Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F36825517
01-T278365.patch
dduvall (Dan Duvall)
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
dduvall
Feb 14 2023, 6:12 PM
2023-02-14 18:12:10 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
01-T278365.patch
View Options
From f9cb69d8c83935245db3118f068cfafe258830ec Mon Sep 17 00:00:00 2001
From: Dreamy Jazz <dreamyjazzwikipedia@gmail.com>
Date: Sun, 29 Jan 2023 22:55:29 +0000
Subject: [PATCH] SECURITY: Security: Make the target safe before running a
check in the API
Make the target safe by passing it through Title::makeSafe before
running a check in the API. This is needed because the CheckUserLog
will throw an error if a title with unsafe characters is used (such
as the underscore).
Bug: T278365
Change-Id: Iee67d24a1f1bf1e044b95cdb0cf9bd66b44c085a
---
src/Api/ApiQueryCheckUser.php | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/Api/ApiQueryCheckUser.php b/src/Api/ApiQueryCheckUser.php
index 7058786f..dcaa21eb 100644
--- a/src/Api/ApiQueryCheckUser.php
+++ b/src/Api/ApiQueryCheckUser.php
@@ -13,6 +13,7 @@ use MediaWiki\MediaWikiServices;
use MediaWiki\Revision\RevisionLookup;
use MediaWiki\Revision\RevisionRecord;
use MediaWiki\User\UserIdentityLookup;
+use Title;
use Wikimedia\IPUtils;
use Wikimedia\ParamValidator\ParamValidator;
use Wikimedia\ParamValidator\TypeDef\IntegerDef;
@@ -82,6 +83,9 @@ class ApiQueryCheckUser extends ApiQueryBase {
$this->dieWithError( 'apierror-checkuser-timelimit', 'invalidtime' );
}
+ $targetTitle = Title::makeTitleSafe( NS_USER, $target );
+ $target = $targetTitle ? $targetTitle->getText() : '';
+
$commentQuery = $this->commentStore->getJoin( 'cuc_comment' );
$this->addTables( [ 'cu_changes', 'actor_cuc_user' => 'actor' ] );
--
2.20.1
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
10712352
Default Alt Text
01-T278365.patch (1 KB)
Attached To
Mode
T278365: CVE-2023-29138: Using checkuser api module with bad user name can still break Special:CheckUserLog even after security fixes
Attached
Detach File
Event Timeline
Log In to Comment