r49078 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r49077‎ \| r49078 \| r49079 >
Date:	15:13, 31 March 2009
Author:	werdna
Status:	ok
Tags:
Comment:	Crackdown on filter evaluation by users unable to modify filters. This is a DoS vector which I thought I'd already plugged.
Modified paths:	/trunk/extensions/AbuseFilter/AbuseFilter.class.php (modified) (history) /trunk/extensions/AbuseFilter/AbuseFilter.i18n.php (modified) (history) /trunk/extensions/AbuseFilter/Views/AbuseFilterViewExamine.php (modified) (history) /trunk/extensions/AbuseFilter/Views/AbuseFilterViewTestBatch.php (modified) (history)

Diff [purge]

Index: trunk/extensions/AbuseFilter/Views/AbuseFilterViewTestBatch.php
—	—	@@ -11,6 +11,11 @@
12	12	global $wgOut, $wgUser, $wgRequest;
13	13
14	14	AbuseFilter::disableConditionLimit();
	15	+
	16	+ if (!$wgUser->isAllowed( 'abusefilter-modify' ) ) {
	17	+ $wgOut->addWikiMsg( 'abusefilter-mustbeeditor' );
	18	+ return;
	19	+ }
15	20
16	21	$this->loadParameters();
17	22
Index: trunk/extensions/AbuseFilter/Views/AbuseFilterViewExamine.php
—	—	@@ -139,43 +139,45 @@
140	140	"var wgMessageError = ".Xml::encodeJsVar( $msg['syntaxerror'] ) . ";\n" );
141	141
142	142	// Add test bit
143		~~- $tester = Xml::tags( 'h2', null, wfMsgExt( 'abusefilter-examine-test', 'parseinline' ) );~~
144		~~- $tester .= AbuseFilter::buildEditBox( $this->mTestFilter, 'wpTestFilter', false );~~
145		~~- $tester .=~~
146		~~- "\n" .~~
147		~~- Xml::inputLabel(~~
148		~~- wfMsg( 'abusefilter-test-load-filter' ),~~
149		~~- 'wpInsertFilter',~~
150		~~- 'mw-abusefilter-load-filter',~~
151		~~- 10,~~
152		~~- ''~~
153		~~- ) .~~
154		~~- ' ' .~~
155		~~- Xml::element(~~
156		~~- 'input',~~
157		~~- array(~~
158		~~- 'type' => 'button',~~
159		~~- 'value' => wfMsg( 'abusefilter-test-load' ),~~
160		~~- 'id' => 'mw-abusefilter-load'~~
	143	+ if ($wgUser->isAllowed( 'abusefilter-modify' ) ) {
	144	+ $tester = Xml::tags( 'h2', null, wfMsgExt( 'abusefilter-examine-test', 'parseinline' ) );
	145	+ $tester .= AbuseFilter::buildEditBox( $this->mTestFilter, 'wpTestFilter', false );
	146	+ $tester .=
	147	+ "\n" .
	148	+ Xml::inputLabel(
	149	+ wfMsg( 'abusefilter-test-load-filter' ),
	150	+ 'wpInsertFilter',
	151	+ 'mw-abusefilter-load-filter',
	152	+ 10,
	153	+ ''
	154	+ ) .
	155	+ ' ' .
	156	+ Xml::element(
	157	+ 'input',
	158	+ array(
	159	+ 'type' => 'button',
	160	+ 'value' => wfMsg( 'abusefilter-test-load' ),
	161	+ 'id' => 'mw-abusefilter-load'
	162	+ )
	163	+ );
	164	+ $output .= Xml::tags( 'div', array( 'id' => 'mw-abusefilter-examine-editor' ), $tester );
	165	+ $output .= Xml::tags( 'p',
	166	+ null,
	167	+ Xml::element( 'input',
	168	+ array(
	169	+ 'type' => 'button',
	170	+ 'value' => wfMsg( 'abusefilter-examine-test-button' ),
	171	+ 'id' => 'mw-abusefilter-examine-test'
	172	+ )
	173	+ ) .
	174	+ Xml::element( 'div',
	175	+ array(
	176	+ 'id' => 'mw-abusefilter-syntaxresult',
	177	+ 'style' => 'display: none;'
	178	+ ), ' '
161	179	)
162	180	);
163		~~- $output .= Xml::tags( 'div', array( 'id' => 'mw-abusefilter-examine-editor' ), $tester );~~
164		~~- $output .= Xml::tags( 'p',~~
165		~~- null,~~
166		~~- Xml::element( 'input',~~
167		~~- array(~~
168		~~- 'type' => 'button',~~
169		~~- 'value' => wfMsg( 'abusefilter-examine-test-button' ),~~
170		~~- 'id' => 'mw-abusefilter-examine-test'~~
171		~~- )~~
172		~~- ) .~~
173		~~- Xml::element( 'div',~~
174		~~- array(~~
175		~~- 'id' => 'mw-abusefilter-syntaxresult',~~
176		~~- 'style' => 'display: none;'~~
177		~~- ), ' '~~
178		~~- )~~
179		~~- );~~
	181	+ }
180	182
181	183	// Variable dump
182	184	$output .= Xml::tags( 'h2', null, wfMsgExt( 'abusefilter-examine-vars', 'parseinline' ) );
Index: trunk/extensions/AbuseFilter/AbuseFilter.class.php
—	—	@@ -183,6 +183,11 @@
184	184	public static function ajaxCheckSyntax( $filter ) {
185	185	wfLoadExtensionMessages( 'AbuseFilter' );
186	186
	187	+ global $wgUser;
	188	+ if (!$wgUser->isAllowed( 'abusefilter-modify' ) ) {
	189	+ return false;
	190	+ }
	191	+
187	192	$result = self::checkSyntax( $filter );
188	193
189	194	$ok = ($result === true);
—	—	@@ -224,7 +229,7 @@
225	230	global $wgUser;
226	231
227	232	// Anti-DoS
228		~~- if ( !$wgUser->isAllowed( 'abusefilter-view' ) ) {~~
	233	+ if ( !$wgUser->isAllowed( 'abusefilter-modify' ) ) {
229	234	return false;
230	235	}
231	236
—	—	@@ -333,6 +338,10 @@
334	339	}
335	340
336	341	public static function ajaxEvaluateExpression( $expr ) {
	342	+ global $wgUser;
	343	+ if (!$wgUser->isAllowed( 'abusefilter-modify' ) ) {
	344	+ return false;
	345	+ }
337	346	return htmlspecialchars( self::evaluateExpression( $expr ) );
338	347	}
339	348
Index: trunk/extensions/AbuseFilter/AbuseFilter.i18n.php
—	—	@@ -20,6 +20,7 @@
21	21	'abusefilter-intro' => "Welcome to the Abuse Filter management interface.
22	22	The Abuse Filter is an automated software mechanism of applying automatic heuristics to all actions.
23	23	This interface shows a list of defined filters, and allows them to be modified.",
	24	+ 'abusefilter-mustbeeditor' => 'For security reasons, only users with the right to modify abuse filters may use this interface.',
24	25
25	26	// Hooks
26	27	'abusefilter-warning' => "<big>'''Warning'''</big>: This action has been automatically identified as harmful.

Status & tagging log

06:55, 22 May 2009 Tim Starling (talk | contribs) changed the status of r49078 [removed: new added: ok]