https://bugzilla.wikimedia.org/show_bug.cgi?id=27393
Summary: Special:UserLogout should prompt if not originating
from logout link
Product: MediaWiki
Version: wikimedia-deployment
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: Normal
Component: User login
AssignedTo: wikibugs-l@lists.wikimedia.org
ReportedBy: douglas.gard...@wikinewsie.org
Depends on: 9816
Currently, [[Special:UserLogout]] can be linked to as a normal wikilink,
something that can be exploited by disguising it as a link to, say, a user talk
page.
As [[Special:UserLogout]] logs users out as soon as the link is clicked, a user
that clicks the link by accident must log back in manually. I propose that
[[Special:UserLogout]] should instead prompt "Would you like to log out?" if
accessed from any other method other than clicking "Log out" from the personal
links in the corner of the screen, in order to, in part, prevent this sort of
click-jacking prank.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
