https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
T. Gries m...@tgries.de changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
Aashish Mittal ashishmittal.m...@gmail.com changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
--- Comment #25 from T. Gries m...@tgries.de 2012-02-12 09:32:16 UTC ---
(In reply to comment #24)
Strange, I did perform an 'svn up' to the codebase before creating the patch.
Will take care regarding the coding conventions.
I only found
https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
--- Comment #22 from Aashish Mittal ashishmittal.m...@gmail.com 2012-02-12
07:46:24 UTC ---
Created attachment 9992
-- https://bugzilla.wikimedia.org/attachment.cgi?id=9992
Modification to Special:PasswordReset to preset the username field
https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
T. Gries m...@tgries.de changed:
What|Removed |Added
See Also||https://bugzilla.wikimedia.
https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
--- Comment #21 from T. Gries m...@tgries.de 2011-08-02 06:56:53 UTC ---
(In reply to comment #20)
when implementing this, check against effects from or to
https://bugzilla.wikimedia.org/show_bug.cgi?id=20185 .
Tested ok, no negative side
https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
T. Gries m...@tgries.de changed:
What|Removed |Added
See Also||https://bugzilla.wikimedia.
https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
Happy-melon happy.melon.w...@gmail.com changed:
What|Removed |Added
Component|Special pages |OpenID
https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
--- Comment #17 from T. Gries m...@tgries.de 2011-06-10 19:39:47 UTC ---
for wikis to require an email address for password resets, which 'closes' the
vulnerability if wikis are concerned about it. 'Fixing' this for the sake of
fixing it
https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
--- Comment #18 from Happy-melon happy.melon.w...@gmail.com 2011-06-10
22:20:42 UTC ---
(In reply to comment #17)
for wikis to require an email address for password resets, which 'closes'
the
vulnerability if wikis are concerned about
https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
--- Comment #12 from Happy-melon happy.melon.w...@gmail.com 2011-06-09
10:41:15 UTC ---
In ordinary vanilla MediaWiki, a non-sysop User X cannot be *prevented* from
triggering password reset for User Y, because User X can simply log out and
https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
--- Comment #13 from T. Gries m...@tgries.de 2011-06-09 12:49:11 UTC ---
(In reply to comment #12)
In ordinary vanilla MediaWiki, a non-sysop User X cannot be *prevented* from
triggering password reset for User Y, because User X can simply
https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
--- Comment #14 from T. Gries m...@tgries.de 2011-06-09 12:50:22 UTC ---
This hole is what I wished it would be closed by you experts (not by me as
newbie)
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
---
https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
--- Comment #15 from T. Gries m...@tgries.de 2011-06-09 12:52:09 UTC ---
Tim, Brion: only for test purposes, I have sent you PasswortReset, too. (Will
not do this again. It was only for demonstrating, that this should be fixed)
--
Configure
https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
--- Comment #16 from Happy-melon happy.melon.w...@gmail.com 2011-06-09
14:50:01 UTC ---
(In reply to comment #13)
(In reply to comment #12)
In ordinary vanilla MediaWiki, a non-sysop User X cannot be *prevented* from
triggering password
https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
T. Gries m...@tgries.de changed:
What|Removed |Added
Summary|Implement a way for |Implement a way for
https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
--- Comment #9 from emufarm...@gmail.com 2011-06-09 00:53:16 UTC ---
(In reply to comment #8)
(
When logged-in users visit Special:PasswordReset,
they see an _emtpy_ input field for entering a username.
If it were pre-filled with the
https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
--- Comment #10 from T. Gries m...@tgries.de 2011-06-09 05:24:20 UTC ---
(In reply to comment #9)
In any event, maybe Special:PasswordReset should do the same thing, but I
don't
see what the benefit of making the field read-only would be
https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
--- Comment #11 from T. Gries m...@tgries.de 2011-06-09 05:26:25 UTC ---
(In reply to comment #10)
(In reply to comment #9)
In any event, maybe Special:PasswordReset should do the same thing, but I
don't
see what the benefit of
19 matches
Mail list logo