Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Special:Admin to check editToken #2590

Merged
merged 1 commit into from Aug 5, 2017

Conversation

Projects
None yet
1 participant
@mwjames
Copy link
Contributor

mwjames commented Aug 5, 2017

This PR is made in reference to: https://phabricator.wikimedia.org/T109652#1562641

This PR addresses or contains:

Quoting from the phab ticket:

  • " ... page to run commands there, potentially causing a minor DoS ... "
  • " ... a hidden input adding $user->getEditToken() to the form, then checking it with $user->matchEditToken() is the simplest fix ..."

This PR includes:

  • Tests (unit/integration)
  • CI build passed

Fixes #

@mwjames mwjames added this to the SMW 3.0.0 milestone Aug 5, 2017

@mwjames mwjames merged commit 5e29a50 into master Aug 5, 2017

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@mwjames mwjames deleted the phab-T109652 branch Aug 5, 2017

mwjames added a commit that referenced this pull request Aug 5, 2017

@mwjames

This comment has been minimized.

Copy link
Contributor Author

mwjames commented Aug 5, 2017

Back-ported to 2.5.x with 61ea7e0.

@mwjames mwjames referenced this pull request Aug 12, 2017

Merged

Special:Ask to check editToken, refs 2590 #2607

1 of 2 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.