API: Error if sensitive AuthManager parameters are in the query string

There was only 1 hit in the feature usage log in the past 30 days for
this code path, so this should be good to go.

ApiLogin, on the other hand, received 27048 hits over the same time
period. So let's not do that one just yet.

Change-Id: I1ae3b928fda9ddc94c8182155637920713dd404d

diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index 6c53809..5a38cf9 100644 (file)
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -20,6 +20,10 @@ production.
 === Bug fixes in 1.29 ===
 
 === Action API changes in 1.29 ===
+* Submitting sensitive authentication request parameters to action=clientlogin,
+  action=createaccount, action=linkaccount, and action=changeauthenticationdata
+  in the query string is now an error. They should be submitted in the POST
+  body instead.
 
 === Action API internal changes in 1.29 ===
 

diff --git a/includes/api/ApiAuthManagerHelper.php b/includes/api/ApiAuthManagerHelper.php
index 1a42ccc..6fafebf 100644 (file)
--- a/includes/api/ApiAuthManagerHelper.php
+++ b/includes/api/ApiAuthManagerHelper.php
@@ -173,13 +173,7 @@ class ApiAuthManagerHelper {
                $this->module->getMain()->markParamsUsed( array_keys( $data ) );
 
                if ( $sensitive ) {
-                       try {
-                               $this->module->requirePostedParameters( array_keys( $sensitive ), 'noprefix' );
-                       } catch ( UsageException $ex ) {
-                               // Make this a warning for now, upgrade to an error in 1.29.
-                               $this->module->setWarning( $ex->getMessage() );
-                               $this->module->logFeatureUsage( $this->module->getModuleName() . '-params-in-query-string' );
-                       }
+                       $this->module->requirePostedParameters( array_keys( $sensitive ), 'noprefix' );
                }
 
                return AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data );