git.heureux-cyclage.org - lhc/web/wiklou.git/commit

dépôts / lhc / web / wiklou.git / commit

author	csteipp <csteipp@wikimedia.org>
	Mon, 10 Mar 2014 19:26:17 +0000 (12:26 -0700)
committer	mglaser <glaser@hallowelt.biz>
	Thu, 27 Mar 2014 20:46:13 +0000 (21:46 +0100)
commit	da8cef6b25c004d1fd56d67eca883c6a21444dc9
tree	5f946d2305618c1ab696942b4f1874e434bc1551	tree \| snapshot
parent	9ff59d43e95574a1f94d37fcfa5eab8b3cfc0180	commit \| diff

SECURITY: Add CSRF token on Special:ChangePassword

Use a login token when logged out user is using Special:ChangePassword
(should only happen when a user is forced to reset their password to
complete the login process).

Logged in users are not logged in as an effect of resetting their
password, and for them, the edit token check should be sufficient.

Bug: 62497
Change-Id: I08afed3e1aeeb8c97d24fe9858a3ba2c03e92adf

includes/specials/SpecialChangePassword.php

diff | blob | history

Wiklou, le Wiki du Wiklou

RSS Atom