r64694 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r64693‎ \| r64694 \| r64695 >
Date:	08:50, 7 April 2010
Author:	catrope
Status:	ok (Comments)
Tags:
Comment:	Fix for r64677: as reported on mediawiki-api, I forgot about clients that build their own cookies. Support this do-it-yourself method for the NeedToken error as well.
Modified paths:	/trunk/phase3/includes/api/ApiLogin.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/api/ApiLogin.php
—	—	@@ -89,8 +89,11 @@
90	90	break;
91	91
92	92	case LoginForm::NEED_TOKEN:
	93	+ global $wgCookiePrefix;
93	94	$result['result'] = 'NeedToken';
94	95	$result['token'] = $loginForm->getLoginToken();
	96	+ $result['cookieprefix'] = $wgCookiePrefix;
	97	+ $result['sessionid'] = session_id();
95	98	break;
96	99
97	100	case LoginForm::WRONG_TOKEN:

Revision	Commit summary	Author	Date
r64695	1.16wmf3: MFT r64694	catrope	08:51, 7 April 2010
r64697	REL1_16: Backport r64694	catrope	09:05, 7 April 2010
r69661	1.16wmf4: MFT r64694. Was merged to 1.16wmf3 but somehow didn't make it into ...	catrope	09:54, 21 July 2010
r69990	* MFT r59948: restore the function of ApiMain::requestWriteMode()....	tstarling	08:44, 27 July 2010

Revision	Commit summary	Author	Date
r64677	* (bug 23076) Fixed login CSRF vulnerability. Logins now require a token to b...	tstarling	00:05, 7 April 2010

#Comment by Reedy (talk | contribs) 19:31, 24 June 2010

Needs merging to 1.16wmf4 please

08:45, 27 July 2010 Tim Starling (talk | contribs) changed the status of r64694 [removed: new added: ok]
08:45, 27 July 2010 Tim Starling (talk | contribs) changed the tags for r64694 [removed: 1.15]
09:52, 21 July 2010 Catrope (talk | contribs) changed the status of r64694 [removed: ok added: new]
09:52, 21 July 2010 Catrope (talk | contribs) changed the status of r64694 [removed: new added: ok]
21:38, 29 April 2010 Bryan (talk | contribs) changed the tags for r64694 [added: 1.15]