Page MenuHomePhabricator

T205908.patch

Authored By
DannyS712
Nov 2 2020, 12:59 PM
Size
2 KB
Referenced Files
None
Subscribers
None

T205908.patch

From a06be89c8a36788f9be79dd89ee4582bde53cee8 Mon Sep 17 00:00:00 2001
From: DannyS712 <dannys712.enwiki@gmail.com>
Date: Fri, 30 Oct 2020 16:32:08 -0400
Subject: [PATCH] SECURITY: Set a dummy title for Action buttons on Special:Log
If no title is set, the fallback is to use the main page,
as defined by MediaWiki:Mainpage
On wikis where the main page can be translated, MediaWiki:Mainpage
is sometimes set to use Special:MyLanguage to redirect to the
appropriate version. This is interpreted as a special page, and
ACtion::getActionName forces the action to be 'view' if the title
cannot be used as a WikiPage, which includes all pages in NS_SPECIAL.
Set a dummy title to avoid this. The title provided is unused
by the SpecialPageAction class and does not matter.
Bug: T205908
Change-Id: I0f0d2e592df96c9bad9001baede900f716433cfa
---
includes/specials/SpecialLog.php | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/includes/specials/SpecialLog.php b/includes/specials/SpecialLog.php
index b1cd601dc1b..983bd5c1e80 100644
--- a/includes/specials/SpecialLog.php
+++ b/includes/specials/SpecialLog.php
@@ -276,6 +276,18 @@ class SpecialLog extends SpecialPage {
$s .= Html::hidden( 'action', 'historysubmit' ) . "\n";
$s .= Html::hidden( 'type', 'logging' ) . "\n";
+ // If no title is set, the fallback is to use the main page, as defined
+ // by MediaWiki:Mainpage
+ // On wikis where the main page can be translated, MediaWiki:Mainpage
+ // is sometimes set to use Special:MyLanguage to redirect to the
+ // appropriate version. This is interpreted as a special page, and
+ // Action::getActionName forces the action to be 'view' if the title
+ // cannot be used as a WikiPage, which includes all pages in NS_SPECIAL.
+ // Set a dummy title to avoid this. The title provided is unused
+ // by the SpecialPageAction class and does not matter.
+ // See T205908
+ $s .= Html::hidden( 'title', 'Unused' ) . "\n";
+
$buttons = '';
if ( $canRevDelete ) {
$buttons .= Html::element(
--
2.28.0.windows.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
8603255
Default Alt Text
T205908.patch (2 KB)

Event Timeline