Skip to content

Commit

Permalink
Merge pull request from GHSA-29mh-4vhv-x8mr
Browse files Browse the repository at this point in the history 
* Add CSRF token check for generating dumps

* Update SpecialDataDump.php

* Add token for action=download

* Fix indendation

* Fix indendation

* fix indentation

* Convert to forms

* fix link generation

* don't check on download pt1

* don't check on download pt2

* rm stray code

* rm accidentally added character

* rm stray whitespace

* rm unused variable

* standardize

Co-authored-by: R4356th <[email protected]>
Co-authored-by: The-Voidwalker <[email protected]>
Co-authored-by: R4356th <[email protected]>
  • Loading branch information
@RhinosF1 @R4356th @The-Voidwalker
4 people authored Jul 8, 2021
1 parent b293588 commit 67a82b7
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 5 deletions.
30 changes: 26 additions & 4 deletions includes/DataDumpPager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,15 +75,35 @@ public function formatValue( $name, $value ) {
$this->getLanguage()->formatSize( isset( $row->dumps_size ) ? $row->dumps_size : 0 ) );
break;
case 'dumps_delete':
$linkRenderer = MediaWikiServices::getInstance()->getLinkRenderer();

$query = [
'action' => 'delete',
'type' => $row->dumps_type,
'dump' => $row->dumps_filename
];

$formatted = $linkRenderer->makeLink( $this->pageTitle, wfMessage( 'datadump-delete-button' )->text(), [], $query );
$link = $this->pageTitle->getLinkURL( $query );
$element = Html::element(
'input',
[
'type' => 'submit',
'title' => $this->pageTitle,
'value' => wfMessage('datadump-delete-button')->text()
]
);
$token = Html::element(
'input',
[
'type' => 'hidden',
'name' => 'token',
'value' => $this->getUser()->getEditToken()
]
);
$formatted = Html::openElement(
'form',
[
'action' => $link,
'method' => 'POST'
]
) . $element . $token . Html::closeElement('form');
break;
default:
$formatted = "Unable to format $name";
Expand Down Expand Up @@ -204,6 +224,8 @@ public function onGenerate( array $params ) {
$perm = $dataDumpConfig[$type]['permissions']['generate'];
if ( !$this->permissionManager->userHasRight( $user, $perm) ) {
throw new PermissionsError( $perm );
} elseif ( !$user->matchEditToken( $this->getContext()->getRequest()->getText( 'wpEditToken' ) ) ) {
return;
}

if ( $this->getGenerateLimit( $type ) ) {
Expand Down
8 changes: 7 additions & 1 deletion includes/specials/SpecialDataDump.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ public function execute( $par ) {
$out = $this->getOutput();

$request = $this->getRequest();

$user = $this->getUser();

$dataDumpConfig = $this->config->get( 'DataDump' );
if ( !$dataDumpConfig ) {
Expand All @@ -52,7 +54,11 @@ public function execute( $par ) {
if ( $action === 'download' && $dump ) {
$this->doDownload( $dump );
} elseif ( $action === 'delete' && $type && $dump ) {
$this->doDelete( $type, $dump );
if ( $user->matchEditToken($request->getVal('token'))) {
$this->doDelete( $type, $dump );
} else {
$out->addWikiMsg( 'sessionfailure' );
}
}
}

Expand Down

0 comments on commit 67a82b7

Please sign in to comment.