Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F35238527
T302479-7.patch
abi_ (Abijeet Patro)
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
abi_
Jun 14 2022, 6:28 AM
2022-06-14 06:28:57 (UTC+0)
Size
6 KB
Referenced Files
None
Subscribers
None
T302479-7.patch
View Options
From 22e022c962e55a1e14984c0679ec0fbb3c59e050 Mon Sep 17 00:00:00 2001
From: Abijeet <abijeetpatro@gmail.com>
Date: Tue, 14 Jun 2022 11:43:39 +0530
Subject: [PATCH] Adds missing block checks to various pages and API
Checks were added for the following:
* Special:PageTranslation,
* Special:ManageMessageGroups
* ApiAggregateGroups,
* Translating a message group
* ManageGroupSynchronizationCacheActionApi
Bug: T302479
Change-Id: Ic2060215ba629acb90dc7ddc5d0bb016933198b9
---
api/ApiAggregateGroups.php | 4 ++
.../PageTranslationSpecialPage.php | 19 ++++++++++
...nageGroupSynchronizationCacheActionApi.php | 4 ++
.../ManageGroupsSpecialPage.php | 11 ++++++
tag/PageTranslationHooks.php | 37 +++++++++++++++----
5 files changed, 67 insertions(+), 8 deletions(-)
diff --git a/api/ApiAggregateGroups.php b/api/ApiAggregateGroups.php
index a0730344f..84986536a 100644
--- a/api/ApiAggregateGroups.php
+++ b/api/ApiAggregateGroups.php
@@ -23,6 +23,10 @@ class ApiAggregateGroups extends ApiBase {
public function execute() {
$this->checkUserRightsAny( self::$right );
+ $block = $this->getUser()->getBlock();
+ if ( $block && $block->isSitewide() ) {
+ $this->dieBlocked( $block );
+ }
$params = $this->extractRequestParams();
$action = $params['do'];
diff --git a/src/PageTranslation/PageTranslationSpecialPage.php b/src/PageTranslation/PageTranslationSpecialPage.php
index 637beb059..beae78286 100644
--- a/src/PageTranslation/PageTranslationSpecialPage.php
+++ b/src/PageTranslation/PageTranslationSpecialPage.php
@@ -13,6 +13,7 @@ use MediaWiki\Extension\Translate\Utilities\LanguagesMultiselectWidget;
use MediaWiki\Extension\TranslationNotifications\SpecialNotifyTranslators;
use MediaWiki\Languages\LanguageFactory;
use MediaWiki\Languages\LanguageNameUtils;
+use MediaWiki\MediaWikiServices;
use MediaWiki\Revision\RevisionRecord;
use MediaWiki\User\UserIdentity;
use Message;
@@ -34,6 +35,7 @@ use TranslatablePage;
use TranslateMetadata;
use TranslateUtils;
use TranslationsUpdateJob;
+use UserBlockedError;
use WebRequest;
use Wikimedia\Rdbms\IResultWrapper;
use WikiPage;
@@ -133,6 +135,23 @@ class PageTranslationSpecialPage extends SpecialPage {
return;
}
+ // Check for blocks
+ $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+ if ( $permissionManager->isBlockedFrom( $user, $title, !$request->wasPosted() ) ) {
+ $block = $user->getBlock();
+ if ( $block ) {
+ throw new UserBlockedError(
+ $block,
+ $user,
+ $this->getLanguage(),
+ $request->getIP()
+ );
+ }
+
+ throw new PermissionsError( 'pagetranslation', [ 'badaccess-group0' ] );
+
+ }
+
// Check token for all POST actions here
if ( $request->wasPosted() && !$user->matchEditToken( $request->getText( 'token' ) ) ) {
throw new PermissionsError( 'pagetranslation' );
diff --git a/src/Synchronization/ManageGroupSynchronizationCacheActionApi.php b/src/Synchronization/ManageGroupSynchronizationCacheActionApi.php
index 43d1bb0f5..e263dffcd 100644
--- a/src/Synchronization/ManageGroupSynchronizationCacheActionApi.php
+++ b/src/Synchronization/ManageGroupSynchronizationCacheActionApi.php
@@ -35,6 +35,10 @@ class ManageGroupSynchronizationCacheActionApi extends ApiBase {
public function execute() {
