[Bug 25622] New: If a user does not have cookies enabled, they need to be told to have cookies enabled to use the credit card form

bugzilla-daemon Sat, 23 Oct 2010 06:56:15 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=25622


           Summary: If a user does not have cookies enabled, they need to
                    be told to have cookies enabled to use the credit card
                    form
           Product: MediaWiki extensions
           Version: any
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: bugsmash
          Severity: enhancement
          Priority: Normal
         Component: DonationInterface
        AssignedTo: aricha...@wikimedia.org
        ReportedBy: aricha...@wikimedia.org
                CC: tf...@wikimedia.org


Users need cookies enabled for session handling on the credit card form to
prevent CSRF.  At the moment, depending on the particular form the user sees,
they can either be entered into an infinite loop of the credit card form
refreshing -or- they can still transparently go through the process, although
it is a security vulnerability

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 25622] New: If a user does not have cookies enabled, they need to be told to have cookies enabled to use the credit card form

Reply via email to