https://bugzilla.wikimedia.org/show_bug.cgi?id=72634
--- Comment #1 from Chris Steipp <[email protected]> --- Uhg, fatality of the updates to user tokens. MWOAuthDAO::getChangeToken() relies on recalculating a hash that uses User::getEditToken(). The csrf token should be checked already, so for collision detection, we probably should just use the user id instead of their edit token. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
