There was only 1 hit in the feature usage log in the past 30 days for
this code path, so this should be good to go.
ApiLogin, on the other hand, received 27048 hits over the same time
period. So let's not do that one just yet.
Change-Id: I1ae3b928fda9ddc94c8182155637920713dd404d
=== Bug fixes in 1.29 ===
=== Action API changes in 1.29 ===
+* Submitting sensitive authentication request parameters to action=clientlogin,
+ action=createaccount, action=linkaccount, and action=changeauthenticationdata
+ in the query string is now an error. They should be submitted in the POST
+ body instead.
=== Action API internal changes in 1.29 ===
$this->module->getMain()->markParamsUsed( array_keys( $data ) );
if ( $sensitive ) {
- try {
- $this->module->requirePostedParameters( array_keys( $sensitive ), 'noprefix' );
- } catch ( UsageException $ex ) {
- // Make this a warning for now, upgrade to an error in 1.29.
- $this->module->setWarning( $ex->getMessage() );
- $this->module->logFeatureUsage( $this->module->getModuleName() . '-params-in-query-string' );
- }
+ $this->module->requirePostedParameters( array_keys( $sensitive ), 'noprefix' );
}
return AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data );