Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F34251708
02-T272386-REL1_35.patch
Reedy (Sam Reed)
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
Reedy
Apr 5 2021, 12:13 AM
2021-04-05 00:13:23 (UTC+0)
Size
1022 B
Referenced Files
None
Subscribers
None
02-T272386-REL1_35.patch
View Options
From da38d057d3ec5e5655335a723b451d81ad600a13 Mon Sep 17 00:00:00 2001
From: Tim Starling <tstarling@wikimedia.org>
Date: Thu, 28 Jan 2021 05:50:00 +0000
Subject: [PATCH] SECURITY: Non-admin deleted enwiki page in fast double move
Bug: T272386
---
includes/MovePage.php | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/includes/MovePage.php b/includes/MovePage.php
index a5d0af4a10..7c4c3d4049 100644
--- a/includes/MovePage.php
+++ b/includes/MovePage.php
@@ -216,7 +216,9 @@ class MovePage {
if ( $this->oldTitle->equals( $this->newTitle ) ) {
$status->fatal( 'selfmove' );
- } elseif ( $this->newTitle->getArticleID() && !$this->isValidMoveTarget() ) {
+ } elseif ( $this->newTitle->getArticleID( Title::READ_LATEST /* T272386 */ )
+ && !$this->isValidMoveTarget()
+ ) {
// The move is allowed only if (1) the target doesn't exist, or (2) the target is a
// redirect to the source, and has no history (so we can undo bad moves right after
// they're done).
--
2.27.0
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
8965935
Default Alt Text
02-T272386-REL1_35.patch (1022 B)
Attached To
Mode
T272386: CVE-2021-30159: Non-admin deleted enwiki page in fast double move
Attached
Detach File
T270459: Tracking bug for MediaWiki 1.31.13/1.35.2
Attached
Detach File
Event Timeline
Log In to Comment