https://bugzilla.wikimedia.org/show_bug.cgi?id=30644
Platonides <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | --- Comment #3 from Platonides <[email protected]> 2011-08-31 22:15:03 UTC --- Two problems with that revision: - First, you are using the plain, unsalted edit token in the url. This discloses the secret in eg. proxy logs. We always salt the tokens with the modified data in such cases so that once consumed they can't be reused (but see below). - Second, it is still deleting on visiting the page. The main risk is fixed, but what would happen if a sysop presses delete when he wanted to press edit? I think that pressing delete should lead you to an intermediate page, where you should press a button to actually delete the campaign (just as anonymous purge or normal deletion). Linking with bug 30645, it could be a copy of the usual deletion interface, logging a deletion comment and storing the last data in the log. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
