From d66a00d8f3806d78b5de0959fcaa9bd52e4d6e94 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Szymon=20=C5=9Awierkosz?= Date: Sun, 15 Apr 2012 18:40:20 +0100 Subject: [PATCH] Fix gettoken loophole from https://gerrit.wikimedia.org/r/#change,4220 MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Reported and patch by Szymon Świerkosz/Beau Change-Id: I3b5a001ad60e7e637b351331794cb275a7cf021a --- includes/api/ApiMain.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php index 2105b811b9..8c035dcd12 100644 --- a/includes/api/ApiMain.php +++ b/includes/api/ApiMain.php @@ -595,8 +595,14 @@ class ApiMain extends ApiBase { $moduleParams = $module->extractRequestParams(); // Die if token required, but not provided (unless there is a gettoken parameter) + if ( isset( $moduleParams['gettoken'] ) ) { + $gettoken = $moduleParams['gettoken']; + } else { + $gettoken = false; + } + $salt = $module->getTokenSalt(); - if ( $salt !== false && isset( $moduleParams['gettoken'] ) && !$moduleParams['gettoken'] ) { + if ( $salt !== false && !$gettoken ) { if ( !isset( $moduleParams['token'] ) ) { $this->dieUsageMsg( array( 'missingparam', 'token' ) ); } else { -- 2.20.1