Last modified: 2014-06-25 01:25:31 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T62218, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 60218 - Flow: Can bypass any protection and blank pages
Flow: Can bypass any protection and blank pages
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
Flow (Other open bugs)
unspecified
All All
: Immediate blocker (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-19 01:44 UTC by Kunal Mehta (Legoktm)
Modified: 2014-06-25 01:25 UTC (History)
11 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Kunal Mehta (Legoktm) 2014-01-19 01:44:53 UTC 
Examples: https://www.mediawiki.org/w/index.php?title=MediaWiki:I_hope_this_doesn%27t_work&action=history and https://www.mediawiki.org/w/index.php?title=User_talk:Legoktm/Foo&action=history

How to reproduce:

Go to [[mw:Special:ApiSandbox]]:

* action=flow
* page= page you want to blank
* params={"topic_list": {"topic": "Topic!", "content": "Content!"}}
* token=Flow token from API, +\ if you're logged out

Press Make request, and the page will be replaced with the string: "This talk page has been taken over by a [https://www.mediawiki.org/wiki/Special:MyLanguage/Flow_Portal Flow board]."

Quick fix: Stick a $title->userCan('edit', $this->getUser()) check in ApiFlow
Comment 1 Marc A. Pelletier 2014-01-19 01:46:22 UTC 
That one's a bad one!
Comment 2 Marc A. Pelletier 2014-01-19 01:47:24 UTC 
Bumping to highest (this should probably even be immediate).
Comment 3 Marc A. Pelletier 2014-01-19 01:50:38 UTC 
After brief chat with James_F, bumping to immediate/blocker
Comment 4 Kunal Mehta (Legoktm) 2014-01-19 03:37:50 UTC 
Ic331595ddc1014657e9582b657b0351044ae327d
Comment 5 Kunal Mehta (Legoktm) 2014-01-19 03:38:10 UTC 
Err, didn't mean to change the fields.
Comment 6 Erik Bernhardson 2014-01-19 04:11:24 UTC 
cherry-picked to 1.23wmf11 and deployed
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links