[Bug 25281] New: Privacy issue: ResourceLoader lets you request other user's preferences

bugzilla-daemon Thu, 23 Sep 2010 19:10:21 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=25281


           Summary: Privacy issue: ResourceLoader lets you request other
                    user's preferences
           Product: MediaWiki
           Version: 1.17-svn
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: Normal
         Component: Resource Loader
        AssignedTo: [email protected]
        ReportedBy: [email protected]
                CC: [email protected]


With load.php?modules=user.options&user=OtherUser you can easily retrieve
someone else's preferences including the watchlist token.

Needs a check against $wgUser I think.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 25281] New: Privacy issue: ResourceLoader lets you request other user's preferences

Reply via email to