From 8aa78577a6e74df2c9a697fc65e3e60c39933561 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bartosz=20Dziewo=C5=84ski?= <matma.rex@gmail.com>
Date: Sat, 26 Jun 2021 16:45:27 +0200
Subject: [PATCH] [SECURITY] Fix use of EditFilterMergedContent hook when
 changing content model

The logic in ContentModelChange class now matches the
EditFilterMergedContentHookConstraint class.

Now it aborts processing when an extension has set the status,
but did not return false from its hook handler.

Bug: T271037
Change-Id: Ic9d5fba7218d3cc8afc499199616754888610b70
---
 includes/content/ContentModelChange.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/includes/content/ContentModelChange.php b/includes/content/ContentModelChange.php
index 258bdf49531..5d40c3b116d 100644
--- a/includes/content/ContentModelChange.php
+++ b/includes/content/ContentModelChange.php
@@ -317,6 +317,12 @@ class ContentModelChange {
 			}
 			return $status;
 		}
+		if ( !$status->isOK() ) {
+			if ( !$status->getErrors() ) {
+				$status->fatal( 'hookaborted' );
+			}
+			return $status;
+		}
 
 		// Make the edit
 		$flags = $this->latestRevId ? EDIT_UPDATE : EDIT_NEW;
-- 
2.28.0.windows.1