dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5e8e72f)
SECURITY: Make 'newbie' limit in $wgRateLimits really override 'user' limit
authorChad Horohoe <chadh@wikimedia.org>
Tue, 13 Mar 2018 18:43:30 +0000 (18:43 +0000)
committerReedy <reedy@wikimedia.org>
Thu, 20 Sep 2018 18:59:28 +0000 (19:59 +0100)
The order of operations was incorrect.

Bug: T169545
Change-Id: Ia910aa2a494914d3b0017daac9ab294ea9fa8705

includes/user/User.php patch | blob | history

diff --git a/includes/user/User.php b/includes/user/User.php
index ea395f4..aa21184 100644 (file)
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -2108,10 +2108,6 @@ class User implements IDBAccessObject, UserIdentity {
                        if ( isset( $limits['user'] ) ) {
                                $userLimit = $limits['user'];
                        }
                        if ( isset( $limits['user'] ) ) {
                                $userLimit = $limits['user'];
                        }
-                       // limits for newbie logged-in users
-                       if ( $isNewbie && isset( $limits['newbie'] ) ) {
-                               $keys[$cache->makeKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
-                       }
                }
 
                // limits for anons and for newbie logged-in users
                }
 
                // limits for anons and for newbie logged-in users
@@ -2143,6 +2139,11 @@ class User implements IDBAccessObject, UserIdentity {
                        }
                }
 
                        }
                }
 
+               // limits for newbie logged-in users (override all the normal user limits)
+               if ( $id !== 0 && $isNewbie && isset( $limits['newbie'] ) ) {
+                       $userLimit = $limits['newbie'];
+               }
+
                // Set the user limit key
                if ( $userLimit !== false ) {
                        list( $max, $period ) = $userLimit;
                // Set the user limit key
                if ( $userLimit !== false ) {
                        list( $max, $period ) = $userLimit;
Wiklou, le Wiki du Wiklou