wikimedia/mediawiki-extensions-ReplaceText
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/ReplaceText synced 2025-01-06 02:05:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: Check permissions before job execution

Browse source 
CVE-2021-41801

Bug: T279090
Change-Id: Ibc299edf626ca9aa1cd9d83b888820f5aca9af7c
This commit is contained in:
RhinosF1 2021-04-21 14:16:18 -05:00 committed by Reedy
parent 21ac670bee
commit b37d68a4c1
2 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
extension.json
View file

@ -1,6 +1,6 @@
{ {
"name": "Replace Text", "name": "Replace Text",
"version": "1.4.1", "version": "1.4.2",
"author": [ "author": [
"Yaron Koren", "Yaron Koren",
"Niklas Laxström", "Niklas Laxström",

12
src/ReplaceTextJob.php
View file

@ -41,6 +41,17 @@ class ReplaceTextJob extends Job {
* @return bool success * @return bool success
*/ */
function run() { function run() {
// T279090
$current_user = User::newFromId( $this->params['user_id'] );
$permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
if ( !$permissionManager->userCan(
'replacetext', $current_user, $this->title
) ) {
$this->error = 'replacetext: permission no longer valid';
// T279090#6978214
return true;
}
if ( isset( $this->params['session'] ) ) { if ( isset( $this->params['session'] ) ) {
$callback = RequestContext::importScopedSession( $this->params['session'] ); $callback = RequestContext::importScopedSession( $this->params['session'] );
$this->addTeardownCallback( function () use ( &$callback ) { $this->addTeardownCallback( function () use ( &$callback ) {
@ -54,7 +65,6 @@ class ReplaceTextJob extends Job {
} }
if ( array_key_exists( 'move_page', $this->params ) ) { if ( array_key_exists( 'move_page', $this->params ) ) {
$current_user = User::newFromId( $this->params['user_id'] );
$new_title = ReplaceTextSearch::getReplacedTitle( $new_title = ReplaceTextSearch::getReplacedTitle(
$this->title, $this->title,
$this->params['target_str'], $this->params['target_str'],