Page MenuHomePhabricator

EditEntity.php:attemptSave(): check token
Closed, ResolvedPublic


Version: unspecified
Severity: normal
Whiteboard: storypoints: 1



Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 12:45 AM
bzimport set Reference to bz40558.
bzimport added a subscriber: Unknown Object (MLST).

In EditEntity.php:attemptSave(), please check the token by default (or set $token=null, so the check fails), and explicitly pass in a value when you want to bypass the checking.

Verified in Wikidata demo time for sprint 18