Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Special:Admin to check editToken #2590

Merged
merged 1 commit into from
Aug 5, 2017
Merged

Special:Admin to check editToken #2590

merged 1 commit into from
Aug 5, 2017

Conversation

mwjames
Copy link
Contributor

@mwjames mwjames commented Aug 5, 2017

This PR is made in reference to: https://phabricator.wikimedia.org/T109652#1562641

This PR addresses or contains:

Quoting from the phab ticket:

  • " ... page to run commands there, potentially causing a minor DoS ... "
  • " ... a hidden input adding $user->getEditToken() to the form, then checking it with $user->matchEditToken() is the simplest fix ..."

This PR includes:

  • Tests (unit/integration)
  • CI build passed

Fixes #

@mwjames mwjames added this to the SMW 3.0.0 milestone Aug 5, 2017
@mwjames mwjames merged commit 5e29a50 into master Aug 5, 2017
@mwjames mwjames deleted the phab-T109652 branch August 5, 2017 02:17
mwjames added a commit that referenced this pull request Aug 5, 2017
@mwjames
Special:Admin to check editToken (#2590)
61ea7e0
@mwjames
Copy link
Contributor Author

mwjames commented Aug 5, 2017

Back-ported to 2.5.x with 61ea7e0.

@mwjames mwjames mentioned this pull request Aug 12, 2017
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
SMW 3.0.0
Development

Successfully merging this pull request may close these issues.
1 participant
@mwjames