wikimedia/mediawiki-extensions-AbuseFilter
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter.git synced 2024-11-24 06:03:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
Mirror of https://gerrit.wikimedia.org/g/mediawiki/extensions/AbuseFilter
7412 commits 196 branches 0 tags 100 MiB
PHP 92.3%
JavaScript 6.1%
Terra 0.6%
Raku 0.5%
Less 0.3%
Other 0.1%
Go to file
Dreamy Jazz 233a4f1b31 SECURITY: abusefiltercheckmatch: Check if user can see log details 
CVE-2024-PENDING

Why:
* The 'abusefiltercheckmatch' API allows callers to match
  arbitary filter conditions against existing AbuseFilter logs
* The API does not check if the performer has the ability to
  see the log details for the given filter, so can allow a user
  to bypass hidden and protected visibility settings.

What:
* Call AbuseFilterPermissionManager::canSeeLogDetailsForFilter
  before attempting to match a filter against a given AbuseFilter
  log.
* Add a test to verify that this security fix works.

Bug: T372998
Change-Id: I4a2467dc4e0d1f8401d5428a89c7f6d6ebcdfa70
2024-10-01 00:18:18 +01:00
.phan Use HookHandlers for UserMerge hook 2023-08-16 09:44:30 +02:00
db_patches Drop some ancient schema changes 2023-12-22 02:07:48 +00:00
i18n Localisation updates from https://translatewiki.net. 2024-09-26 07:56:47 +02:00
includes SECURITY: abusefiltercheckmatch: Check if user can see log details 2024-10-01 00:18:18 +01:00
maintenance maintenance: Remove reference to cleanupUsersWithNoId.php 2024-06-13 11:51:57 +00:00
modules Remove $wgAbuseFilterBlockedExternalDomainsNotification and related code 2024-02-20 23:01:02 +00:00
tests SECURITY: abusefiltercheckmatch: Check if user can see log details 2024-10-01 00:18:18 +01:00
.eslintignore build: Update linters 2023-11-08 14:05:03 +00:00
.eslintrc.json build: Update linters 2022-03-17 22:19:08 +00:00
.gitignore Add config for Selenium and basic tests 2019-09-17 16:23:07 +00:00
.gitreview Whoops, track not trace 2016-10-24 17:01:30 -07:00
.phpcs.xml build: Updating mediawiki/mediawiki-codesniffer to 43.0.0 2024-03-16 18:53:05 +00:00
.stylelintrc.json build: Update linters 2023-11-08 14:05:03 +00:00
AbuseFilter.alias.php Add new special page aliases for Chinese variants 2024-06-30 16:02:17 +08:00
CODE_OF_CONDUCT.md build: Updating mediawiki/phan-taint-check-plugin to 1.4.0 2018-09-01 05:29:54 +00:00
composer.json build: Updating dependencies 2024-03-30 13:14:05 +00:00
COPYING Add COPYING 2014-01-22 21:21:10 +00:00
extension.json logging: Inject services into AbuseLogHitFormatter 2024-03-29 21:53:34 +01:00
Gruntfile.js build: Run stylelint for less file 2023-11-28 20:06:41 +01:00
package-lock.json build: Updating micromatch to 4.0.8 2024-08-25 21:49:27 +00:00
package.json build: Updating dependencies 2024-03-30 13:14:05 +00:00