dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a9ed320) | patch
SECURITY: Check read permission when loading page content in ApiParse.
authorDaniel Kinzler <daniel.kinzler@wikimedia.de>
Mon, 13 Jun 2016 08:01:43 +0000 (04:01 -0400)
committerChad Horohoe <chadh@wikimedia.org>
Tue, 23 Aug 2016 01:13:01 +0000 (18:13 -0700)
commitc18cb7ed15db3bb82b184151678f9ce99f1d148e
tree30e5465710263c1e21242a1dcb5b39cc93ea37cbtree | snapshot
parenta9ed320e71352e0aafbffd8f15b014903902bba5commit | diff
SECURITY: Check read permission when loading page content in ApiParse.

Prevents leaking page contents for extensions that deny read rights
to certain pages via a userCan hook, but still allow the user to
have read rights in general.

Issue originally reported by Tobias

Bug: T115333
Change-Id: I19f5c2583393794cff802a70af7ccf43c2fed85c
includes/api/ApiParse.php diff | blob | history
Wiklou, le Wiki du Wiklou