From 0645294f99514eda51a9db8b2f0b863f7e9b290f Mon Sep 17 00:00:00 2001
From: Aryeh Gregor <simetrical@users.mediawiki.org>
Date: Thu, 10 Jan 2008 02:21:16 +0000
Subject: [PATCH] Fix vulnerability (hopefully): anyone with rollback
 privileges can mark the rollback as bot, despite r27657.

---
 includes/Article.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/Article.php b/includes/Article.php
index 473e01d4cc..2c83e5c9a2 100644
--- a/includes/Article.php
+++ b/includes/Article.php
@@ -2404,7 +2404,7 @@ class Article {
 			$wgRequest->getVal( 'from' ),
 			$wgRequest->getText( 'summary' ),
 			$wgRequest->getVal( 'token' ),
-			$wgRequest->getBool( 'bot' ),
+			$wgRequest->getBool( 'bot' ) and $wgUser->isAllowed( 'markbotedit' ),
 			$details
 		);
 
-- 
2.20.1