Fix vulnerability (hopefully): anyone with rollback privileges can mark the rollback...

author Aryeh Gregor <simetrical@users.mediawiki.org>

Thu, 10 Jan 2008 02:21:16 +0000 (02:21 +0000)

committer Aryeh Gregor <simetrical@users.mediawiki.org>

Thu, 10 Jan 2008 02:21:16 +0000 (02:21 +0000)
author Aryeh Gregor <simetrical@users.mediawiki.org>
Thu, 10 Jan 2008 02:21:16 +0000 (02:21 +0000)
committer Aryeh Gregor <simetrical@users.mediawiki.org>
Thu, 10 Jan 2008 02:21:16 +0000 (02:21 +0000)
diff --git a/includes/Article.php b/includes/Article.php

index 473e01d..2c83e5c 100644 (file)
--- a/includes/Article.php
+++ b/includes/Article.php
@@ -2404,7 +2404,7 @@ class Article {
                         $wgRequest->getVal( 'from' ),
                         $wgRequest->getText( 'summary' ),
                         $wgRequest->getVal( 'token' ),
-                       $wgRequest->getBool( 'bot' ),
+                       $wgRequest->getBool( 'bot' ) and $wgUser->isAllowed( 'markbotedit' ),
                         $details
                 );
author	Aryeh Gregor <simetrical@users.mediawiki.org>
	Thu, 10 Jan 2008 02:21:16 +0000 (02:21 +0000)
committer	Aryeh Gregor <simetrical@users.mediawiki.org>
	Thu, 10 Jan 2008 02:21:16 +0000 (02:21 +0000)