wikimedia/mediawiki-extensions-Scribunto

Fork 0

mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/Scribunto synced 2024-11-15 03:35:29 +00:00

Commit graph

Author	SHA1	Message	Date
Kunal Mehta	0f2585244c	Require CSRF token for action=scribunto-console This is basically unexploitable, given that Scribunto sessions are "extremely ephemeral", protected by a 31-bit non-cryptographically random token and generally contain very little useful data. But, requiring a CSRF token is a best practice and since this module is internal and only used in one place, it's also unlikely to break anything. Because it needs a token, the module is POST-only now too. Bug: T212071 Change-Id: I7fb6b4f856ee6194eb37c26e14f178fea6c0a3f6	2022-10-05 14:38:50 +00:00
Reedy	8e73003fee	Start namespacing extension Change-Id: Ib632434861c2df03dfcddbd195f556c937812196	2022-05-12 01:33:11 +00:00

Author

SHA1

Message

Date

Kunal Mehta

0f2585244c

Require CSRF token for action=scribunto-console

This is basically unexploitable, given that Scribunto sessions are
"extremely ephemeral", protected by a 31-bit non-cryptographically
random token and generally contain very little useful data.

But, requiring a CSRF token is a best practice and since this module
is internal and only used in one place, it's also unlikely to break
anything. Because it needs a token, the module is POST-only now too.

Bug: T212071
Change-Id: I7fb6b4f856ee6194eb37c26e14f178fea6c0a3f6

2022-10-05 14:38:50 +00:00

Reedy

8e73003fee

Start namespacing extension

Change-Id: Ib632434861c2df03dfcddbd195f556c937812196

2022-05-12 01:33:11 +00:00

2 commits