SECURITY: API: Don't log "sensitive" parameters

[lhc/web/wiklou.git] / includes / api / ApiLogin.php

diff --git a/includes/api/ApiLogin.php b/includes/api/ApiLogin.php
index d64aeb7..41bec35 100644 (file)
--- a/includes/api/ApiLogin.php
+++ b/includes/api/ApiLogin.php
@@ -250,6 +250,7 @@ class ApiLogin extends ApiBase {
                        'token' => [
                                ApiBase::PARAM_TYPE => 'string',
                                ApiBase::PARAM_REQUIRED => false, // for BC
+                               ApiBase::PARAM_SENSITIVE => true,
                                ApiBase::PARAM_HELP_MSG => [ 'api-help-param-token', 'login' ],
                        ],
                ];
@@ -265,7 +266,7 @@ class ApiLogin extends ApiBase {
        }
 
        public function getHelpUrls() {
-               return 'https://www.mediawiki.org/wiki/API:Login';
+               return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Login';
        }
 
        /**