wikimedia/mediawiki-extensions-AbuseFilter
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter.git synced 2024-11-23 13:46:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
Mirror of https://gerrit.wikimedia.org/g/mediawiki/extensions/AbuseFilter
7689 commits 196 branches 0 tags 100 MiB
PHP 92.3%
JavaScript 6.1%
Terra 0.6%
Raku 0.5%
Less 0.3%
Other 0.1%
Go to file
Dreamy Jazz 48b26792a9 SECURITY: abusefiltercheckmatch: Check if user can see log details 
CVE-2024-PENDING

Why:
* The 'abusefiltercheckmatch' API allows callers to match
  arbitary filter conditions against existing AbuseFilter logs
* The API does not check if the performer has the ability to
  see the log details for the given filter, so can allow a user
  to bypass hidden and protected visibility settings.

What:
* Call AbuseFilterPermissionManager::canSeeLogDetailsForFilter
  before attempting to match a filter against a given AbuseFilter
  log.
* Add a test to verify that this security fix works.

Bug: T372998
Change-Id: I4a2467dc4e0d1f8401d5428a89c7f6d6ebcdfa70
2024-10-01 00:18:55 +01:00
.phan phan: Update config to load ConfirmEdit 2024-05-05 11:02:07 +03:00
db_patches Drop af_user(_text) and afh_user(_text) fields 2024-06-10 18:48:21 +02:00
i18n Localisation updates from https://translatewiki.net. 2024-09-30 09:20:19 +02:00
includes SECURITY: abusefiltercheckmatch: Check if user can see log details 2024-10-01 00:18:55 +01:00
maintenance Specify caller in DB queries 2024-09-11 15:20:11 +02:00
modules More effective use of LESS 2024-08-07 09:26:42 +03:30
tests SECURITY: abusefiltercheckmatch: Check if user can see log details 2024-10-01 00:18:55 +01:00
.eslintignore build: Update linters 2023-11-08 14:05:03 +00:00
.eslintrc.json build: Update linters 2022-03-17 22:19:08 +00:00
.gitignore Add config for Selenium and basic tests 2019-09-17 16:23:07 +00:00
.gitreview Whoops, track not trace 2016-10-24 17:01:30 -07:00
.phpcs.xml build: Updating mediawiki/mediawiki-codesniffer to 43.0.0 2024-03-16 18:53:05 +00:00
.stylelintrc.json build: Update linters 2023-11-08 14:05:03 +00:00
AbuseFilter.alias.php Add new special page aliases for Chinese variants 2024-06-30 15:55:02 +08:00
CODE_OF_CONDUCT.md build: Updating mediawiki/phan-taint-check-plugin to 1.4.0 2018-09-01 05:29:54 +00:00
composer.json build: Updating mediawiki/mediawiki-codesniffer to 44.0.0 2024-08-10 15:45:06 +00:00
COPYING Add COPYING 2014-01-22 21:21:10 +00:00
extension.json Bugfix: Fix minor issues with protected vars logging 2024-09-23 03:42:41 -07:00
Gruntfile.js build: Run stylelint for less file 2023-11-28 20:06:41 +01:00
package-lock.json build: Updating micromatch to 4.0.8 2024-08-24 14:37:14 +00:00
package.json build: Updating npm dependencies 2024-06-16 16:32:36 +00:00
quibble.yaml build: Add quibble.yaml and enable early warning bot feedback 2024-05-10 14:25:14 +02:00