Last modified: 2011-07-19 00:36:48 UTC
Can we/is it possible to livehack out the access to the details that the "abusefilter-private" right in abuse filter gives out if its accidently enabled for user groups (eg: bug 29910 comment #3)
(In reply to comment #0) > Can we/is it possible to livehack out the access to the details that the > "abusefilter-private" right in abuse filter gives out if its accidently enabled > for user groups (eg: bug 29910 comment #3) Quite easily Replace line 325 of SpecialAbuseLog with return false;, and on line 57 of ApiQueryAbuseLog, comment out && !$wgUser->isAllowed( 'abusefilter-private' )
What am I missing here? This looks like just a general question.
I'm guessing it's wanted to so it can't be accidentally enabled again...
reopening, reedy is correct. It was more of a "if it is possible -> then we should do this, if not kill the bug" type bug. Actually do we have any other rights that shouldn't be given ever? if we have a couple we could probably do a ext that is loaded last that kills them off.
(In reply to comment #4) > reopening, reedy is correct. It was more of a "if it is possible -> then we > should do this, if not kill the bug" type bug. > > > Actually do we have any other rights that shouldn't be given ever? if we have a > couple we could probably do a ext that is loaded last that kills them off. If they're more than broken, we should just kill it
<logmsgbot> !log reedy synchronized wmf-config/abusefilter.php 'bug 29922 Remove abusefilter-private right so it cannot be accidentally granted' <morebots> Logged the message, Master