https://bugzilla.wikimedia.org/show_bug.cgi?id=35727
Web browser: ---
Bug #: 35727
Summary: mediaWiki.Api token handling
Product: MediaWiki
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: Unprioritized
Component: Javascript
AssignedTo: wikibugs-l@lists.wikimedia.org
ReportedBy: russb...@hotmail.com
CC: krinklem...@gmail.com, tpars...@wikimedia.org
Classification: Unclassified
Mobile Platform: ---
Created attachment 10381
--> https://bugzilla.wikimedia.org/attachment.cgi?id=10381
patch to mediawiki.api.js to handle edit tokens
It is recommended at [[mw:API:Edit#Token]] that the "token" parameter in an
edit request should be passed to the server last. This is a safety measure in
case transmission of the HTML request to the server is interrupted; the server
will not process an incomplete request because there will be no token.
(Conversely, if the "text=" parameter were last, the server would have no way
of knowing whether the complete text had been received.) Presumably the same
thing is necessary for action=email, since the request may include text of
arbitrary length.
The attached patch (not tested) moves any parameter named "token" to the end of
the request; this is possibly over-inclusive (it will apply to things like
"action=watch" where there is no text field in the request) but I can't see how
it can do any harm.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
