https://bugzilla.wikimedia.org/show_bug.cgi?id=72634
Chris Steipp changed:
What|Removed |Added
Status|PATCH_TO_REVIEW |RESOLVED
Resolution|---
https://bugzilla.wikimedia.org/show_bug.cgi?id=72634
--- Comment #4 from Sage Ross ---
Now that the fix is merged and deployed, can someone approve my apps to see if
it worked? :)
--
You are receiving this mail because:
You are on the CC list for the bug.
___
https://bugzilla.wikimedia.org/show_bug.cgi?id=72634
--- Comment #3 from Gerrit Notification Bot ---
Change 169593 merged by jenkins-bot:
Remove edit token from conflict detection
https://gerrit.wikimedia.org/r/169593
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.wikimedia.org/show_bug.cgi?id=72634
Gerrit Notification Bot changed:
What|Removed |Added
Status|NEW |PATCH_TO_REVIEW
--
You are
https://bugzilla.wikimedia.org/show_bug.cgi?id=72634
--- Comment #2 from Gerrit Notification Bot ---
Change 169593 had a related patch set uploaded by CSteipp:
Remove edit token from conflict detection
https://gerrit.wikimedia.org/r/169593
--
You are receiving this mail because:
You are on the
https://bugzilla.wikimedia.org/show_bug.cgi?id=72634
--- Comment #1 from Chris Steipp ---
Uhg, fatality of the updates to user tokens.
MWOAuthDAO::getChangeToken() relies on recalculating a hash that uses
User::getEditToken().
The csrf token should be checked already, so for collision detection
https://bugzilla.wikimedia.org/show_bug.cgi?id=72634
Chris Steipp changed:
What|Removed |Added
Priority|Unprioritized |High
Assignee|wikibugs-l@list