Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F35170013
0001-SECURITY-ApiEditPage-update-title-after-redirects.patch
taavi (Taavi Väänänen)
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
taavi
May 23 2022, 3:07 PM
2022-05-23 15:07:29 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
0001-SECURITY-ApiEditPage-update-title-after-redirects.patch
View Options
From dfbc22b7e83d154cf6db36c54481f89d4f2acf27 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Taavi=20V=C3=A4=C3=A4n=C3=A4nen?= <hi@taavi.wtf>
Date: Mon, 23 May 2022 18:06:11 +0300
Subject: [PATCH] SECURITY: ApiEditPage: update title after redirects
Otherwise permission checks are directed to the old title which makes it
possibly to bypass protection via redirects.
Bug: T309028
Change-Id: I157df365439b09416639e6ea2beefc01b60e6264
---
includes/api/ApiEditPage.php | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/includes/api/ApiEditPage.php b/includes/api/ApiEditPage.php
index 611fb8af70..37285a3792 100644
--- a/includes/api/ApiEditPage.php
+++ b/includes/api/ApiEditPage.php
@@ -162,8 +162,10 @@ class ApiEditPage extends ApiBase {
ApiResult::setIndexedTagName( $redirValues, 'r' );
$apiResult->addValue( null, 'redirects', $redirValues );
- // Since the page changed, update $pageObj
+ // Since the page changed, update $pageObj and $titleObj
$pageObj = $this->wikiPageFactory->newFromTitle( $redirTarget );
+ $titleObj = $pageObj->getTitle();
+
$this->getErrorFormatter()->setContextTitle( $redirTarget );
}
}
--
2.35.1
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9464684
Default Alt Text
0001-SECURITY-ApiEditPage-update-title-after-redirects.patch (1 KB)
Attached To
Mode
T309028: action=edit&redirect=true bypasses protection
Attached
Detach File
Event Timeline
Log In to Comment