r76081 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r76080‎ \| r76081 \| r76082 >
Date:	11:59, 5 November 2010
Author:	catrope
Status:	ok
Tags:
Comment:	1.16wmf4: Revert r76078: was a merge of r76077 which was reverted
Modified paths:	/branches/wmf/1.16wmf4/includes/api/ApiLogin.php (modified) (history)

Diff [purge]

Index: branches/wmf/1.16wmf4/includes/api/ApiLogin.php
—	—	@@ -85,6 +85,7 @@
86	86	$result['lgusername'] = $wgUser->getName();
87	87	$result['lgtoken'] = $wgUser->getToken();
88	88	$result['cookieprefix'] = $wgCookiePrefix;
	89	+ $result['sessionid'] = session_id();
89	90	break;
90	91
91	92	case LoginForm::NEED_TOKEN:
—	—	@@ -92,6 +93,7 @@
93	94	$result['result'] = 'NeedToken';
94	95	$result['token'] = $loginForm->getLoginToken();
95	96	$result['cookieprefix'] = $wgCookiePrefix;
	97	+ $result['sessionid'] = session_id();
96	98	break;
97	99
98	100	case LoginForm::WRONG_TOKEN:
Property changes on: branches/wmf/1.16wmf4/includes/api/ApiLogin.php
___________________________________________________________________
Modified: svn:mergeinfo
99	101	Reverse-merged /trunk/phase3/includes/api/ApiLogin.php:r76077

Revision	Commit summary	Author	Date
r76077	(bug 25793) Don't output the session ID over HTTP, allows session hijacking b...	catrope	11:42, 5 November 2010
r76078	1.16wmf4: MFT r76077	catrope	11:47, 5 November 2010

22:59, 3 December 2010 Reedy (talk | contribs) changed the status of r76081 [removed: new added: ok]