dépôts
/
lhc
/
web
/
wiklou.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
SECURITY: API: Don't log "sensitive" parameters
[lhc/web/wiklou.git]
/
includes
/
api
/
ApiCheckToken.php
diff --git
a/includes/api/ApiCheckToken.php
b/includes/api/ApiCheckToken.php
index
dd88b5f
..
480915e
100644
(file)
--- a/
includes/api/ApiCheckToken.php
+++ b/
includes/api/ApiCheckToken.php
@@
-43,9
+43,7
@@
class ApiCheckToken extends ApiBase {
);
if ( substr( $token, -strlen( urldecode( Token::SUFFIX ) ) ) === urldecode( Token::SUFFIX ) ) {
);
if ( substr( $token, -strlen( urldecode( Token::SUFFIX ) ) ) === urldecode( Token::SUFFIX ) ) {
- $this->setWarning(
- "Check that symbols such as \"+\" in the token are properly percent-encoded in the URL."
- );
+ $this->addWarning( 'apiwarn-checktoken-percentencoding' );
}
if ( $tokenObj->match( $token, $maxage ) ) {
}
if ( $tokenObj->match( $token, $maxage ) ) {
@@
-75,6
+73,7
@@
class ApiCheckToken extends ApiBase {
'token' => [
ApiBase::PARAM_TYPE => 'string',
ApiBase::PARAM_REQUIRED => true,
'token' => [
ApiBase::PARAM_TYPE => 'string',
ApiBase::PARAM_REQUIRED => true,
+ ApiBase::PARAM_SENSITIVE => true,
],
'maxtokenage' => [
ApiBase::PARAM_TYPE => 'integer',
],
'maxtokenage' => [
ApiBase::PARAM_TYPE => 'integer',