mirror of
https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter.git
synced 2024-11-27 15:30:42 +00:00
48b26792a9
CVE-2024-PENDING Why: * The 'abusefiltercheckmatch' API allows callers to match arbitary filter conditions against existing AbuseFilter logs * The API does not check if the performer has the ability to see the log details for the given filter, so can allow a user to bypass hidden and protected visibility settings. What: * Call AbuseFilterPermissionManager::canSeeLogDetailsForFilter before attempting to match a filter against a given AbuseFilter log. * Add a test to verify that this security fix works. Bug: T372998 Change-Id: I4a2467dc4e0d1f8401d5428a89c7f6d6ebcdfa70 |
||
---|---|---|
.phan | ||
db_patches | ||
i18n | ||
includes | ||
maintenance | ||
modules | ||
tests | ||
.eslintignore | ||
.eslintrc.json | ||
.gitignore | ||
.gitreview | ||
.phpcs.xml | ||
.stylelintrc.json | ||
AbuseFilter.alias.php | ||
CODE_OF_CONDUCT.md | ||
composer.json | ||
COPYING | ||
extension.json | ||
Gruntfile.js | ||
package-lock.json | ||
package.json | ||
quibble.yaml |