r29547 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r29546‎ | r29547 | r29548 >
Date:19:27, 10 January 2008
Author:simetrical
Status:old
Tags:
Comment:
Right, *this* was the vulnerability that existed. Users couldn't mark the other edits bot, but they could mark their own rollback revision as bot.
Modified paths:
  • /trunk/phase3/includes/Article.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/Article.php
@@ -2368,7 +2368,7 @@
23692369 if ($wgUser->isAllowed('minoredit'))
23702370 $flags |= EDIT_MINOR;
23712371
2372 - if( $bot )
 2372+ if( $bot && ($wgUser->isAllowed('markbotedits') || $wgUser->isAllowed('bot')) )
23732373 $flags |= EDIT_FORCE_BOT;
23742374 $this->doEdit( $target->getText(), $summary, $flags );
23752375

Status & tagging log