| commit | 781caf83dba90c18349f930bbaaa0e89f003f874 | |
| author | Chris Danis <cdanis@wikimedia.org> | |
| Thu, 23 Sep 2021 20:21:05 +0000 (23 16:21 -0400) | ||
| committer | Reedy <reedy@wikimedia.org> | |
| Thu, 30 Sep 2021 22:19:16 +0000 (30 22:19 +0000) | ||
| tree | af884c569214211e6990647d1cd046b9adfde6e7 | treesnapshot (tar.gz zip) |
| parent | b9922cee8093a587cfa7940c4b9c4e63c880d875 | commitdiff |
SECURITY: fix PoolCounter protection of Special:Contributions
The call to $pager->getNumRows() itself triggers execution of
the database query backing the page, so, that call must be inside
the callback given to PoolCounterWorkViaCallback.
CVE-2021-41800
Bug: T284419
Change-Id: I8b7b41a355be265389a4a8c9ea91301d4e23ae1b
The call to $pager->getNumRows() itself triggers execution of
the database query backing the page, so, that call must be inside
the callback given to PoolCounterWorkViaCallback.
CVE-2021-41800
Bug: T284419
Change-Id: I8b7b41a355be265389a4a8c9ea91301d4e23ae1b
| includes/specials/SpecialContributions.php | diffblobblamehistory |