Page MenuHomePhabricator

Remove hardcode of Special:UserLogout from isValidRedirectTarget()
Open, Needs TriagePublic

Description

https://www.mediawiki.org/wiki/Manual:$wgInvalidRedirectTargets:

Special:Userlogout is hard-coded, so it does not need to be listed here.

See also https://gerrit.wikimedia.org/g/mediawiki/core/+/5950111f24b6d3516e3fc2461b1e37e83fc2d8ef/includes/Title.php#4487

It's now safe to redirect a page to Special:Userlogout since it now require a token to work. This may be added to default value of $wgInvalidRedirectTargets though.

Details

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 29 2019, 10:41 AM
Bugreporter updated the task description. (Show Details)Nov 29 2019, 10:42 AM
DannyS712 claimed this task.Dec 1 2019, 7:35 AM
Restricted Application added a project: User-DannyS712. · View Herald TranscriptDec 1 2019, 7:35 AM

Change 553836 had a related patch set uploaded (by DannyS712; owner: DannyS712):
[mediawiki/core@master] Don't hardcode Userlogout special page as an invalid redirect target

https://gerrit.wikimedia.org/r/553836