dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b01b51b) | patch
Revert r27151 -- allows session fixation attacks.
authorBrion Vibber <brion@users.mediawiki.org>
Thu, 15 Nov 2007 04:24:49 +0000 (04:24 +0000)
committerBrion Vibber <brion@users.mediawiki.org>
Thu, 15 Nov 2007 04:24:49 +0000 (04:24 +0000)
commit3ca6cf78901faac586c97f4f8d13f63524aaf2da
tree84fbf7cf5f29730898a76d52ee200ffb33d991e7tree | snapshot
parentb01b51bf594919ec9220815b36911130fd09940ecommit | diff
Revert r27151 -- allows session fixation attacks.
Just get a user to visit a URL with the user ID and token you like in the query string (say, in an <img> referenced in a page you convince them to go to or post for their review) and their login session will be replaced with the one you provided.
RELEASE-NOTES diff | blob | history
includes/api/ApiLogin.php diff | blob | history
includes/api/ApiMain.php diff | blob | history
Wiklou, le Wiki du Wiklou