Right, *this* was the vulnerability that existed. Users couldn't mark the other...

diff --git a/includes/Article.php b/includes/Article.php
index e5f0bc7..0481f2d 100644 (file)
--- a/includes/Article.php
+++ b/includes/Article.php
@@ -2368,7 +2368,7 @@ class Article {
                if ($wgUser->isAllowed('minoredit'))
                        $flags |= EDIT_MINOR;
 
-               if( $bot )
+               if( $bot && ($wgUser->isAllowed('markbotedits') || $wgUser->isAllowed('bot')) )
                        $flags |= EDIT_FORCE_BOT;
                $this->doEdit( $target->getText(), $summary, $flags );