mirror of
https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter.git
synced 2024-11-23 21:53:35 +00:00
48b26792a9
CVE-2024-PENDING Why: * The 'abusefiltercheckmatch' API allows callers to match arbitary filter conditions against existing AbuseFilter logs * The API does not check if the performer has the ability to see the log details for the given filter, so can allow a user to bypass hidden and protected visibility settings. What: * Call AbuseFilterPermissionManager::canSeeLogDetailsForFilter before attempting to match a filter against a given AbuseFilter log. * Add a test to verify that this security fix works. Bug: T372998 Change-Id: I4a2467dc4e0d1f8401d5428a89c7f6d6ebcdfa70 |
||
|---|---|---|
| .. | ||
| integration | ||
| unit | ||
| AbuseFilterConsequencesTest.php | ||
| AbuseFilterCreateAccountTestTrait.php | ||
| AbuseFilterFilterUserTest.php | ||
| AbuseFilterRowsAndFiltersTestTrait.php | ||
| AbuseFilterUploadTestTrait.php | ||
| ConsequenceGetMessageTestTrait.php | ||
| DegroupTest.php | ||
| LazyVariableComputerDBTest.php | ||
| RCVariableGeneratorTest.php | ||
| SchemaChangesHandlerTest.php | ||