0001-SECURITY-Fix-check-for-override-antispoof-permission.patch
matmarex (Bartosz Dziewoński)
Actions

Authored By

	• matmarex
	Mar 17 2022, 10:44 PM

Size

1 KB

Referenced Files

None

Subscribers

None

0001-SECURITY-Fix-check-for-override-antispoof-permission.patch
View Options

	From f025a5dc92213d160401367eb7892a71b792171b Mon Sep 17 00:00:00 2001
	From: =?UTF-8?q?Bartosz=20Dziewo=C5=84ski?= <matma.rex@gmail.com>
	Date: Thu, 17 Mar 2022 23:42:51 +0100
	Subject: [PATCH] [SECURITY] Fix check for 'override-antispoof' permission

	Bug: T304126
	Change-Id: Id8c4e2e336695ce70ccdf8a51ad729bf4a99f8f7
	---
	includes/AntiSpoofPreAuthenticationProvider.php \| 2 +-
	1 file changed, 1 insertion(+), 1 deletion(-)

	diff --git a/includes/AntiSpoofPreAuthenticationProvider.php b/includes/AntiSpoofPreAuthenticationProvider.php
	index eb897c1..1b6810f 100644
	--- a/includes/AntiSpoofPreAuthenticationProvider.php
	+++ b/includes/AntiSpoofPreAuthenticationProvider.php
	@@ -142,7 +142,7 @@ class AntiSpoofPreAuthenticationProvider extends AbstractPreAuthenticationProvid
	// For "cancreate" checks via the API, test if the current user could
	// create the username.
	if ( $this->antiSpoofAccounts && !$autocreate && empty( $options['creating'] ) &&
	- $this->permissionManager->userHasAnyRight( RequestContext::getMain()->getUser(), 'override-antispoof' )
	+ !$this->permissionManager->userHasAnyRight( RequestContext::getMain()->getUser(), 'override-antispoof' )
	) {
	$sv->merge( $this->testUserInternal( $user, false, new NullLogger ) );
	}
	--
	2.28.0.windows.1

Mime Type: text/x-diff
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 9377159
Default Alt Text: 0001-SECURITY-Fix-check-for-override-antispoof-permission.patch (1 KB)