T279090-PS6.patch
Reedy (Sam Reed)
Actions

Authored By

	Reedy
	Sep 30 2021, 3:33 PM

Size

1 KB

Referenced Files

None

Subscribers

None

T279090-PS6.patch
View Options

	From 8d703388b21c9c747f0d23354d38535833d26129 Mon Sep 17 00:00:00 2001
	From: RhinosF1 <rhinosf1@gmail.com>
	Date: Wed, 21 Apr 2021 14:16:18 -0500
	Subject: [PATCH] SECURITY: Check permissions before job execution

	CVE-2021-41801

	Bug: T279090
	Change-Id: Ibc299edf626ca9aa1cd9d83b888820f5aca9af7c
	---
	src/Job.php \| 12 +++++++++++-
	1 file changed, 11 insertions(+), 1 deletion(-)

	diff --git a/src/Job.php b/src/Job.php
	index b892520..800ae40 100644
	--- a/src/Job.php
	+++ b/src/Job.php
	@@ -51,6 +51,17 @@ class Job extends JobParent {
	* @return bool success
	*/
	function run() {
	+ // T279090
	+ $current_user = User::newFromId( $this->params['user_id'] );
	+ $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
	+ if ( !$permissionManager->userCan(
	+ 'replacetext', $current_user, $this->title
	+ ) ) {
	+ $this->error = 'replacetext: permission no longer valid';
	+ // T279090#6978214
	+ return true;
	+ }
	+
	if ( isset( $this->params['session'] ) ) {
	$callback = RequestContext::importScopedSession( $this->params['session'] );
	$this->addTeardownCallback( static function () use ( &$callback ) {
	@@ -64,7 +75,6 @@ class Job extends JobParent {
	}

	if ( array_key_exists( 'move_page', $this->params ) ) {
	- $current_user = User::newFromId( $this->params['user_id'] );
	$new_title = Search::getReplacedTitle(
	$this->title,
	$this->params['target_str'],
	--
	2.30.1 (Apple Git-130)