T279090 (PS1).patch
Custom Policy
Actions

Authored By

	RhinosF1
	Apr 1 2021, 9:59 PM

Size

1 KB

Referenced Files

None

Subscribers

None

T279090 (PS1).patch
View Options

	From 8be2f348aa02a62d69fd6e13fa9e4a02e50b6751 Mon Sep 17 00:00:00 2001
	From: RhinosF1 <rhinosf1@gmail.com>
	Date: Thu, 1 Apr 2021 22:56:49 +0100
	Subject: [PATCH] SECURITY: Check permissions before job execution

	---
	src/ReplaceTextJob.php \| 8 +++++++-
	1 file changed, 7 insertions(+), 1 deletion(-)

	diff --git a/src/ReplaceTextJob.php b/src/ReplaceTextJob.php
	index a52b565..b92fd2d 100644
	--- a/src/ReplaceTextJob.php
	+++ b/src/ReplaceTextJob.php
	@@ -20,6 +20,7 @@
	* @author Ankit Garg
	*/

	+use MediaWiki\MediaWikiServices;
	use Wikimedia\ScopedCallback;

	/**
	@@ -41,6 +42,12 @@ class ReplaceTextJob extends Job {
	* @return bool success
	*/
	function run() {
	+ $current_user = User::newFromId( $this->params['user_id'] );
	+ $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
	+ if ( $permissionManager->userCan( ' replacetext ', $currentuser ) ) {
	+ $this->error('replacetext: permission no longer valid')
	+ return false;
	+ }
	if ( isset( $this->params['session'] ) ) {
	$callback = RequestContext::importScopedSession( $this->params['session'] );
	$this->addTeardownCallback( function () use ( &$callback ) {
	@@ -54,7 +61,6 @@ class ReplaceTextJob extends Job {
	}

	if ( array_key_exists( 'move_page', $this->params ) ) {
	- $current_user = User::newFromId( $this->params['user_id'] );
	$new_title = ReplaceTextSearch::getReplacedTitle(
	$this->title,
	$this->params['target_str'],
	--
	2.24.3 (Apple Git-128)

Attached To	Mode
T279090: CVE-2021-41801: ReplaceText continues performing actions if the user no longer has the correct permission (such as by being blocked)	Attached	Detach File

RhinosF1 updated the name for this file from "T279090.patch" to "T279090 (PS1).patch".Apr 1 2021, 10:20 PM