Last modified: 2011-07-19 00:36:48 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T31922, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 29922 - Live hack abusefilter-private out of abusefilter if possible
Live hack abusefilter-private out of abusefilter if possible
Status: RESOLVED FIXED
Product: Wikimedia
Classification: Unclassified
General/Unknown (Other open bugs)
unspecified
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-07-16 12:43 UTC by p858snake
Modified: 2011-07-19 00:36 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description p858snake 2011-07-16 12:43:10 UTC 
Can we/is it possible to livehack out the access to the details that the "abusefilter-private" right in abuse filter gives out if its accidently enabled for user groups (eg: bug 29910 comment #3)
Comment 1 Sam Reed (reedy) 2011-07-17 00:43:54 UTC 
(In reply to comment #0)
> Can we/is it possible to livehack out the access to the details that the
> "abusefilter-private" right in abuse filter gives out if its accidently enabled
> for user groups (eg: bug 29910 comment #3)

Quite easily

Replace line 325 of SpecialAbuseLog with return false;, and on line 57 of ApiQueryAbuseLog, comment out && !$wgUser->isAllowed( 'abusefilter-private' )
Comment 2 Mark A. Hershberger 2011-07-18 19:16:16 UTC 
What am I missing here?  This looks like just a general question.
Comment 3 Sam Reed (reedy) 2011-07-18 19:17:20 UTC 
I'm guessing it's wanted to so it can't be accidentally enabled again...
Comment 4 p858snake 2011-07-19 00:14:34 UTC 
reopening, reedy is correct. It was more of a "if it is possible -> then we should do this, if not kill the bug" type bug.


Actually do we have any other rights that shouldn't be given ever? if we have a couple we could probably do a ext that is loaded last that kills them off.
Comment 5 Sam Reed (reedy) 2011-07-19 00:23:02 UTC 
(In reply to comment #4)
> reopening, reedy is correct. It was more of a "if it is possible -> then we
> should do this, if not kill the bug" type bug.
> 
> 
> Actually do we have any other rights that shouldn't be given ever? if we have a
> couple we could probably do a ext that is loaded last that kills them off.

If they're more than broken, we should just kill it
Comment 6 Sam Reed (reedy) 2011-07-19 00:36:48 UTC 
<logmsgbot> !log reedy synchronized wmf-config/abusefilter.php  'bug 29922 Remove abusefilter-private right so it cannot be accidentally granted'
<morebots> Logged the message, Master
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links