https://bugzilla.wikimedia.org/show_bug.cgi?id=35121
Web browser: ---
Bug #: 35121
Summary: rename right-passwordreset to
right-passwordreset-view-mail
Product: MediaWiki
Version: unspecified
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: major
Priority: Unprioritized
Component: User login
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
Mobile Platform: ---
I found that the right "passwordreset" does not prohibit the view of
Special:PasswordReset - what the name suggests - but is a user right to view
the Password-Reset-Mail including the temporary password.
This appears to be disabled during installation but can be activated for
example by using
# allow admins to access view reset e-mails
$wgGroupPermissions['sysop']['passwordreset'] = true;
I suggest to globally change the name of the user permission and related system
message keys from
* passwordreset to passwordreset-view-reset-mail
* right-passwordreset to right-passwordreset-view-reset-mail
where it applies to avoid unintended revealing of password-reset-mails and
contents in case that WikiSysops misinterprets this setting.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
