[MediaWiki-commits] [Gerrit] mediawiki/core[master]: Fix token match warning for token ending improperly
Harish halo has uploaded a new change for review. https://gerrit.wikimedia.org/r/320076 Change subject: Fix token match warning for token ending improperly .. Fix token match warning for token ending improperly To give warning if token ends for example with "\",Fixed by matching the end of $token string with urldecode(User::EDIT_TOKEN_SUFFIX). Bug: T122280 Change-Id: Icdafcd7c65e018d96075a138979659a475e40906 --- M includes/api/ApiCheckToken.php 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/76/320076/1 diff --git a/includes/api/ApiCheckToken.php b/includes/api/ApiCheckToken.php index ce1adca..69b43b7 100644 --- a/includes/api/ApiCheckToken.php +++ b/includes/api/ApiCheckToken.php @@ -39,7 +39,7 @@ $tokenObj = ApiQueryTokens::getToken( $this->getUser(), $this->getRequest()->getSession(), $salts[$params['type']] ); - if ( $tokenObj->match( $token[strlen($token)-1], urldecode( User::EDIT_TOKEN_SUFFIX ) ) ){ + if ( $tokenObj->match( $token[strlen($token)-1], urldecode( User::EDIT_TOKEN_SUFFIX ) ) ) { $res['result'] = 'Warning'; } elseif ( $tokenObj->match( $token, $maxage ) ) { -- To view, visit https://gerrit.wikimedia.org/r/320076 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Icdafcd7c65e018d96075a138979659a475e40906 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Harish halo___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] mediawiki/core[master]: Fix token match warning for token ending improperly
Harish halo has uploaded a new change for review. https://gerrit.wikimedia.org/r/320073 Change subject: Fix token match warning for token ending improperly .. Fix token match warning for token ending improperly To give warning if token ends for example with "\",Fixed by matching the end of $token string with urldecode(User::EDIT_TOKEN_SUFFIX). Bug: T122280 Change-Id: I3fbedfda34d1b72d02120eb81030aa80781be1af --- M includes/api/ApiCheckToken.php 1 file changed, 1 insertion(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/73/320073/1 diff --git a/includes/api/ApiCheckToken.php b/includes/api/ApiCheckToken.php index 0ddcc5c..9c023e9 100644 --- a/includes/api/ApiCheckToken.php +++ b/includes/api/ApiCheckToken.php @@ -41,6 +41,7 @@ ); if ( $tokenObj->match( $token[strlen($token)-1], urldecode( User::EDIT_TOKEN_SUFFIX ) ) { $res['result'] = 'Warning'; +} elseif ( $tokenObj->match( $token, $maxage ) ) { $res['result'] = 'valid'; } elseif ( $maxage !== null && $tokenObj->match( $token ) ) { -- To view, visit https://gerrit.wikimedia.org/r/320073 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I3fbedfda34d1b72d02120eb81030aa80781be1af Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Harish halo___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] mediawiki/core[master]: Fix token match warning for token ending improperly
Harish halo has uploaded a new change for review. https://gerrit.wikimedia.org/r/320072 Change subject: Fix token match warning for token ending improperly .. Fix token match warning for token ending improperly To give warning if token ends for example with "\",Fixed by matching the end of $token string with urldecode(User::EDIT_TOKEN_SUFFIX). Bug: T122280 Change-Id: Ifa494fa5dd480c4aa8a69ecbd5b8f8827809cccf --- M includes/api/ApiCheckToken.php 1 file changed, 3 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/72/320072/1 diff --git a/includes/api/ApiCheckToken.php b/includes/api/ApiCheckToken.php index 3d2159c..0ddcc5c 100644 --- a/includes/api/ApiCheckToken.php +++ b/includes/api/ApiCheckToken.php @@ -39,7 +39,9 @@ $tokenObj = ApiQueryTokens::getToken( $this->getUser(), $this->getRequest()->getSession(), $salts[$params['type']] ); - if ( $tokenObj->match( $token, $maxage ) ) { + if ( $tokenObj->match( $token[strlen($token)-1], urldecode( User::EDIT_TOKEN_SUFFIX ) ) { + $res['result'] = 'Warning'; + elseif ( $tokenObj->match( $token, $maxage ) ) { $res['result'] = 'valid'; } elseif ( $maxage !== null && $tokenObj->match( $token ) ) { $res['result'] = 'expired'; -- To view, visit https://gerrit.wikimedia.org/r/320072 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ifa494fa5dd480c4aa8a69ecbd5b8f8827809cccf Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Harish halo___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits