XWIKI-13631: A user with EDIT rights can assign to himself the SCRIPT…

… right even if it is denied at a higher level

XWIKI-16266: Privilege escalation
* on't check the right in case of Document#saveWithProgrammingRights

xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/api/Document.java

@@ -2518,7 +2518,7 @@ public void saveWithProgrammingRights(String comment, boolean minorEdit) throws
                 context.setWikiId(getWiki());
 
                 if (!context.getWiki().isReadOnly()) {
-                    saveDocument(comment, minorEdit);
+                    saveDocument(comment, minorEdit, false);
                 } else {
                     java.lang.Object[] args =
                         { getDefaultEntityReferenceSerializer().serialize(getDocumentReference()), getWiki() };
@@ -2595,6 +2595,11 @@ public void saveAsAuthor(String comment, boolean minorEdit) throws XWikiExceptio
     }
 
     protected void saveDocument(String comment, boolean minorEdit) throws XWikiException
+    {
+        saveDocument(comment, minorEdit, true);
+    }
+
+    private void saveDocument(String comment, boolean minorEdit, boolean checkSaving) throws XWikiException
     {
         XWikiDocument doc = getDoc();
 
@@ -2606,9 +2611,11 @@ protected void saveDocument(String comment, boolean minorEdit) throws XWikiExcep
             doc.setCreatorReference(currentUserReference);
         }
 
-        // Make sure the user is allowed to make this modification
-        getXWikiContext().getWiki().checkSavingDocument(doc.getAuthorReference(), doc, comment, minorEdit,
-            getXWikiContext());
+        if (checkSaving) {
+            // Make sure the user is allowed to make this modification
+            getXWikiContext().getWiki().checkSavingDocument(doc.getAuthorReference(), doc, comment, minorEdit,
+                getXWikiContext());
+        }
 
         getXWikiContext().getWiki().saveDocument(doc, comment, minorEdit, getXWikiContext());
         this.initialDoc = this.doc;