Yuri Astrakhan schreef: > Is setting session variables directly with the values provided by a > client is safe? Shouldn't there be some check first? Just a thought, > need to double check. > User::newFromSession() should take care of that. I've tested the patch, gotten it to work and committed it [1]. In the same commit, I also removed ApiLogin's sessionID return value, as it didn't really work and was redundant anyway.
Roan Kattouw [1] http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=27151 _______________________________________________ Mediawiki-api mailing list [email protected] http://lists.wikimedia.org/mailman/listinfo/mediawiki-api
