subject:"\[Bug 23076\] Login CSRF"

[Bug 23076] Login CSRF

2011-04-29 Thread bugzilla-daemon

https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

Chad H.  changed:

   What|Removed |Added

Version|1.15.2  |1.15.x

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 23076] Login CSRF

2010-11-29 Thread bugzilla-daemon

https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

Platonides  changed:

   What|Removed |Added

 CC||platoni...@gmail.com

--- Comment #9 from Platonides  2010-11-29 17:48:25 UTC 
---
Was fixed in r64677

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 23076] Login CSRF

2010-04-17 Thread bugzilla-daemon

https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

--- Comment #8 from Roan Kattouw  2010-04-17 10:26:36 
UTC ---
(In reply to comment #7)
> Step by step:
> 1. I submit a request with lgname and lgpassword and save the token from this
> response
> 2. I submit a request with parameter "lgtoken", with the value from the token
> in step 1. but without the cookies
> 
> This means the session cookie was not submitted correctly and I would expect
> {"result": "WrongToken instead of {"result": "NeedToken",

>From comment #0:
> 1. Submit a request with lgname and lgpassword, in the same way as you did for
> MediaWiki 1.15.2 and earlier. Save the cookies in the response.
[...]
> 2. Submit a request WITH THE COOKIES FROM STEP 1, and additionally submit the
> parameter "lgtoken", with the value from the token in step 1.
> 
(emphasis mine)

The cookie thing was mentioned in the original instructions, seems you missed
it.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 23076] Login CSRF

2010-04-15 Thread bugzilla-daemon

https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

--- Comment #7 from xqt  2010-04-15 12:29:13 UTC ---
Step by step:
1. I submit a request with lgname and lgpassword and save the token from this
response
2. I submit a request with parameter "lgtoken", with the value from the token
in step 1. but without the cookies

This means the session cookie was not submitted correctly and I would expect
{"result": "WrongToken instead of {"result": "NeedToken",

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 23076] Login CSRF

2010-04-15 Thread bugzilla-daemon

https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

Bryan Tong Minh  changed:

   What|Removed |Added

 CC||bryan.tongm...@gmail.com

--- Comment #6 from Bryan Tong Minh  2010-04-15 
12:07:20 UTC ---
Tokens are associated with sessions, so obviously a session cookie is required
for it to work at all.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 23076] Login CSRF

2010-04-15 Thread bugzilla-daemon

https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

--- Comment #5 from xqt  2010-04-15 12:02:18 UTC ---
I agree, it's not a problem to solve infinite loops by client. But mw does not
react as described

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 23076] Login CSRF

2010-04-15 Thread bugzilla-daemon

https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

Roan Kattouw  changed:

   What|Removed |Added

 Status|REOPENED|RESOLVED
 CC||roan.katt...@gmail.com
 Resolution||FIXED

--- Comment #4 from Roan Kattouw  2010-04-15 11:44:57 
UTC ---
This is not MediaWiki's problem; sanely-written clients will give up after a
number of tries instead of sheepishly going into an infinite loop.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 23076] Login CSRF

2010-04-15 Thread bugzilla-daemon

https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

--- Comment #3 from Reedy  2010-04-15 11:43:15 UTC ---
Should be relatively trivial to fix...

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 23076] Login CSRF

2010-04-15 Thread bugzilla-daemon

https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

xqt  changed:

   What|Removed |Added

 Status|RESOLVED|REOPENED
 Resolution|FIXED   |

--- Comment #2 from xqt  2010-04-15 11:41:25 UTC ---

* If the session cookie was not submitted correctly, or if the server-side
session expired, the server may respond with {"login": {"result":
"WrongToken"}}. You can report this as an error to the user, or retry after a
few seconds.

If the session cookie was not submitted the server respond again with {"login":
{"result": "NeedToken", "token": ...}. This could cause a infinite loop during
the login process.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 23076] Login CSRF

2010-04-08 Thread bugzilla-daemon

https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

Reedy  changed:

   What|Removed |Added

Version|1.16|1.15.2

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 23076] Login CSRF

2010-04-08 Thread bugzilla-daemon

https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

Reedy  changed:

   What|Removed |Added

 CC||s...@reedyboy.net
  Component|Installation|User login
 AssignedTo|wikibug...@lists.wikimedia. |tstarl...@wikimedia.org
   |org |

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 23076] Login CSRF

2010-04-08 Thread bugzilla-daemon

https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

xqt  changed:

   What|Removed |Added

 CC||i...@gno.de
  Component|User login  |Installation
Version|1.15.2  |1.16
 AssignedTo|tstarl...@wikimedia.org |wikibug...@lists.wikimedia.
   ||org

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 23076] Login CSRF

2010-04-06 Thread bugzilla-daemon

https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

Tim Starling  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||FIXED

--- Comment #1 from Tim Starling  2010-04-07 01:28:40 
UTC ---
Release announcement:


-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 23076] Login CSRF

2010-04-06 Thread bugzilla-daemon

https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

Tim Starling  changed:

   What|Removed |Added

 AssignedTo|wikibug...@lists.wikimedia. |tstarl...@wikimedia.org
   |org |

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 23076] Login CSRF

[Bug 23076] Login CSRF

[Bug 23076] Login CSRF

[Bug 23076] Login CSRF

[Bug 23076] Login CSRF

[Bug 23076] Login CSRF

[Bug 23076] Login CSRF

[Bug 23076] Login CSRF

[Bug 23076] Login CSRF

[Bug 23076] Login CSRF

[Bug 23076] Login CSRF

[Bug 23076] Login CSRF

[Bug 23076] Login CSRF

[Bug 23076] Login CSRF

14 matches

Site Navigation

Mail list logo

Footer information