Page MenuHomePhabricator
Files F20989629

0001-SECURITY-Enable-elevated-login-security-for-bot-pass.patch
Tgr (Gergő Tisza)
Actions

Authored By
Tgr
Jun 10 2018, 1:41 PM
Size
1 KB
Referenced Files
None
Subscribers
None

0001-SECURITY-Enable-elevated-login-security-for-bot-pass.patch
View Options

From f6209e2d115d733679553b65386660ee255203d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gerg=C5=91=20Tisza?= <tgr.huwiki@gmail.com>
Date: Sun, 10 Jun 2018 15:32:56 +0200
Subject: [PATCH] [SECURITY] Enable elevated login security for bot passwords
Prevent abuse of bot passwords as permanent back channels
after XSS-based account compromise by requesting reauthentication
before bot password management.
Bug: T194204
Change-Id: I18708e0f01069876794c900daf5850e668804bcc
---
includes/specials/SpecialBotPasswords.php | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/includes/specials/SpecialBotPasswords.php b/includes/specials/SpecialBotPasswords.php
index f03565a..d175937 100644
--- a/includes/specials/SpecialBotPasswords.php
+++ b/includes/specials/SpecialBotPasswords.php
@@ -57,6 +57,10 @@ class SpecialBotPasswords extends FormSpecialPage {
return $this->getConfig()->get( 'EnableBotPasswords' );
}
+ public function getLoginSecurityLevel() {
+ return 'BotPasswords';
+ }
+
/**
* Main execution point
* @param string|null $par
--
2.7.4

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
5973983
Default Alt Text
0001-SECURITY-Enable-elevated-login-security-for-bot-pass.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits