make "examine" pages visible to those with abusefilter-log-detail instead. As far as I know, abusefilter-view should be for accessing the *code* of public filters, like this one: [[Special:AbuseFilter/33]]
Comment 3 lampak 2010-07-01 00:57:47 UTC 
Created attachment 7537 [details]
patch

OK, I've written a patch. Now it should check for the abusefilter-log-detail right before displaying the "examine" page. 

Besides fixing the bug, I've moved all functions which check user's rights to AbuseFilter class to make them somewhat more global - because I needed canSeeDetails and because canViewPrivate had already been duplicated by canSeePrivate. 

I have some some small problems with MediaWiki configuration so I'm not quite sure how the patch is going to behave in a less messy environment...
Comment 4 lampak 2010-07-01 09:33:15 UTC 
Created attachment 7538 [details]
patch no. 2

Small quick fix of one line. I'm not sure it's much better but I'm hurrying a bit (because of real-life reasons).
Comment 5 lampak 2010-07-01 10:55:43 UTC 
The patch doesn't work! Sorry for the mess.
Comment 6 lampak 2010-07-01 11:07:07 UTC 
Created attachment 7539 [details]
patch no. 3
Comment 7 lampak 2010-07-01 11:15:12 UTC 
Created attachment 7540 [details]
patch no. 3 with extra modifications from previous patches

Ok, this one should work. In this version it turns out I don't use that canSeeDetails so there's no need to move these functions. But I don't think it was a bad idea anyway so you here have two versions of a patch for you to decide. 

Sorry for the mess and confusion and everything. This is what happens when you try to do something quickly :/
Comment 8 lampak 2010-07-01 11:22:26 UTC 
Created attachment 7541 [details]
patch no. 3a with extra modifications from previous patches
Comment 9 lampak 2010-07-01 11:24:05 UTC 
Created attachment 7542 [details]
patch no. 3a

Just a small fix of spaces/tabs issue. That's really the end, I promise.
Comment 10 Leinad 2010-08-18 12:12:58 UTC 
*** Bug 24841 has been marked as a duplicate of this bug. ***
Comment 11 aokomoriuta 2010-08-18 12:26:25 UTC 
Thank you for telling "duplicate".

And then, how's this bug going on?
We seriously need to fix this.
Comment 12 Nikola Kovacs 2011-12-27 21:44:43 UTC 
The patch prevents access to the examine page completely, not just for log entries (e.g. you won't be able to examine edits from recent changes). My patch for bug 33390 prevents access to the examine page only for abuse log entries.
Comment 13 Mark A. Hershberger 2011-12-27 23:38:13 UTC 
r107451

I'm applying Nikola Kovacs' patch and closing this bug.   Reopen if that is insufficient.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links