SECURITY: Act like users don't exist if hidden from viewer (VE edit n…

…otices)

Applying the changes from the MediaWiki core patch for T120883
(Ife272a0eb1f3322bc8eb30ca803bd21801acba3e) to our duplicated
code implementing the same functionality.

Bug: T270453
Change-Id: I1b2de322aa0c69eb6d3b3ffadaed3fbaa3a58bca

includes/ApiVisualEditor.php

@@ -396,10 +396,15 @@ public function execute() {
 					);
 					$block = $targetUser->getBlock();
 
-					if (
-						!( $targetUser && $targetUser->isRegistered() ) &&
-						!$this->userNameUtils->isIP( $targetUsername )
+					$targetUserExists = ( $targetUser && $targetUser->isRegistered() );
+					if ( $targetUserExists && $targetUser->isHidden() &&
+						!$permissionManager->userHasRight( $user, 'hideuser' )
 					) {
+						// If the user exists, but is hidden, and the viewer cannot see hidden
+						// users, pretend like they don't exist at all. See T120883/T270453
+						$targetUserExists = false;
+					}
+					if ( !$targetUserExists && !User::isIP( $targetUsername ) ) {
 						// User does not exist
 						$notices['userpage-userdoesnotexist'] = "<div class=\"mw-userpage-userdoesnotexist error\">\n" .
 							$this->msg( 'userpage-userdoesnotexist', wfEscapeWikiText( $targetUsername ) )