From 1166c966cda9c7483a284d1524845b6243c2048e Mon Sep 17 00:00:00 2001
From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Wed, 9 May 2018 15:14:38 -0400
Subject: [PATCH] SECURITY: Special:BotPasswords should reauthenticate

More specifically, it should reauthenticate when creating a bot password
or resetting the password. But we may as well do it for all accesses.

Bug: T194237
Change-Id: I9a38a3109492753fff1f33c0f280e5b0f1fc1a76
---
 RELEASE-NOTES-1.31                        | 7 ++++++-
 includes/specials/SpecialBotPasswords.php | 4 ++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/RELEASE-NOTES-1.31 b/RELEASE-NOTES-1.31
index 9d8f387d6c..60b6c277ef 100644
--- a/RELEASE-NOTES-1.31
+++ b/RELEASE-NOTES-1.31
@@ -1,11 +1,16 @@
-== MediaWiki 1.31 ==
+== MediaWiki 1.31.1 ==
 
 THIS IS NOT A RELEASE YET!
 
+This is a security and maintenance release of the MediaWiki 1.31 branch.
+
 === Changes since MediaWiki 1.31.0 ===
 * (T197229) Bundle Nuke extension, it was accidentally omitted.
 * (T193995) Fix undefined patchPath() method call in parser tests.
 * (T198687) Fix various selectFields methods to use the string 'NULL', not null.
+* Special:BotPasswords now requires reauthentication.
+
+== MediaWiki 1.31 ==
 
 === Changes since MediaWiki 1.31.0-rc.2 ===
 * (T195783) Initialize PSR-4 namespaces at same stage as normal autoloader.
diff --git a/includes/specials/SpecialBotPasswords.php b/includes/specials/SpecialBotPasswords.php
index f76c318e26..c912e83b92 100644
--- a/includes/specials/SpecialBotPasswords.php
+++ b/includes/specials/SpecialBotPasswords.php
@@ -51,6 +51,10 @@ class SpecialBotPasswords extends FormSpecialPage {
 		return $this->getConfig()->get( 'EnableBotPasswords' );
 	}
 
+	protected function getLoginSecurityLevel() {
+		return $this->getName();
+	}
+
 	/**
 	 * Main execution point
 	 * @param string|null $par
-- 
2.20.1