From: Aryeh Gregor <simetrical@users.mediawiki.org>
Date: Thu, 10 Jan 2008 19:27:49 +0000 (+0000)
Subject: Right, *this* was the vulnerability that existed.  Users couldn't mark the other... 
X-Git-Tag: 1.31.0-rc.0~50069
X-Git-Url: http://git.cyclocoop.org/%22.%24match%5B1%5D.%22?a=commitdiff_plain;h=927fb79b0c670a68f97223cff3c03540357bbe03;p=lhc%2Fweb%2Fwiklou.git

Right, *this* was the vulnerability that existed.  Users couldn't mark the other edits bot, but they could mark their own rollback revision as bot.
---

diff --git a/includes/Article.php b/includes/Article.php
index e5f0bc7048..0481f2d1c3 100644
--- a/includes/Article.php
+++ b/includes/Article.php
@@ -2368,7 +2368,7 @@ class Article {
 		if ($wgUser->isAllowed('minoredit'))
 			$flags |= EDIT_MINOR;
 
-		if( $bot )
+		if( $bot && ($wgUser->isAllowed('markbotedits') || $wgUser->isAllowed('bot')) )
 			$flags |= EDIT_FORCE_BOT;
 		$this->doEdit( $target->getText(), $summary, $flags );