0001-SECURITY-ApiEditPage-update-title-after-redirects.patch
taavi (Taavi Väänänen)
Actions

Authored By

	taavi
	May 23 2022, 3:07 PM

Size

1 KB

Referenced Files

None

Subscribers

None

0001-SECURITY-ApiEditPage-update-title-after-redirects.patch
View Options

	From dfbc22b7e83d154cf6db36c54481f89d4f2acf27 Mon Sep 17 00:00:00 2001
	From: =?UTF-8?q?Taavi=20V=C3=A4=C3=A4n=C3=A4nen?= <hi@taavi.wtf>
	Date: Mon, 23 May 2022 18:06:11 +0300
	Subject: [PATCH] SECURITY: ApiEditPage: update title after redirects

	Otherwise permission checks are directed to the old title which makes it
	possibly to bypass protection via redirects.

	Bug: T309028
	Change-Id: I157df365439b09416639e6ea2beefc01b60e6264
	---
	includes/api/ApiEditPage.php \| 4 +++-
	1 file changed, 3 insertions(+), 1 deletion(-)

	diff --git a/includes/api/ApiEditPage.php b/includes/api/ApiEditPage.php
	index 611fb8af70..37285a3792 100644
	--- a/includes/api/ApiEditPage.php
	+++ b/includes/api/ApiEditPage.php
	@@ -162,8 +162,10 @@ class ApiEditPage extends ApiBase {
	ApiResult::setIndexedTagName( $redirValues, 'r' );
	$apiResult->addValue( null, 'redirects', $redirValues );

	- // Since the page changed, update $pageObj
	+ // Since the page changed, update $pageObj and $titleObj
	$pageObj = $this->wikiPageFactory->newFromTitle( $redirTarget );
	+ $titleObj = $pageObj->getTitle();
	+
	$this->getErrorFormatter()->setContextTitle( $redirTarget );
	}
	}
	--
	2.35.1

Mime Type: text/x-diff
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 9464684
Default Alt Text: 0001-SECURITY-ApiEditPage-update-title-after-redirects.patch (1 KB)