wikimedia/mediawiki-extensions-AbuseFilter
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter.git synced 2024-11-27 15:30:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: Avoid database for MediaWiki:Abusefilter-blocker fallback

Browse source 
If the content language is English and the message is invalid as
a username, or the content language is not English and both the
content language version and the English version are invalid, the
user in FilterUser would not be created - now, avoid the onwiki
version of the English message in the fallback, so it could only
be invalid if the default in the i18n files was invalid.

Bug: T284364
Change-Id: I9e9f44b7663e810de70fb9ac7f6760f83dd4895b
This commit is contained in:
DannyS712 2021-06-06 04:58:31 -07:00 committed by sbassett
parent 2b1de9ef11
commit 71bf9faf49
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
includes/FilterUser.php
View file

@ -51,7 +51,11 @@ class FilterUser {
);
// Use the default name to avoid breaking other stuff. This should have no harm,
// aside from blocks temporarily attributed to another user.
$defaultName = $this->messageLocalizer->msg( 'abusefilter-blocker' )->inLanguage( 'en' )->text();
// Don't use the database in case the English onwiki message is broken, T284364
$defaultName = $this->messageLocalizer->msg( 'abusefilter-blocker' )
->inLanguage( 'en' )
->useDatabase( false )
->text();
$user = User::newSystemUser( $defaultName, [ 'steal' => true ] );
}
'@phan-var User $user';