wikimedia/mediawiki-extensions-AbuseFilter
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter.git synced 2024-11-14 09:44:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
mediawiki-extensions-AbuseF.../includes/Views
History
Martin Urbanec 5fd861365f SECURITY: Make sure provided filter id match provided history ID in history view 
AbuseFilterViewEdit does privilege checks based on filter ID,
and displays what is hidden under given history ID, but doesn't
make sure those two IDs actually belong to one filter.

That means user can easily change filter ID to a public
filter and view old versions of nowadays private filters.

Bug: T237887
Change-Id: Ic12790bd33982473f77551bde9599ed083a3e1f1
2019-11-14 15:53:14 -06:00
..
AbuseFilterView.php Use permissions accessors 2019-08-27 13:21:55 +02:00
AbuseFilterViewDiff.php SECURITY: Check visibility for each version in ViewDiff 2019-10-28 15:32:00 -05:00
AbuseFilterViewEdit.php SECURITY: Make sure provided filter id match provided history ID in history view 2019-11-14 15:53:14 -06:00
AbuseFilterViewExamine.php Mostly remove $wgUser 2019-08-27 13:20:37 +02:00
AbuseFilterViewHistory.php Use permissions accessors 2019-08-27 13:21:55 +02:00
AbuseFilterViewImport.php Use permissions accessors 2019-08-27 13:21:55 +02:00
AbuseFilterViewList.php Use PHP regexps instead of SQL to filter on Special:AbuseFilter 2019-11-01 11:26:17 +11:00
AbuseFilterViewRevert.php Remove usages of deprecated User methods 2019-10-30 12:51:01 +00:00
AbuseFilterViewTestBatch.php Move parser tests to /unit 2019-08-28 16:36:37 +00:00
AbuseFilterViewTools.php Don't show the form for restoring autopromotion to unprivileged users 2019-09-13 20:31:17 +02:00