T270988-PS2.patch
taavi (Taavi Väänänen)
Actions

Authored By

	taavi
	Jan 1 2021, 10:57 AM

Size

1 KB

Referenced Files

None

Subscribers

None

T270988-PS2.patch
View Options

	From 0b5b9bd2918a9931260c42164a93852f4fe31e3f Mon Sep 17 00:00:00 2001
	From: DannyS712 <dannys712.enwiki@gmail.com>
	Date: Fri, 1 Jan 2021 12:40:41 +0200
	Subject: [PATCH] SECURITY: ContentModelChange: Check that user can create
	pages
	MIME-Version: 1.0
	Content-Type: text/plain; charset=UTF-8
	Content-Transfer-Encoding: 8bit

	Co-authored-by: Taavi Väänänen <hi@tassu.me>
	---
	includes/content/ContentModelChange.php \| 12 ++++++++++++
	1 file changed, 12 insertions(+)

	diff --git a/includes/content/ContentModelChange.php b/includes/content/ContentModelChange.php
	index f8becb3d40..b006c571b8 100644
	--- a/includes/content/ContentModelChange.php
	+++ b/includes/content/ContentModelChange.php
	@@ -112,7 +112,19 @@ class ContentModelChange {
	$titleWithNewContentModel->setContentModel( $this->newModel );

	$pm = $this->permManager;
	+
	+ $creationErrors = [];
	+ if ( !$current->exists() ) {
	+ $creationAction = $current->isTalkPage() ? 'createtalk' : 'createpage';
	+ $creationErrors = wfMergeErrorArrays(
	+ $pm->getPermissionErrors( $creationAction, $user, $current ),
	+ $pm->getPermissionErrors( 'create', $user, $current )
	+ );
	+ }
	+
	$errors = wfMergeErrorArrays(
	+ // Potentially include creation errors, if applicable
	+ $creationErrors,
	// edit the contentmodel of the page
	$pm->getPermissionErrors( 'editcontentmodel', $user, $current ),
	// edit the page under the old content model
	--
	2.20.1