Page MenuHomePhabricator

04-T270998-REL1_35.patch

Authored By
Reedy
Apr 5 2021, 12:11 AM
Size
1 KB
Referenced Files
None
Subscribers
None

04-T270998-REL1_35.patch

From ddc3ec04af4f7bc6ba7c86ec1a770c00431cc799 Mon Sep 17 00:00:00 2001
From: DannyS712 <dannys712.enwiki@gmail.com>
Date: Fri, 1 Jan 2021 12:40:41 +0200
Subject: [PATCH] SECURITY: ContentModelChange: Check that user can create
pages
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Co-authored-by: Taavi Väänänen <hi@tassu.me>
Change-Id: I2e3b79f36fa7c0a3ec4130de0ae9c68104cb3fdd
---
includes/content/ContentModelChange.php | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/includes/content/ContentModelChange.php b/includes/content/ContentModelChange.php
index f8becb3d40..801b39463b 100644
--- a/includes/content/ContentModelChange.php
+++ b/includes/content/ContentModelChange.php
@@ -112,7 +112,15 @@ class ContentModelChange {
$titleWithNewContentModel->setContentModel( $this->newModel );
$pm = $this->permManager;
+
+ $creationErrors = [];
+ if ( !$current->exists() ) {
+ $creationErrors = $pm->getPermissionErrors( 'create', $user, $current );
+ }
+
$errors = wfMergeErrorArrays(
+ // Potentially include creation errors, if applicable
+ $creationErrors,
// edit the contentmodel of the page
$pm->getPermissionErrors( 'editcontentmodel', $user, $current ),
// edit the page under the old content model
--
2.20.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
8965934
Default Alt Text
04-T270998-REL1_35.patch (1 KB)

Event Timeline