Page MenuHomePhabricator

Add $wgCookiePrefix property
Closed, ResolvedPublic


Author: stephane.brunner

To fix it

I use a modified version of the farmer extension (

The problem I have it is that I cant login to all wiki by one time because the cookie prefix is different for each wiki :(

The solution I made is the define in LocalSettings.php a value for $wgCookiePrefix but it isn't enough.

I should as modify the include/Setup.php to don't sets $wgCookiePrefix if it's already define.

CU And thanks in advance,
Stéphane Brunner

Version: unspecified
Severity: enhancement




Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:48 PM
bzimport set Reference to bz10958.
bzimport added a subscriber: Unknown Object (MLST).

robchur wrote:

Might be an idea to set $wgCookiePrefix = false; in includes/DefaultSettings.php, to avoid a register_globals injection vector.

stephane.brunner wrote:

I don't exactly know what it's "register_globals injection vector",
then I'm OK with your proposition.

Has been this way since r37893. Apparently I A) Didn't know about this bug, and B) Claimed I was fixing a completely unrelated bug (which oddly enough, I wasn't even fixing). Figures. In any case, FIXED.