wikimedia/mediawiki-extensions-Scribunto
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/Scribunto synced 2024-11-14 19:30:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
mediawiki-extensions-Scribunto/includes
History
Kunal Mehta 0f2585244c Require CSRF token for action=scribunto-console 
This is basically unexploitable, given that Scribunto sessions are
"extremely ephemeral", protected by a 31-bit non-cryptographically
random token and generally contain very little useful data.

But, requiring a CSRF token is a best practice and since this module
is internal and only used in one place, it's also unlikely to break
anything. Because it needs a token, the module is POST-only now too.

Bug: T212071
Change-Id: I7fb6b4f856ee6194eb37c26e14f178fea6c0a3f6
2022-10-05 14:38:50 +00:00
..
Engines LuaError: Use ?: in more traditional way 2022-10-03 19:01:56 +01:00
ApiScribuntoConsole.php Require CSRF token for action=scribunto-console 2022-10-05 14:38:50 +00:00
Hooks.php Apply some minor PHP code modernizations 2022-09-29 21:45:09 -04:00
Scribunto.php
ScribuntoContent.php
ScribuntoContentHandler.php
ScribuntoEngineBase.php
ScribuntoException.php Apply some minor PHP code modernizations 2022-09-29 21:45:09 -04:00
ScribuntoModuleBase.php