$this->checkUserRightsAny( self::RIGHT );
+ $block = $this->getUser()->getBlock();
+ if ( $block && $block->isSitewide() ) {
+ $this->dieBlocked( $block );
+ }
$params = $this->extractRequestParams();
$operation = $params['operation'];
diff --git a/src/Synchronization/ManageGroupsSpecialPage.php b/src/Synchronization/ManageGroupsSpecialPage.php
index f494cb353..b22b884d8 100644
--- a/src/Synchronization/ManageGroupsSpecialPage.php
+++ b/src/Synchronization/ManageGroupsSpecialPage.php
@@ -32,6 +32,7 @@ use SpecialPage;
use TextContent;
use Title;
use TranslateUtils;
+use UserBlockedError;
use WebRequest;
use Xml;
@@ -139,6 +140,16 @@ class ManageGroupsSpecialPage extends SpecialPage {
return;
}
+ $block = $user->getBlock();
+ if ( $block && $block->isSitewide() ) {
+ throw new UserBlockedError(
+ $block,
+ $user,
+ $this->getLanguage(),
+ $req->getIP()
+ );
+ }
+
$token = $req->getVal( 'token' );
if ( !$this->hasRight || !$user->matchEditToken( $token ) ) {
throw new PermissionsError( self::RIGHT );
diff --git a/tag/PageTranslationHooks.php b/tag/PageTranslationHooks.php
index e2a536ce5..4983dde3f 100644
--- a/tag/PageTranslationHooks.php
+++ b/tag/PageTranslationHooks.php
@@ -921,18 +921,18 @@ class PageTranslationHooks {
) {
$handle = new MessageHandle( $title );
- // Check only when someone tries to create translation units.
- // Allow editing units that become orphaned in regular use, so that
- // people can delete them or fix links or other issues in them.
- if ( $action !== 'create' || !$handle->isPageTranslation() ) {
- return true;
- }
-
$isValid = true;
$groupId = null;
+ $permissionTitleCheck = null;
if ( $handle->isValid() ) {
- $groupId = $handle->getGroup()->getId();
+ $group = $handle->getGroup();
+ $groupId = $group->getId();
+ if ( $group instanceof WikiPageMessageGroup ) {
+ $permissionTitleCheck = $group->getTitle();
+ } else {
+ $permissionTitleCheck = $handle->getTitle();
+ }
} else {
// Sometimes the message index can be out of date. Either the rebuild job failed or
// it just hasn't finished yet. Do a secondary check to make sure we are not
@@ -943,11 +943,32 @@ class PageTranslationHooks {
$translatablePage = self::checkTranslatablePageSlow( $title );
if ( $translatablePage ) {
$groupId = $translatablePage->getMessageGroupId();
+ $permissionTitleCheck = $translatablePage->getTitle();
} else {
$isValid = false;
}
}
+ if ( $permissionTitleCheck ) {
+ // Check for blocks
+ $permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+ if ( $permissionManager->isBlockedFrom( $user, $permissionTitleCheck ) ) {
+ $block = $user->getBlock();
+ if ( $block ) {
+ $error = new UserBlockedError( $block, $user );
+ $result = $error->getMessageObject()->parse();
+ return false;
+ }
+ }
+ }
+
+ // Check only when someone tries to create translation units.
+ // Allow editing units that become orphaned in regular use, so that
+ // people can delete them or fix links or other issues in them.
+ if ( $action !== 'create' || !$handle->isPageTranslation() ) {
+ return true;
+ }
+
if ( $isValid ) {
$error = self::getTranslationRestrictions( $handle, $groupId );
$result = $error ?: $result;
--
2.36.1
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9519667
Default Alt Text
T302479-7.patch (6 KB)
Attached To
Mode
T302479: CVE-2022-41345: Blocked users with "translation administrator" right are able to mark pages for translation
Attached
Detach File
Event Timeline
Log In to Comment