From: Aryeh Gregor <simetrical@users.mediawiki.org>
Date: Thu, 10 Jan 2008 02:21:16 +0000 (+0000)
Subject: Fix vulnerability (hopefully): anyone with rollback privileges can mark the rollback... 
X-Git-Tag: 1.31.0-rc.0~50077
X-Git-Url: http://git.cyclocoop.org/%7B%24admin_url%7Dcompta/comptes/journal.php?a=commitdiff_plain;h=0645294f99514eda51a9db8b2f0b863f7e9b290f;p=lhc%2Fweb%2Fwiklou.git

Fix vulnerability (hopefully): anyone with rollback privileges can mark the rollback as bot, despite r27657.
---

diff --git a/includes/Article.php b/includes/Article.php
index 473e01d4cc..2c83e5c9a2 100644
--- a/includes/Article.php
+++ b/includes/Article.php
@@ -2404,7 +2404,7 @@ class Article {
 			$wgRequest->getVal( 'from' ),
 			$wgRequest->getText( 'summary' ),
 			$wgRequest->getVal( 'token' ),
-			$wgRequest->getBool( 'bot' ),
+			$wgRequest->getBool( 'bot' ) and $wgUser->isAllowed( 'markbotedit' ),
 			$details
 		);