From 2e5a04850ec844508e7278c3384bc597f38c968a Mon Sep 17 00:00:00 2001
From: dylsss <dylssswp@gmail.com>
Date: Sat, 8 Jan 2022 18:31:48 +0000
Subject: [PATCH] SECURITY: Add additional permission checks to revert action

Add checks for reupload and checks for edit in order to prevent users from reverting cascade protected files or overwriting files without reupload right.

Bug: T140010
Change-Id: Ib24099425e2b29d70225086bc0a123d31ebc28d8
---
 includes/actions/RevertAction.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/includes/actions/RevertAction.php b/includes/actions/RevertAction.php
index 4ddbf63908..9640f530b9 100644
--- a/includes/actions/RevertAction.php
+++ b/includes/actions/RevertAction.php
@@ -23,6 +23,8 @@
  * @author Rob Church <robchur@gmail.com>
  */
 
+use MediaWiki\MediaWikiServices;
+
 /**
  * File reversion user interface
  * WikiPage must contain getFile method: \WikiFilePage
@@ -73,7 +75,16 @@ class RevertAction extends FormAction {
 			throw new ErrorPageError( $this->msg( 'nosuchaction' ), $this->msg( 'nosuchactiontext' ) );
 		}
 		parent::checkCanExecute( $user );
-
+		
+		$permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
+		$errors = $permissionManager->getPermissionErrors( 'reupload', $user, $this->getTitle() );
+		if ( !$errors ){
+			$errors = $permissionManager->getPermissionErrors( 'edit', $user, $this->getTitle() );
+		}
+		if ( $errors ){
+			throw new PermissionsError( 'reupload', $errors );
+		}
+		
 		$oldimage = $this->getRequest()->getText( 'oldimage' );
 		if ( strlen( $oldimage ) < 16
 			|| strpos( $oldimage, '/' ) !== false
-- 
2.33.0.windows.2