dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8f2ccef) | patch
API: Insist authn parameters be in the POST body
authorBrad Jorsch <bjorsch@wikimedia.org>
Thu, 18 Aug 2016 17:36:11 +0000 (13:36 -0400)
committerGergő Tisza <gtisza@wikimedia.org>
Thu, 18 Aug 2016 21:13:30 +0000 (21:13 +0000)
commit6a068d18e1e34c8744d12cfee08fe998828f9387
treec799bc6282b251b5b045b0edec858480586c9c02tree | snapshot
parent8f2ccef7a76ee14fa2d0a34d982efe48d8803599commit | diff
API: Insist authn parameters be in the POST body

Passwords should always be submitted in the POST body, not in the query
string. Thus, a warning will now be returned if the password for
action=login or any sensitive authentication request parameters for
AuthManager actions are found in the query string.

These warnings should be upgraded to errors in 1.29.

Change-Id: Ifb2c684bb28c9acc004be2b0c2fef839eb7624aa
RELEASE-NOTES-1.28 diff | blob | history
includes/api/ApiAuthManagerHelper.php diff | blob | history
includes/api/ApiBase.php diff | blob | history
includes/api/ApiLogin.php diff | blob | history
includes/api/ApiMain.php diff | blob | history
Wiklou, le Wiki du Wiklou