Page MenuHomePhabricator

T197279.patch

Authored By
Bawolff
Jun 15 2018, 8:26 AM
Size
1 KB
Referenced Files
None
Subscribers
None

T197279.patch

From 990bb6be9ae5fe5c301363dbe661efb896b92b64 Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Fri, 15 Jun 2018 08:19:49 +0000
Subject: [PATCH] SECURITY: Fix reauth in Special:ChangeEmail
Previously you could bypass reauthentication by directly
POSTing to Special:ChangeEmail.
Bug: T197279
Change-Id: I674557351e0e91a8105c12ddf6cd30283aac9f7a
---
includes/specials/SpecialChangeEmail.php | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/includes/specials/SpecialChangeEmail.php b/includes/specials/SpecialChangeEmail.php
index c514300..cd720eb 100644
--- a/includes/specials/SpecialChangeEmail.php
+++ b/includes/specials/SpecialChangeEmail.php
@@ -54,14 +54,16 @@ class SpecialChangeEmail extends FormSpecialPage {
* @param string $par
*/
function execute( $par ) {
- $this->checkLoginSecurityLevel();
-
$out = $this->getOutput();
$out->disallowUserJs();
parent::execute( $par );
}
+ protected function getLoginSecurityLevel() {
+ return $this->getName();
+ }
+
protected function checkExecutePermissions( User $user ) {
if ( !AuthManager::singleton()->allowsPropertyChange( 'emailaddress' ) ) {
throw new ErrorPageError( 'changeemail', 'cannotchangeemail' );
--
2.8.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
6025486
Default Alt Text
T197279.patch (1 KB)

Event Timeline