01-T169545-master.patch
Reedy (Sam Reed)
Actions

Authored By

	Reedy
	Jul 7 2018, 5:54 PM

Size

1 KB

Referenced Files

None

Subscribers

None

01-T169545-master.patch
View Options

	From efabe4d009fe403b63f388078f6db8b750fbde42 Mon Sep 17 00:00:00 2001
	From: Chad Horohoe <chadh@wikimedia.org>
	Date: Tue, 13 Mar 2018 18:43:30 +0000
	Subject: [PATCH] SECURITY: Make 'newbie' limit in $wgRateLimits really
	override 'user' limit

	The order of operations was incorrect.

	Bug: T169545
	Change-Id: Ia910aa2a494914d3b0017daac9ab294ea9fa8705
	---
	includes/user/User.php \| 9 +++++----
	1 file changed, 5 insertions(+), 4 deletions(-)

	diff --git a/includes/user/User.php b/includes/user/User.php
	index ab791b4caa..d82ae7f4fc 100644
	--- a/includes/user/User.php
	+++ b/includes/user/User.php
	@@ -2104,10 +2104,6 @@ class User implements IDBAccessObject, UserIdentity {
	if ( isset( $limits['user'] ) ) {
	$userLimit = $limits['user'];
	}
	- // limits for newbie logged-in users
	- if ( $isNewbie && isset( $limits['newbie'] ) ) {
	- $keys[$cache->makeKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
	- }
	}

	// limits for anons and for newbie logged-in users
	@@ -2139,6 +2135,11 @@ class User implements IDBAccessObject, UserIdentity {
	}
	}

	+ // limits for newbie logged-in users (override all the normal user limits)
	+ if ( $id !== 0 && $isNewbie && isset( $limits['newbie'] ) ) {
	+ $userLimit = $limits['newbie'];
	+ }
	+
	// Set the user limit key
	if ( $userLimit !== false ) {
	list( $max, $period ) = $userLimit;
	--
	2.11.0

Attached To	Mode
T181665: Tracking bug for 1.27.5/1.29.3/1.30.1/1.31.1 security release	Attached	Detach File
T169545: $wgRateLimits (rate limit / ping limiter) entry for 'user' overrides that for 'newbie' (CVE-2018-0503)	Attached	Detach File