Parent5446 has uploaded a new change for review. Change subject: (bug 38417) Changed edit token construction and checking ......................................................................
(bug 38417) Changed edit token construction and checking Changed generation of edit tokens. First change is that SHA-256 HMAC is used for token salting rather than MD5. Second change is for anonymous users. Previously anonymous users did not have edit tokens. Now any user with a session will have a normal edit token. Users without a session will have their token stored in cache. In addition, EditPage and HTMLForm were changed to use the HTTP Referer header in addition to the edit token. Also, various unit tests were adjusted to accomodate for the new values. Note that other occurrences of edit token matching (such as article deletion, rollbacks, and various special pages) have not yet been adjusted to also use the HTTP Referer header in addition to the edit token. Change-Id: I81fbf5748f08525df124515383d5a3f3dc333754 --- M includes/EditPage.php M includes/HTMLForm.php M includes/User.php M includes/WebRequest.php M tests/phpunit/includes/api/ApiBlockTest.php M tests/phpunit/includes/api/ApiTestCase.php 6 files changed, 68 insertions(+), 17 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/86/21986/1 -- To view, visit https://gerrit.wikimedia.org/r/21986 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I81fbf5748f08525df124515383d5a3f3dc333754 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Parent5446 <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
