| • bzimport | |
| Jun 30 2010, 1:57 PM |
| F6824: patch_simple.patch | |
| Nov 21 2014, 11:07 PM |
| F6823: patch.patch | |
| Nov 21 2014, 11:07 PM |
Author: llampak
Description:
You may enter the "examine" page of AbuseFilter even when you can't see "datails" - see http://pl.wikipedia.org/wiki/Specjalna:Filtr_nadu%C5%BCy%C4%87/examine/log/2970 for example. You need to type the URL manually but still.
Both pages seem to display mostly the same information so IMHO they should be equally protected.
Version: unspecified
Severity: normal
danny.leinad wrote:
It looks that "examine" function is available with permission "abusefilter-view", but the link to the "examine" is not visible in [[Special:AbuseLog]] when permission "abusefilter-log-detail" is false.
llampak wrote:
So probably the most sensible solution would be to make "examine" pages visible to those with abusefilter-log-detail instead. As far as I know, abusefilter-view should be for accessing the *code* of public filters, like this one: [[Special:AbuseFilter/33]]
llampak wrote:
patch
OK, I've written a patch. Now it should check for the abusefilter-log-detail right before displaying the "examine" page.
Besides fixing the bug, I've moved all functions which check user's rights to AbuseFilter class to make them somewhat more global - because I needed canSeeDetails and because canViewPrivate had already been duplicated by canSeePrivate.
I have some some small problems with MediaWiki configuration so I'm not quite sure how the patch is going to behave in a less messy environment...
attachment patch.patch ignored as obsolete
llampak wrote:
patch no. 2
Small quick fix of one line. I'm not sure it's much better but I'm hurrying a bit (because of real-life reasons).
attachment patch.patch ignored as obsolete
llampak wrote:
patch no. 3 with extra modifications from previous patches
Ok, this one should work. In this version it turns out I don't use that canSeeDetails so there's no need to move these functions. But I don't think it was a bad idea anyway so you here have two versions of a patch for you to decide.
Sorry for the mess and confusion and everything. This is what happens when you try to do something quickly :/
attachment patch simple.patch ignored as obsolete
llampak wrote:
patch no. 3a
Just a small fix of spaces/tabs issue. That's really the end, I promise.
Attached:
aokomoriuta wrote:
Thank you for telling "duplicate".
And then, how's this bug going on?
We seriously need to fix this.
Nx.devnull wrote:
The patch prevents access to the examine page completely, not just for log entries (e.g. you won't be able to examine edits from recent changes). My patch for bug 33390 prevents access to the examine page only for abuse log entries.
r107451
I'm applying Nikola Kovacs' patch and closing this bug. Reopen if that is insufficient.