https://bugzilla.wikimedia.org/show_bug.cgi?id=32000
Juliano F. Ravasi <b...@juliano.info> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|Unprioritized |Normal Severity|normal |minor --- Comment #1 from Juliano F. Ravasi <b...@juliano.info> 2011-11-06 20:02:16 UTC --- Hello Vitaliy, Your patch is already in my patch queue, but before submitting, I would like to understand better in which situations this bug trigger, since I can't reproduce it here. To get an edit token in the comment form to submit a comment, the user needs to have a session with MediaWiki. This session is either anonymous, or it is a user login session created at login time. This session either ends with the browser session, or after 30 days. In theory, the user shouldn't have a session failure under normal circumstances. If he got an edit token from the comment form, that edit token should be valid along with his session until he closes the browser. I want to be careful applying code that touches the session handling code due to the danger of creating a [[w:Cross-site scripting]] vulnerability. But at first glance your patch seems good. Could you provide some more detailed steps on how to reproduce this problem with the current version of MediaWiki? -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l