https://bugzilla.wikimedia.org/show_bug.cgi?id=25793
--- Comment #6 from Roan Kattouw 2010-11-05 12:21:44
UTC ---
(In reply to comment #5)
> This cookie is httponly so using document.cookie won't allow you to get it.
You're right about that, my mistake.
> The
> API call makes it possible.
Yes,
https://bugzilla.wikimedia.org/show_bug.cgi?id=25793
--- Comment #5 from Marooned 2010-11-05 12:08:27 UTC ---
This cookie is httponly so using document.cookie won't allow you to get it. The
API call makes it possible.
CSRF allows evil admin to run unprotected actions - such actions should be
fixe
https://bugzilla.wikimedia.org/show_bug.cgi?id=25793
Roan Kattouw changed:
What|Removed |Added
CC||tstarl...@wikimedia.org
--- Comment #4
https://bugzilla.wikimedia.org/show_bug.cgi?id=25793
Roan Kattouw changed:
What|Removed |Added
Resolution|FIXED |INVALID
--- Comment #3 from Roan Kattou
https://bugzilla.wikimedia.org/show_bug.cgi?id=25793
--- Comment #2 from Roan Kattouw 2010-11-05 11:44:50
UTC ---
And thanks for reporting this!
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are on the CC l
https://bugzilla.wikimedia.org/show_bug.cgi?id=25793
Roan Kattouw changed:
What|Removed |Added
Status|NEW |RESOLVED
CC|
