From: Tim Starling <tstarling@wikimedia.org>
Date: Mon, 28 Jan 2021 05:50:00 +0000
Subject: [PATCH] SECURITY: Non-admin deleted enwiki page in fast double move 

Bug: T272386
---
diff --git a/includes/MovePage.php b/includes/MovePage.php
index cdc994cab6..ffadf55586 100644
--- a/includes/MovePage.php
+++ b/includes/MovePage.php
@@ -231,7 +231,9 @@ class MovePage {
 
 		if ( $this->oldTitle->equals( $this->newTitle ) ) {
 			$status->fatal( 'selfmove' );
-		} elseif ( $this->newTitle->getArticleID() && !$this->isValidMoveTarget() ) {
+		} elseif ( $this->newTitle->getArticleID( Title::READ_LATEST /* T272386 */ )
+			&& !$this->isValidMoveTarget()
+		) {
 			// The move is allowed only if (1) the target doesn't exist, or (2) the target is a
 			// redirect to the source, and has no history (so we can undo bad moves right after
 			// they're done). If the target is a single revision redirect to a different page,