Page MenuHomePhabricator
Files F34251708

02-T272386-REL1_35.patch
Reedy (Sam Reed)
Actions

Authored By
Reedy
Apr 5 2021, 12:13 AM
Size
1022 B
Referenced Files
None
Subscribers
None

02-T272386-REL1_35.patch
View Options

From da38d057d3ec5e5655335a723b451d81ad600a13 Mon Sep 17 00:00:00 2001
From: Tim Starling <tstarling@wikimedia.org>
Date: Thu, 28 Jan 2021 05:50:00 +0000
Subject: [PATCH] SECURITY: Non-admin deleted enwiki page in fast double move
Bug: T272386
---
includes/MovePage.php | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/includes/MovePage.php b/includes/MovePage.php
index a5d0af4a10..7c4c3d4049 100644
--- a/includes/MovePage.php
+++ b/includes/MovePage.php
@@ -216,7 +216,9 @@ class MovePage {
if ( $this->oldTitle->equals( $this->newTitle ) ) {
$status->fatal( 'selfmove' );
- } elseif ( $this->newTitle->getArticleID() && !$this->isValidMoveTarget() ) {
+ } elseif ( $this->newTitle->getArticleID( Title::READ_LATEST /* T272386 */ )
+ && !$this->isValidMoveTarget()
+ ) {
// The move is allowed only if (1) the target doesn't exist, or (2) the target is a
// redirect to the source, and has no history (so we can undo bad moves right after
// they're done).
--
2.27.0

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
8965935
Default Alt Text
02-T272386-REL1_35.patch (1022 B)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL