HomePhabricator
Diffusion MediaWiki 82b5dd2803ac

SECURITY: Fix permissions check in action=rollback (CVE-2021-45038)
82b5dd2803acUnpublished
Actions

Unpublished Commit · Learn More

  • Publishing Disabled: All publishing is disabled for this repository.
  • Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

SECURITY: Fix permissions check in action=rollback (CVE-2021-45038)

Because RollbackAction (as of 0a8403271109) overrided
FormAction::show(), it was no longer checking that the user had the
"rollback" userright. This restores that check, so people without the
"rollback" right will not be able to even get to the rollback form.

Then escape the user-supplied "from" parameter so it can't be used to
reveal the contents of other pages through transclusion, e.g.
"{{:Secret}}". wfEscapeWikiText() is also good practice for usernames in
general, as they can contain markup like bullets or single quotes that
affect output.

Bug: T297574
Change-Id: I7424f67f1217482b977f9617f0275c41fb94b60f

Details

Provenance
LegoktmAuthored on Dec 13 2021, 2:38 AM
ReedyCommitted on Dec 15 2021, 5:29 PM
Parents
rMW1b10092da181: SECURITY: Fix permissions checks in undo actions
Branches
Unknown
Tags
Unknown
ChangeId
I7424f67f1217482b977f9617f0275c41fb94b60f

Event Timeline

Changes (1)

PathSize
includes/
actions/

rMW82b5dd2803ac

View Options

includes/actions/RollbackAction.php

Loading...
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL