From f611d3c8c857275072846d02ad580f33c790782f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Taavi=20V=C3=A4=C3=A4n=C3=A4nen?= <hi@taavi.wtf>
Date: Fri, 10 Dec 2021 21:10:40 +0200
Subject: [PATCH] SECURITY: Call EditFilterMergedContent in McrUndo

This patch updates the McrUndo action to run the
EditFilterMergedContent hook to let extensions like AbuseFilter prevent
certain content from being saved.

Thanks to Dylsss for the original report.

Bug: T297322
Change-Id: I23505e89d7c2cb5d4bcc7ea28203f2b322b827b7
---
 includes/actions/McrUndoAction.php | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/includes/actions/McrUndoAction.php b/includes/actions/McrUndoAction.php
index a372299819..d30427efff 100644
--- a/includes/actions/McrUndoAction.php
+++ b/includes/actions/McrUndoAction.php
@@ -373,6 +373,28 @@ class McrUndoAction extends FormAction {
 
 		$newRev = $this->getNewRevision();
 		if ( !$newRev->hasSameContent( $curRev ) ) {
+			$hookRunner = Hooks::runner();
+			foreach ( $newRev->getSlotRoles() as $slotRole ) {
+				$slot = $newRev->getSlot( $slotRole, RevisionRecord::RAW );
+
+				$status = new Status();
+				$hookResult = $hookRunner->onEditFilterMergedContent(
+					$this->getContext(),
+					$slot->getContent(),
+					$status,
+					trim( $this->getRequest()->getVal( 'wpSummary' ) ),
+					$this->getUser(),
+					false
+				);
+
+				if ( !$hookResult ) {
+					if ( $status->isGood() ) {
+						$status->error( 'hookaborted' );
+					}
+
+					return $status;
+				}
+			}
 
 			// Copy new slots into the PageUpdater, and remove any removed slots.
 			// TODO: This interface is awful, there should be a way to just pass $newRev.
-- 
2.33.0