Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F34688364
T293341.patch
Redmin (Radman Siddiki)
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Authored By
Redmin
Oct 14 2021, 10:46 AM
2021-10-14 10:46:12 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
T293341.patch
View Options
diff --git a/extension.json b/extension.json
index a72ccc4..ce2460d 100644
--- a/extension.json
+++ b/extension.json
@@ -1,7 +1,7 @@
{
"name": "MassEditRegex",
"namemsg": "masseditregex-extensionname",
- "version": "8.4.0",
+ "version": "8.4.1",
"author": [
"Adam Nielsen",
"..."
diff --git a/includes/MassEditRegexSpecialPage.php b/includes/MassEditRegexSpecialPage.php
index 9d34af6..97ae7e5 100644
--- a/includes/MassEditRegexSpecialPage.php
+++ b/includes/MassEditRegexSpecialPage.php
@@ -264,7 +264,11 @@ class MassEditRegexSpecialPage extends SpecialPage {
);
if ( $request->wasPosted() ) {
- $this->perform( !$request->getCheck( 'wpSave' ) );
+ if ( $getuser->matchEditToken( $request->getVal( 'wpEditToken' ) ) ) {
+ $this->perform( !$request->getCheck( 'wpSave' ) );
+ } else {
+ $out->addWikiMsg( 'sessionfailure' );
+ }
} else {
$this->showForm();
$this->showHints();
@@ -408,6 +412,13 @@ class MassEditRegexSpecialPage extends SpecialPage {
' [' . $this->msg( 'accesskey-preview' )->text() . ']',
] ) .
+ Xml::element( 'input', [
+ 'id' => 'wpEditToken',
+ 'name' => 'wpEditToken',
+ 'type' => 'hidden',
+ 'value' => $getuser->getEditToken(),
+ ] ) .
+
Xml::tags( 'span',
[
'style' => 'margin-left: 1em;'
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9205080
Default Alt Text
T293341.patch (1 KB)
Attached To
Mode
T293341: MassEditRegex is Vulnerable to CSRF Attacks (CVE-2021-46147)
Attached
Detach File
Event Timeline
Log In to Comment