"SPQRobin" changed the status of MediaWiki.r92924 to "resolved" and commented it. URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/92924#c27912
Old Status: ok > New Status: resolved Commit summary for MediaWiki.r92924: * Moved email changing from sp:Preferences to new sp:ChangeEmail, which requires confirming the user password. This reduces the impact of session hijacking, which was increased slightly with r86482. Changing a password already required confirming the old one. This change closes the loophole of changing the email address and then doing a reset. * Parse 'mailerror' message correctly SPQRobin's comment: The CSS/JS which gives an e-mail validation notice was still included on Special:Preferences. I moved it for Special:ChangeEmail in r106516. _______________________________________________ MediaWiki-CodeReview mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
