From 821b2250d57c2834b85ff31aeaa51df4edbf7024 Mon Sep 17 00:00:00 2001
From: DannyS712 <dannys712.enwiki@gmail.com>
Date: Fri, 1 Jan 2021 12:40:41 +0200
Subject: [PATCH] SECURITY: ContentModelChange: Check that user can create
 pages
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Taavi Väänänen <hi@tassu.me>
Change-Id: I2e3b79f36fa7c0a3ec4130de0ae9c68104cb3fdd
---
 includes/specials/SpecialChangeContentModel.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/includes/specials/SpecialChangeContentModel.php b/includes/specials/SpecialChangeContentModel.php
index 87c899f4e0..8204dde46d 100644
--- a/includes/specials/SpecialChangeContentModel.php
+++ b/includes/specials/SpecialChangeContentModel.php
@@ -169,8 +169,16 @@ class SpecialChangeContentModel extends FormSpecialPage {
 		$titleWithNewContentModel = clone $this->title;
 		$titleWithNewContentModel->setContentModel( $data['model'] );
 		$user = $this->getUser();
+
+		$creationErrors = [];
+		if ( !$current->exists() ) {
+			$creationErrors = $this->title->getUserPermissionErrors( 'create', $user );
+		}
+
 		// Check permissions and make sure the user has permission to:
 		$errors = wfMergeErrorArrays(
+			// Potentially include creation errors, if applicable
+			$creationErrors,
 			// edit the contentmodel of the page
 			$this->title->getUserPermissionsErrors( 'editcontentmodel', $user ),
 			// edit the page under the old content model
-- 
2.27.0