Summary: If a user does not have cookies enabled, they need to
                    be told to have cookies enabled to use the credit card
           Product: MediaWiki extensions
           Version: any
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: bugsmash
          Severity: enhancement
          Priority: Normal
         Component: DonationInterface

Users need cookies enabled for session handling on the credit card form to
prevent CSRF.  At the moment, depending on the particular form the user sees,
they can either be entered into an infinite loop of the credit card form
refreshing -or- they can still transparently go through the process, although
it is a security vulnerability

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Wikibugs-l mailing list

Reply via email to