dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 48503ee) | patch
SECURITY: Require login to preview user CSS pages
authorChad Horohoe <chadh@wikimedia.org>
Fri, 19 Aug 2016 20:53:52 +0000 (13:53 -0700)
committerChad <chadh@wikimedia.org>
Tue, 23 Aug 2016 03:18:51 +0000 (03:18 +0000)
commit81c291f2658836c83eb45fd958f2e54c854b4d23
tree6804a9bd57b40207460956bab84d64b7656b7e69tree | snapshot
parent48503ee7d9c0f8dde6a68dba5176f4138c59dd0bcommit | diff
SECURITY: Require login to preview user CSS pages

Anon users have predictable edit tokens, hence someone could
force an anon to execute arbitrary CSS by means of a CSRF.

Bug: T133147
Change-Id: I442b2b46cadb967aaa1f35648eff183fc7eaa475
includes/OutputPage.php diff | blob | history
Wiklou, le Wiki du Wiklou