[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: SpecialWatchlist: Check CSRF token when using "Mar...

Thu, 06 Apr 2017 16:18:28 -0700 

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346851 )

Change subject: SECURITY: SpecialWatchlist: Check CSRF token when using "Mark 
all pages visited"
......................................................................


SECURITY: SpecialWatchlist: Check CSRF token when using "Mark all pages visited"

Bug: T150044
Change-Id: I7f75cab4ceb4a2c320af210fad15956b70c29661
---
M RELEASE-NOTES-1.27
M includes/specials/SpecialWatchlist.php
2 files changed, 4 insertions(+), 0 deletions(-)

Approvals:
  Reedy: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 1a054a5..d6cfebf 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -29,6 +29,8 @@
   $wgAdvancedSearchHighlighting is true.
 * (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
   their values out of the logs.
+* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a 
CSRF
+  token.
 
 == MediaWiki 1.27.1 ==
 
diff --git a/includes/specials/SpecialWatchlist.php 
b/includes/specials/SpecialWatchlist.php
index 15691f2..fcc0c91 100644
--- a/includes/specials/SpecialWatchlist.php
+++ b/includes/specials/SpecialWatchlist.php
@@ -76,6 +76,7 @@
                if ( ( $config->get( 'EnotifWatchlist' ) || $config->get( 
'ShowUpdatedMarker' ) )
                        && $request->getVal( 'reset' )
                        && $request->wasPosted()
+                       && $user->matchEditToken( $request->getVal( 'token' ) )
                ) {
                        $user->clearAllNotifications();
                        $output->redirect( $this->getPageTitle()->getFullURL( 
$opts->getChangedValues() ) );
@@ -604,6 +605,7 @@
                                'action' => 
$this->getPageTitle()->getLocalURL(),
                                'id' => 'mw-watchlist-resetbutton' ] ) . "\n" .
                        Xml::submitButton( $this->msg( 'enotif_reset' 
)->text(), [ 'name' => 'dummy' ] ) . "\n" .
+                       Html::hidden( 'token', $user->getEditToken() ) . "\n" .
                        Html::hidden( 'reset', 'all' ) . "\n";
                        foreach ( $nondefaults as $key => $value ) {
                                $form .= Html::hidden( $key, $value ) . "\n";

-- 
To view, visit https://gerrit.wikimedia.org/r/346851
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I7f75cab4ceb4a2c320af210fad15956b70c29661
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Chad <ch...@wikimedia.org>
Gerrit-Reviewer: Bartosz DziewoƄski <matma....@gmail.com>
Gerrit-Reviewer: Chad <ch...@wikimedia.org>
Gerrit-Reviewer: Florianschmidtwelzow <florian.schmidt.stargatewis...@gmail.com>
Gerrit-Reviewer: Reedy <re...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to