Page MenuHomePhabricator
Create Task
Maniphest T35390

Examine page is visible for hidden log entries
Closed, ResolvedPublic
Actions

Description

Author: Nx.devnull

Description:
A hidden entry's examine page can still be accessed using the url (e.g. Special:AbuseFilter/examine/log/2 ). Since the examine page contains much of the same information as the details page, it should be restricted as well.

Version: unspecified
Severity: normal

Details

Reference
bz33390

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 21 2014, 11:59 PM
bzimport added a project: AbuseFilter.
bzimport set Reference to bz33390.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Dec 27 2011, 9:27 PM
bzimport added a comment.Dec 27 2011, 9:39 PM

Nx.devnull wrote:

Prevent access to hidden log entries' examine page, and prevent access to examine for log entries for user who do not have abusefilter-log-detail

This patch fixes this bug and also fixes bug 24186 properly, by preventing access to the examine page for all log entries if the user doesn't have the abusefilter-log-detail right

Attached:

abusefilter_hidden_examine.patch615 BDownload

MarkAHershberger added a comment.Dec 27 2011, 11:39 PM

r107451

bzimport added a comment.Dec 27 2011, 11:49 PM

Nx.devnull wrote:

Add error message

The error message "abusefilter-log-cannot-see-details" should also be shown when trying to view details.

Attached:

canseedetails_message.patch398 BDownload

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL