Am 02.06.2011 04:33, schrieb Mark A. Hershberger: > === Implement a way for _only authorized users to use Special:PasswordReset on > other usernames > === > https://bugzilla.wikimedia.org/29135 > > A valid feature request, but just that.... a lot of details, so this makes a > good one for me to promote for a weekend > sprint. Because the implementation would touch some sensitive areas (password/login), I refrained from patching and would like someone to give me hints, or to help directly there.
* Problem to be solved: User A can trigger a password-mail to any other user B by accessing (simply by accessing Special:PasswordReset and inputting username B into the field) * Situation: When logged-in users visit Special:PasswordReset, they see an _emtpy_ input field for entering an arbitrary username. The _empty_ field does not make sense, because:... ... read the cumulative summary on https://bugzilla.wikimedia.org/show_bug.cgi?id=29135#c6
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l