https://bugzilla.wikimedia.org/show_bug.cgi?id=62497
T. Gries <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #12 from T. Gries <[email protected]> --- Comment on attachment 14787 --> https://bugzilla.wikimedia.org/attachment.cgi?id=14787 Add CSRF token on Special:ChangePassword The token compare function is _not_ running in constant time. As we have a function for token comparison, we should use it here. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
