Page MenuHomePhabricator
Files F18103230

0002-SECURITY-Special-BotPasswords-should-reauthenticate.patch
Anomie
Actions

Authored By
Anomie
May 9 2018, 7:25 PM
Size
1 KB
Referenced Files
None
Subscribers
None

0002-SECURITY-Special-BotPasswords-should-reauthenticate.patch
View Options

From aab2cb61140b2dcfb311764d95fa83d7a03ee35e Mon Sep 17 00:00:00 2001
From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Wed, 9 May 2018 15:14:38 -0400
Subject: [PATCH 2/2] SECURITY: Special:BotPasswords should reauthenticate
More specifically, it should reauthenticate when creating a bot password
or resetting the password. But we may as well do it for all accesses.
Bug: T193237
Change-Id: I9a38a3109492753fff1f33c0f280e5b0f1fc1a76
---
RELEASE-NOTES-1.32 | 1 +
includes/specials/SpecialBotPasswords.php | 4 ++++
2 files changed, 5 insertions(+)
diff --git a/RELEASE-NOTES-1.32 b/RELEASE-NOTES-1.32
index 9fd3161f1e..536f550992 100644
--- a/RELEASE-NOTES-1.32
+++ b/RELEASE-NOTES-1.32
@@ -17,6 +17,7 @@ production.
'html5-legacy' value for $wgFragmentMode is no longer accepted.
* The experimental Html5Internal and Html5Depurate tidy drivers were removed.
RemexHtml, which is the default, should be used instead.
+* Special:BotPasswords now requires reauthentication.
=== New features in 1.32 ===
* (T112474) Generalized the ResourceLoader mechanism for overriding modules
diff --git a/includes/specials/SpecialBotPasswords.php b/includes/specials/SpecialBotPasswords.php
index 7b2d1bcbfd..961ee1c558 100644
--- a/includes/specials/SpecialBotPasswords.php
+++ b/includes/specials/SpecialBotPasswords.php
@@ -51,6 +51,10 @@ class SpecialBotPasswords extends FormSpecialPage {
return $this->getConfig()->get( 'EnableBotPasswords' );
}
+ protected function getLoginSecurityLevel() {
+ return $this->getName();
+ }
+
/**
* Main execution point
* @param string|null $par
--
2.17.0

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
5807235
Default Alt Text
0002-SECURITY-Special-BotPasswords-should-reauthenticate.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL