From 199aab790acdbdb2a4119df45c22dad5e8aef67d Mon Sep 17 00:00:00 2001
From: Amir Sarabadani <ladsgroup@gmail.com>
Date: Mon, 15 Aug 2022 21:40:19 +0200
Subject: [PATCH] SECURITY: api: Disable maxsize in QueryAllPages in miser mode

CVE-2025-61641

This triggers slow queries and is a DDoS vector

Bug: T298690
Change-Id: Id80f166633a5085378c687551bd54056bc723c09
---
 includes/api/ApiQueryAllPages.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/includes/api/ApiQueryAllPages.php b/includes/api/ApiQueryAllPages.php
index 870252381c6..9275dc7b4a1 100644
--- a/includes/api/ApiQueryAllPages.php
+++ b/includes/api/ApiQueryAllPages.php
@@ -152,7 +152,7 @@ class ApiQueryAllPages extends ApiQueryGeneratorBase {
 			$forceNameTitleIndex = false;
 		}
 
-		if ( isset( $params['maxsize'] ) ) {
+		if ( !$miserMode && isset( $params['maxsize'] ) ) {
 			$this->addWhere( 'page_len<=' . (int)$params['maxsize'] );
 			$forceNameTitleIndex = false;
 		}
@@ -363,6 +363,7 @@ class ApiQueryAllPages extends ApiQueryGeneratorBase {
 
 		if ( $this->getConfig()->get( MainConfigNames::MiserMode ) ) {
 			$ret['filterredir'][ApiBase::PARAM_HELP_MSG_APPEND] = [ 'api-help-param-limited-in-miser-mode' ];
+			$ret['maxsize'][ApiBase::PARAM_HELP_MSG_APPEND] = [ 'api-help-param-disabled-in-miser-mode' ];
 		}
 
 		return $ret;