wikimedia/mediawiki-extensions-Scribunto
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/Scribunto synced 2024-12-12 08:25:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
mediawiki-extensions-Scribunto/modules
History
Kunal Mehta 0f2585244c Require CSRF token for action=scribunto-console 
This is basically unexploitable, given that Scribunto sessions are
"extremely ephemeral", protected by a 31-bit non-cryptographically
random token and generally contain very little useful data.

But, requiring a CSRF token is a best practice and since this module
is internal and only used in one place, it's also unlikely to break
anything. Because it needs a token, the module is POST-only now too.

Bug: T212071
Change-Id: I7fb6b4f856ee6194eb37c26e14f178fea6c0a3f6
2022-10-05 14:38:50 +00:00
..
ext.scribunto.edit.css build: Update linters 2018-02-04 22:10:26 +00:00
ext.scribunto.edit.js Require CSRF token for action=scribunto-console 2022-10-05 14:38:50 +00:00
ext.scribunto.errors.css Add stylelint for css files 2017-04-18 00:48:31 +02:00
ext.scribunto.errors.js build: Update devDependencies 2018-11-05 19:31:08 +00:00
ext.scribunto.logs.css Rewrite error handling to avoid OutputPage::addInlineScript 2015-03-16 16:08:44 -04:00