User "Wikinaut" posted a comment on MediaWiki.r92924.
Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/92924#c20356
Commit summary:
* Moved email changing from sp:Preferences to new sp:ChangeEmail, which
requires confirming the user password. This reduces the impact of session
hijacking, which was increased slightly with r86482. Changing a password
already required confirming the old one. This change closes the loophole of
changing the email address and then doing a reset.
* Parse 'mailerror' message correctly
Comment:
Remark: I checked this against extension OpenID (trunk version, which I
maintain), and did not find a negative side effect to that or from that
extension.
Background info:
E:OpenID has an option tab in preferences where users can opt-in that their
e-mail address is updated from their OpenID sreg [1] record on every
OpenID-login ("Update the following information from OpenID persona every time
I log in: E-mail address").
[1]
http://openid.net/specs/openid-simple-registration-extension-1_0.html#response_format
_______________________________________________
MediaWiki-CodeReview mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
