https://bugzilla.wikimedia.org/show_bug.cgi?id=29135
Web browser: ---
Bug #: 29135
Summary: Special:PasswordReset: for logged-in users (password,
OpenID, Auth): do not show input field for name, but
fill-in current name and make this field readonly
Product: MediaWiki
Version: 1.19-svn
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: Special pages
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
During development of OpenID I noticed the following:
when logged-in user (no matter, by which method) goes to Special:PasswordReset,
they see an input field for entering their username. This does not make sense.
There are these drawbacks:
- users need to type their name (efforts and risk of typos)
- evil users can trigger sending a new password to an arbitrary users
I cannot imagine any other purpose for PasswortReset than the user X wants to
send a new passwort to user X (as mentioned "user" is - implictly - a logged
persona).
I propose the following change in Special:PasswordReset
if "user" than PaswortReset shows
- the own username in the Username field
- this field set to readonly=readonly
- the onSubmit callback sanitzing the return parameters and checking wether the
correct name comes back
- then mailing the temporary password to user(username)
I also need (for OpenID) a clean way of internally sending directly a temporary
password to logged-in user (without the form).
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
