SECURITY: Fix CORS origin matching in the API

[lhc/web/wiklou.git] / includes / EditPage.php

diff --git a/includes/EditPage.php b/includes/EditPage.php
index 2155c1b..d05b996 100644 (file)
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -1928,11 +1928,15 @@ class EditPage {
                        && $content->isRedirect()
                        && $content->getRedirectTarget()->equals( $this->getTitle() )
                ) {
-                       $this->selfRedirect = true;
-                       $status->fatal( 'selfredirect' );
-                       $status->value = self::AS_SELF_REDIRECT;
-                       wfProfileOut( __METHOD__ );
-                       return $status;
+                       // If the page already redirects to itself, don't warn.
+                       $currentTarget = $this->getCurrentContent()->getRedirectTarget();
+                       if ( !$currentTarget || !$currentTarget->equals( $this->getTitle() ) ) {
+                               $this->selfRedirect = true;
+                               $status->fatal( 'selfredirect' );
+                               $status->value = self::AS_SELF_REDIRECT;
+                               wfProfileOut( __METHOD__ );
+                               return $status;
+                       }
                }
 
                // Check for length errors again now that the section is merged in