jenkins-bot has submitted this change and it was merged.
Change subject: ApiCentralAuthToken: Use ApiBase::lacksSameOriginSecurity()
......................................................................
ApiCentralAuthToken: Use ApiBase::lacksSameOriginSecurity()
In the future there might be more things to check than just 'callback',
so Ic6e3483f added a method to ApiBase to abstract the check.
Change-Id: Ibae7bcbd42ed38c77460199398a8304cca4d0161
---
M includes/api/ApiCentralAuthToken.php
1 file changed, 1 insertion(+), 1 deletion(-)
Approvals:
Legoktm: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/api/ApiCentralAuthToken.php
b/includes/api/ApiCentralAuthToken.php
index e07adcf..dc0127b 100644
--- a/includes/api/ApiCentralAuthToken.php
+++ b/includes/api/ApiCentralAuthToken.php
@@ -38,7 +38,7 @@
$params = $this->extractRequestParams();
// If we're in JSON callback mode, no tokens can be obtained
- if ( !is_null( $this->getMain()->getRequest()->getVal(
'callback' ) ) ) {
+ if ( $this->lacksSameOriginSecurity() ) {
$this->dieUsage( 'Cannot obtain a centralauthtoken when
using a callback', 'hascallback' );
}
--
To view, visit https://gerrit.wikimedia.org/r/209333
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ibae7bcbd42ed38c77460199398a8304cca4d0161
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CentralAuth
Gerrit-Branch: master
Gerrit-Owner: Anomie <[email protected]>
Gerrit-Reviewer: Legoktm <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
