Page MenuHomePhabricator

02-T272386-REL1_31.patch

Authored By
Reedy
Apr 5 2021, 12:13 AM
Size
959 B
Referenced Files
None
Subscribers
None

02-T272386-REL1_31.patch

From 7c48fe67a7c9c0bfed584069321cc44ca7dbdbda Mon Sep 17 00:00:00 2001
From: Tim Starling <tstarling@wikimedia.org>
Date: Thu, 28 Jan 2021 05:50:00 +0000
Subject: [PATCH] SECURITY: Non-admin deleted enwiki page in fast double move
Bug: T272386
---
includes/MovePage.php | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/includes/MovePage.php b/includes/MovePage.php
index 1e9570d2f7..7790769596 100644
--- a/includes/MovePage.php
+++ b/includes/MovePage.php
@@ -118,7 +118,9 @@ class MovePage {
# The move is allowed only if (1) the target doesn't exist, or
# (2) the target is a redirect to the source, and has no history
# (so we can undo bad moves right after they're done).
- if ( $this->newTitle->getArticleID() && !$this->isValidMoveTarget() ) {
+ if ( $this->newTitle->getArticleID( Title::READ_LATEST /* T272386 */ )
+ && !$this->isValidMoveTarget()
+ ) {
$status->fatal( 'articleexists' );
}
--
2.27.0

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
8965936
Default Alt Text
02-T272386-REL1_31.patch (959 B)

Event Timeline