https://bugzilla.wikimedia.org/show_bug.cgi?id=21991

--- Comment #7 from Roan Kattouw <roan.katt...@gmail.com> 2010-02-15 14:17:32 
UTC ---
(In reply to comment #5)
> It seems there is only one hashed token...
> 
>         if ( !$wgUser->matchEditToken( $params['token'], $user->getName() ) )
> 
> in ApiUserrights.php
> 
There's another one in ApiRollback.php

> Simplest way to deal with this, would seem to be, in that module, don't have
> the checks done in ApiMain for this.
> 
> Or we have another method property like
> 
> public function checkToken() {
> return true;
> }
> 
> And default this to false for this module, and it can hash check it's own way
> if it wants...
> 
> Either or seems to be sensible
I'd recommend introducing a function that returns the salt (usually the empty
string, and false if there's no token to be checked), see also CR r62482.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to