https://bugzilla.wikimedia.org/show_bug.cgi?id=35727
Web browser: --- Bug #: 35727 Summary: mediaWiki.Api token handling Product: MediaWiki Version: unspecified Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: Unprioritized Component: Javascript AssignedTo: wikibugs-l@lists.wikimedia.org ReportedBy: russb...@hotmail.com CC: krinklem...@gmail.com, tpars...@wikimedia.org Classification: Unclassified Mobile Platform: --- Created attachment 10381 --> https://bugzilla.wikimedia.org/attachment.cgi?id=10381 patch to mediawiki.api.js to handle edit tokens It is recommended at [[mw:API:Edit#Token]] that the "token" parameter in an edit request should be passed to the server last. This is a safety measure in case transmission of the HTML request to the server is interrupted; the server will not process an incomplete request because there will be no token. (Conversely, if the "text=" parameter were last, the server would have no way of knowing whether the complete text had been received.) Presumably the same thing is necessary for action=email, since the request may include text of arbitrary length. The attached patch (not tested) moves any parameter named "token" to the end of the request; this is possibly over-inclusive (it will apply to things like "action=watch" where there is no text field in the request) but I can't see how it can do any harm. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l