Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Merge pull request from GHSA-jmc9-rv2f-g8vv
The ManageWiki API currently allows viewing of sensitive information set as visible to only ManageWiki right users, such as Discord and Slack webhooks. This fixes it by adding a check to the API, to hide it if the config has set `$wgManageWikiSettings[SETTING]['requires']['visibility']['permissions']` so information on sensitive settings are never displayed via the API. See https://phabricator.miraheze.org/T7213
- Loading branch information