https://bugzilla.wikimedia.org/show_bug.cgi?id=30644
--- Comment #5 from Platonides <platoni...@gmail.com> 2011-08-31 22:57:25 UTC --- > > what would happen if a sysop presses delete when he wanted to press edit? > > There is a confirmation dialogue. That ofc won't work w/ JS disabled, but then > you are sort of shooting yourself in the foot IMO. Good. It wasn't there yesterday :) > > I think that pressing delete should lead you to an intermediate page > > An intermediate page would definitely make sense when there is something more > happening then a simple delete (ie for providing a deletion reason as you > suggest). It would be the "right" solution (semantic reasons, no javascript dependency...). > > We always salt the tokens with the modified data in such cases so that once > > consumed they can't be reused. > > Is there documentation on this? I'm not sure how to proceed. What data should > I > use as salt? Maybe not. I remember I had this same talk with someone in CR. There may be more info there. You can have a look at how rollback or patrolling links are made. Just pass the dependent data as a parameter to $wgUser->editToken(). In this case I would pass $campaign->campaign_name. There's not much to put there in this case, although it has the weakness that if someone recreated the campaign, the old token would still be able to delete it. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
