dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4624b8a) | patch
SECURITY: Prevent tokens in jsonp mode
authorBrad Jorsch <bjorsch@wikimedia.org>
Thu, 29 Aug 2013 16:45:30 +0000 (09:45 -0700)
committercsteipp <csteipp@wikimedia.org>
Tue, 3 Sep 2013 22:04:47 +0000 (15:04 -0700)
commit43f3ab65cf1252e59766132ccdff9136372386e3
treed810c69a771c58ec7ad899ca42c3d5335ef81528tree | snapshot
parent4624b8a0d0629973dc3e2c8a6cb88d3e41f10293commit | diff
SECURITY: Prevent tokens in jsonp mode

Add checks to token-returning functions to prevent returning tokens in
jsonp mode. This affects action=tokens, action=login,
action=createaccount, and action=query&list=deletedrevs.

Also, remove the "gettoken" parameter to action=block and
action=unblock, which has been deprecated since 1.20.

Bug: 49090
Change-Id: Ibeaa5c72d8084585092b15935a3f5709104bf7f7
RELEASE-NOTES-1.22 diff | blob | history
includes/api/ApiBlock.php diff | blob | history
includes/api/ApiCreateAccount.php diff | blob | history
includes/api/ApiLogin.php diff | blob | history
includes/api/ApiMain.php diff | blob | history
includes/api/ApiQueryDeletedrevs.php diff | blob | history
includes/api/ApiTokens.php diff | blob | history
includes/api/ApiUnblock.php diff | blob | history
tests/phpunit/includes/api/ApiBlockTest.php diff | blob | history
Wiklou, le Wiki du Wiklou