https://bugzilla.wikimedia.org/show_bug.cgi?id=25622
Summary: If a user does not have cookies enabled, they need to be told to have cookies enabled to use the credit card form Product: MediaWiki extensions Version: any Platform: All OS/Version: All Status: NEW Keywords: bugsmash Severity: enhancement Priority: Normal Component: DonationInterface AssignedTo: aricha...@wikimedia.org ReportedBy: aricha...@wikimedia.org CC: tf...@wikimedia.org Users need cookies enabled for session handling on the credit card form to prevent CSRF. At the moment, depending on the particular form the user sees, they can either be entered into an infinite loop of the credit card form refreshing -or- they can still transparently go through the process, although it is a security vulnerability -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l