wikimedia/mediawiki-extensions-AbuseFilter
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter.git synced 2024-11-23 21:53:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
mediawiki-extensions-AbuseF.../tests
History
Dreamy Jazz 48b26792a9 SECURITY: abusefiltercheckmatch: Check if user can see log details 
CVE-2024-PENDING

Why:
* The 'abusefiltercheckmatch' API allows callers to match
  arbitary filter conditions against existing AbuseFilter logs
* The API does not check if the performer has the ability to
  see the log details for the given filter, so can allow a user
  to bypass hidden and protected visibility settings.

What:
* Call AbuseFilterPermissionManager::canSeeLogDetailsForFilter
  before attempting to match a filter against a given AbuseFilter
  log.
* Add a test to verify that this security fix works.

Bug: T372998
Change-Id: I4a2467dc4e0d1f8401d5428a89c7f6d6ebcdfa70
2024-10-01 00:18:55 +01:00
..
parserTests Support named capturing groups in get_matches() 2024-09-07 11:25:48 +00:00
parserTestsEquivset
phpunit SECURITY: abusefiltercheckmatch: Check if user can see log details 2024-10-01 00:18:55 +01:00
selenium Update Selenium tests to obtain correctly element 2024-09-20 14:40:46 -07:00