Page MenuHomePhabricator
Files F34400119

T280226.patch
Reedy (Sam Reed)
Actions

Authored By
Reedy
Apr 15 2021, 12:04 PM
Size
1 KB
Referenced Files
None
Subscribers
None

T280226.patch
View Options

From 970b81dd590eb41052759b9e900dd9489cdedf83 Mon Sep 17 00:00:00 2001
From: Reedy <reedy@wikimedia.org>
Date: Thu, 15 Apr 2021 12:59:01 +0100
Subject: [PATCH] SECURITY: Prevent blocked users from purging pages
Bug: T280226
Change-Id: Id783618e885998cddf45a4cfc7b2c19fd0c7e9f5
---
includes/actions/PurgeAction.php | 4 ----
includes/api/ApiPurge.php | 9 ++++++++-
2 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/includes/actions/PurgeAction.php b/includes/actions/PurgeAction.php
index 3adce7a5e2..bac4516279 100644
--- a/includes/actions/PurgeAction.php
+++ b/includes/actions/PurgeAction.php
@@ -33,10 +33,6 @@ class PurgeAction extends FormAction {
return 'purge';
}
- public function requiresUnblock() {
- return false;
- }
-
public function getDescription() {
return '';
}
diff --git a/includes/api/ApiPurge.php b/includes/api/ApiPurge.php
index bb1f3d3bf9..e5a6722225 100644
--- a/includes/api/ApiPurge.php
+++ b/includes/api/ApiPurge.php
@@ -31,6 +31,14 @@ class ApiPurge extends ApiBase {
* Purges the cache of a page
*/
public function execute() {
+ $user = $this->getUser();
+
+ // Fail early if the user is sitewide blocked.
+ $block = $user->getBlock();
+ if ( $block && $block->isSitewide() ) {
+ $this->dieBlocked( $block );
+ }
+
$params = $this->extractRequestParams();
$continuationManager = new ApiContinuationManager( $this, [], [] );
@@ -42,7 +50,6 @@ class ApiPurge extends ApiBase {
$pageSet->execute();
$result = $pageSet->getInvalidTitlesAndRevisions();
- $user = $this->getUser();
foreach ( $pageSet->getGoodTitles() as $title ) {
$r = [];
--
2.24.3 (Apple Git-128)

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9040337
Default Alt Text
T280226.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits