jenkins-bot has submitted this change and it was merged.
Change subject: Proper edit token validation
......................................................................
Proper edit token validation
Change-Id: I295ce4d155384ddb68a4b61d4c830d905366efbd
---
M includes/PortalSpecialPage.php
1 file changed, 10 insertions(+), 4 deletions(-)
Approvals:
Yurik: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/PortalSpecialPage.php b/includes/PortalSpecialPage.php
index ee9c750..fcae87a 100644
--- a/includes/PortalSpecialPage.php
+++ b/includes/PortalSpecialPage.php
@@ -117,12 +117,18 @@
if ( $isEditing ) {
// Generate or validate edit token
- $t = $req->getVal( 'token' );
- $token = $user->getEditToken( 'zeroportal' );
- if ( $t === $token || ( $t && $wgDebugAPI ) ) {
+ $salt = 'zeroportal';
+ $token = $req->getVal( 'token' );
+ $tokenPassed = $user->matchEditToken( $token, $salt,
$req );
+ if ( $token && ( $tokenPassed || $wgDebugAPI ) ) {
$editData = array();
+ if ( $wgDebugAPI ) {
+ $editData['dbg-token'] = $tokenPassed;
+ }
} else {
- $editData = array( 'error' => 'token', 'token'
=> $token );
+ $editData = array(
+ 'error' => 'token',
+ 'token' => $user->getEditToken( $salt,
$req ) );
$isEditing = false; // Disable editing
}
$editData['xcs'] = $req->getVal( 'xcs' );
--
To view, visit https://gerrit.wikimedia.org/r/181012
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I295ce4d155384ddb68a4b61d4c830d905366efbd
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/ZeroPortal
Gerrit-Branch: master
Gerrit-Owner: Yurik <[email protected]>
Gerrit-Reviewer: Yurik <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
