wikimedia/mediawiki-extensions-AbuseFilter
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter.git synced 2024-11-23 21:53:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: Use an anonymous user as creator for autocreations

Browse source 
This is saner, and allows consequences such as blocks to go through.

Bug: T272244
Change-Id: Ie1f4333d5b1c9d17fb2236fe38a31de427a4cc48
This commit is contained in:
Daimona Eaytoy 2021-01-17 17:16:46 +01:00 committed by sbassett
parent 6d2cf467fc
commit ddb06aa783
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
includes/AbuseFilterPreAuthenticationProvider.php
View file

@ -29,14 +29,15 @@ class AbuseFilterPreAuthenticationProvider extends AbstractPreAuthenticationProv
public function testUserForCreation( $user, $autocreate, array $options = [] ) {
// if this is not an autocreation, testForAccountCreation already handled it
if ( $autocreate ) {
return $this->testUser( $user, $user, true );
// FIXME Using the constructor directly here a bit hacky but needed for T272244
return $this->testUser( $user, new User, true );
}
return StatusValue::newGood();
}
/**
* @param User $user The user being created or autocreated
* @param User $creator The user who caused $user to be created (or $user itself on autocreation)
* @param User $creator The user who caused $user to be created (can be anonymous)
* @param bool $autocreate Is this an autocreation?
* @return StatusValue
*/