Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F34123062
01-REL1_31-T275669.patch
sbassett (Scott Bassett)
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
sbassett
Feb 25 2021, 10:30 PM
2021-02-25 22:30:35 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
01-REL1_31-T275669.patch
View Options
From 36a648fa76822fbb93be064a84eabaef401caf55 Mon Sep 17 00:00:00 2001
From: sbassett <sbassett@wikimedia.org>
Date: Thu, 25 Feb 2021 16:13:59 -0600
Subject: [PATCH] SECURITY: Trim cul_target_text in LogPager
Due to a separate bug, cul_target_text is not guaranteed
to not contain trailing spaces. As such, we need to trim it
to get rid of the trailing spaces.
Bug: T275669
Change-Id: I95402e04e0f2b1f7d1efd25fff65e2bfed519195
---
includes/CheckUserLogPager.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/includes/CheckUserLogPager.php b/includes/CheckUserLogPager.php
index cd175b2..57002cd 100644
--- a/includes/CheckUserLogPager.php
+++ b/includes/CheckUserLogPager.php
@@ -24,7 +24,7 @@ class CheckUserLogPager extends ReverseChronologicalPager {
if ( $row->cul_type == 'userips' || $row->cul_type == 'useredits' ) {
$target = Linker::userLink( $row->cul_target_id, $row->cul_target_text ) .
- Linker::userToolLinks( $row->cul_target_id, $row->cul_target_text );
+ Linker::userToolLinks( $row->cul_target_id, trim( $row->cul_target_text ) );
} else {
$target = $row->cul_target_text;
}
--
2.28.0
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
8901766
Default Alt Text
01-REL1_31-T275669.patch (1 KB)
Attached To
Mode
T275669: Checkuser stores users to cu_log with trailing spaces, allowing all CUs to turn off Special:CheckuserLog at will (CVE-2021-31553)
Attached
Detach File
Event Timeline
Log In to Comment