From 0b5b9bd2918a9931260c42164a93852f4fe31e3f Mon Sep 17 00:00:00 2001
From: DannyS712 <dannys712.enwiki@gmail.com>
Date: Fri, 1 Jan 2021 12:40:41 +0200
Subject: [PATCH] SECURITY: ContentModelChange: Check that user can create
 pages
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Taavi Väänänen <hi@tassu.me>
---
 includes/content/ContentModelChange.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/includes/content/ContentModelChange.php b/includes/content/ContentModelChange.php
index f8becb3d40..b006c571b8 100644
--- a/includes/content/ContentModelChange.php
+++ b/includes/content/ContentModelChange.php
@@ -112,7 +112,19 @@ class ContentModelChange {
 		$titleWithNewContentModel->setContentModel( $this->newModel );
 
 		$pm = $this->permManager;
+
+		$creationErrors = [];
+		if ( !$current->exists() ) {
+			$creationAction = $current->isTalkPage() ? 'createtalk' : 'createpage';
+			$creationErrors = wfMergeErrorArrays(
+				$pm->getPermissionErrors( $creationAction, $user, $current ),
+				$pm->getPermissionErrors( 'create', $user, $current )
+			);
+		}
+
 		$errors = wfMergeErrorArrays(
+			// Potentially include creation errors, if applicable
+			$creationErrors,
 			// edit the contentmodel of the page
 			$pm->getPermissionErrors( 'editcontentmodel', $user, $current ),
 			// edit the page under the old content model
-- 
2.20.1