EditTags/revision delete interface leaks the following data for users with appropriate rights (in edittags case that is all users): The target of log entries that are restricted via log_deleted db field. The full log entry of logs that are restricted via $wgLogRestrictions
Case 1
Special:EditTags exposes suppressed (hideuser-ed) username in (Logs) link due to username are hard coded.
Step to reproduce:
- Logged in as user
- Go to Special:Log/block or similar page
- Check revision deleted or suppressed username log entry
- Click [Edit tags of selected log entries] (MediaWiki:log-edit-tags) button
- Click (Logs) Link
Expected:
Should not hard code username in the link when log is deleted or suppressed.
Original reporter : User:Ohgi
Case 2
Expose suppress log by set logid by manually
Step to reproduce:
- Logged in as user
- Go to Special:Log
- Check any entry
- Click [Edit tags of selected log entries] (MediaWiki:log-edit-tags) button
- Set logid as suppress log (e.g. increase or decrease logid by any logid)
- View the page
Expected:
MUST prohibit access to the log